d4b30c1f2c1f10f46037533e5768b6abba1f60a613e779d871c21abe8ef02d48

Sharing

Copy URL

Twitter E-mail

General

Target

sunshine-windows-installer.exe
Size

10.9MB
Sample

240312-yqc8wahh8z
MD5

2265b5e06f44918f7c2b8979e0a9c165
SHA1

bbd95e9d1f3c62bf6b05276e5cbe61b5b9dd035f
SHA256

d4b30c1f2c1f10f46037533e5768b6abba1f60a613e779d871c21abe8ef02d48
SHA512

951c8ec6815b7bbdaebf781dcbd61fd402369d9cb37fdfbcca522ebe74cea1f867ad8c69a01979b4f55804844592172ed950b762c48c744205aed6dafc297629
SSDEEP

196608:hKXpNOzxlx+WuRhr2G7uBIqTZnqFhqRC67VJxbYgiVJ3FMYMLec6P:QXvX12K0dTZnqFhqRX9bYgiRMzZ6P

Score

8^/10

Malware Config

Targets

- Target
  
  sunshine-windows-installer.exe
- Size
  
  10.9MB
- MD5
  
  2265b5e06f44918f7c2b8979e0a9c165
- SHA1
  
  bbd95e9d1f3c62bf6b05276e5cbe61b5b9dd035f
- SHA256
  
  d4b30c1f2c1f10f46037533e5768b6abba1f60a613e779d871c21abe8ef02d48
- SHA512
  
  951c8ec6815b7bbdaebf781dcbd61fd402369d9cb37fdfbcca522ebe74cea1f867ad8c69a01979b4f55804844592172ed950b762c48c744205aed6dafc297629
- SSDEEP
  
  196608:hKXpNOzxlx+WuRhr2G7uBIqTZnqFhqRC67VJxbYgiVJ3FMYMLec6P:QXvX12K0dTZnqFhqRX9bYgiRMzZ6P
Score

8^/10

discovery evasion persistence
- Creates new service(s)
  persistence
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  30KB
- MD5
  
  ff6cb85adb441e639dc58948651d54d2
- SHA1
  
  2ba0514b1e64ce4c13c987c30f1b6e61225f192c
- SHA256
  
  bbd81555abbfeff33aacdc8c34c307c2eb680953c7f4c4c02b20a8fe10e88bd6
- SHA512
  
  bf4c8e862b548011f7d465c82d3c4bc84e7836c4bcd943ffa6dbfbe95d43fc355cf00936cfc4db34822906212bbbc69271f356b74d70051b52cfb9b74f58149d
- SSDEEP
  
  384:1/YECOP6qzJH9pBaCxuxux1EnQKGwH1BeIkuK3TqN1fbBxDj0OLxmnWvL:1YZqzJH9pix1NVBnkYpbBr2
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  11KB
- MD5
  
  3e60c0b440b1ecc21d956e83bcba0976
- SHA1
  
  8fc85b2d7b4192105afc73dec15d49280345e474
- SHA256
  
  135e5a8272b9732d4b9a798b29adf953b4fe4e802b3f6178896ada530d4ecdfb
- SHA512
  
  57c879668f28d29d45b91538e27fafa9628881e1423673402579cf670a5a3fdc3b03abb19feea3655969ce8789e18f70508a78d26174add767738821557a8354
- SSDEEP
  
  192:JLB7OopThbgh9Yoo6sHUzKXW1kOUBo5Boz9c:JLB77p6h91s0zKGWfc
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  25KB
- MD5
  
  853d33d653fb8622e5fd1aa862d07aa0
- SHA1
  
  310561cc0f30657974ab627a2341adfcec84ab92
- SHA256
  
  dbeb911118606a36e430e8d8be39e944b80167fb81ccd11c56afafb25747e633
- SHA512
  
  6d944929b0a4350aba32b28ef9f26d6c8f1a7c44aade158587829101a110ac7d892a9c5ca4ce60945c8cbd63eb0df63c3e8785c871e85ad22635f0ac80dba70a
- SSDEEP
  
  384:YQi8KP2WPZVVAfsjFMOpIVKGdDWG0OkuK3TZupbm:Y+KP2zEjFMTxWG3kbu
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  7KB
- MD5
  
