a3a267aa6f5b0ade2e4829ba18a1baa5bf9a622b49767c1f849090d9263ff68d

Resubmissions

08/02/2024, 09:22

240208-lcd7ssdd32 10

08/02/2024, 02:25

240208-cwq62adgdl 6

07/02/2024, 17:55

240207-whf9fsac74 6

Sharing

Copy URL

Twitter E-mail

General

Target

1_npp.8.6.portable.x64.zip
Size

8.1MB
Sample

240207-whf9fsac74
MD5

daca6a61e1d5128ddf36e0fbce38570f
SHA1

629b61a44b4412a2bd18abc508ad46069779a83f
SHA256

a3a267aa6f5b0ade2e4829ba18a1baa5bf9a622b49767c1f849090d9263ff68d
SHA512

f9d931721bb0099c06ab7cddeca26bb228ac1c0c0e1652fb2f2f9ba0958c75a052e4b54ad350c0b95aa1d0f981d9678bc5b4457a056650ce0932b6401a2a5f44
SSDEEP

196608:+TLcWKqkGTSOwUD4LDqIwOnburMbf/PHU7r3fMsax9WRz:+TAb9OwLqlOpf3UPf2x9WRz

Score

6^/10

Malware Config

Targets

- Target
  
  npp.8.6.portable.x64/contextModel.html
- Size
  
  2.6MB
- MD5
  
  8f28087d8d0e716368314c2f1a159280
- SHA1
  
  7e383ae0f632c02ef98168b6c1a33fd449d6c393
- SHA256
  
  0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046
- SHA512
  
  aa21ab18a12a69ff25b24b1c255b0bdc7961985150b07a7f3f4b0909e212295bd781548cd8ea817f3144dfad845aff93df40a513bdb637db7b89bb08fff01eab
- SSDEEP
  
  49152:C+sGc1TASKVbmYIBotpg0TunuNeeigv0XIMw4h2pk4PxKS5VinRfepLm7j5:WTAfVbwotpgruNeW0VHhL3S5VicLaj5
Score

1^/10
behavioral1 behavioral2
- Target
  
  npp.8.6.portable.x64/notepad.exe
- Size
  
  6.8MB
- MD5
  
  ae07a5be89978600f3094c66ac719eb2
- SHA1
  
  a281e662b6d1cca0d54cab01a0064b62e7f1f103
- SHA256
  
  746bbdd8c754b0ac18a226d2a1cc68792c948033932f5723981a2b5f5684d310
- SHA512
  
  d90f42fb42cf2f5f3ca8d25603666a5b73f11fcc3404597b1c023768cf21083abe0d2b19f3ae2499fba469474e818200ca9937b48ee5406f15bd6f9ea3996151
- SSDEEP
  
  49152:MuX8nT7KkzbaJ/I1ER5S/qlC1VQHqpyhdRoMSoAMMho/WVEK7yToMoK2w74CS5hg:5/ICR5wPy+elgIXoGJUR6eP4mTr/moG
Score

1^/10
behavioral3 behavioral4
- Target
  
  npp.8.6.portable.x64/plugins/Config/nppPluginList.dll
- Size
  
  202KB
- MD5
  
  e95608fe5d8a93ff8eb9a5df985dab14
- SHA1
  
  b640e7276bc071521b5975b4aeb82f7f962dfd3a
- SHA256
  
  c166b13fd40ac3168a0e4cd15fb5bec6ff0cc78956b86135d4ed9079de58cc2d
- SHA512
  
  fccb8d687c355b63d7073699705f4f7e9481defcd31269834b5c62717dfe9fd1ca148ecad756724c66eee78180612509214049d29f233f48d983042a70d2fdcf
- SSDEEP
  
  3072:guQtUEW4pggQikeV29r97Fo/rg4aSuhJFAKT13faj7pFKaXQH5FV0s5cB:ItUr4/Dkq2FHj1vkKFbi
Score

