General

  • Target

    ac96816179d17aab009ba43c79068f51

  • Size

    8.4MB

  • Sample

    240228-xfbfvsbc98

  • MD5

    ac96816179d17aab009ba43c79068f51

  • SHA1

    d28c1add2fd06d50b221e1749b19b0f16b92fa56

  • SHA256

    d3e26c7296830666e8d5758afc850c5b596ceb3e2c1ebbb01d5dc22ff58ff5fa

  • SHA512

    7bee192dd25574c4d490d344385e7c339b516c8e8259b393ddb5d7a4359468a9e0faa3c5ebfece8db3254c2dbc595987031f56e9cc1aba510a6e6ce0e89aee56

  • SSDEEP

    196608:fEf+AaCU2Qr7XU2aJZWW7bJNAVOFTAJLKdvQ/KzfQ1AX2qLbvH:jrT7XUBnJN0gvQCzfQCX2qL7

Malware Config

Targets

    • Target

      DreamMail4/AddIns/WinmailReader.exe

    • Size

      390KB

    • MD5

      aafd96b5154bc11c44b53bed7853eaed

    • SHA1

      35d87e6b49bf90e7304c8dbf2b2c954f206ef272

    • SHA256

      e6a7e475caf8f95cebc80446760b1122e8985106ab685987a9c869c88ed72d98

    • SHA512

      8c854fa5c1f941ab551c9d7a62e466c6022991765a123b0e76f961ebc882b2f6ff9fbf44168b57e0d23450815862e743dbd714c749a0f58dbf746dfa398609e8

    • SSDEEP

      12288:47hZ2m0DJGEJz+T4Phy7UF/LP8zh+Myn:4nXEBy7UF/LP8zkP

    Score
    1/10
    • Target

      DreamMail4/DM2005.exe

    • Size

      1.7MB

    • MD5

      5f7a1a79f1b9727bdbac4631380bcede

    • SHA1

      ef43bdbeb6d0185e447e4f4f846ac5b270605607

    • SHA256

      2ad9fce4806752cc9ad43a546e5c43b05ee9b8f9f9619fd14a8a4604f1630218

    • SHA512

      6155570e775a18571df54e347ac1cd3cc75403e94de27a4dc454723f5ecb8c46d83514b3f75e191d25aa7aaf8b44dee1c1a3efa9311339589f187a858e1aff2d

    • SSDEEP

      24576:82QbfLxfqVoGOxKTUOp2ZdWdT709IHUutzURJcxrW0pSF96X5BTl:8BL9xFdWdWoJIgrW0w6X5L

    Score
    6/10
    • Target

      DreamMail4/Language/Resource.gb

    • Size

      202KB

    • MD5

      22be82df4a0527397acc9134ab34644c

    • SHA1

      17539acbce318cf12c4370db52b9988ec1837923

    • SHA256

      ae781ad62f512407c25c37aebadf058c4f754e869b5237276170cad910d91007

    • SHA512

      1455061b271a1de7acb47e5eee2525bbf8272f89e944320e92fc6acc9453314744ba371fbd324a6a5a4ccb268f2a734b6ada8a7cce68d574e4e2ef3ddfa6f6e0

    • SSDEEP

      3072:AWd95zU0PTzGt9sz0l3HlvX1ObNvszqn/LGGT33FlmRWEUBy8yKgWq:Vd95zNzuszuHlxELGGr7mRa2

    Score
    3/10
    • Target

      DreamMail4/Language/Resource.pl

    • Size

      232KB

    • MD5

      3c0b1a417f96de17d3327fd5e94e7915

    • SHA1

      8739e7fa822777c5c74fb0a3ec6842bb1b4e7124

    • SHA256

      8a12eea4f0766e04f179bb67af229aa86084a3e1d749b1fced6b7b8f2568df3a

    • SHA512

      700e1302bc92be482ef8177425253a5ef5cb23d7843261db30d9d77ddddf0f39bdbe6efc8eb781e7679d8b0b8ea24074303da50df63c9f3ab635a458ad1052ba

    • SSDEEP

      6144:nE8soa1eStqTkzxH+WyL2sgftOvLxIl8pXRf:n0HbVwx7pXB

    Score
    3/10
    • Target

      DreamMail4/Readme.rtf

    • Size

      10KB

    • MD5

      aa4118599c8a7c6d77d5791d66b0c166

    • SHA1

      187fde33c7a27cdef524fee5b0183f7159118704

    • SHA256

      aadd55d603aab9f74b52e9b6265ab31b48ad02ba32e35dd14ae8268fa0fc9666

    • SHA512

      83bf01b3546895649ca85d0ea8dce061cd158f7b1c723c35af1d7ccbb876b233dd028de35e717657bc3e90d7862bbfdb8cce67b583576b3b6fcc3133734c04b1

