Overview

overview

7

Static

static

3

0223d85eaf...e7.exe

windows7-x64

7

0223d85eaf...e7.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

Sky Beta.exe

windows7-x64

1

Sky Beta.exe

windows10-2004-x64

7

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

locales/af.ps1

windows7-x64

1

locales/af.ps1

windows10-2004-x64

1

locales/en-GB.ps1

windows7-x64

1

locales/en-GB.ps1

windows10-2004-x64

1

locales/et.ps1

windows7-x64

1

locales/et.ps1

windows10-2004-x64

1

locales/pt-BR.ps1

windows7-x64

1

locales/pt-BR.ps1

windows10-2004-x64

1

locales/sk.ps1

windows7-x64

1

locales/sk.ps1

windows10-2004-x64

1

locales/uk.ps1

windows7-x64

1

locales/uk.ps1

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0223d85eaf5cd5b188e61e9c99b62a9b5cfba4c5d2ed13576858b40327451ae7.exe

  • Size

    68.1MB

  • Sample

    240212-dfx53saf6z

  • MD5

    eba2536c9fcc5ef3e490b7fa2ffc9a45

  • SHA1

    5291bdcbbef4835fd63facffa0fd86881d9e054c

  • SHA256

    0223d85eaf5cd5b188e61e9c99b62a9b5cfba4c5d2ed13576858b40327451ae7

  • SHA512

    aa5b8168e77da5aa3f48aaea2b47381fad3855b7085f1b8931ab24741afe4dc76f70ce89665d74a4e60b3842aadc1acb49b3e412816458aa8d7b2edb6e7649a8

  • SSDEEP

    1572864:2jddGv+xpU8juU0gnvID4NsehQ5A5GjnvyIgZGQVD7:qGvv86UDvzsehQCe9gZx7

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      0223d85eaf5cd5b188e61e9c99b62a9b5cfba4c5d2ed13576858b40327451ae7.exe

    • Size

      68.1MB

    • MD5

      eba2536c9fcc5ef3e490b7fa2ffc9a45

    • SHA1

      5291bdcbbef4835fd63facffa0fd86881d9e054c

    • SHA256

      0223d85eaf5cd5b188e61e9c99b62a9b5cfba4c5d2ed13576858b40327451ae7

    • SHA512

      aa5b8168e77da5aa3f48aaea2b47381fad3855b7085f1b8931ab24741afe4dc76f70ce89665d74a4e60b3842aadc1acb49b3e412816458aa8d7b2edb6e7649a8

    • SSDEEP

      1572864:2jddGv+xpU8juU0gnvID4NsehQ5A5GjnvyIgZGQVD7:qGvv86UDvzsehQCe9gZx7

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral5behavioral6

    • Target

      LICENSES.chromium.html

    • Size

      7.9MB

    • MD5

      312446edf757f7e92aad311f625cef2a

    • SHA1

      91102d30d5abcfa7b6ec732e3682fb9c77279ba3

    • SHA256

      c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b

    • SHA512

      dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

    • SSDEEP

      24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj

    Score
    1/10
    behavioral7behavioral8

    • Target

      Sky Beta.exe

    • Size

      152.7MB

    • MD5

      82bba5f337a5441c52486c72dbe1ae91

    • SHA1

      8e31ee0ec80cbf883b5ee945fed9b9e330407f5b

    • SHA256

      28654e3b799752f56c9699d156c01f21dbbe598058ba52e9b8f876a0e7c8ce09

    • SHA512

      16300c7c590145f9da4b8c06b6efe1be77a3ba037234d4de8fae3586c9453698596f6fa2e0600a171d0512a9b9b28dfbe55d27bffafe673e4c8afcbfb12660e7

    • SSDEEP

      1572864:qLBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj0:qypCmJctBjj2+Jv

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral10behavioral9

    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      2191e768cc2e19009dad20dc999135a3

    • SHA1

      f49a46ba0e954e657aaed1c9019a53d194272b6a

    • SHA256

      7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

    • SHA512

      5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

    • SSDEEP

      49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l

    Score
    1/10
    behavioral11

    • Target

      ffmpeg.dll

    • Size

      2.7MB

    • MD5

      e096c168b79a56ded0df1aa142d9f1da

    • SHA1

      318f20dab294a315bd935160e9417fb5b28300f5

    • SHA256

      65cc75329d17ec264e7a2db571ea55f918394241445ea64569a56c75d0cfdc60

    • SHA512

      3dccf6ce85ef7e75690a5851642f10bb5e6e1572e91e933bacb7fcbfe405b0412b94ba0e160c3ba8d68d2b9afc1da268f61c83dccd6453d8c9470931ee900bfd

    • SSDEEP

      49152:YGJO72cNsdMZWfAn1fdmZMOqcQrGhjUHgNxGUwSCmmfYDJGz5SN3lzl3hSKqH:Jj8n1QqGCmmfIUz59t

