Overview

overview

7

Static

static

3

HandBrake-...UI.exe

windows7-x64

4

HandBrake-...UI.exe

windows10-2004-x64

5

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...al.ini

windows10-2004-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

HandBrake.Worker.exe

windows7-x64

1

HandBrake.Worker.exe

windows10-2004-x64

1

HandBrake.exe

windows7-x64

1

HandBrake.exe

windows10-2004-x64

7

doc/COPYING

windows7-x64

1

doc/COPYING

windows10-2004-x64

1

hb.dll

windows7-x64

1

hb.dll

windows10-2004-x64

1

portable.ini.template

windows7-x64

3

portable.ini.template

windows10-2004-x64

3

uninst.exe.nsis

windows7-x64

3

uninst.exe.nsis

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HandBrake-1.7.3-x86_64-Win_GUI.exe

  • Size

    22.6MB

  • Sample

    240228-za8waadb93

  • MD5

    1a1598a4f8a2d8d6b1925cb22a74d5aa

  • SHA1

    ce693673a6f207be639fc07d21f90833dc386072

  • SHA256

    f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264

  • SHA512

    63706b168aa11c6370a36fce9d73b585486f2a9e396c183eb725430f70a67d5c301701823b1e566b70a601443b748ad428de2c91e507b4a8f8d14e344571a18f

  • SSDEEP

    393216:Xx4SBEeiv1+mx9BQNCX3fjSfy05s+EwWAa4ND046BsZdCu17QCnqXd:X3BE9l1XLSf9ZE5iD04RZD2d

Score
7/10
discovery

Malware Config

Targets

    • Target

      HandBrake-1.7.3-x86_64-Win_GUI.exe

    • Size

      22.6MB

    • MD5

      1a1598a4f8a2d8d6b1925cb22a74d5aa

    • SHA1

      ce693673a6f207be639fc07d21f90833dc386072

    • SHA256

      f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264

    • SHA512

      63706b168aa11c6370a36fce9d73b585486f2a9e396c183eb725430f70a67d5c301701823b1e566b70a601443b748ad428de2c91e507b4a8f8d14e344571a18f

    • SSDEEP

      393216:Xx4SBEeiv1+mx9BQNCX3fjSfy05s+EwWAa4ND046BsZdCu17QCnqXd:X3BE9l1XLSf9ZE5iD04RZD2d

    Score
    5/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      d095b082b7c5ba4665d40d9c5042af6d

    • SHA1

      2220277304af105ca6c56219f56f04e894b28d27

    • SHA256

      b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

    • SHA512

      61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

    • SSDEEP

      192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/ioSpecial.ini

    • Size

      211B

    • MD5

      e2d5070bc28db1ac745613689ff86067

    • SHA1

      282e080b4cf847174c5c11e4f9157b8c338ecb19

    • SHA256

      d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0

    • SHA512

      a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de

    Score
    1/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      51KB

    • MD5

      fe27af40d69d1f2a72076894e0e6892a

    • SHA1

      949ba274d2b6122918bb70e557c0d4e573478088

    • SHA256

      e668f52179d72316ce77862e42708927c5deee34e37ce83ad883cd0e0b3d44ef

    • SHA512

      23dbae163948992d1a34ccf6bf9cdcf1b5387e9d6abb2b42056c88528738411e53e73aff0d8d8b5ba3c302d858f74c6803f7d70471318e684d29229fa90fb271

    • SSDEEP

      384:LQoRR6jym4ExifyxL9OpN095ZXUoYY/NGFwcpU:Ey+y+QyV9U85ZXUoYY1khpU

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral10behavioral9

    • Target

      HandBrake.Worker.exe

    • Size

      713KB

    • MD5

      94d1e5aa26613b328286af8539ead1c6

    • SHA1

      a95a082a2e49d8a69fc274aabe6bcdc3a6264a8d

    • SHA256

      53748f879f972d9abfc6bb528c9c9a95fd6d1c7462fbb7b61a665b95f71b95c5

    • SHA512

      2906955925e33e960968d9afa08a136b497045f586fbdc11776ee5ff701d22ddba2a0f11ee0f435e30b7f86d7d65f32d9e76c3a0b1801f679cc8d796f5964d84

    • SSDEEP

      12288:hhNAl2RY5MkvpEC4+j8Uijlp8czEW4ThvBtJTPXoVTDIQbY5MkvpEC1sJq:7NziyC4wLiSJiiyC1j

    Score
    1/10
    behavioral11behavioral12

    • Target

      HandBrake.exe

    • Size

      35.6MB

    • MD5

      ee3cbf592c24b1bf04d906ded5c7d1a9

    • SHA1

      1931bdd5d120635c357b3000dff08ec9110ce1e3

    • SHA256

      ee818fe194c29f1f31d6edffeb8256405618dab251f3765bbbacfb91ea666336

    • SHA512

      97b52abf6cab8540bb7e6467eddaf02199c34fb40eb561ee022e626f9976e9a6d5b1006d053f2f1234c4a8760d686a6dfece1c5fd25483ff2d67bae43e38d8ac

    • SSDEEP

      196608:cGSU8sdauO4miemcjYXCe5njhhKt39VxwgTluwKqVWyAAh:1SybLnJX/9jhhKtNDwgTluwKo5

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13behavioral14

    • Target

      doc/COPYING

    • Size

      17KB

    • MD5

      39bba7d2cf0ba1036f2a6e2be52fe3f0

    • SHA1

      1d8c93712cbc9117a9e55a7ff86cebd066c8bfd8

    • SHA256

      f9c375a1be4a41f7b70301dd83c91cb89e41567478859b77eef375a52d782505

    • SHA512

      c36527c31bc2bc5a919df62de75c8eeb73234a8a9854cf6c2f5730d6994baec616b99eb54027b3d9d3f597c146f2cb1f42c7c23e1224f739b234cbaf780f73fb

    • SSDEEP

      384:ghUwi5rpL676yV12rPd34ZomzM2FR+dWF7jU2:gmFWixMFzMdm7jU2

    Score
    1/10
    behavioral15behavioral16

    • Target

      hb.dll

    • Size

      66.1MB

    • MD5

      d3f0f312725a18d683820cd9def15860

    • SHA1

      521a515d3683e4c37500fcd6576aa19bffa0e512

    • SHA256

      0af40481a7c392c68069b1a8c225beb3e7062760131ae09bad467d84b09c1862

    • SHA512

      08a346c13f9c602e8ff51c3f461dc9002dc5ac1f16e975e53f39e094d9fa7f7934e7ef63daaedf10d0524b80308dd6ee792e706b3999cafa0fd07ce4f76ce2e0

    • SSDEEP

      393216:trqy505Di6M+Ak+rymPyujJ6ze7jyIoPkoQBgTgrti6o0rYEtHTghJL5FR0J2KBg:trV6M+Ak+GRWjyItng8YGmNFWv/dZw

    Score
    1/10
    behavioral17behavioral18

    • Target

      portable.ini.template

    • Size

      1KB

    • MD5

      a55a14acdb96d6f87b3c5e906fd338a8

    • SHA1

      e51cd75065e0f53af1e96f532569f3b7b9508771

    • SHA256

      81d2a215af90f34439f598b02e330654d5d71c7667106f97a143cb319bf9b5e0

    • SHA512

      f5403e9c53c930e9bb111a79d6a098037cd48b0b44e29b21021e0fd623977bd2bfafa1b0ec8be804fb23ed798132005d426f8e0b2a7b6b581cb810460c3b7b00

    Score
    3/10
    behavioral19behavioral20

    • Target

      uninst.exe.nsis

    • Size

      1KB

    • MD5

      2141b8e262a0f16789a1b82887dd12e9

    • SHA1

      c3b13403aa98dda3b5b77cc217cf21ef7c61b0ca

    • SHA256

      a7616bce17b4cb966aeb8db7db1d991321890a7aa1ec54eaa10c62ad153bb2b0

    • SHA512

      17a6cf392e25dd192658410e1ba1f5a112974d493141c3bbb2bed7f7f5f883c147ccf8cf3d8bbcc3df82b7e45dde2370fd85ee513241bb7199eb6d5aa4e82ba8

    Score
    3/10
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks