7906a5cace1786fda3f361214eec9b43122d0eaeaf58aa1f47db60d04414a3f0

Sharing

Copy URL

Twitter E-mail

General

Target

OpenBullet-v1.4.5.zip
Size

25.1MB
Sample

240227-1ykzsscg2x
MD5

6d0250817d4bbf90e0848fcbf614facd
SHA1

3f208b85f0af1bb57b8f0eea0d791b560194fc4e
SHA256

7906a5cace1786fda3f361214eec9b43122d0eaeaf58aa1f47db60d04414a3f0
SHA512

ab08371a2037454d80641885df8d8e48ad1d7c015bdc111ed5f9ec56a019713e7725aa24d02b6d0b6ed80d365924f041eb07c99b1a3c0a63cf82eb430bf3f853
SSDEEP

393216:FhYzJ0/vxAlYJo9OrUwd/sD5OwflwmPWQAo1IpujWLUGOUL0shUMDFCnu1:H0m/i2icFsFbfT5CL3hd/FR

Score

7^/10

Malware Config

Targets

- Target
  
  OpenBullet-v1.4.5.zip
- Size
  
  25.1MB
- MD5
  
  6d0250817d4bbf90e0848fcbf614facd
- SHA1
  
  3f208b85f0af1bb57b8f0eea0d791b560194fc4e
- SHA256
  
  7906a5cace1786fda3f361214eec9b43122d0eaeaf58aa1f47db60d04414a3f0
- SHA512
  
  ab08371a2037454d80641885df8d8e48ad1d7c015bdc111ed5f9ec56a019713e7725aa24d02b6d0b6ed80d365924f041eb07c99b1a3c0a63cf82eb430bf3f853
- SSDEEP
  
  393216:FhYzJ0/vxAlYJo9OrUwd/sD5OwflwmPWQAo1IpujWLUGOUL0shUMDFCnu1:H0m/i2icFsFbfT5CL3hd/FR
Score

1^/10
behavioral1 behavioral2
- Target
  
  OpenBullet-1.4.5.exe
- Size
  
  4.4MB
- MD5
  
  7c2a3d78f47b762d4df3215eb8d254da
- SHA1
  
  0672d282519d991728daf47c632541ad691abe89
- SHA256
  
  b96f1165af49ab8b321b3abc98da4a641c0ca071bdd5c612604e473236a45429
- SHA512
  
  afd7f198dd227310c83d69f58c2a1b9a33a9dd7504c8772caea14baad807d1389cdf26ac0b3e953b2da58519bed5891b1a35d2889003d1a8f4a62fbe436cc02f
- SSDEEP
  
  98304:BWft9wfW91g5Ej1I1FirUGvE5jaxMaUxnEkOkPQ4jq/fUrhnl:BWfweAOj1sir9E9sMQ4j2Mrhl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  bin/Extreme.Net.dll
- Size
  
  120KB
- MD5
  
  4c63165a374f81711d7576f46a4dfc30
- SHA1
  
  2231d1beb009c17793c1511cebfc1b18b0934134
- SHA256
  
  ba49015671ba510e8e1e468294e04a1804ea07c57a344838b154789aaec02046
- SHA512
  
  b569d6b1e0d89fb49cba727e3020648d489a368f5766ab7e90106857fbf5eaa6b851c541b206ec1ca84b0ac3f51abc5d47e7638805d6756ec2b0b915a317d925
- SSDEEP
  
  3072:VRcoVeEYnIxYkXGaRAD0YVCGjNXqMG4ih3lbpY:VuoVeEYrQn3
Score

1^/10
behavioral5 behavioral6
- Target
  
  bin/ICSharpCode.AvalonEdit.dll
- Size
  
  612KB
- MD5
  
  b4d5d46e50006e87b30e7d514e95173c
- SHA1
  
  bd3ba298eb7e4cdbfdf29e3992be7d32a4e792eb
- SHA256
  
  058f38f33f3f99f904ab9588447a234346c859718404b4e8a523673ed19cdbe7
- SHA512
  
  38ff7cada6cfa56af812a1d859aac4fb8b94df50454a9fecc55e4fdb159339f6ba885d0b57fe8c522227dd9280cda0ca21c6a073b6552923fa33f6e77d8f3bc5
- SSDEEP
  
  6144:Oo7n6u1n5vp9yRUmqtM0yRrl0pjoeUy8b01vKbZ/gAGl0gUEdYC:OoLDnwmW0yRr88bwKKdf
Score

1^/10
behavioral7 behavioral8
- Target
  
  bin/IronPython.Modules.dll
- Size
  
  726KB
- MD5
  
  621192db357916f2261989a49fa2c6bd
- SHA1
  
  c32bc90cdd7d8261ac4702fdf30d0e30cc1d80b8
- SHA256
  
  87525121d7826dcfc76963ab8bd7996b9644bf4f148d1296757eb702a43da51f
- SHA512
  
  a7985ae16c4a4e931daddaa93b4cf4c4cad89c961261afd14765366a2ae46e5cf62ab153bf8dc6a20626c570a1eca8083dc4b68cfd72741619fd5f41143f1ef2
- SSDEEP
  
