e4ac8bb0302535061a238b09e6e3a7ca14300439bfa72608a580987702ee8552

Resubmissions

15/02/2024, 20:41

240215-zgk3ssgf58 10

15/02/2024, 15:00

240215-sdbavshf7v 6

Sharing

Copy URL

Twitter E-mail

General

Target

4_npp.8.6.portable.x64.zip
Size

8.1MB
Sample

240215-sdbavshf7v
MD5

f02194a9b940dc9dcbae68ea86e5b766
SHA1

73f6102d53637c3cfafb3262133684c9369fef7c
SHA256

e4ac8bb0302535061a238b09e6e3a7ca14300439bfa72608a580987702ee8552
SHA512

8eb323d56dda5bb240a61bc833bff7103f5abfb45cbf0ec67a185aa1d1d293cb84bb9228b44e1bf4492460a6449b1155df93d444d7256eff9925ea9318d55bdb
SSDEEP

196608:7TkWKqkGTSOwUD4LDqIwOnburMbf/PHU7rafMsax9WRO:7Tkb9OwLqlOpf3Uyf2x9WRO

Score

6^/10

Malware Config

Targets

- Target
  
  npp.8.6.portable.x64/contextModel.html
- Size
  
  2.6MB
- MD5
  
  8f28087d8d0e716368314c2f1a159280
- SHA1
  
  7e383ae0f632c02ef98168b6c1a33fd449d6c393
- SHA256
  
  0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046
- SHA512
  
  aa21ab18a12a69ff25b24b1c255b0bdc7961985150b07a7f3f4b0909e212295bd781548cd8ea817f3144dfad845aff93df40a513bdb637db7b89bb08fff01eab
- SSDEEP
  
  49152:C+sGc1TASKVbmYIBotpg0TunuNeeigv0XIMw4h2pk4PxKS5VinRfepLm7j5:WTAfVbwotpgruNeW0VHhL3S5VicLaj5
Score

1^/10
behavioral1 behavioral2
- Target
  
  npp.8.6.portable.x64/notepad.exe
- Size
  
  6.8MB
- MD5
  
  ae07a5be89978600f3094c66ac719eb2
- SHA1
  
  a281e662b6d1cca0d54cab01a0064b62e7f1f103
- SHA256
  
  746bbdd8c754b0ac18a226d2a1cc68792c948033932f5723981a2b5f5684d310
- SHA512
  
  d90f42fb42cf2f5f3ca8d25603666a5b73f11fcc3404597b1c023768cf21083abe0d2b19f3ae2499fba469474e818200ca9937b48ee5406f15bd6f9ea3996151
- SSDEEP
  
  49152:MuX8nT7KkzbaJ/I1ER5S/qlC1VQHqpyhdRoMSoAMMho/WVEK7yToMoK2w74CS5hg:5/ICR5wPy+elgIXoGJUR6eP4mTr/moG
Score

1^/10
behavioral3 behavioral4
- Target
  
  npp.8.6.portable.x64/plugins/Config/nppPluginList.dll
- Size
  
  202KB
- MD5
  
  e95608fe5d8a93ff8eb9a5df985dab14
- SHA1
  
  b640e7276bc071521b5975b4aeb82f7f962dfd3a
- SHA256
  
  c166b13fd40ac3168a0e4cd15fb5bec6ff0cc78956b86135d4ed9079de58cc2d
- SHA512
  
  fccb8d687c355b63d7073699705f4f7e9481defcd31269834b5c62717dfe9fd1ca148ecad756724c66eee78180612509214049d29f233f48d983042a70d2fdcf
- SSDEEP
  
  3072:guQtUEW4pggQikeV29r97Fo/rg4aSuhJFAKT13faj7pFKaXQH5FV0s5cB:ItUr4/Dkq2FHj1vkKFbi
Score

