b1865a08154364f00bc4350a99012043bfca5b14734fb8ab505ade40dd6a0cc2

Sharing

Copy URL

Twitter E-mail

General

Target

setup.exe
Size

74.0MB
Sample

240221-z8eebsfh87
MD5

b8fbc5e6eb7e86a28cc277f068c2eafe
SHA1

9bdc38f07af438294a9a17eb9abe5f6c26de532a
SHA256

b1865a08154364f00bc4350a99012043bfca5b14734fb8ab505ade40dd6a0cc2
SHA512

57ec4cab05d6e2bc5ac59014c308554d25094a8e850919592d760685dba09ecf7905f1228951aef675469c51dd71a66a93038700eca0962bc69b87fc9b1861db
SSDEEP

1572864:rl2KQ+nafyscFlgUQEdW5GedVHIW98cFVuiG+J44AD5EPEE7b7Sz:rUmnafyscwV7wevHIW9RJ4NG0

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  74.0MB
- MD5
  
  b8fbc5e6eb7e86a28cc277f068c2eafe
- SHA1
  
  9bdc38f07af438294a9a17eb9abe5f6c26de532a
- SHA256
  
  b1865a08154364f00bc4350a99012043bfca5b14734fb8ab505ade40dd6a0cc2
- SHA512
  
  57ec4cab05d6e2bc5ac59014c308554d25094a8e850919592d760685dba09ecf7905f1228951aef675469c51dd71a66a93038700eca0962bc69b87fc9b1861db
- SSDEEP
  
  1572864:rl2KQ+nafyscFlgUQEdW5GedVHIW98cFVuiG+J44AD5EPEE7b7Sz:rUmnafyscwV7wevHIW9RJ4NG0
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  73.5MB
- MD5
  
  e606fe8b60cd9d8be20a102a57d9898d
- SHA1
  
  649d3066f5f8f579d7d2ec70acdad5ef34818253
- SHA256
  
  9c036169ba541c13fb657559e81506f5375c8a29d9325a763c3062477072ee0c
- SHA512
  
  36569ec51504198dabcb4b561c0942654f965bcf9634a5623875dbd7b972454b1857c9ee03190b5cd715118ae688cbc6c853741731c0f0069e1d209f191899f2
- SSDEEP
  
  1572864:b2KQ+nafyscFlgUQEdW5GedVHIW98cFVuiG+J44AD5EPEE7b7SQ:ymnafyscwV7wevHIW9RJ4NG7
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  LICENSES.chromium.html
- Size
  
  6.5MB
- MD5
  
  60afa16cbc3798cb1352314311e93a07
- SHA1
  
  0a9daab3a20586ab2a07cd2857a2f2cd65c25d32
- SHA256
  
  ec105b4cf1588e28ebd596b2c354e44b4fe2cce5e6d5abbc7174ec7be3df6a09
- SHA512
  
  839905cb7d697ae77beba74a3c82e65d1d6328c62fea6933fd8d490231d1a6bffd692fdbaffee86483ae967e86fd0772fb2bb327b054d08fc0c9177f3c9c26fa
- SSDEEP
  
  24576:kP5T5WfWSJbJlAV8gmfwN6i6w6C6g6T9GHpbUBpUY:vuw9
Score

1^/10
behavioral13 behavioral14
- Target
  
  Salwyrr Launcher.exe
- Size
  
  150.5MB
- MD5
  
  358fcbfda7fdc5e8966be81cd82e3fc9
- SHA1
  
  1ca3c9cd0e791c82f139c543449630653447c33a
- SHA256
  
  bcc98408be7d77e03ca6fd8f1e7e01d30f3b55e3bb236735d514037f6b2da53f
- SHA512
  
  bc26f6e9395386791a7438e2e2f25644029584e6c318775b20cf8f13d268397b6a0e2f6ad8b2ccf726dc8a1102c6b08cef9a00fbd83855b65b0626deba009956
- SSDEEP
  
  1572864:ZGdFYlhnXsryUGmVlsdBbd51I8udcDs/VgC5daNcBgBTIWfbgrLvNc3xhRsOmpe:nlhnXr7er5c+rp
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral15 behavioral16
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  cb9807f6cf55ad799e920b7e0f97df99
- SHA1
  
  bb76012ded5acd103adad49436612d073d159b29
- SHA256
  
  5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
- SHA512
  
  f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62
- SSDEEP
  
  49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI
Score

1^/10
behavioral17
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  49c57860c47863a502fb24f4b926fb5b
- SHA1
  
  2ac52b15c915666ddcbcbc724753341fce7e8e8a
- SHA256
  
  106b9ef910cb037e0f19d55c7526124fa3b39c5e849c3d5d6c3a116b34121ea1
- SHA512
  
  9e4c5ed13890df070e16772769376fbc7cfd967b5bfe243a74d52b30607bc7618a4a8fa6a77f580e7ad9e704f0a248620c9b3e8fe10a0871723b8e5053b0b4fe
- SSDEEP
  
  49152:TqeAAYNDEWcTfbpMMXlRfPfX6Edxhi1uGa1rFYbQ9bUppN3lzl3h+LQoJU:TcDvyM6zJrFY0Up8n
Score