    Score
    1/10
    behavioral12behavioral13

    • Target

      libEGL.dll

    • Size

      470KB

    • MD5

      1eecfb04c4434f5a813c8f0c0c8f2c88

    • SHA1

      6dc3ca4b3f72e7fb33ba26fa488de323edb59add

    • SHA256

      897ceb95fb164640ddd2426673997b5f6fc2619fd916b038b575a70a0682a706

    • SHA512

      d7818a42a76508ac3150aea8d4e168b2db36f55f71983a177002086380a82e307624cfe37b01ffc3d7eb407485d182654d0d7c6a0c06ccaae60666630469c7e0

    • SSDEEP

      6144:F9L2FFtoVsruIzUEzUST6uHKw+BubaOQ74PlqF8:F9CGafznzUSTRY70I

    Score
    1/10
    behavioral14behavioral15

    • Target

      libGLESv2.dll

    • Size

      7.3MB

    • MD5

      cba2436016f7a2838588a52d5b6f30f1

    • SHA1

      81ddf44b3e122dfbee1a2cd8d4544364f1a621a4

    • SHA256

      bcb3a3d2fca3c33fa3d1d5dc976aa913cdc8001df8e64c2cd3d2c545245141bf

    • SHA512

      d92a880b5f83c5ae10ae9a83e38a293bb0e8c7659dd6ece162fc752d57c9fcde8036b81b023cd9f0f4f32b95b06fd4c366e20301010354b6cb904398a3149a44

    • SSDEEP

      98304:U8qvGdDtslh+LD3ZDWfnSvBSDU5bPm3k89Ld3gsOMt/:JD3ZXJ7bPWLWsD/

    Score
    1/10
    behavioral16behavioral17

    • Target

      locales/af.pak

    • Size

      368KB

    • MD5

      7e51349edc7e6aed122bfa00970fab80

    • SHA1

      eb6df68501ecce2090e1af5837b5f15ac3a775eb

    • SHA256

      f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97

    • SHA512

      69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

    • SSDEEP

      6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd

    Score
    1/10
    behavioral18behavioral19

    • Target

      locales/en-GB.pak

    • Size

      336KB

    • MD5

      d59e613e8f17bdafd00e0e31e1520d1f

    • SHA1

      529017d57c4efed1d768ab52e5a2bc929fdfb97c

    • SHA256

      90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd

    • SHA512

      29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

    • SSDEEP

      6144:80kjE55JcUnMP9egFXwqfaYnT9Xa5alSeBNdg:80kQJZnM1XwWT05YScg

    Score
    1/10
    behavioral20behavioral21

    • Target

      locales/et.pak

    • Size

      371KB

    • MD5

      a94e1775f91ea8622f82ae5ab5ba6765

    • SHA1

      ff17accdd83ac7fcc630e9141e9114da7de16fdb

    • SHA256

      1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163

    • SHA512

      a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

    • SSDEEP

      6144:2Mg++J/xRN0JLnrC4HFJbT/RauiQ/G5LjR43f7LQkPQW:2MmJnq7DG5LjQ

    Score
    1/10
    behavioral22behavioral23

    • Target

      locales/pt-BR.pak

    • Size

      405KB

    • MD5

      0d9dea9e24645c2a3f58e4511c564a36

    • SHA1

      dcd2620a1935c667737eea46ca7bb2bdcb31f3a6

    • SHA256

      ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b

    • SHA512

      8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

    • SSDEEP

      6144:Bm1HqF4Znh9GzBtNBXBLd1OUDcpryHF55NJND0bsRzlb2:UHrnhMzX5PJB4sRxC

    Score
    1/10
    behavioral24behavioral25

    • Target

      locales/sk.pak

    • Size

      432KB

    • MD5

      c6c7396dbfb989f034d50bd053503366

    • SHA1

      089f176b88235cce5bca7abfcc78254e93296d61

    • SHA256

      439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a

    • SHA512

      1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

    • SSDEEP

      6144:vQt/WMWyqiLJcPXPk5ELALWaQlKDEmLFGR:vQYfyqiWPXM5ELALWaQlwdLE

    Score
    1/10
    behavioral26behavioral27

    • Target

      locales/uk.pak

    • Size

      688KB

    • MD5

      ee70e9f3557b9c8c67bfb8dfcb51384d

    • SHA1

      fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e

    • SHA256

      54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22

    • SHA512

      f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

    • SSDEEP

      12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK

    Score
    1/10
    behavioral28behavioral29

    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10
    behavioral30behavioral31

    • Target

      vk_swiftshader.dll

    • Size

      5.1MB

    • MD5

      524b0d85d992f86a7f26c162f3dbb91c

    • SHA1

      bc9c862fd01f6134a0514dcb63f9fab7a61ce269

    • SHA256

      5b2ffb78fa963f2dea5a7fcf7676fc3aba243c4372d7528c8f1fc8f726d0a3fa

    • SHA512

      422a18af294d7551224e05f5f4f5dcfa51b3455c2e61fc285fd2b95b50274eb77ff317647e17b0e7d47459b4fed19c7c88c90e0878f2269a78d598b1196401d8

    • SSDEEP

      98304:RKJSTu+985EkjstvgsnpkkHF3y/AFIB7:RQq85EkjstvgsnpkkJETB

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

spywarestealer
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

spywarestealer
Score
7/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.