Overview

overview

4

Static

static

3

vlc-3.0.8-win64.exe

windows7-x64

4

vlc-3.0.8-win64.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

axvlc.dll

windows7-x64

4

axvlc.dll

windows10-2004-x64

4

libvlc.dll

windows7-x64

1

libvlc.dll

windows10-2004-x64

1

libvlccore.dll

windows7-x64

1

libvlccore.dll

windows10-2004-x64

1

lua/http/custom.js

windows7-x64

1

lua/http/custom.js

windows10-2004-x64

1

lua/http/d...w.html

windows7-x64

1

lua/http/d...w.html

windows10-2004-x64

1

lua/http/d...w.html

windows7-x64

1

lua/http/d...w.html

windows10-2004-x64

1

lua/http/d...m.html

windows7-x64

1

lua/http/d...m.html

windows10-2004-x64

1

lua/http/d...w.html

windows7-x64

1

lua/http/d...w.html

windows10-2004-x64

1

lua/http/d...w.html

windows7-x64

1

lua/http/d...w.html

windows10-2004-x64

1

lua/http/d...w.html

windows7-x64

1

lua/http/d...w.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vlc-3.0.8-win64.exe

  • Size

    40.1MB

  • Sample

    240226-rlgl6sgd5t

  • MD5

    96dc4f2f4f32ae1ef991b9f79eb3bb62

  • SHA1

    c1e4cac1ce891fab7c1832877bb5608f97ff1b81

  • SHA256

    0cc54e69016e3d5a80e229c768ac37a02aea3a973a5447593c0132281e383942

  • SHA512

    6c858ae4dd46cba11b37f1dc6fb1b3fff6831ed61937bb8c8b51406763bbfcff12e95376516889673e96ff66a4d1d3db62be743c5dc204838c4d0345201dfd68

  • SSDEEP

    786432:SJIeFmjqOmM5MB4wpMDZlUwQ9xM44Q7M1/Lp3P4n/MX3lnLT4ybl/zWf3:IN7aCVp9w4M4Pw1hPQMTNh/w3

Score
4/10
persistence

Malware Config

Targets

    • Target

      vlc-3.0.8-win64.exe

    • Size

      40.1MB

    • MD5

      96dc4f2f4f32ae1ef991b9f79eb3bb62

    • SHA1

      c1e4cac1ce891fab7c1832877bb5608f97ff1b81

    • SHA256

      0cc54e69016e3d5a80e229c768ac37a02aea3a973a5447593c0132281e383942

    • SHA512

      6c858ae4dd46cba11b37f1dc6fb1b3fff6831ed61937bb8c8b51406763bbfcff12e95376516889673e96ff66a4d1d3db62be743c5dc204838c4d0345201dfd68

    • SSDEEP

      786432:SJIeFmjqOmM5MB4wpMDZlUwQ9xM44Q7M1/Lp3P4n/MX3lnLT4ybl/zWf3:IN7aCVp9w4M4Pw1hPQMTNh/w3

    Score
    4/10
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      7KB

    • MD5

      a68a2144cd9611dd04c0df27327e55d0

    • SHA1

      5b5f4af19fd23ca18674b530f5d1a48d1115ddb4

    • SHA256

      b7983533a2612821d469811d00ded8c41d7ee807880b8a15b3a72e8f86eb1a5c

    • SHA512

      154da5959ae15d52ed05f0280bc100a25b3d27a413a7727cea2035b02ef561177b0572b80cfd034d2a3eeaf54ac6ae10d38b826c9b2696e7a3b8ac22a33ca87e

    • SSDEEP

      96:IycVh0As/rtlRJDsqIMRTAZ7dTFrS5rdr2t91+8Tw9XOZud:TKh0As/ZlLaUTkxQSYX9XOQ

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      26KB

    • MD5

      5c2674f6fb2f2a7c2987ec137e5abd4d

    • SHA1

      ce0410b83c2f0e3dc21759aadcfb8a11d43117d4

    • SHA256

      91d60522037aa7369f3c86da6549bcf31c52754946b32386d8063bd6d6b10596

    • SHA512

      c3730103a30f029d52b336ca808d8998bf256162381224b7939c9dd21ecda6d219bf0d077cd611f1bd968bd4ed1166e8b0dfa1544c3344ff84a3745f9deb8e98

    • SSDEEP

      384:RhqnB21gSnEAg5ZFcCuttn71e+F8dHEJmAyx6/70n0rhPfJ6J2KtlqUJJeNE:mnB21PEBc5tn71or0NPidco

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      12KB

    • MD5

      cc1302234015bf9787d158e5554a0139

    • SHA1

      f42e262bb9a2130db668af324b5e54a8891b7e46

    • SHA256

      829c15b7dad26c39b69a55e8b888ae14029fc3d701d73f77b8af38b9db6dc67a

    • SHA512

      fcf583a9dec95071a07e11f870d7a97739ad51a1dfe9b6658341ebf0205d4c6435574e2e7f4cb7b12d502df7f5f5376d266a9006c1fd30bf5d6c735686ea2f0a

