941c55c178d109c1af6ca548fbc8d5cf2abe6a7ae9c9517348f499e015ce14fc

Sharing

Copy URL

Twitter E-mail

General

Target

clmods.zip
Size

74.0MB
Sample

240206-ae2v4abbc8
MD5

99d656ef19a49451e9c5bf51cc7062d5
SHA1

d95f6ed4410f6e109d3402e83626169d11461fc4
SHA256

941c55c178d109c1af6ca548fbc8d5cf2abe6a7ae9c9517348f499e015ce14fc
SHA512

b3552a706a0578e1fe0970752400cab7d25d38c20eec802e0c0b51210b070ac45b61374647da6cf7dcb73187ed2dd736c0336faade4a76ed521808aa9793ba54
SSDEEP

1572864:hiXYlkT70XUDNMiOBLblUmHwOh05RzQKaiaA8wAXKWv5:MYU0XUDfOBLamQO8I9J

Score

9^/10

Malware Config

Targets

- Target
  
  Awesomium.dll
- Size
  
  20.4MB
- MD5
  
  b86a78256b8632cde4993321b31011aa
- SHA1
  
  aaa03e1a11d13e2d3e66398ed171bf9f67a08cbb
- SHA256
  
  ffc70911b66bf551e9c72163d45313ead78ff4b2ff2f31fc2bd63377f3a111d2
- SHA512
  
  7552a2e276b55e19b1ea8b9363f8071ce6dfa2f557be8fec5d0ccd079d4d6463eeeb6ff49ed53a885f4c7cb6624f5391ffaaf271057e4210447508c320a6d34e
- SSDEEP
  
  196608:k1WOChW71u6FkIX7c+TdVRY/JOO9RK40fCDLrZqdUszxjeVWvHi5rQJI:k1mk1l7c+TL+G2/ZKzsVWvWcI
Score

3^/10
behavioral1
- Target
  
  AwesomiumProcess.exe
- Size
  
  444KB
- MD5
  
  d802cc2c3c11d0716788572e7ba3b401
- SHA1
  
  87e8dd06b76728a5895e4e31351dcced8d444ca0
- SHA256
  
  95c72c6a11bfa139cc4f7f5cc3d1cd8dec8191bf7281e5605fc274301cb109f1
- SHA512
  
  85ba037ebf4ed5eb5efdbe76ab4aad1fcd14c0929616d39fdd6de47dd35470ab16ad46c73014ba90e85a60f93657da4f86f3466114c8e719190738245475ed8e
- SSDEEP
  
  6144:sMqNi6sCem2ESACFMdmb+29+5Ts/5oeKctXNVCBVlm12VRsF8ep:sMqNKm2T92sb+2MTE55NVQXJVRsPp
Score

1^/10
behavioral2
- Target
  
  Core.dll
- Size
  
  1.7MB
- MD5
  
  0ca58aaed4ac332cd29c37575d1e65d0
- SHA1
  
  39cc72e01b703fb8b7e415685d08dbda623f8f3a
- SHA256
  
  a9664894775635033e7b9d7b1dba0d01a08ac6c3a9b8abf8942b158731245c60
- SHA512
  
  cb4c35103d56774c6a496d8552c888a142f6e2fd03c39fd768f0170ee96c151fed9f9b99da3ed4a74899e8ce66225402c5fde28224cc34e2ee63c6ddf266e3a1
- SSDEEP
  
  24576:VBYJcKiH/estoQ7Y4AG/SLAruP7+6nHamVb9k83SyssexOZk6gQVkWEKDdBw:fNKimst77/QP7++Vb9kswokMVjFY
Score

1^/10
behavioral3
- Target
  
  D3DDrv.dll
- Size
  
  773KB
- MD5
  
  c97d53a02c83b358c3cba5574afc35da
- SHA1
  
  b64ef4f112abb868b16186475fad22007f284596
- SHA256
  
  8638d7a9a6a104f96d223f56e2755607b6ddc471365584813e37d26e930297b1
- SHA512
  
  23c60f11ad3803b987c7728fad901f52255b9a7942e76619175d4e0bd1be7b60742a477cbdf303f3c125857bf82770f89bf74ef056d9075721968354a40c2c1d
- SSDEEP
  
  12288:wJ5J7MRKwCfMZvfQ10Jt/TBTOsRPYyH1fN47O1eT4JmHBNxnHQlMPXhWz+0nURJ:QS0Qlkq+0nURJ
Score

1^/10
behavioral4
- Target
  
  D3DX9_40.dll
- Size
  
  4.2MB
- MD5
  
  eea5e428ce63804f9b12d21c97b5968f
- SHA1
  
  77a7f48f4bdb7e66ed5e524bb8879e3da0d6cd1d
- SHA256
  
  16fd909aeb68d0d1aca8529dc7f78880b97d6649d70ce8d03a2c858bc28e216b
- SHA512
  
  545518dabd82441ddfc17fe1c1cbd7d14603bb58130de1307a31f73b93ca42afdf25dfcf481f0383c4e039edfe4a88ae7b84b06a2850c29bbc3550114e499c73
- SSDEEP
  
  98304:E6EoQ715V9VRhAuR9ClDt2iHbEsX0sycGoKO0nceqyaWd2U:/Qp5VUuR9ClDt2iHbEsX0s6LO5Wd
Score