  8e1998776ffd1d578a80d603c55721fc
- SHA1
  
  48ff2d677739d0f34f6c8cda41258af3989f534d
- SHA256
  
  7616de346ee28e4314d8a5bf67575c0010b1b07c93c6c29798f9106589ba25ae
- SHA512
  
  90c0800e485bd56177576b1d245457427d15b81b475eca4154a65225b82fe9c2ae7f07b07d48a61a3f622c4b2a2cb0b834a5d0b0b895f5bbf88b5bdead2257eb
- SSDEEP
  
  96:CMa252x1kO2TPrdKXW3xOgHdjOC2gwNQtyrdUyJx1XW:go7DJKXWDSpJ
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  11KB
- MD5
  
  d9624f8a2014d31c4f114b78e20ad6b3
- SHA1
  
  0c1b5761bc42372778ab5af27165cc52666924c4
- SHA256
  
  1822b4b0c0111e82361ddf3d603d14392d80908c17d51d187bd2aa8d48e104e9
- SHA512
  
  db2015d2f2783b1734a8b92154d9fe454d212ff586b66fb235986872b0ee5dc6c6e7d8498fe000097b3fa11aff2f6136dd28b618408d85995602e2664b941c01
- SSDEEP
  
  192:JFArL9YKCLmpfHcQOliHERKXWRChDuatU4atUCvqx9:LcFCuZO4kRKG0ptUntUCyx9
Score

1^/10
behavioral11 behavioral12
- Target
  
  Uninstall.exe
- Size
  
  216KB
- MD5
  
  7eee847f7fc1e353f37a11c30fd4ee5b
- SHA1
  
  5352472aea3888ec3c66c06e2076e35b5f5ccdd0
- SHA256
  
  1ffb8dbd3357037229c42c3f870cff5cbea363deb36b26f5d837b25f70b1d276
- SHA512
  
  b040db6e73714e0dfcc728acb98fb57b7cb1203f4482ff01fcf44a1aff5a392c9498e1f456f5627041b7c0ce57345b20afb1bd836451caa7f2610f7f30640fa9
- SSDEEP
  
  3072:6paNicumFWpTV98xQT+5U5owpwSaceApExyvhNp1uIQY6VlCPmnDKH3fk0am/:fN3umFWfB0QOSampEIvTSn3CPmDKXfkm
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  assets/web/apps.html
- Size
  
  17KB
- MD5
  
  62004cee42a310adb6d4d98b2b90f414
- SHA1
  
  bd8a8892452e486590b19feb5a032c8c969078c9
- SHA256
  
  1765e7e95e1c652c3339c99a89f61317b4a53010508d9f80252e96794800fbaf
- SHA512
  
  2948bc3fa8b5710b31aeadbc7cc7f8fa624a5db3b5043c4fccd11d22fa89a75c81d1f8664e0e228899b1f1606aa95d775fce9f1193f469a3c722a8534d1d7523
- SSDEEP
  
  192:qJhJaav85eJMXLmG+r8+KA1wTu6Dp3P5jmUqV3dn3:Yaav85eJmT+r8+d1upfMUqVN3
Score

1^/10
behavioral15 behavioral16
- Target
  
  assets/web/assets/Navbar-4fa05ff0.js
- Size
  
  1KB
- MD5
  
  4e219faa0902658854202b184925e251
- SHA1
  
  9f55cb7af469b5c35f3e702e0afd0ce7eaea8183
- SHA256
  
  d3f5489b37d6930878da6f1d1f5d20b8cc21d5effefe7824314febadb1c3cc20
- SHA512
  
  3891eb1097890ce2ada7bba39e88630ff0d7116487c329a064f007f8e8bb33375e97694728077c42a79d95519883e9717826cb313f8ba79b539a6adb76688160
Score

1^/10
behavioral17 behavioral18
- Target
  
  assets/web/assets/ResourceCard-85906521.js
- Size
  
  1KB
- MD5
  
  273ebf7f717523c72b9d6712c58329f3
- SHA1
  
  2bdbbdaf4a57e8b765130336cf15249c264c6170
- SHA256
  
  5d4abcde037a25e870c92b16ee3c4320652f5c0d985172deb699e1b31790faaf
- SHA512
  
  615b08dbed70238b7030742cf024cb709ecf784ef41aeb93852fcbdc3b27390c788f67e6a2855af7fb9055e621409e6afad01b914c95b7570f5e4c1e7b0a0254
Score