1^/10
behavioral18 behavioral19
- Target
  
  libEGL.dll
- Size
  
  473KB
- MD5
  
  6d74b74470bdcfe55d5ea6c672c1c856
- SHA1
  
  e0ef3f552db4c0d386bd001bbf545cb92674d68c
- SHA256
  
  8e69fdb7575a626b6111986275b139d15fb56e60156ceb5315c5e503a0fda357
- SHA512
  
  58a78d316023223dafa96aaa1f1111a139f1b3ca6aa4cd3dbb2ebf1abce44ad08ce8f2e1e69c6109ea62c36f298a05a93b2e71634e972711555127ee8889864e
- SSDEEP
  
  6144:lTv0fq4dz9Bpz5A/jvtGW9ZSLQJqpGhkioGGb4egsHVl4AnPH3+neB:lTN4dXA/jvtGW9UQJqpz/YAnGne
Score

1^/10
behavioral20 behavioral21
- Target
  
  libGLESv2.dll
- Size
  
  7.2MB
- MD5
  
  7780d8c6e51d729c3e248fefa462a1cf
- SHA1
  
  361f9a5d1370730d543ce40c5fd091f57dc432ff
- SHA256
  
  ab282c140b24eacf351fedd21a1ddf4ab9f7f2bb8283fa4726c2be814a1eb31f
- SHA512
  
  5ab8bd42c646f7f9ef075f5cd60c3fac307ff1b7bb17d2c41ddcd0ba6c6ce70c89509ea4c8a84028fa9f9bb1b30c1e5c04d3c716489634ac19a402be2a1ec338
- SSDEEP
  
  98304:VBjjY4kRuP2TUT+aRH1/ePJr7f7gsOMtJ:7Yj6xXRoJr7fcsN
Score

1^/10
behavioral22 behavioral23
- Target
  
  locales/fa.pak
- Size
  
  557KB
- MD5
  
  99de8cfda36ab9ab3342889fb6da393d
- SHA1
  
  6bdd3d627d4b6702f43725039089562af58898c0
- SHA256
  
  b93145f30e25122015373a248d6ea22a539c7d0d58c8aa853ac35cc80dc06bfe
- SHA512
  
  aa20793f9ece5823cb9e74a4a3ff97d7a1860a593f427fb5eacb0390569a48122589610fe5a02577577f3a30f981c5e3da97cf73bdfe158a6bb845586c5b19d6
- SSDEEP
  
  12288:WmX9nuyaXTfwI/wNUWGSEfStQvjy1PeZwMTAKzIxRAQiHedNu3htodxWetlClY5f:9uyaXTfwgwNUWGSEfStQvjy1PeZwMTAz
Score

1^/10
behavioral24 behavioral25
- Target
  
  locales/hi.pak
- Size
  
  821KB
- MD5
  
  9b5d94450fb03c34759653deb0551441
- SHA1
  
  b9134fbc75304ca73b156e77425505ed6dc6d629
- SHA256
  
  5e8f2593dbea5a57c3a974558a3fc91b6087329a1e7b11622a6eac120a973718
- SHA512
  
  caed9535d487833bdde51e82b76d3b8d2e6ea18ec0b4b7a98552be9266ff0728bb1133d8f9cbd169345aa08b0073f04d649baa71bb487483951cfa1a92080d63
- SSDEEP
  
  3072:qBva9hs91PqPdkhSvf4QAEm5dmGrsXt4GR3doE1NldYbOqGPtv83Y8A7ndUT5bHH:hgPjU5B5MQut
Score

1^/10
behavioral26 behavioral27
- Target
  
  owutility.dll
- Size
  
  1.4MB
- MD5
  
  0b72a72b76b71076c78773802495d377
- SHA1
  
  921101f1342c180677c4bfc7006baf3292a77f9a
- SHA256
  
  c127bd152b674d35a7c5a65cc933c385d64622ae2ea09b7194c1de7bdda1c690
- SHA512
  
  28afe1b4982e31784393182a06925b6758a19436eba28f89dedc2a380845939d31e947ef676fe8e34f382c7ae28fa88078380df9e83ba9ce7d7c1e9df96a952c
- SSDEEP
  
  24576:j9mW+IacegtK/KzWfuBRidv/Eg//aErsVRgf3KvmZJ6NpobhmhGycID8ST:j9mRFIK/KzyuBRidUg/SErsXgfavmu/J
Score

1^/10
behavioral28 behavioral29
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral30 behavioral31
- Target
  
  resources/libraries/java/PackXZExtract.jar
- Size
  
  120KB
- MD5
  
  cf8aa6c50804b3d2448b316b1cd24b17
- SHA1
  
  a69190724b20156dd17504162fbe771309415b73
- SHA256
  
  a847432bdf7da12571bbd5bda3b11ca3664675d1ff9baad5abd59b2d0689fa93
- SHA512
  
  d897b843cf6d138885ffbcddcd53c84819bca0a1ac9de46334601d67fa9ba05d6b857b396a67b6f92e9f7745fce3f1a0402b76e4b31bd56d3cd36c339ac1e07c
- SSDEEP
  
  3072:4KKXNfoEU3hN7cOGhjVjRGreZHupS4uHAtS8X:bKip377EXGHqHAwG
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Checks computer location settings

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32