5b080cc460f05a3027ba7f8a24e2054bf57f2ae6098be2dc64854da631d11861

Sharing

Copy URL

Twitter E-mail

General

Target

EcoVerde-Launcher-Setup-1.0.3.exe
Size

116.0MB
Sample

240305-xzjlksfg75
MD5

9c4df120a26256a0644ae19379d9da93
SHA1

af774ac61c25e0d7ca5c4bbb232c43ca10a6ac3f
SHA256

5b080cc460f05a3027ba7f8a24e2054bf57f2ae6098be2dc64854da631d11861
SHA512

297b88822a98709cfef98f62fd266a732c150ec1fdc98bb6e7e0dd78a70a312a2ca381fa3b5a97c61db221017490d1f15d9629a2fc97528b441286349b4b0e91
SSDEEP

1572864:Q/e4hJceZKoSYUUERVc9chop/Tp/LFymEkfWx0/sX2ZNt/dgZhlStG2z/o/L3Pp:Q/e4kf1zWUW+xy82Lt6ZhlSvU/N

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  EcoVerde-Launcher-Setup-1.0.3.exe
- Size
  
  116.0MB
- MD5
  
  9c4df120a26256a0644ae19379d9da93
- SHA1
  
  af774ac61c25e0d7ca5c4bbb232c43ca10a6ac3f
- SHA256
  
  5b080cc460f05a3027ba7f8a24e2054bf57f2ae6098be2dc64854da631d11861
- SHA512
  
  297b88822a98709cfef98f62fd266a732c150ec1fdc98bb6e7e0dd78a70a312a2ca381fa3b5a97c61db221017490d1f15d9629a2fc97528b441286349b4b0e91
- SSDEEP
  
  1572864:Q/e4hJceZKoSYUUERVc9chop/Tp/LFymEkfWx0/sX2ZNt/dgZhlStG2z/o/L3Pp:Q/e4kf1zWUW+xy82Lt6ZhlSvU/N
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  locales/fi.pak
- Size
  
  492KB
- MD5
  
  3acdfec7edd4d3eb473f0deb32713c14
- SHA1
  
  41fdd4af5f9fa78f4f81d3996ecafd69587f05ef
- SHA256
  
  4bf099ac8a76449bf597caf005790f5c02efd533b9a329c5fdc460d38f77607e
- SHA512
  
  b167caf1e5ff38b0c80f891715866a7754e9bf3f1479aa1faa3cf3e8ae7fe9b71a87109239750f71855330b6d20704b43e814f188672aa52a5dc6912297f1997
- SSDEEP
  
  6144:UAjmIM819iPb8Kr6wg8UruhARlhsZ1QzOEbQa4qJLN5fZ7kW0CHEpyWac3yYZn7W:hiID19ab5KuRar5fZ7kfCHEpyWaM7OYM
Score

1^/10
behavioral11 behavioral12
- Target
  
  locales/fr.pak
- Size
  
  574KB
- MD5
  
  6708a286a0529ba7bed9840d53035be8
- SHA1
  
  af289ed518d9d90c75b69a870615e3f475c5d0e4
- SHA256
  
  7169684ff44f342b98648839b8963916f7323115dead332c2471baed6264b80e
- SHA512
  
  b329798fd85eac1505d0af5cb827ba11a5850eb926be39b414c40b5fdb56432db5f3dbc45237510bd4d1174c1cd62f623c6cc8ab10eb0ca51dea5d5487f0b0fd
- SSDEEP
  
  12288:92XnZLqxMDpDgEL6QuaMVWXKz05qlZQmZyMYnYtkLx9ujzx4e5hxkJSW7v40wCJX:9/m2V6N5V7
Score