  12288:S9FB+o9rBYvjexGLpDgy1+8pIe6K3OLdIfehae5mq+GDN8:cBYvvI/OJmXN8
Score

1^/10
behavioral10 behavioral9
- Target
  
  bin/IronPython.SQLite.dll
- Size
  
  621KB
- MD5
  
  b7efbf654402c78226b8d69ad0011bbb
- SHA1
  
  52cc6c9a2a40339ec840cc599240f405e425da14
- SHA256
  
  5a6e2eda86e863e155f67cebef095355b7ea7b1dcd97d87e4058f0a5ac60d798
- SHA512
  
  496396a301eebc6504dbc57842920649d12dc239c47f81a06079aa8b18ff506545614be5a6f92334c4279eb99b57682cc8033fd99edaf28f041db619993be575
- SSDEEP
  
  12288:KmVPzrnoxe8/53HzsWzjF//HfKNhcPMeulFC05G:KmVPz4eq3wWHRPfKoclFV
Score

1^/10
behavioral11 behavioral12
- Target
  
  bin/IronPython.Wpf.dll
- Size
  
  7KB
- MD5
  
  f1e1a1058a95c27cc453f8559e4ab3ed
- SHA1
  
  be9b16843dc5fa44e933eb89c06611525eb35d9d
- SHA256
  
  4061499b5e66c9309352a660a457ac95c8fa98229a8bbccc648deb85f5ff7cc7
- SHA512
  
  839aff22b659498f3ce9782048aff2dc328e7523994539478a1e0074cab955555b6787a0dc9d89c4501a461305ae455abb89d65b7822a63d1f9611346aebfb1d
- SSDEEP
  
  96:SCE/DsInFiClHAua+5oGob8E1P5H2zhAdyHY4r0HKsDlgXZi3dxttrp7RnjY:SCErsIF/lHnb5joZ4zhAdyHIeXc5/Rj
Score

1^/10
behavioral13 behavioral14
- Target
  
  bin/IronPython.dll
- Size
  
  1.7MB
- MD5
  
  9a39a51e6dcb22b80db481fbfbcd7826
- SHA1
  
  1684cea396967b979000d7d0bfef7db166703a2b
- SHA256
  
  61b809b97dc878f42e85ee2c5d8471853527754e4f53b17c0507334c57e19e04
- SHA512
  
  292e5d8d0a901b104a0cc760fc1946088e5cdf404008521a6db150e54e6b31b0a104ba6655aeb310ad0b2906b1b460a4c5cdd31b57f33ae729a833e8dc2566bd
- SSDEEP
  
  24576:MLrzFxAKjb3JSINLwGZyINuvqmnmHXRa+oKqKqKqKqrLhIoIoIoIhBhBhBhBySyF:MHzIO3JSIBk2owu8nt
Score

1^/10
behavioral15 behavioral16
- Target
  
  bin/Jint.dll
- Size
  
  244KB
- MD5
  
  734c5ce8f9b104d8ad3c7b494e96f9b9
- SHA1
  
  184cd4152b1b65d9531867b06c2e1c215fb872f1
- SHA256
  
  ed618668ae9e7c02c7c2b7332dd09079168cca96432a051044683c996337001c
- SHA512
  
  1e3ac0649e3b7bf9e97681aa7b1346aa44afe96d8c86fc77a6e002b8cf5b14b1a57f19f669ed0d4ae9a94d3f65d4eefa99dcffcf5d74afc8731f913c9c9f79d6
- SSDEEP
  
  3072:hE1DupDOGfyKkpsZa27k5t0f5jjBWV239UDjRFAkqYL36ZmvYYGUaKTUCRaikNrJ:hjyQlGunmvjPa2vRQrXPHNQHsq5+L
Score

1^/10
behavioral17 behavioral18
- Target
  
  bin/Leaf.xNet.dll
- Size
  
  130KB
- MD5
  
  6b496d78fd4011d54924b1267185bdb3
- SHA1
  
  471b50929fe11d0dbfbfafc30be1a603eaf5b83d
- SHA256
  
  de043265300fac9cc9a828a0564309a89e91706f28f311fbe4ac66065508a762
- SHA512
  
  234e9820108f5f3639ccaf9dc233171851a6808545e350445d5cf9c4e9971e757059c877d07f41b0b1d6875439ad2121ba2acb37d8715f6138aecf274e829353
- SSDEEP
  
  1536:OHAekmfxooUB/0bN6TJLQhF4nPpMU4y7h8baj1+HpRdC8xHbHk2FLx/aZhttaMmb:OcrTOygO+ZCaHkOLx/aZhttaMm5TN9l
Score

