5dfa7816c521fa59c1e558ca48e39632257afa88b97b901160e2ff97ad63e681

Sharing

Copy URL

Twitter E-mail

General

Target

x64 beta.zip
Size

168.7MB
Sample

240219-wtfr3aac5v
MD5

dd6c1b2995c77a00cda82abcd981f6ef
SHA1

74544b5c736b8544a6b76991f83a8de788dc32d2
SHA256

5dfa7816c521fa59c1e558ca48e39632257afa88b97b901160e2ff97ad63e681
SHA512

bddea2d267a46cff218270bfb890be1d6c94b9c83a86c24a4d87f6560706f84b4beb2bb57a90f39832870cc622d38bde47659c59dce6cc96b160fc9d81c4c287
SSDEEP

3145728:NkqcdhePd9JkGwazLJAZ1MrvNrrDe0/xcWFnn/0Wn4O7sgWBLXtMTpsAW3L:6XQd9ybazL+ZGVrDe0JTnn/0Wt7sgWZX

Score

8^/10

Malware Config

Targets

- Target
  
  x64 beta/AntiBypass.dll
- Size
  
  713KB
- MD5
  
  2a4a33f9d45a5aada45f81e91278afd7
- SHA1
  
  7cbf42cbf24219db0c97428a5099ba16cd88a415
- SHA256
  
  c4eabfee8166163d5b03661d6af42c50734b39feba45fe54cfff7b315570d4d0
- SHA512
  
  d6bf8eddaf83c2b5ce2d1a3e5a1666de22a370d468ecc9f0ef49b3e5e12eeabdb44315c71984135a24e9b53cd77b214d613aa00ce7cfeead5b6afb6d50a0e3c6
- SSDEEP
  
  12288:RqKd5JFifKBFtgzbBky8fI5nRYZsHaBEyFot2wAp+Nrda7ESLqlF3YeYsSSFvO:lgKBFt2ORfIfdHaBEyFoBAerkAr6PfS5
Score

1^/10
behavioral1 behavioral2
- Target
  
  x64 beta/beta.exe
- Size
  
  71.1MB
- MD5
  
  fd87d8504bff1dd114e6ab4612b3670d
- SHA1
  
  8b75489ddf95d5452ff48ec6324d4e585b4bb7c3
- SHA256
  
  49291064e6fc7fe3968d7f2208823fca919d13e77129160689cca788a1fe80f6
- SHA512
  
  d550f6ec0de45ef3aaca5bd0bb6d3f3870afc5759d7549d4a6714bf6c802d42dc5a4fed6bedd5d021475552e7bb785aaa8ee01c6e5721f6cc03b41707aaff89d
- SSDEEP
  
  1572864:54/4rzOchPh5FmfnPd5I+fC3QVkh8w61pdvQNuDJ7:+kqcdhePd9JkGwazLJ7
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  LICENSES.chromium.html
- Size
  
  5.2MB
- MD5
  
  df37c89638c65db9a4518b88e79350be
- SHA1
  
  6b9ba9fba54fb3aa1b938de218f549078924ac50
- SHA256
  
  dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
- SHA512
  
  93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67
- SSDEEP
  
  12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZb:sPM95FCWStQj6ERs/mfMl6H0skDpS
Score

1^/10
behavioral10 behavioral9
- Target
  
  beta.exe
- Size
  
  139.5MB
- MD5
  
  809ca215de4598350eaeddb5a94ebbba
- SHA1
  
  caccfadb6b96dc6155696f6309c3ea492078bb5c
- SHA256
  
  0f702f8ac538e810649808f0d9b6000e1aa4360849633c0ed76ec36e2cfc8332
- SHA512
  
  1521a30cf760277a24ed1446d29eb71af297582ac2d8b4546a322ec9690a8094963a194d7f2fdec65e2e59673c8f912557182e673af8d46cd29bd20989cdae36
- SSDEEP
  
  786432:f14w5ThzHwQBgmoLWv+K18nCzKdo5DTdvfMQr6SSmPuvh8tSIW68:f14kpHwQjCWv+K18CedmVvEQEpcJW
Score

7^/10

persistence
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral11 behavioral12
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
- SSDEEP
  
  49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score

1^/10
behavioral13
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  c3842fb3087cdcdb04020ac38683c289
- SHA1
  