1^/10
behavioral5 behavioral6
- Target
  
  npp.8.6.portable.x64/plugins/NppConverter/NppConverter.dll
- Size
  
  199KB
- MD5
  
  eb17b9ad0edd5d2e3dd8ed768b7e715a
- SHA1
  
  e80afe0e9f7bbbaf280c76f620a9992b92fa4970
- SHA256
  
  ea870b9714c6f03c3da4ca179a7c8c25854080ac65e00363514b0ca0f66c26b0
- SHA512
  
  781fad8cd4d2191c50fd1058de7b291ed7a26986388ff7df4e5580f887b549e5e55a66f2d9bc9b515089f4a73174147d4d3e322edd96e9d0d23b37d9e3fcee43
- SSDEEP
  
  3072:fVub4QxSy09L3pCQRUKobM56CjX6cr1+5tq4GtBXdj6oSOE6qgv:9XE09MQRMbkNKZ4799E6L
Score

1^/10
behavioral7 behavioral8
- Target
  
  npp.8.6.portable.x64/plugins/NppExport/NppExport.dll
- Size
  
  153KB
- MD5
  
  f9b9e4b059a7cf3aeddaa4038539e9a1
- SHA1
  
  06dbc4dc4d2d0687f47fcebddbdddc0c47a19587
- SHA256
  
  f43204a9dd233db4d9042cb9fd36a6fe1f26f50cac88389a12af255886660a7c
- SHA512
  
  b279cb8b57220e325ed7a892ebee5715712801aed8422377e81e658cc20dfe69f06575eb6b350934997adf938f234d09c15023c340a1c97115c9e0d64bf9a88f
- SSDEEP
  
  3072:OHWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6yS:IWYwtRxCYAKfb5uwodsIjd6k6
Score

1^/10
behavioral10 behavioral9
- Target
  
  npp.8.6.portable.x64/plugins/mimeTools/mimeTools.dll
- Size
  
  142KB
- MD5
  
  3124031b3512e0931495373d246150ab
- SHA1
  
  fa22a1db3388e4fa570f5b2ec656b49bdb53e6ac
- SHA256
  
  1c1d739f0282bfd9367e29ca81c61ed4a731e5150a836d0371e5e9d0121c9dfd
- SHA512
  
  245600b3cddc4f362f4b269447bf0cab173d1a56e0551c63d2643dfb1c1928fc535bc847c29cfdf1b2378abf3bdb25efbfb0f99e10e277367394dfdc66a11738
- SSDEEP
  
  3072:XoY4sCmgqSJGfzOpBBvxWTgA0fmTSeHmF6ffBaJ0r65GaENNC71:XZp0fmTSyBffBKo
Score

1^/10
behavioral11 behavioral12
- Target
  
  npp.8.6.portable.x64/updater/GUP.exe
- Size
  
  818KB
- MD5
  
  e9be0bc06725c372140838245805dc66
- SHA1
  
  6eafbbefe6d2b5b6c8fc39dac54881b5f2e61735
- SHA256
  
  8038960c66ec29e9ee0f027491c8349a158025faee39d069219b5a3297134197
- SHA512
  
  14831f538f5afd80689db24f7536ef725b75ce235a1ccb7f6795440819461d038cede5beeebd28ffbf9618ae984a0f347a9ffe4c0c10da7b914022174a1688e2
- SSDEEP
  
  12288:KySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoq:7qMo2aWqT2KbpIFZ6PNeTw
Score

6^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  npp.8.6.portable.x64/updater/libcurl.dll
- Size
  
  728KB
- MD5
  
  9f879b6c494bfba4b865ef1dea1bb1f6
- SHA1
  
  40b1d446e0eb4c5e9f0d0265eea00f0550c402eb
- SHA256
  
  c355961db2470b60629919ccffa0d1b57eea19cfd9fd3209b1165a4eedaa9bf9
- SHA512
  
  d2bfe23b5ac56096488f9c5d7978a5908c3f0868fe965083e455f5c639acad47582b8ebdab9caa9f4abb75415558bf4121d32122c443ebf0ebe20940feb7e6a6
- SSDEEP
  
  12288:dvnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:dVekCoa5l2P2B6hdQvl03msMy
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16