1^/10
behavioral19 behavioral20
- Target
  
  bin/LiteDB.dll
- Size
  
  347KB
- MD5
  
  25b242d00c6c32e1f437eb2064ea2e29
- SHA1
  
  3712bd78c80a237dd804ec77c64498defde12e94
- SHA256
  
  e72acddf47586bc0999d598e3bd125a254bb6f4ae151c076993304f6e31fbbed
- SHA512
  
  f1ca54008290f67825f4aa0c8f78476d0e4ebb3b7f50c338f51c87a96b0d25457496fe6062aa57e401c444f5aa80df8e6b97c2e681e699905f3dc39200d235d7
- SSDEEP
  
  6144:mtY8gj5LlWwTjrG6VFNEjqpmzYyfQQG5HdE:t9LlTTjTu2pHyoW
Score

1^/10
behavioral21 behavioral22
- Target
  
  bin/Microsoft.Dynamic.dll
- Size
  
  871KB
- MD5
  
  aba389a299beb16cc04337ec76c8a965
- SHA1
  
  017f804fe5543b4d8ac38d98e61d822996ab48c3
- SHA256
  
  4f7425cb08cc9bca6fca4bfc08d22b6d9716c507f306f40ae7134b878d909a21
- SHA512
  
  6f842b25ac28d60b7a2e370efb254b3694a22b6431433abe99adce94e8c4c36582df35887ff738ae9b180c44d82f4d0fcd046bfb29ee1638191f02f113f6e7d3
- SSDEEP
  
  12288:poMpPbcvs8rFLaon7ztIuMvn47TPVGNLzjmX:+Mdcvs8rFLao7JI1/GVYzC
Score

1^/10
behavioral23 behavioral24
- Target
  
  bin/Microsoft.IdentityModel.Logging.dll
- Size
  
  25KB
- MD5
  
  4190ea3e974763253db14b3252ef2ff8
- SHA1
  
  e42a5f5bd2eb37c6dd6592f94f2b19c7aa6da787
- SHA256
  
  6dc537f3020b98222c944e931853be0de9b62b5aacb7416113af4dc58f2d8df2
- SHA512
  
  58f704c0f51a5b532b16f15e1397b3f21aca65c53f2151bef786f2d1b1cc83e3c6149e54d7eddcd8f15114c8374232f3ed2e5a5f3237b3b678e73e9331d05e9f
- SSDEEP
  
  384:Dws3GXxUcGYIw60CaVzBiG8sUKGyPLxRN9AczWiC4WJQHRN7Lt2lxhdq:Db2XxUcx60pbiN5y8NP8+d
Score

1^/10
behavioral25 behavioral26
- Target
  
  bin/Microsoft.IdentityModel.Tokens.dll
- Size
  
  158KB
- MD5
  
  247c3df05be6770a9035e5b993f5c211
- SHA1
  
  68ee22bf0483a5587f8bce14d00bcaa2204977bf
- SHA256
  
  e0f3cf1ffe9907b968efc9358836b806c946230f1224153f0da79edac4547bd0
- SHA512
  
  0f795adedcd96a6a7d7179ce8e8a4dbbd6b1ddaf88874c87a1174c157dc0bb6fc02e29b183e80a2cad4e9a080f710cb36b56f088a46716a7115e465570467eea
- SSDEEP
  
  3072:M/rEfhOsG2XtGWeEtXNn2ZchAN8ysLuHXT/ATFXL0IzHIPrzWHPHaVs00sEX1PuE:MjEfhO5G2KAN8yssXTqX1PuEWD5
Score

1^/10
behavioral27 behavioral28
- Target
  
  bin/Microsoft.Scripting.Metadata.dll
- Size
  
  87KB
- MD5
  
  1bed5e618b922411cfae2eac84afef43
- SHA1
  
  4f61e59bb5339a0796093adb7a8751a2f843d6e5
- SHA256
  
  a4ace184ddb98e81cfcc6c838299915d8c33b714594e3836de7c75b1f70e55eb
- SHA512
  
  a3c4f3db6e23d244ff8df9209da00cba138a1857b937cb93ccec80076df3cd24a31d03d6e007df10d4c3db5010ae29ae8ccaedd47965de01741b480aeb443453
- SSDEEP
  
  1536:5GAl0uP41QKcdmNFSL6AlQqDHB8fcWfeh0fx7bAEFeUF4ztLrdknXS1s:MAO7QKcdmNFSL6AvB8bfeCfRYrdki1s
Score

1^/10
behavioral29 behavioral30
- Target
  
  bin/Microsoft.Scripting.dll
- Size
  
  137KB
- MD5
  
  0b75b3835bf11d3163eb0798f7c1a89d
- SHA1
  
  48b701283df3da6ce4c06c4c6695a6426b494cc3
- SHA256
  
  d8b3cab5c0f0e9c308c962fa894bc300c75f93537daef0e790069ca8cb1c7170
- SHA512
  
  a4c92b3b417eb7edf4e221b7ecec4676e60a9e0e57a9e0b769da99ed4b29d2cf8d78c4f7b58e2beb16b5a6ae2dda23d77281268715371bf3a70525398dd08913
- SSDEEP
  
  3072:GPMWONLO7NebMRPX5BpAL45kAsfVazRaTd1Jj:XWmLO4WPX5Bp3+TfVaM
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32