    • SSDEEP

      192:GOdj/rxSgTxyiPH8pjM39IhEZ08Q2Soklo+qO1Oo1YunQ46393r:GOdjzxSgTxy8cpjM39jZ086flbVgo1YV

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      9KB

    • MD5

      4e7650968ebe9fd65414dff1e18241ac

    • SHA1

      a5dcbea4fba7edc6f43485a9e66faa2bab13ee1b

    • SHA256

      339581eec7e0bb98add22f78dac788db517da599d1a9b598cff3226b886d50da

    • SHA512

      39e905365a8b58460c54443ca96e9f6a5ae392108d93421e55fdb382858e9e2e389952ffd50fae74f200942962f45b742815e108a74d657af9747d05e516d796

    • SSDEEP

      96:Y/h/HwDMq2wUlAYx/g1w8NxZ4t0DNSPSoVJNgI9KjRTUTWFdr2t9XgrzgtljBb3l:Ch/Qj2pl/Z85DSPvHK1nSF53ig1V8

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      32KB

    • MD5

      66306a648c0c044c648ca365f9266a87

    • SHA1

      9d297d0b613fcba702acd1aa184cec5292dea0d8

    • SHA256

      768d359e6010af9f721fb55243eb3b5d337c8559132d0a43c81e354279dcc743

    • SHA512

      dd1c6be88b99ed21941b78383a90d8e4f8af1be3b2a62597b8beaab736bd38add158d53bd3f6030d3fd917aecb632af917b11064204e3a796edcb5716a5ba6a4

    • SSDEEP

      768:QOfkdhwpavynOOOOOOOOOOOOrxSgDG8KgS0VDG8Kgq:RfkdqJnOOOOOOOOOOOOr3/4

    Score
    3/10
    behavioral11behavioral12

    • Target

      axvlc.dll

    • Size

      1.3MB

    • MD5

      36020fffaaf90e361fa3175792aef710

    • SHA1

      6dbafa8f5fe7844b59d2c4d84ace4e3bdefd743f

    • SHA256

      609bef60fbaab681065b6003af8c545e392390cd46569e2ac79b51fbde513e3a

    • SHA512

      d45dc609c20ffe11fd6e284bbc87f99009ce421248603ec8b0ce7e49f817190a6982e2083b4b2609ae51919a23b959043dc13705a4827cba312d5adcf23f8988

    • SSDEEP

      24576:ynT9uScWQKzgaWKMg41Dutz9yPwiqrYo1C1vAzDTTTHTTTGTTTNTTTE/YvgraB/:yT9zgjKMg41Ktz0PwiHZ

    Score
    4/10
    persistence
    behavioral13behavioral14

    • Target

      libvlc.dll

    • Size

      183KB

    • MD5

      3e891cc1fb6824967d4adf71c5e04d29

    • SHA1

      1c283b13222a4778b36cd613692cd630d1876c87

    • SHA256

      abbfa58fb1e6c94556d7b3396b5c35ee26051c680d72d7c9d5e8d2d8fce2baf0

    • SHA512

      e8b3254b3d217a5919f5518775d1829bc6ba46d56aa6fd649e8249b3b45aba5860966eb4dc3123eeded2264bf38428d8e5eb94e39e9a2c9a9767e43833e86a06

    • SSDEEP

      3072:jX+wSD9mB+44DhDslYy2X9B7EiUbyAkzSzPLyLMu:jX4449ap2TDiyAXzPLyLH

    Score
    1/10
    behavioral15behavioral16

    • Target

      libvlccore.dll

    • Size

      2.7MB

    • MD5

      5d771e7016f0de7577e6d16b34f41a46

    • SHA1

      5f55f2399782605a4c65949badd002b92d65d2bd

    • SHA256

      59f1f408f6bc0c6a787d783f1d4a297fc2670a9c5cbe5eb30dba8c97adc1bd43

    • SHA512

      4def63c1b31c28f8b0f5404b036893a9f939853573f0dd91e913b9e7bf96fa1745ff1f3403d22f8a4d26ad117bee4b75f1b22e1064e2bec72b408cf35338c958

    • SSDEEP

      49152:mJIelavWUnyHcTP4lnBAUZLY6sEZGaXBuQQ9e7:z48yhnBAUZL3t

    Score
    1/10
    behavioral17behavioral18

    • Target

      lua/http/custom.lua

    • Size

      507B

    • MD5

      a0771b01a8c5f79cd6a330bca0d1b4e3

    • SHA1

      f8bb4dbdbc3eee3b1a3a447c01d057036ff6bb83

    • SHA256

      f3ccbe2e1b92486f7c9e3197c1059cd5a8894536006a79d4bb67aca3a87d73e1

    • SHA512

      433d2a3892ba9e740cae1708e740e3fcb317a7bd409f39608b1d6f183089984d0dd18d5d3b2226f70fe102ad20572e4d340d259fad25d05ac8f1c6e11f3ea41c

