a490e2d404c0a5a566b63994d94b5bcc29388c8304be35dca6e473327b74ea46

Sharing

Copy URL

Twitter E-mail

General

Target

c0ca141b812d458db7c149ba19b8973f
Size

779KB
Sample

240311-rhsv2acf8s
MD5

c0ca141b812d458db7c149ba19b8973f
SHA1

51a67534bdff7c675b3f6ab28b1bd9d9a178b4fa
SHA256

a490e2d404c0a5a566b63994d94b5bcc29388c8304be35dca6e473327b74ea46
SHA512

5aaf9e280c09f5a5ef4e1d7aaba8b9d62697cc661c0c61cdddb23905dc48e722c2563dbac6442c10e5e5fb27154dd8c2d968f2099af90d1d923e57d613fd66f6
SSDEEP

12288:l/ppYgsSyi7MildgOUbYV1ILmaPQTYe1Dgn8WBlxEN/v6uyZ297ZKx7J:VCS4XOUEZagx1DJWdEN/hyZ297ZgJ

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  c0ca141b812d458db7c149ba19b8973f
- Size
  
  779KB
- MD5
  
  c0ca141b812d458db7c149ba19b8973f
- SHA1
  
  51a67534bdff7c675b3f6ab28b1bd9d9a178b4fa
- SHA256
  
  a490e2d404c0a5a566b63994d94b5bcc29388c8304be35dca6e473327b74ea46
- SHA512
  
  5aaf9e280c09f5a5ef4e1d7aaba8b9d62697cc661c0c61cdddb23905dc48e722c2563dbac6442c10e5e5fb27154dd8c2d968f2099af90d1d923e57d613fd66f6
- SSDEEP
  
  12288:l/ppYgsSyi7MildgOUbYV1ILmaPQTYe1Dgn8WBlxEN/v6uyZ297ZKx7J:VCS4XOUEZagx1DJWdEN/hyZ297ZgJ
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0285eac59530ff5cc91fe2634b4ed78e
- SHA1
  
  241c12aefca0740e776362f30aa1edffd66d6bdc
- SHA256
  
  44c822afaa4cc7cb95390eaa0ada076d280d3455870569f0cde03637257d9899
- SHA512
  
  1007fbfb82d4e6c04bd5fefb32cd81f4406022ceef4d409eda0f0ddeb8b1f124a2baec86498bc119778e0c241fc41b0c2440d8a8f6731a63ede936be94f81297
- SSDEEP
  
  192:8nK6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTgK72dwF7dBEnbok:8K6UdHXcIiY535zBtMTg+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  GetMusic.exe
- Size
  
  360KB
- MD5
  
  bbef8a3ec39cacec083990d7609ac4a6
- SHA1
  
  50d6b7b177c1587c63373624be8f89b39349191c
- SHA256
  
  4b0db0301f4290d24aa9c6554d110a60b5b557ce6f5d7a6ecf06af78a08e1ed2
- SHA512
  
  8ec04d08cedacb33869ac7f79bc12e0824352fb4153d90353be34baca9a344d2de810a4598659dfde0e0dcc837ffb92dec6bb91332958270a293a5b886fd3817
- SSDEEP
  
  6144:2wIU3PpalX3O1IjTTpPjZEjaTwyfNQRuHeVHVueTTL8chLf5B/zsfiJtzGKjex:zINlnO1iTlZfbNQRuHeVHVuG7hL5B/Ib
Score

3^/10
behavioral5 behavioral6
- Target
  
  RealYQLyrics.rpv
- Size
  
  64KB
- MD5
  
  fc5713e7060f1a275c4d7193a957d569
- SHA1
  
  16c9e39c0e14a2450fa566198dec68905a3e027b
- SHA256
  
  aed412d71e4ec2534eb498d87b14c365b17934e75c30d3883d769a245ac496eb
- SHA512
  
  be3a117085b13a93a14f8eb5490bf49861a55cfcaf5d96785efa4254e6e525e2d50bb573c0844f2adb686b8e324a14c11aee75f2ccfa6a30acd7551e1815f214
- SSDEEP
  
  768:70IkWGH6hiE8T9R8Q8WmbmD7U2iTYaFrr6F8smk0lqoTkb/:3mT9F8Wmb0Q288VoTkr
Score

3^/10
behavioral7 behavioral8
- Target
  
  Uninstall.exe
- Size
  
  47KB
- MD5
  
  7eb7469a162b31a4fbf4bd5d81b8c828
- SHA1
  
  1425760b2f5a69a696d6d1e33965a8dd89745ed2
- SHA256
  
  f1b6a95b4e3f7f90ee2b13454ccde2859dfe53d1f07c9324903abbbd74f9fa8a
- SHA512
  
  41ccf07ba1460bd73854bcce327a406ac3d9fb2cda379cfe27ae1399e51a4d1ef3c2be709f1e8fdbc295a734c14b6ba48e24e85d009004c0e29f19833507d01a
- SSDEEP
  