  329dbcd4a1c79b891b200f11eb50194b85c493bc
- SHA256
  
  e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133
- SHA512
  
  069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5
- SSDEEP
  
  49152:JcMr6+FXptsXTmgP7he370olRK+KCKyRb+kyqVZWxX0b4unfruHw:RKer0olGyByEf8
Score

1^/10
behavioral14 behavioral15
- Target
  
  libEGL.dll
- Size
  
  437KB
- MD5
  
  8352fd22f09b873193cabc2932be92f0
- SHA1
  
  5bd2b58854b279f1733c5f54ea2669ee8a888d9e
- SHA256
  
  14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
- SHA512
  
  7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2
- SSDEEP
  
  6144:odpiWYLBViWOSdAr1Knk2mI3LpxE0RYqowpW6VmHrtff1FI:ipvYLbiWBqrQnPxE0cKmHZ3P
Score

1^/10
behavioral16 behavioral17
- Target
  
  libGLESv2.dll
- Size
  
  6.7MB
- MD5
  
  b6a433dc7b4030fb17bd1683a9606b6e
- SHA1
  
  0602c50532e3f13facc67bd95a048c470e88afcc
- SHA256
  
  f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9
- SHA512
  
  b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1
- SSDEEP
  
  49152:aYKj6OhH5vSqGZ/UUopyV+gsIm3H9VnT+EisbCQ12+Q6nUBnKJ/lwE2f9rgqFnka:CvSqGZaVoH9xz+TPYrijOxm
Score

1^/10
behavioral18 behavioral19
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral20 behavioral21
- Target
  
  swiftshader/libEGL.dll
- Size
  
  450KB
- MD5
  
  19dc9ee70e7765bb63a66b6826e8ecb7
- SHA1
  
  1a12f983f8b35cc2955d30657971f113c47dc164
- SHA256
  
  83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
- SHA512
  
  1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68
- SSDEEP
  
  6144:gFzcMPKWOp0q29LDwK3p3KHvDstVpphcSGbwSi6DH0hl:g2WOOqiLDrthhcSGnc
Score

1^/10
behavioral22 behavioral23
- Target
  
  swiftshader/libGLESv2.dll
- Size
  
  3.0MB
- MD5
  
  c0b36d56d83e601bf246f7709a8c5f9d
- SHA1
  
  b025a6070f7d61c7d1827856d2d4043834fd23f2
- SHA256
  
  45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53
- SHA512
  
  e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1
- SSDEEP
  
  49152:D0mOy4fytPTlZQPF/IBCfG/owBx8iqQyehF3Hn0gPD2vzFW/GyCbZpjGKiqZ/nYI:DgfyjyeelZ/YNg/Yr
Score

1^/10
behavioral24 behavioral25
- Target
  
  vk_swiftshader.dll
- Size
  
  4.4MB
- MD5
  
  de2d91476e625278c30a5f69a1892e05
- SHA1
  
  4d707f6a801611fb437f5c1cba31b0909bf41506
- SHA256
  
  02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba
- SHA512
  
  d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532
- SSDEEP
  
  49152:px2VjoakX4pb7QH1fUlTB7zmNmdpTE5NSomaZXYjLlHks2RPF/lOzl+LZ/n6du7F:K2DtJ+wixdag
Score

1^/10
behavioral26 behavioral27
- Target
  
  vulkan-1.dll
- Size
  
  819KB
- MD5
  
  b91586bd80e057a7f62bdc4422744812
- SHA1
  
  a1df644421ece2e740e5bf0ed98b4f269fd85c39
- SHA256
  
  8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
- SHA512
  
  94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053
- SSDEEP
  
  12288:ekyJJLfcn5To6PuXtLvEdGnZSss43uobIoD:JnhoR5Ed8S2ukD
Score

1^/10
behavioral28 behavioral29
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral30 behavioral31
- Target
  
  x64 beta/dependencies/2024-1-12/auth..bat
- Size
  
  6KB
- MD5
  
  8825cf897e698ebbdb8c707bb39d73ca
- SHA1
  
  dcece549ce6ed0b24ecc1faf80280c225bdcccae
- SHA256
  
  b332d0f81de5a8eced6109033f05192e2aa5ca3ed0a523367428813924a9a28d
- SHA512
  
  e3c63dda17128929108ff5492364b4d2df8126f2a8c17d7384ba9f7b0651aec72c11681dd7196f2eef7d693b9b3165b96fc05c98afc40fab9252ef2c7a26e3f9
- SSDEEP
  
  192:sYHAivgiRwe5f11ATNLCAtMT7/4+tGs1PP/uQz8tz1hNn:8i4iRwe5f11ATNLCAtMT7/4+tGs1PP/M
Score

8^/10

evasion spyware stealer
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral32