5ea84f8f933017eb51519e628002909ba5dcf81a34830147ff2368a9d430496d

Sharing

Copy URL

Twitter E-mail

General

Target

bc5166c87ed7ed9d7a3a1521322f7798
Size

8.0MB
Sample

240309-vdwmxadc6s
MD5

bc5166c87ed7ed9d7a3a1521322f7798
SHA1

6786a9996e64f1046a852bbf248ba99d5f346788
SHA256

5ea84f8f933017eb51519e628002909ba5dcf81a34830147ff2368a9d430496d
SHA512

89a5e3892ef597fa4b9a36b63a61f4b9c2f40beb9b2c81a2848ea7de4550e91ffcf4abdbf12b95f785a4c13acba93dca802bea873e95ecc2112256d31760776e
SSDEEP

196608:ObxyuXqs4lN7if8VwITL3uPCeW3xOu7Y97uo7nM:yyVif8HTLePCe3u7pGM

Score

7^/10

Malware Config

Targets

- Target
  
  Mp3King-v2.54.exe
- Size
  
  8.0MB
- MD5
  
  ebaa4252b588c8bb4b8241ff2fb9c36d
- SHA1
  
  54a8f5e92608151dd7943d54ecaf2a010b373a35
- SHA256
  
  825a80f7c4a11febebf142190abfc49533e4a8f0b4de895435dce4a67441e1b3
- SHA512
  
  1e5d76bd3c5abbe952b39bfc094a77e613994054f6644c0fd5694e67b9685b54bc4ecd00e8b5670316c3d3f9692b734623312dcca5080f71bb2fa0b4ec36b514
- SSDEEP
  
  196608:ySQMTGHukGmSow1RDCfDPYmnT7jEOtMDOcMD6DPW4HhoVd4TVHoiDSkg6:FQxHukjSow1pCf9cc3p4BMi/
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  2b54369538b0fb45e1bb9f49f71ce2db
- SHA1
  
  c20df42fda5854329e23826ba8f2015f506f7b92
- SHA256
  
  761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f
- SHA512
  
  25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7
- SSDEEP
  
  192:ibEOXfXZQ6i1AZ2q6grklcm/iaULQAos:ib/41AZN6uklckLUJo
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c6284e23cd7e4d11db8298deb4541083
- SHA1
  
  e338686c7579620383ab8cc5a51bbb8d846f60cf
- SHA256
  
  79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
- SHA512
  
  72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
- SSDEEP
  
  96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score

3^/10
behavioral5 behavioral6
- Target
  
  $TEMP/Baidu-Toolbar.exe
- Size
  
  868KB
- MD5
  
  3d80116e4384cd0629886f808b4fa22d
- SHA1
  
  25ae42c3deee3334d70b64c26fc414710174339c
- SHA256
  
  2f4cd9b97c9fdef40469187203497d36f6cdb201c86d843a9c460b802bb323f8
- SHA512
  
  28d1cc7befae6f1ac0434c11bde9a90e2df22890409c2308be21e07ad050ddaea4fc25932975fd470b52950e9f94c20a740702ef9ee1c5606997c89c32c65071
- SSDEEP
  
  24576:4z7NzT9J2ILBlVXrYgcfwiQomFNvKBUNaQgY91kwf:4z7N3FXrYJ7gzvnbxf
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
- Size
  
  2.3MB
- MD5
  
  3c2b8a41a1706ca9aa5efc33defaf7cc
- SHA1
  
  d9f8608170901445f69585dbc7d07d3d205e987e
- SHA256
  
  3fa7b750c18fbc761feaf3c738c0804ea8f02969b73764082b94ff7f60ce13b5
- SHA512
  
  9704f399f9beb80d3e91cb8f0bd018351ff031c0fb390ef3d4fdb7b90faf9f0993d49579f8ccafa7e3480f502c1594021f72e1d990327e72e6aa01ecbbd9277c
- SSDEEP
  
  49152:KY470bLUv62Xa2mXExRCZfETFPSHAnUWTOeKDF7ssT9F:f470bLUv62Xa2jxR2cXq
Score

7^/10

adware stealer
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral10 behavioral9
- Target
  
  $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BarBroker.exe
- Size
  
  229KB
- MD5
  
  12541c0a098a1ed1756be6d54d5fbc2c
- SHA1
  
  5ad9876ddf91ef9992a1ec83bf70becab5c3be23
- SHA256
  
  86eeaecc3ef104471423d3e280b26d03d95b80122e8178ab98d582115b403a06
- SHA512
  
  0f5d9292f3548b69d65688002554cc957b9b6b3e7179b1f0fa31fc4c134b9536378b74b6295223437d02827d97696952abac9566a8904edb2fb8cab577593c5b
- SSDEEP
  
  3072:KrOYrp3K7YIRMNaPvN1FtZb5SZiSPyuQrTBfVKWYCtvtocHxJz9WlD:cA3BXdPb5Si/uQrTBdbBt+cmD
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/rc.dll
- Size
  
  369KB
- MD5
  
  a75aab3e55d19694dc896a17e4fe5cb4
- SHA1
  
  1d5bcdaf5bf213d22eb865f2ac90c4059c5c3e23
- SHA256
  
  b0b1f00b4cfebbed6772af28a7b89edd6c1786f671672cf0e476499e34dfbe33
- SHA512
  
  da41da1bbb97548dee9aa07b0a7cbdc11804dd770b46f94f4ed15637e4f9622c3987ea04ffc0e0a54b5272524197d4fb96251a74e390cb5c1a46bfdb1343e4b1
- SSDEEP
  