  768:CgV60pic8jAQVSISj980nSwRdxi4XAfF/O71mJMtL2NTOCLQr8RhYBbVfmXl:5FicEAwSIknNAUmJaL2sCVMQ
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  68edaafef887c72f0d85d4d64b6cbf52
- SHA1
  
  77c1fb3301d6eea2e882bc387af1a017678c58da
- SHA256
  
  7d8ce82f2b89f544ed90cc8febfcfa57b32d2c8600bb77f79bc8d8980f0f7477
- SHA512
  
  e1e6b45fd47553d8e72cf15faa8572d6cf3f0a5495a34f7cb63a2307502282e69d482db42f8a760feaa890a0dc9539e9661fea8179e4d6e18e1c90092b06d4b9
- SSDEEP
  
  192:GDKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbHSF:GViJrtFRdbmXK8+WHw
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  81f3a42e13f56dd241e838d6e90d7e65
- SHA1
  
  f998ec72b62e5cf11d9b4696654519ee4a4442e8
- SHA256
  
  908ed8726550d255cbbb2e3f1172a57b16087315a96e95d3bf9eda5d5a9c6326
- SHA512
  
  05c43c1daf94b2037f1be264635cf438abb78a651f54ef60802a0a272f4e4b9db8db479c8d8e4aaa63d1427846f9a5c55ebeb399174f565208c18930f0c1e338
- SSDEEP
  
  96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8XQB0NUndY7ndS27gA:E6n+0SAfRE+/8k0NUdqn420
Score

3^/10
behavioral13 behavioral14
- Target
  
  YQL_Lyrics_Common.dll
- Size
  
  505KB
- MD5
  
  72dbbf502f310b3820ff4589cf4e9ae7
- SHA1
  
  710871a5957a7e3932b7ef2a8990cc133afa8058
- SHA256
  
  4549c30b9bf613d757e139b8f0f55294b04b6297aa358ef85dbe71bd6b4235c8
- SHA512
  
  a9ebc84313ec4dd876c2f6b274297c4d2d244a5dfcfa05f6b2d23145107c39278e7679c0eb230463f72e2da817ed8b62b3b6b4621da3e0ef13e438c4726b689d
- SSDEEP
  
  6144:SH3PvjePZck+afKQpn0qYUwhpRfh2pT41VrRBE1JOsgXf08/OlA:S3SPlPFd0qYVplheT8rnE1/W/r
Score

1^/10
behavioral15 behavioral16
- Target
  
  YiqilaiLyrics.dll
- Size
  
  136KB
- MD5
  
  66bd35c77e80654b1ef1956d1843cbdd
- SHA1
  
  851e8dae6a4e0df8a6d8d3dfb08f7d8944d39567
- SHA256
  
  e64e38ec3b496c6e65c1dd68e2f499824ed1b1269f0240900dd1d567bb80ecae
- SHA512
  
  ffddcb28ae2235c68ae6b0fbabf746e5d28311ea1d5d2a8f19bdcd7df6300383fb5bfa384a270f99eab0fd4247d936425f44c2fae9ba1c4d70aa886ca480284a
- SSDEEP
  
  3072:PcroPnyMEfcv3V4/m22ZzgN4tQGXn+Mra:MoPQfYWOVZMNZe
Score

1^/10
behavioral17 behavioral18
- Target
  
  YiqilaiLyrics.exe
- Size
  
  223KB
- MD5
  
  ae7f297b319bce3538bb1e4bf1e6e086
- SHA1
  
  8b9e66e2826bf406502d92b2d7e903390fe0b1d9
- SHA256
  
  f29666b7696eb4623b7c1c4e0065c436d1ec50c8c46fd97aa3fd063f1ccc313e
- SHA512
  
  e397cef50a6451428fb725ae19aa20e648c9de094bca682bb2ff5e414fe24070929aaa3412af113c99892c34766ea788a5263236ffdf9cc3e6d911e2bd2c38e1
- SSDEEP
  
  3072:++rDkp6ooNIzKMeUzHLqETXLTdE9nqODJgtQQwEH9tty2duoq+4ljoQ:7ooOLqKXLxE/RQVtnAoq+4p
Score

1^/10
behavioral19 behavioral20
- Target
  
  foo_ui_columns.dll
- Size
  
  578KB
- MD5
  
  d6a04b9a48c21ace47d50a4681238ee2
- SHA1
  
  ffb07177077b5be4258adfbff8d7972f589036f4
- SHA256
  
  e2ef3556450075840768fa44e71070246cca670348e4b379d10c4bba1152b4be
- SHA512
  
  3049e950996587c64a1ad89d23e0018065cb38c5bc44ae0e38297e6120c148f3a3c01a09829af3c5d95e062148c2c55e8adf31dd7e89723732e2ddeef8f733bc
- SSDEEP
  
  6144:spKof+r1nt9hpFV95JUVtQ/DoD7RTL8QihGj/pbvAO/M5mvBES2C:sit9j9c9D7RTIQihGLpbvW5s2C
Score

1^/10
behavioral21 behavioral22
- Target
  
  foo_ui_yqllyrics.dll
- Size
  
  139KB
- MD5
  
  3d55027e9cc165b31995f0223cc9cd88
- SHA1
  
  a5f5708348d7bf2d939a8185b498918e9a7aedf5
- SHA256
  
  9002009ef1a039f773705ecfcfe95f5ffa3b38f5b2a792685e0b22e42d06af25
- SHA512
  
  95470e0db65a7f09032d54907f54fbe47db4211f0e4df1996eeb8a26a6ccbda500a8f4c7cb62567f709be928bcaa3543308c54cca33f6be54f415a69d0597f26
- SSDEEP
  
  1536:SFhS4dKE+/sl/q8dqq3GqcUGI8yv/Xx3M6eNn2ohQV0vtmgMbFu5PtZaU2O7D:QhtX1/q8Z3rpSt2VeAg0Fu5PtZaU2O7
Score

1^/10
behavioral23 behavioral24
- Target
  
  gen_yqllyrics.dll
- Size
  
  52KB
- MD5
  
  f811ae048d4c047327ed7e595910436a
- SHA1
  
  64ca166e6c5f004811aaf1f7947cbc98eb237e1f
- SHA256
  
  5d4e90ebdf0c5bc432752d0472950da456a32f097a029b42258a2687d67f9cad
- SHA512
  
  46dc4b8faee0466c5f28359aee1665d0a76e9bda6bf2365b3100a2d89855b07f88f3014950a0f33a3e895e75a6a344991e6e969e9349105f1af181954f340f6c
- SSDEEP
  
  768:3jzanFsHu9d+PN/qgR6UA8Omzaa9JZtltVtKYUqw9:3j6FLaz287zamztKYUqw
Score

1^/10
behavioral25 behavioral26
- Target
  
  iTunesYQLyrics.dll
- Size
  
  112KB
- MD5
  
  11f437da0836ab41c8577272170c0c4d
- SHA1
  
  8a8c58324a3eb3247077b6de502da0c1155fed53
- SHA256
  
  d1ed81927405d369109c9216675b060864455730d05eb622bdb1e8645ad6e9ff
- SHA512
  
  64cd210dea6c1ade9569c209082dece9f215c6418a7a28b5308d1330efd007d3c172993719bcf944fe5bf4884187364942e6ea172b8c5421495c19fc4f32c36a
- SSDEEP
  
  1536:pN7ouwyQVAImnuDXeOt8jGq7s1JvfgKZtF/6irZ6JtuDYOaJ:pc1/8C1JgKZjdrZ6JtuDYOaJ
Score

1^/10
behavioral27 behavioral28
- Target
  
  music.dll
- Size
  
  59KB
- MD5
  
  abaffca5a367f350f13bff241aad6e98
- SHA1
  
  6404d135ccc8879ede1fd76aeb69e34cbdbdcb25
- SHA256
  
  ca6a3a7cf46504fe67eefdacb7acf6efe0337033f02fef5ad5a2f4bf844c197d
- SHA512
  
  0861f3f5a7415b9e931643764e19607db98f3c7e267d8f61b99933e04716f1f429b9a356dc4d555fe9733d537ea3e4b81880bbe5199d0265a0ce3728a74162df
- SSDEEP
  
  768:CY+KJTu+B9N3IEFTSILzi20aaYUWoIsVU90LI:CY+KJTu+SeFiZaBoIeX
Score

1^/10
behavioral29 behavioral30
- Target
  
  vis_yqllyrics.dll
- Size
  
  70KB
- MD5
  
  20ada9591c78ef169ea83cb14093f7dd
- SHA1
  
  a1910f5b4b18c6156cfaf9b6a31106831c64b268
- SHA256
  
  3f6ad5027a9af95d042f3e6c3c370c5b806594f88098dc3d16f38d6d8af49e96
- SHA512
  
  08893ecf8bef19b00b44c493bd8a3f61b29094c07dbfeef6d33706a26b17adc3e2c9ee8ee1856588782b7918fb90f8f81825ca6e67277635b278491a7e343f44
- SSDEEP
  
  1536:8cpTdga0ik0jKJMK5IX6IEAdBGQhw78N:rpRg/mExAdBGYNN
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32