    Score
    1/10
    behavioral19behavioral20

    • Target

      lua/http/dialogs/batch_window.html

    • Size

      889B

    • MD5

      f32ae14ca9d7673ebb23fc827d78076f

    • SHA1

      ff5bff0318296a910740411201cb8a4ca206b608

    • SHA256

      5189cdb57f5b2e8c3add7e6c4487f5cf8a018508c612f35c8e1305512f2176e8

    • SHA512

      f5e1994188c34753cdc0dc5143dcdf66a86e56b3a040c1f4b67f01fe5d443fa52f05abfdb8717e051284e5697d4a0ac5f46d2ae36b2c518c0d5a96358f5b0f67

    Score
    1/10
    behavioral21behavioral22

    • Target

      lua/http/dialogs/browse_window.html

    • Size

      1KB

    • MD5

      78f476640b27adfdcfe6e26edf4cc7e6

    • SHA1

      414d54995cc46fcf5a12b826df9b8f6f2be21100

    • SHA256

      d93c774a7aeb4594f56b37e81838ba03b6855c2bbd91eb8cb803dbd413c5e571

    • SHA512

      daeddd3974908fa314d072b37accaf3dc0f3ab694fcd8acde02a77176d54710fc9115c2ab915b3b063fe3ea89308cee9e3fd67da1641735027af74fc6bb8080f

    Score
    1/10
    behavioral23behavioral24

    • Target

      lua/http/dialogs/create_stream.html

    • Size

      14KB

    • MD5

      c38a93ae302612a55ccf7f11bdb79c37

    • SHA1

      f6064e146909323276c6c43410f314666e35b5a4

    • SHA256

      fdfc3417223b88d2e8f0421ced4711760ab11a3c18a50dc05b805a0f4f1a5134

    • SHA512

      9c38a52c10455ffa179f0bad0d09d50defddad25d850248a4a15ebf5aefbe0165e12ee7eace516ced181362062b7651c9f246c4a1c77a6da867bc8ad978d56be

    • SSDEEP

      192:jvlSM2AtdS0E2jSC+J3kuC6qSSSKyf+yO3zy6CGuGek+3LbnAilKyc7aSCWM2kco:jvlIATE2jJAhuDqx3J0vHEF

    Score
    1/10
    behavioral25behavioral26

    • Target

      lua/http/dialogs/equalizer_window.html

    • Size

      1KB

    • MD5

      06ac4c0cd41f6d82fbf3ac0053567295

    • SHA1

      5ddbf4e9f947a42819e00c3b5801ede0839ecf4b

    • SHA256

      62cac570011b9b07e0f421612571a1ce663e49dd3b90a16cf31d8855f1adddac

    • SHA512

      32ddf815ff7de04562ed71a0f2484770bc03a4730662a35cd93c42f0771742d0ddce1292cc96bea06251c97380291a54e9b89563cf078b36b684b58dcbf7ea72

    Score
    1/10
    behavioral27behavioral28

    • Target

      lua/http/dialogs/error_window.html

    • Size

      501B

    • MD5

      ad9769b13838d62653857ff47718c6c0

    • SHA1

      a4683573d5b43aca9e256d4a45dc5ac46db927ed

    • SHA256

      75d1a1ab807cd97801bc37ed547b26c7b357497e82d01221ac064497c9480304

    • SHA512

      58a7d9ce56936da79a8f46f0f5c1e465d63ee1b8f68701627ffa00e1c43267899a64a3dfe601bf660bfee66b5ea365a27ba8d68f7d598ab6e3a917b52d6e9fc0

    Score
    1/10
    behavioral29behavioral30

    • Target

      lua/http/dialogs/mosaic_window.html

    • Size

      4KB

    • MD5

      fbd60881ff01355e0acf55ae6ec77580

    • SHA1

      2b9b99f754bd7b85789a3ad6d3e4965c59093627

    • SHA256

      e474ca66e17ecad86fdecd0ff4db1eff7eee70083c2cb30498f81bce71d03e18

    • SHA512

      1ddfeed4b0530b9c8606b6d0e53d656ed19213afac2d16d13d8bd9bf159e6883fc2ea943d5c5044579a51b11c98b6854ceca8c6e44796c5c511ca83250f60cf0

    • SSDEEP

      96:9ODRbniQxE7XrCubCMJrhfrHlUdBrDjdjosn:9ckYaXruMLblSBrD5josn

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

System Information Discovery

7
T1082

Query Registry

6
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
4/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

persistence
Score
4/10

behavioral14

persistence
Score
4/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10