1^/10
behavioral5 behavioral6
- Target
  
  npp.8.6.portable.x64/plugins/NppConverter/NppConverter.dll
- Size
  
  199KB
- MD5
  
  eb17b9ad0edd5d2e3dd8ed768b7e715a
- SHA1
  
  e80afe0e9f7bbbaf280c76f620a9992b92fa4970
- SHA256
  
  ea870b9714c6f03c3da4ca179a7c8c25854080ac65e00363514b0ca0f66c26b0
- SHA512
  
  781fad8cd4d2191c50fd1058de7b291ed7a26986388ff7df4e5580f887b549e5e55a66f2d9bc9b515089f4a73174147d4d3e322edd96e9d0d23b37d9e3fcee43
- SSDEEP
  
  3072:fVub4QxSy09L3pCQRUKobM56CjX6cr1+5tq4GtBXdj6oSOE6qgv:9XE09MQRMbkNKZ4799E6L
Score

1^/10
behavioral7 behavioral8
- Target
  
  npp.8.6.portable.x64/plugins/NppExport/NppExport.dll
- Size
  
  153KB
- MD5
  
  f9b9e4b059a7cf3aeddaa4038539e9a1
- SHA1
  
  06dbc4dc4d2d0687f47fcebddbdddc0c47a19587
- SHA256
  
  f43204a9dd233db4d9042cb9fd36a6fe1f26f50cac88389a12af255886660a7c
- SHA512
  
  b279cb8b57220e325ed7a892ebee5715712801aed8422377e81e658cc20dfe69f06575eb6b350934997adf938f234d09c15023c340a1c97115c9e0d64bf9a88f
- SSDEEP
  
  3072:OHWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6yS:IWYwtRxCYAKfb5uwodsIjd6k6
Score

1^/10
behavioral10 behavioral9
- Target
  
  npp.8.6.portable.x64/plugins/mimeTools/mimeTools.dll
- Size
  
  142KB
- MD5
  
  9a0d92c54d88bd609899fc03b0511df4
- SHA1
  
  24e4a74764b150b04c32806c51c91a79c14501b1
- SHA256
  
  0de42118dd0cd861bea13de097457ccb407aae901b14e0bec59b0abe660cdf1f
- SHA512
  
  13cb93ea22c3a74dcba758c1597fc53a5391137e1bf8b93db46c6d8e98a0368c5c75d2b76924647105c65af288968012beafb82c9bc4687d259cf0a5a6e1d64c
- SSDEEP
  
  3072:XoYVzZCZ6cRqFkoTFKTgA0fmTSeHmF6ffBaJ0r65GaENNC71:XKp0fmTSyBffBKo
Score

1^/10
behavioral11 behavioral12
- Target
  
  npp.8.6.portable.x64/updater/GUP.exe
- Size
  
  818KB
- MD5
  
  e9be0bc06725c372140838245805dc66
- SHA1
  
  6eafbbefe6d2b5b6c8fc39dac54881b5f2e61735
- SHA256
  
  8038960c66ec29e9ee0f027491c8349a158025faee39d069219b5a3297134197
- SHA512
  
  14831f538f5afd80689db24f7536ef725b75ce235a1ccb7f6795440819461d038cede5beeebd28ffbf9618ae984a0f347a9ffe4c0c10da7b914022174a1688e2
- SSDEEP
  
  12288:KySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoq:7qMo2aWqT2KbpIFZ6PNeTw
Score

6^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  npp.8.6.portable.x64/updater/libcurl.dll
- Size
  
  728KB
- MD5
  
  9f879b6c494bfba4b865ef1dea1bb1f6
- SHA1
  
  40b1d446e0eb4c5e9f0d0265eea00f0550c402eb
- SHA256
  
  c355961db2470b60629919ccffa0d1b57eea19cfd9fd3209b1165a4eedaa9bf9
- SHA512
  
  d2bfe23b5ac56096488f9c5d7978a5908c3f0868fe965083e455f5c639acad47582b8ebdab9caa9f4abb75415558bf4121d32122c443ebf0ebe20940feb7e6a6
- SSDEEP
  
  12288:dvnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:dVekCoa5l2P2B6hdQvl03msMy
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16