1^/10
behavioral13 behavioral14
- Target
  
  locales/gu.pak
- Size
  
  1.1MB
- MD5
  
  ba34657d3f5ebe61b36a807c4a053d72
- SHA1
  
  163875c4ef39e3473d9d5aec4b6273f34a90a02d
- SHA256
  
  8c762963cca8eef2cbd39bd7bcd8b809f3b57a75353e687743894add9c19440f
- SHA512
  
  cb1c4adc59c3e99f819645ae84e3e6b601b340e05ae2182c0b1568bbbcd3eabf7bf09ef34e5d0757530997d0734dc52dd744b8b0edbb3702a3c06e29ba7f0c4e
- SSDEEP
  
  3072:AUepQZP3poTbB2hbmXfjfIWHIwjAwREJKVMjNiT7llj63rFXlPCpMi5eWWiYJsWY:AuZP2TbMAXzBOW+L5qAhNkFR
Score

1^/10
behavioral15 behavioral16
- Target
  
  locales/th.pak
- Size
  
  1.0MB
- MD5
  
  7512a162ea0b65dd9477ac8c190136b9
- SHA1
  
  ae5fbce9516882a0d58da9ebee3c767c7ba4c305
- SHA256
  
  d01ecd4edecf1809d5c2133366df2502a4621e88d894817e80b913f3a0926fa4
- SHA512
  
  425fd803cd3ed9589df5d04bb8ca4b62af0e573301d31c48a1a05bf3b707a0672e1a033965946223e5873a98eb3c9d52bcdcc1296a08cb4971d0b1b6d2e95eb7
- SSDEEP
  
  12288:7UTfeN9LyZYArTJz1L/L1XPhHsbhRy1cW+v1H5UJEyL3ftj8wlz9eTRo98GkK9u4:7UTNC5y5h
Score

1^/10
behavioral17 behavioral18
- Target
  
  locales/zh-TW.pak
- Size
  
  442KB
- MD5
  
  337bba163068f2dd7ff107ea929c8473
- SHA1
  
  536ec5756f229696dd6f875180778afcee1966fb
- SHA256
  
  58753d4313ed7f548df16a9cd9aa1f0e30cebee675a76b8359ed23fc95825574
- SHA512
  
  000b98249d7b0e4c7e463bafdf827e3dc5afac447750320d6344c984f4ad41cab5795861920525f03dcaeea5aa3615684101b08bbc103d3ba01065676c8bd64f
- SSDEEP
  
  6144:1nqUsbcI8cPArmJflGs2/uUasg5b5SjkzBMOZQyZV7zeyTA:JqBb/LPA0Sasg5b5Sjkzpr/7+
Score

1^/10
behavioral19 behavioral20
- Target
  
  resources/app.asar.unpacked/node_modules/@prisma/engines/dist/index.js
- Size
  
  5KB
- MD5
  
  790b20f7cbffda1f6995bd533c8603b9
- SHA1
  
  e89ba7582d329c343bf6297d7377c7116efdf574
- SHA256
  
  4ef0c22bbb04f4c54dcb52f0d7156f75c3715a5311ead655bf8920b5e61249a9
- SHA512
  
  2c8d0bb32e17f470cefc2ad7d36890b651ae877ebcf1413042f4ca8fd75218f8ec56ce46ae9a565fc31a71a92b6c172f21e3cc995bc7a7515fef111524e43ada
- SSDEEP
  
  96:huCDO+YA68hXGNUaDA065vkkWhMIuaoUriZdx50HeFget:Al+YA68h2qaDA0lhMI/oPRaet
Score

1^/10
behavioral21 behavioral22
- Target
  
  resources/app.asar.unpacked/node_modules/@prisma/engines/dist/scripts/localinstall.js
- Size
  
  66KB
- MD5
  
  8d3ead24255deee4345f6935d7628c0d
- SHA1
  
  87b4410c77056d178049085a1e9048a4dd273877
- SHA256
  
  78434203c7a587645df358da2a7cc196555221ebeee21603db157c959ce69dea
- SHA512
  
  e5f737ff3a90d5c4e20a7647b3d54afa00c7628d3ceb8b35ea314bd42b4036a6e3dff8a0818f0e54203f137a74637dc8d3d4c4fd0fe5ff85980b12f2abe74200
- SSDEEP
  