1^/10
behavioral19 behavioral20
- Target
  
  assets/web/assets/_plugin-vue_export-helper-63b51ba4.js
- Size
  
  230KB
- MD5
  
  5b0d9f00d43d066681b28d85f0416659
- SHA1
  
  81d28ac909263f3d12caa981cf0ae3ac389ea84a
- SHA256
  
  8e20f7c69c68084228f88e3d7de202e548a2ec3ea7a379e42dd8a4b2119a6ddd
- SHA512
  
  21784a7e4aee6e7a74620434e0208b28ecad0e2b7b487d63ed4e860a4ddcd0d95b0d07a331102039c556266983755c4276090a33d1f402e39c7eb36f07eb6efb
- SSDEEP
  
  6144:jYkCdLUrtPoIYcf6yXuNWZauKrPMkgpYvGryFW:jYkCRm1nf6kuNWJ9YCyk
Score

1^/10
behavioral21 behavioral22
- Target
  
  assets/web/assets/apps-f0a1239f.js
- Size
  
  83KB
- MD5
  
  fd955e4cc910555c715d3673b506c4dd
- SHA1
  
  2505e659389c1b1df6a56b53df612184bc1e4643
- SHA256
  
  f42cf7750a4ee5f02e0489ee9096971b7350df86e78bd8044f9995396addea5e
- SHA512
  
  9704d049bad2b06d685244f0acdc59e4761c7623058c223a9cc033386a6a3157cfbcb808db9b3923f5a2517db3d7cb3b0b0b6c5cc6ac855594480e902f37b31f
- SSDEEP
  
  1536:ypxQnNy1SI42CFNK+4mCizVtvwwAf+2YxlmYzyiUVDTAFfdyaHSAN3pa:yJaLQ+2OmTiUVDTedyayUa
Score

1^/10
behavioral23 behavioral24
- Target
  
  assets/web/assets/config-7f23f092.js
- Size
  
  4KB
- MD5
  
  7f0802721dbec091d0d4ac48dda72a5b
- SHA1
  
  b0dc922679efe92cfff42c8917da0c5a13189aa9
- SHA256
  
  582d1a58ff955d7e52d4ff836caca0fac12df6e712f15498408531a1300a1956
- SHA512
  
  2bd79b6a682913e1318088b70180e6767de1166e81c2361685c7c81774b50f473f7b645015918f27555b924ff70f03763ec803a79853925894102356fc1ce904
- SSDEEP
  
  96:4m/JlXqdh9nWCbwUxnV3fTEHuQ4OiDx6zC3ss9HLnfzQcG853lx9Ri8DMHKhkYUS:4slXqL9n+4vAHuQ4OSx6ucoHL8+3hLDL
Score

1^/10
behavioral25 behavioral26
- Target
  
  assets/web/index.html
- Size
  
  3KB
- MD5
  
  d6cab7cc7bde2509cc6ead43eeebfa04
- SHA1
  
  d0260424df4bb8bedef2b01289309dc9c2c0e1a0
- SHA256
  
  1a1d929676dadb553bc7507efbcaf00a83eee065f65025f5f4f410f5c18cc193
- SHA512
  
  eec2bd822395e29e7c51b814e619c56b9aaa5c2a3a4e38a186e733cb9a733d3672f86318bdd357ddbb480d1ab267dbaa1a04721ea51693d5962d842185916c20
Score

1^/10
behavioral27 behavioral28
- Target
  
  assets/web/password.html
- Size
  
  3KB
- MD5
  
  25d33001f2b0630d88b04124ed428640
- SHA1
  
  3a186cd9b72e1cbd5eb69f75bbe2cc1e027ae5a8
- SHA256
  
  f27a449976c0822552c73595512a183587d7f7061744b88c510259e71034f837
- SHA512
  
  20d6778d961a8710ded547f98e402ed5903a0fafcdd0823c85b44e59b024ad7fc1660d7d97a8c0350ce151de4dc3c7ea0c570215c77c066d430c1b7bd12d52c6
Score

1^/10
behavioral29 behavioral30
- Target
  
  assets/web/pin.html
- Size
  
  1KB
- MD5
  
  74c153a7a8576757e098fbf969a8fa11
- SHA1
  
  8a3a3807edbc20c0e547f2879bee178b9cb93b94
- SHA256
  
  f269cdb288a4943465cf80791ac727cdbd658fcb2c55a976a4ce6cdb85475ec4
- SHA512
  
  4276703314fb6b7daef1bc524effe3a22ac5b7a3052f438b21f7c88e3e58795fa2983cf8e9182d27e3c507924c69cd202dcef0e4bafa07edd1ff5e25ce307c78
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Targets

Creates new service(s)

Modifies Windows Firewall

Stops running service(s)

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32