3^/10
behavioral5
- Target
  
  DSETUP.dll
- Size
  
  10KB
- MD5
  
  49fda5c14716af4add17f1df44d90c6f
- SHA1
  
  1f29372011058d4ed744285e83f38057ad7f1909
- SHA256
  
  615d271ebf21140a26fea321f2f0839e37f52e8c5adc6f09c41abaa0e1b40d18
- SHA512
  
  e9def21c72e4815fc3bf6882f810e95cace5e18f27c98d2c1374765c3be5426eafd9d4b89dae5e05a70f88f417441836761f056eb692c87b83d294c190358668
- SSDEEP
  
  192:nJ+pOSnaYbHiaqwJRo46AzfueJYQeywApE+eBak7h2c0H99M/m/V:cnWKLdqQeMyBak70ceYc
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral6
- Target
  
  Engine.dll
- Size
  
  28.2MB
- MD5
  
  8184bd4102014f51e320dd22511e84c6
- SHA1
  
  9dd02d7a487b2a6cbed32db5aa48d06b9d337ee2
- SHA256
  
  86bcbb2122f14de0e179ea1dd2d71d7d33c42264024db95185a4714e38f7004c
- SHA512
  
  68d539f00e48a5dfe90327db2f6e9ef0ce78c93edc19201736dcf7271c9b1c52224f248e4eda6faa14c419f2649649f2b8ca3d8412e4592388d0eb1164394a61
- SSDEEP
  
  98304:1YE4+24q9iTEucpUuSoDdpy+hvwtpzzLMtfr6H7btw8csOMDpxLdt0//p2:ot4Y9pUQe+hvwjzzLM4H73u3w
Score

1^/10
behavioral7
- Target
  
  Fire.dll
- Size
  
  172KB
- MD5
  
  eb99d79176c4f09a9df09a51f2fd68dd
- SHA1
  
  a805143cc6c98834e3890c417b1b80ac3c74a918
- SHA256
  
  d997be791f6b4769395e921045fa411eb238bf2f970b9d2df4c6936f4a7a0502
- SHA512
  
  97c4d0bbe50221757e36c9e8fae92b801d905caf8ee1e60e76c5eaecd4ad13742652756109b5a5d1d358473784380c98f9fd3eea37319d434b50e046a66ed259
- SSDEEP
  
  3072:0FDfGaG9vj+Ll/SzdDhccJyB9+Qy9OIN:0Bkj+LwacsKg
Score

1^/10
behavioral8
- Target
  
  L2.bin
- Size
  
  3.4MB
- MD5
  
  e0bdf54f93233062a9b59665b964d119
- SHA1
  
  cfc0f129fec7449b5bcf1f653496c0e010fc8c8f
- SHA256
  
  eb94a2b0be8318b5407fe971bfe553e554bb5e0245b3d0abc5cfc508e4c69175
- SHA512
  
  df3e2a772f1382222c448898c5ec6345dc3498469a786f32aacc4993727418f0e3c4522c9607ed36e60877a0a214cf0ea6c78469aa907a5ec4d8200fe71fe705
- SSDEEP
  
  49152:AoRTzBsn2W5xrFrH7RCVTnfgNTV+woIGBD:zRfBvW5xJrH7RCRnfgNJVkBD
Score

7^/10
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral9
- Target
  
  clmods.dll
- Size
  
  11.2MB
- MD5
  
  baef30ccc446b01dc8661271de070d6f
- SHA1
  
  502bb28b0c8768c15d7cec458fca9d3630563a1f
- SHA256
  
  5cc5d097b81a8ed19f8fc1780854a80ef6d7bdfd919bfa4191f5e5f5cb96a7c3
- SHA512
  
  0b8efee0094da8c16808e658e22fe601d1af0bf63482a55cbcba2984e4abe6ff910f09cb510aa81b033b9f1ddb914b89d530219a1a3bc97be4416c51559abf05
- SSDEEP
  
  196608:lgGGw1JL31oSVIgaT/oI2FD1c9k+8t+seo0lJfzrn4kpIrQczV2YhvWNI:lZG0zHVoT/ov28c/oIzrn4FUKfhh
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10
- Target
  
  en-US.dll
- Size
  
  108KB
- MD5
  
  0a0c04434e82ce6d6a4f23e973ffdf75
- SHA1
  
  8bd181047d0f742f3ed17fc3c90ac381374b4606
- SHA256
  
  fe1cd3075d120476bd6151222939937bf11abfc8a766bf7fd830049ba86f598d
- SHA512
  
  10d058089e25a7c823687680e00d8589a818154ad7767dc75ea465deee9efe342d62d10eff5be9eec4fe26e19c6346e6f3da97946ac6c032358d594a5248e084
- SSDEEP
  
  3072:r2b56HrXxFkRFneVeojdYUkgAQcgZdlSSbnMm6icPN5u0SAPuOVtWhGqPEbbZuiA:KWQOp
Score

1^/10
behavioral11
- Target
  
  l2.exe
- Size
  
  46.7MB
- MD5
  
  9298113e7d18e48ce3b3bc0cc554dc7f
- SHA1
  
  14b671255042c817a27927afac5b45eeeb217923
- SHA256
  
  60fd97945e88b164a339c7da323c1b1966e17c4d6e280c8f726e62f50f783275
- SHA512
  
  536db1d539a3040b6a1401bf071a7d4a1b4ee07f12440b9e39789e4f0d0d4106574a5c96174c978884d3f025d2125506f15b1f2e4732e1a22c54432396717761
- SSDEEP
  
  786432:hD8AnHDKXqzE8D5zHop+4OA7dgtlnborjSPsNo+7kR5mojqjn:hNW6zJzOOAhOlnbk+PsNoEk+oGb
Score

7^/10
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Executes dropped EXE

Unexpected DNS network traffic destination

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Executes dropped EXE

Unexpected DNS network traffic destination

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12