  1536:YnRZrrzISbpb0zUPzouUtZJi+nctYNu4nzHCO2bDfytVf:QZrvISbpb0z6UtfjnctY/njMDQ
Score

1^/10
behavioral23 behavioral24
- Target
  
  resources/app.asar.unpacked/node_modules/@prisma/engines/dist/scripts/postinstall.js
- Size
  
  5KB
- MD5
  
  22cd323bf9ac0047040c2fb42281f1c6
- SHA1
  
  4dc58fa358e02eb1eabd44be2505ffe141532539
- SHA256
  
  81fbf4bc8b69cbdf023f6ba0ef168e4eeb1cfff7bd070793ae7c63fd015bd1c8
- SHA512
  
  a04551817fde82608d165d1f586e3b963e121b7ad85c6af22d1664eedfdf857e511cb9d327e38c3308ec412699f026373e0d79628dcd817288914ba9223b8dc5
- SSDEEP
  
  96:hSDO+YA68hJmuPXvkkmMIuaoUBHehjy57NO1SPZtOrhxbG6RqPXIfeaH:L+YA68hsMI/oUEsjoD8PXnaH
Score

1^/10
behavioral25 behavioral26
- Target
  
  resources/app.asar.unpacked/node_modules/@prisma/engines/query_engine-windows.dll.node
- Size
  
  18.5MB
- MD5
  
  23db107e7860c4cd1f208017249d8881
- SHA1
  
  6452e33b75f0f10fad041c429b0b2cd61ddb09a9
- SHA256
  
  b83fc09260071e545b1a036a13e10f291428efefd351fb4197fa5c716bc02014
- SHA512
  
  976c5648065053f93fd1aacaa8189056d6df3725cff980d3ff878b05226af05bbbc795fcf0f480b5d78ea057cc468be972437f1ac94b8ad1fc8900b3237a4539
- SSDEEP
  
  98304:aud1+1G/v4Fuh/IIFQsbinb6Hi0tpb7ys61r2AR/45N0BYFpDtSQU5bPnzS+6++p:tdh/v4tChrWl454Wp9+aukaV
Score

1^/10
behavioral27 behavioral28
- Target
  
  resources/app.asar.unpacked/node_modules/@prisma/engines/schema-engine-windows.exe
- Size
  
  16.5MB
- MD5
  
  0d90982d6f0ae2763cecab2ff5973ef5
- SHA1
  
  63c445b889983c6357ffc4ffbaafcac1eb3c174d
- SHA256
  
  f27a04af257e69c0edb48816d9df1b0dc04353a265e5c5e07cfc53601049c690
- SHA512
  
  ef9c9cd3be513a4a38bc1436edf74247cc4a07c30a6720d734bc73c06726afc0b726d2775c3f08824164461691efb6fa2318aae377038dd8fbde2f040423e2ed
- SSDEEP
  
  98304:oJw9uABdED1mfoyVbdKzUolVVMsUVc2eWBpLDtSQs7X+njh1+6++al5QLpfmjUfF:TImsWVc2TL982bu959M97
Score

1^/10
behavioral29 behavioral30
- Target
  
  resources/app.asar.unpacked/node_modules/@prisma/engines/scripts/postinstall.js
- Size
  
  1KB
- MD5
  
  3d2c91f325f64326a00a0eeb0390391b
- SHA1
  
  e533f5d46219370d5549ca24e2ff84d09a0d0a3c
- SHA256
  
  c4219fdab06232498675a5372968a9eed209696a1a825c88ccc4f247a922f1b0
- SHA512
  
  cd6f3c34f8a8e96d7c098ca3aec1c5340ac04e2de2c354cff65e6c4d90dc3ec56bd8e4467e953898fcf87854883566833700865531bb57080aeb5d36f529012b
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32