    • SSDEEP

      192:m/t0Pf2sANMZTIp1Fu2I8Hnq5JE45dNyr5FUOjD4NsDU2:CsUi8P3K5iqyMOjosDU2

    Score
    4/10
    • Target

      DreamMail4/Rss/ListTree.html

    • Size

      281B

    • MD5

      d60e55a24dc0c9149cd5f346b44dd56e

    • SHA1

      a4a8eb48db1ad75a84ee587ce0a871be2b23a577

    • SHA256

      d06856958c6ee2c521969b2ca2f269155eab2042a634e560a9731d590c3176e7

    • SHA512

      ca7b4ab9e721712a2a184e70b9ea76b2f792a0230156e7775b549969fb3646711c14accc5d1854e79270df7b5cceba2b6833698a1ca5e8bf43d2253c6cb7fa63

    Score
    1/10
    • Target

      DreamMail4/Rss/RssBasic.html

    • Size

      1KB

    • MD5

      1372dd1818ca64169c4534300b58765d

    • SHA1

      a50f2d788550741d58747edf2465ff1f269d97a8

    • SHA256

      be7f4dc4f3e9eb35a0c38934163854835af0bdef5833bafcb11084f981d63a78

    • SHA512

      393f99cbfbae4541793722cc9f4b55dc7212595efee37e51e242658c1e3235c4e1d6aa79c6ce6a377ea5bade111c2dabdc063c20d8e70038eef9972aa4e94cbb

    Score
    1/10
    • Target

      DreamMail4/Sys/AccessFixed.dll

    • Size

      47KB

    • MD5

      1cb892814ad2fb6e5a8b4f233cc8d4dc

    • SHA1

      381efe08c2c1c60089e991ccf1c444f2815cc458

    • SHA256

      c225a5c7d902be51bf295f6606248a95f913ee5545b5943e7e88be17ecaf7c72

    • SHA512

      0f36940afb8ad540c4cba9d35711a4c3a679d605362af07c3440e99094ad1b7fe3276ae4164bb7f0a0bf897bb809ae49abfa66bec57a67057649d84e54715b95

    • SSDEEP

      768:v2vI+AyU1UWFyEsRNdzd6KoKfBYoojsAOI1PpwRvn7DaTxOha5C:vIAyU1LyEedR7xWsKNeHaAf

    Score
    1/10
    • Target

      DreamMail4/Sys/DbCreator.dao

    • Size

      264KB

    • MD5

      0289c236ec4da52cead654b7edf26439

    • SHA1

      c46f16498d3f27d868c9c8aec66688f7ba03ef13

    • SHA256

      e000acde8e5097bc9d8da88e6ec4a5a673b29b8c36f8a6a093e46f4ed6c06ddb

    • SHA512

      14ab2149b05e2b316be58cc0586a814015d6d8baab07ff88d399bfdc7efeaec3a3d3354c3b3b89cf4b2e8b961cb87efc3bc6944c8827e6b840edaa597bb60a18

    • SSDEEP

      6144:2vTXLvoJlAWgxGIyCr67UzHJxvCSbUvG:2vTXaAVXnq7G

    Score
    1/10
    • Target

      DreamMail4/Sys/DmLib.dat

    • Size

      56KB

    • MD5

      67e0a26eb0bc1ed581baad8fcdd7ab7f

    • SHA1

      1f956b48b35dacdef30604f0adfed79b7f4c0dd5

    • SHA256

      0e4fb3d2eee41408edbd4c495970f4401de4811ccdbe32e99ea572f1e466c304

    • SHA512

      640f5615af98d51e5bbac4991922ffc9408632eb48965f51e9b4b5afcaf96dc5192bd1debf5ed4625cb8727be5fc1b3a84339bedfc7cfa7bf09b6c82b919fbef

    • SSDEEP

      768:h3b82YL1zsws9sD2/e+usybJV59N38pivGqyVYqiWQMjXOc:MhzyC+JybJVdAiOqy9iWQPc

    Score
    3/10
    • Target

      DreamMail4/Sys/DmLib.dll

    • Size

      220KB

    • MD5

      fdea6a53e11fd3741737448db4059b7b

    • SHA1

      d0452a06dd399e5dafb54ce809b00ae9f0efd026

    • SHA256

      799b53fac2b0506ac1e869cce99f7a3c44737105d6287e31e78ac8489d963c60

    • SHA512

      4ea0c130531ddce3b6961b30adbe0e56a49214055a051c6ed9992d0b985518581d33641f24a59ae58f3993a6837a32a42b52530de0de27f4f3ddafa6bb7fb392

    • SSDEEP

      3072:PaRKz7I8Qf/14+vNYaCCK2bJal67/yGvct0kv7Mu3G+r9ZQBenZcNw4xgxJh7t:4K3hSNZCCMBVvYd+r9Y7q

    Score
    3/10
    • Target

      DreamMail4/Sys/DmMapi.dll

    • Size

      94KB

    • MD5

      159f47cf3fa12458d65e97b9aa9463db

    • SHA1

      0c4a8f5820587ff60debcda67c7c2fc574c8aabf

    • SHA256

      7469c66c3535b296f8984734378bec3f6327b701d44f9a52f97fbb3419b01cf4

    • SHA512

      716dac823935640bf9592b6f260e2ee6e914b0a96e61cc63636cf4b8c5bc206e675f365f6c8c55b8d27448d7815b920af9cde7e120681737fe48442eccf21dd9

    • SSDEEP

      1536:3gVJtrhlVplE4t58hhtSvXaWNsphJ0rmgIHGE06TSIZnEotEeeDDzaG93:Q9FlVPjt5IhEXaWNsphJ0rmgImEpuAnw

    Score
    3/10
    • Target

      DreamMail4/Sys/IPSearcher.dll

    • Size

      20KB

    • MD5

      75d6153ab91677d01c3d1531d0dc20c6

    • SHA1

      9312f97524fd8336693f5689816faca6af24b83e

    • SHA256

      b208167da7a5fe33ba7dfe19276b17cc580628e7c600b2038b23840b6cb89601

    • SHA512

      1a93518df4cc8ea99da063ed3dd7ebc1a8e6e65cdb290eef453d3cde7011f543ad43818ac0c00b7b6433998807a29c807cd1b5000aee51cdd92c9fee1957ae56

    • SSDEEP

      384:EpP1lqK7WW5sFwFBKwR9qGMUJaV/xx9rcq232RbC8fQ:EbgiWW5nKwGzU4j9rcmRbtf

    Score
    3/10
    • Target

      DreamMail4/Sys/KsDHTMLEDLib.ocx

    • Size

      378KB

    • MD5

      105388c7c179dfd3805f5eb25ef00c26

    • SHA1

      02a7f1806a654e29dd24893bb4f4c0e9007047ee

    • SHA256

      928c6ba91e692fc80f4494625a39a45e051c4a8dafac6e96fe9f9e92be99aee6

    • SHA512

      e1c3a2217c6dc62c2c126b5963ec96dd8e295c497a0b5879c4c984fb9d6769ade64e56bee8f3c170c104d3ad91cf02cc60456778baf460726e37670e2347d9dc

    • SSDEEP

      6144:H9Ad0mAnyIJt6wWt3C9G62bm3114qL5qd+FtZEZlhSkEUHi5+j2Q:HSd0zyI/6tCT2U1aqLw8FtOlhSwCn

    Score
    1/10
    • Target

      DreamMail4/Sys/NameCard.html

    • Size

      4KB

    • MD5

      316d70857b8096e57005686d7f1a7012

    • SHA1

      398e63536d2176b8ef5edd8423b12bf2727c5bcb

    • SHA256

      d2db16f3a30697e96838e4eb6501dc6a10e6676a12857bd6aa14b3d525cb063f

    • SHA512

      cc7786ef730deef7132d2f8f3f4ce355085a0aed10987bb6c017aa4ea4a6d82bb1532b1f8f285d5473a2e969289a1f62b154968e60e2fdbf66430f5fa6f5c843

    • SSDEEP

      96:7ptVMuDUemGgw6IgCthJIx3zXIvJXIhyX98w4XVpa:7ptiuDUemOndkX6

    Score
    1/10
    • Target

      DreamMail4/Sys/OfficeAddIn.dll

    • Size

      192KB

    • MD5

      74004396991f5f064f68d3944fd76d5b

    • SHA1

      7be2cd41c37126ccf1d41a6186cf92026335dc52

    • SHA256

      0dd815e6ebcd5442a394d0df8f880e008018a7f037fe188479eddc687bd6961d

    • SHA512

      6dc96ffe3eb00b49370a3cc9c243da8bc581a13a3a24ca0b43eb6e43e848e7d066ccd2aa2ed285c0a8fec7d88de6d9bfaef8df6799f36179ac002e0bfce44666

    • SSDEEP

      3072:Unn5uCm5e5yQ0lZ++OWVpMYfbBJLdQmrX+f8mTTCCguRHDqOHOeB2w3Uj:Uzm04cPA+YfbLpQcX68mTWTuRH1HOAXg

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

aspackv2
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

evasiontrojan
Score
6/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
4/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10