General

  • Target

    clmods.zip

  • Size

    74.0MB

  • Sample

    240206-ae2v4abbc8

  • MD5

    99d656ef19a49451e9c5bf51cc7062d5

  • SHA1

    d95f6ed4410f6e109d3402e83626169d11461fc4

  • SHA256

    941c55c178d109c1af6ca548fbc8d5cf2abe6a7ae9c9517348f499e015ce14fc

  • SHA512

    b3552a706a0578e1fe0970752400cab7d25d38c20eec802e0c0b51210b070ac45b61374647da6cf7dcb73187ed2dd736c0336faade4a76ed521808aa9793ba54

  • SSDEEP

    1572864:hiXYlkT70XUDNMiOBLblUmHwOh05RzQKaiaA8wAXKWv5:MYU0XUDfOBLamQO8I9J

Score
9/10

Malware Config

Targets

    • Target

      Awesomium.dll

    • Size

      20.4MB

    • MD5

      b86a78256b8632cde4993321b31011aa

    • SHA1

      aaa03e1a11d13e2d3e66398ed171bf9f67a08cbb

    • SHA256

      ffc70911b66bf551e9c72163d45313ead78ff4b2ff2f31fc2bd63377f3a111d2

    • SHA512

      7552a2e276b55e19b1ea8b9363f8071ce6dfa2f557be8fec5d0ccd079d4d6463eeeb6ff49ed53a885f4c7cb6624f5391ffaaf271057e4210447508c320a6d34e

    • SSDEEP

      196608:k1WOChW71u6FkIX7c+TdVRY/JOO9RK40fCDLrZqdUszxjeVWvHi5rQJI:k1mk1l7c+TL+G2/ZKzsVWvWcI

    Score
    3/10
    • Target

      AwesomiumProcess.exe

    • Size

      444KB

    • MD5

      d802cc2c3c11d0716788572e7ba3b401

    • SHA1

      87e8dd06b76728a5895e4e31351dcced8d444ca0

    • SHA256

      95c72c6a11bfa139cc4f7f5cc3d1cd8dec8191bf7281e5605fc274301cb109f1

    • SHA512

      85ba037ebf4ed5eb5efdbe76ab4aad1fcd14c0929616d39fdd6de47dd35470ab16ad46c73014ba90e85a60f93657da4f86f3466114c8e719190738245475ed8e

    • SSDEEP

      6144:sMqNi6sCem2ESACFMdmb+29+5Ts/5oeKctXNVCBVlm12VRsF8ep:sMqNKm2T92sb+2MTE55NVQXJVRsPp

    Score
    1/10
    • Target

      Core.dll

    • Size

      1.7MB

    • MD5

      0ca58aaed4ac332cd29c37575d1e65d0

    • SHA1

      39cc72e01b703fb8b7e415685d08dbda623f8f3a

    • SHA256

      a9664894775635033e7b9d7b1dba0d01a08ac6c3a9b8abf8942b158731245c60

    • SHA512

      cb4c35103d56774c6a496d8552c888a142f6e2fd03c39fd768f0170ee96c151fed9f9b99da3ed4a74899e8ce66225402c5fde28224cc34e2ee63c6ddf266e3a1

    • SSDEEP

      24576:VBYJcKiH/estoQ7Y4AG/SLAruP7+6nHamVb9k83SyssexOZk6gQVkWEKDdBw:fNKimst77/QP7++Vb9kswokMVjFY

    Score
    1/10
    • Target

      D3DDrv.dll

    • Size

      773KB

    • MD5

      c97d53a02c83b358c3cba5574afc35da

    • SHA1

      b64ef4f112abb868b16186475fad22007f284596

    • SHA256

      8638d7a9a6a104f96d223f56e2755607b6ddc471365584813e37d26e930297b1

    • SHA512

      23c60f11ad3803b987c7728fad901f52255b9a7942e76619175d4e0bd1be7b60742a477cbdf303f3c125857bf82770f89bf74ef056d9075721968354a40c2c1d

    • SSDEEP

      12288:wJ5J7MRKwCfMZvfQ10Jt/TBTOsRPYyH1fN47O1eT4JmHBNxnHQlMPXhWz+0nURJ:QS0Qlkq+0nURJ

    Score
    1/10
    • Target

      D3DX9_40.dll

    • Size

      4.2MB

    • MD5

      eea5e428ce63804f9b12d21c97b5968f

    • SHA1

      77a7f48f4bdb7e66ed5e524bb8879e3da0d6cd1d

    • SHA256

      16fd909aeb68d0d1aca8529dc7f78880b97d6649d70ce8d03a2c858bc28e216b

    • SHA512

      545518dabd82441ddfc17fe1c1cbd7d14603bb58130de1307a31f73b93ca42afdf25dfcf481f0383c4e039edfe4a88ae7b84b06a2850c29bbc3550114e499c73

    • SSDEEP

      98304:E6EoQ715V9VRhAuR9ClDt2iHbEsX0sycGoKO0nceqyaWd2U:/Qp5VUuR9ClDt2iHbEsX0s6LO5Wd