  3072:MekGhjt6n+DWOWfJe7Tqu4Xg4bZdOpFRcwJIpJ4f26LTTSIxt0j27dcliVs1UGui:taj5g4bZdOpFNJ8R27dVGbdoAT
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/tango_mp3king.exe
- Size
  
  5.4MB
- MD5
  
  0fdcebc29b02dda89cc8c9dcba2262b0
- SHA1
  
  af17b50834012fe71ce3544618a6e8632e65b8e2
- SHA256
  
  8e155b1720598fb117400b9d3c30d2652daebef1fb4057ff499d03f3459a64ad
- SHA512
  
  29ba0db467613bc4490d6b81955ceaca7e3dec3798079a48a3dcca83f620f99c8e4d15411668cb6709628f7836086f3ea38ad319fe5d3463c8a5bf58b2e4a871
- SSDEEP
  
  98304:AWB6vYSPJ6CNmFviM2TRRL3vVwsdUaUcMHQvPGMlZXiCOtYtuvE3kz:AWQPsCkl4/L+sdNyyOMlZXiCPkT
Score

7^/10
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  9a886711c559308c39c01c20e9d9a1e3
- SHA1
  
  0f27cf1cf6e4960e140651b68d72ed4b92c58e9e
- SHA256
  
  98be8860d38ad9cf31b55a1a04594de59eabad67510ba2a33ed20a80863ddfa4
- SHA512
  
  4dabdd9ea7a8330a367589a3975a9dc7286b82c66efc7db118b4d7a2db08a467851c6d3dc991668e13c4dd5473aa974e9696a2226039db94df8b198da54354a3
- SSDEEP
  
  192:3+8EHhdmwZYQBjHUEuX0esaONOs6zrMQQwoJwjwE6g//6IF7cBMEha:3qzBFHUENesmPdQwxj6g//QBMEh
Score

3^/10
behavioral17 behavioral18
- Target
  
  Thunder.exe
- Size
  
  2.0MB
- MD5
  
  16f50a44d7ff076f87806f5a6710bc13
- SHA1
  
  8af1513250078aa085c8cedc3f4d49a833b7d74c
- SHA256
  
  a596f3bcf6c8b26a5c407c2c234546f1b0808126037426869865d61b8868f1de
- SHA512
  
  36950a4fdc591dcc44fb6a416039b413d96678e52bf3e5e455bcc47742254bb11060689a319304c53396ddef9573e1848446d2c7926799fde5fbebb247cce286
- SSDEEP
  
  49152:69UGevOS9BDQMi+Zh3KUFhzhnwx10DOnm52SA6KZHgofvnH:69zeWS9BDQQFhmyOnm5dIgoHH
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral21 behavioral22
- Target
  
  $WINDIR/system32/atl71.dll
- Size
  
  87KB
- MD5
  
  79cb6457c81ada9eb7f2087ce799aaa7
- SHA1
  
  322ddde439d9254182f5945be8d97e9d897561ae
- SHA256
  
  a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
- SHA512
  
  eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8
- SSDEEP
  
  1536:kIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroV:BtvBOI+FQny5R6nG//SdaZwms
Score

1^/10
behavioral23 behavioral24
- Target
  
  $WINDIR/system32/libpng13.dll
- Size
  
  229KB
- MD5
  
  8198d05358c0ec2b4ba119deb4be23ac
- SHA1
  
  48f6446bc992ccd56eaa28da872ae3714decf9e2
- SHA256
  
  ee8c8298c65eb9965588cfdca55b927b0c04f4a10ff9635ed77818e1eec59df7
- SHA512
  
  ac0286f9e2f79591788e74e6b27c2e09e9bb2142a4ae942d80b69b619bc37d972f6f34162d86f38cfe0dbe5e9c9f164864c56763b0b8dc48ff4131b977966ef6
- SSDEEP
  
  3072:5Wv5Kk09OAyMLd0oJyvMyr8oXVY7ylTa1+w9hj4OCj4iY199+Y8ly+az/DE/0shf:3ygoXVY7ylvw9hj9CZ6DJL+azrojVj
Score

1^/10
behavioral25 behavioral26
- Target
  
  $WINDIR/system32/msvcp71.dll
- Size
  
  488KB
- MD5
  
  561fa2abb31dfa8fab762145f81667c2
- SHA1
  
  c8ccb04eedac821a13fae314a2435192860c72b8
- SHA256
  
  df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b
- SHA512
  
  7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43
- SSDEEP
  
  12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
Score

3^/10
behavioral27 behavioral28
- Target
  
  $WINDIR/system32/msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10
behavioral29 behavioral30
- Target
  
  $WINDIR/system32/zlib1.dll
- Size
  
  64KB
- MD5
  
  662a41b2f7b88a055a66b106ab69a568
- SHA1
  
  b1e3470652549d448bac31881cbaf0e2257c572b
- SHA256
  
  e3d94cab4ccd3d6feae0efce0bd2ac5da1db09bc87a9e6ababde4d07571fb437
- SHA512
  
  698f6b634f8adcab60e3a1223ec3520d0b65e0b93f677872f5cb5bd231d41591cba80e45cb229d662ab9268b9429b49463c27308070a95202fafcd3838cdace6
- SSDEEP
  
  1536:iUBBsDArYynUtNTD1onToIftIOjIOG0T0CqaF:iLDzeUtNTD1MTBfnFGy0ZaF
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32