    Score
    3/10
    • Target

      DSETUP.dll

    • Size

      10KB

    • MD5

      49fda5c14716af4add17f1df44d90c6f

    • SHA1

      1f29372011058d4ed744285e83f38057ad7f1909

    • SHA256

      615d271ebf21140a26fea321f2f0839e37f52e8c5adc6f09c41abaa0e1b40d18

    • SHA512

      e9def21c72e4815fc3bf6882f810e95cace5e18f27c98d2c1374765c3be5426eafd9d4b89dae5e05a70f88f417441836761f056eb692c87b83d294c190358668

    • SSDEEP

      192:nJ+pOSnaYbHiaqwJRo46AzfueJYQeywApE+eBak7h2c0H99M/m/V:cnWKLdqQeMyBak70ceYc

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Engine.dll

    • Size

      28.2MB

    • MD5

      8184bd4102014f51e320dd22511e84c6

    • SHA1

      9dd02d7a487b2a6cbed32db5aa48d06b9d337ee2

    • SHA256

      86bcbb2122f14de0e179ea1dd2d71d7d33c42264024db95185a4714e38f7004c

    • SHA512

      68d539f00e48a5dfe90327db2f6e9ef0ce78c93edc19201736dcf7271c9b1c52224f248e4eda6faa14c419f2649649f2b8ca3d8412e4592388d0eb1164394a61

    • SSDEEP

      98304:1YE4+24q9iTEucpUuSoDdpy+hvwtpzzLMtfr6H7btw8csOMDpxLdt0//p2:ot4Y9pUQe+hvwjzzLM4H73u3w

    Score
    1/10
    • Target

      Fire.dll

    • Size

      172KB

    • MD5

      eb99d79176c4f09a9df09a51f2fd68dd

    • SHA1

      a805143cc6c98834e3890c417b1b80ac3c74a918

    • SHA256

      d997be791f6b4769395e921045fa411eb238bf2f970b9d2df4c6936f4a7a0502

    • SHA512

      97c4d0bbe50221757e36c9e8fae92b801d905caf8ee1e60e76c5eaecd4ad13742652756109b5a5d1d358473784380c98f9fd3eea37319d434b50e046a66ed259

    • SSDEEP

      3072:0FDfGaG9vj+Ll/SzdDhccJyB9+Qy9OIN:0Bkj+LwacsKg

    Score
    1/10
    • Target

      L2.bin

    • Size

      3.4MB

    • MD5

      e0bdf54f93233062a9b59665b964d119

    • SHA1

      cfc0f129fec7449b5bcf1f653496c0e010fc8c8f

    • SHA256

      eb94a2b0be8318b5407fe971bfe553e554bb5e0245b3d0abc5cfc508e4c69175

    • SHA512

      df3e2a772f1382222c448898c5ec6345dc3498469a786f32aacc4993727418f0e3c4522c9607ed36e60877a0a214cf0ea6c78469aa907a5ec4d8200fe71fe705

    • SSDEEP

      49152:AoRTzBsn2W5xrFrH7RCVTnfgNTV+woIGBD:zRfBvW5xJrH7RCRnfgNJVkBD

    Score
    7/10
    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      clmods.dll

    • Size

      11.2MB

    • MD5

      baef30ccc446b01dc8661271de070d6f

    • SHA1

      502bb28b0c8768c15d7cec458fca9d3630563a1f

    • SHA256

      5cc5d097b81a8ed19f8fc1780854a80ef6d7bdfd919bfa4191f5e5f5cb96a7c3

    • SHA512

      0b8efee0094da8c16808e658e22fe601d1af0bf63482a55cbcba2984e4abe6ff910f09cb510aa81b033b9f1ddb914b89d530219a1a3bc97be4416c51559abf05

    • SSDEEP

      196608:lgGGw1JL31oSVIgaT/oI2FD1c9k+8t+seo0lJfzrn4kpIrQczV2YhvWNI:lZG0zHVoT/ov28c/oIzrn4FUKfhh

    Score
    5/10
    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      en-US.dll

    • Size

      108KB

    • MD5

      0a0c04434e82ce6d6a4f23e973ffdf75

    • SHA1

      8bd181047d0f742f3ed17fc3c90ac381374b4606

    • SHA256

      fe1cd3075d120476bd6151222939937bf11abfc8a766bf7fd830049ba86f598d

    • SHA512

      10d058089e25a7c823687680e00d8589a818154ad7767dc75ea465deee9efe342d62d10eff5be9eec4fe26e19c6346e6f3da97946ac6c032358d594a5248e084

    • SSDEEP

      3072:r2b56HrXxFkRFneVeojdYUkgAQcgZdlSSbnMm6icPN5u0SAPuOVtWhGqPEbbZuiA:KWQOp

    Score
    1/10
    • Target

      l2.exe

    • Size

      46.7MB

    • MD5

      9298113e7d18e48ce3b3bc0cc554dc7f

    • SHA1

      14b671255042c817a27927afac5b45eeeb217923

    • SHA256

      60fd97945e88b164a339c7da323c1b1966e17c4d6e280c8f726e62f50f783275

    • SHA512

      536db1d539a3040b6a1401bf071a7d4a1b4ee07f12440b9e39789e4f0d0d4106574a5c96174c978884d3f025d2125506f15b1f2e4732e1a22c54432396717761

    • SSDEEP

      786432:hD8AnHDKXqzE8D5zHop+4OA7dgtlnborjSPsNo+7kR5mojqjn:hNW6zJzOOAhOlnbk+PsNoEk+oGb

    Score
    7/10
    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks