d98cf4a908148155fbf73bf7b134f2050b5ec74cc47a84f7196b00b13a34ed93

Sharing

Copy URL

Twitter E-mail

General

Target

Trojan.JS.Youareanidiot-main.zip
Size

39.9MB
Sample

240315-1sln5sdg89
MD5

68b723829477a5c0e603b1fdbb71e0bd
SHA1

2be2cce224d1ce7103fe7d0f600e6b3866e194d2
SHA256

d98cf4a908148155fbf73bf7b134f2050b5ec74cc47a84f7196b00b13a34ed93
SHA512

64a96ef64f3b6b5df226031b576e3e8ea8674140343dff27518cff3ca218993f6c25c4c1b813ed791084d524bb4a67880de85fb21e0088b929f18d60a4d8bc83
SSDEEP

786432:4MsmSLhNqXOJIwE7mOhXzGx/0jl0LMsmSLhNqXOJIwE7mOhXzGx/0jl0h:4H9qXoBE7mGXzGFU0LH9qXoBE7mGXzGN

Score

6^/10

Malware Config

Targets

- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/Idiot!.html
- Size
  
  1KB
- MD5
  
  76b5f578abab7155e4f98e50c6ca24d2
- SHA1
  
  76a3d945b025a5c5830020cd4b59c78c00458663
- SHA256
  
  5e75e3136044b5ae53de976f2cb2f21c08e3fedf680c6f82cbbf05f5c29ccf29
- SHA512
  
  70e1b6d6e2146792c1e3d67a36dbcf69e2d5ddd09519de2e3c66d132775e91c11d96b2ce22588b635f821882645cc5da0f87832c17d8b14cf10ffb0332dea514
Score

5^/10
- Drops file in System32 directory
behavioral1
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/Idiot!_files/flashplayer32_0r0_371_winax.msi
- Size
  
  20.9MB
- MD5
  
  ee8a1e16c9c520929c565ea7c97b3189
- SHA1
  
  77fe833fb091475fd4cff01135273731c64d04c5
- SHA256
  
  06adb72a820e100c2ce2bf65605bebf835fbd0447b882a9ed6e99a340ba0f843
- SHA512
  
  c480be9096a4f4f384705f0e91dc3887ce507fd5670e64f571f8abcb079cdbdd07b85b9a1576cc97bb482adb6b8f12f33a5b0e17f1a27860b4321a1d673c614b
- SSDEEP
  
  393216:mktMY5dmLqNyGgUVuXb9eDjtUj7gNZyQLfrtjJ1b9Rd9vwRQYiPzDaOg:PfmewkuXpYsykSjJFb0RQbft
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral2
- Target
  
  FP_AX_CAB_INSTALLER64.exe
- Size
  
  757KB
- MD5
  
  c7a36096c3c7fe45a70fe9375cabfbd7
- SHA1
  
  a8ce9a12c963874a28cf067eb4f187d63e82f356
- SHA256
  
  b1124fb749b2e46e6d5e572b28f847f20c3432dc693c41c765b569e17485d95b
- SHA512
  
  06c9eadeddcdd5c4274b430336c96d39ee3df2fa6814272cbf937e24a8f07661bad276de9486fb5570202855b97e7a1fa266d4f36885457215f581fada88000b
- SSDEEP
  
  12288:FZi53OdV+TLBLD5bHoIP4+9B7OzbgxyT08CAAAAAAAAAAAAAAAXAbAAAAAAAAAA6:FZ23Odc1R94zbvT0bW
Score

3^/10
behavioral3
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/Idiot!_files/you.js
- Size
  
  1KB
- MD5
  
  0f2443c5a2e2694487e134455cc2cac4
- SHA1
  
  54caa6da51e9de80aee8f29d0fa3f9a3ce38d0a3
- SHA256
  
  7ed2b253fe8bfbbb4c08f3390b23b55158833796d081529b507e61de6dfe2f6f
- SHA512
  
  edc95d265d1bdb441ed113a51ff9f4dca3a3d0bb5f00f0078f3086f433795baf26af104e9f4623598259f625b739e5c81ba0fce727f78ae4ad7dc56740b24395
Score

1^/10
behavioral4
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/lol.html
- Size
  
  831B
- MD5
  
  24c112429e44246bd7ba142637045f0e
- SHA1
  
  e094de4e53b6be071c720f45fa6786bae7546a2b
- SHA256
  
  d062d283a9e4b6418df033018e452f3e309dc5a61729c182f45c2a01d3eed625
- SHA512
  
  28431544cb21f1efb6ec28af58b80d19d4e28c5de460f62164076f63618ef821ec195ee7eba387647d706c83f8ff0378a8ff5664c0225361de15d71cdc2127b5
Score

4^/10
behavioral5
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/lol_files/flashplayer32_0r0_371_winax.msi
- Size
  
  20.9MB
- MD5
  
  ee8a1e16c9c520929c565ea7c97b3189
- SHA1
  
  77fe833fb091475fd4cff01135273731c64d04c5
- SHA256
  
  06adb72a820e100c2ce2bf65605bebf835fbd0447b882a9ed6e99a340ba0f843
- SHA512
  
  c480be9096a4f4f384705f0e91dc3887ce507fd5670e64f571f8abcb079cdbdd07b85b9a1576cc97bb482adb6b8f12f33a5b0e17f1a27860b4321a1d673c614b
- SSDEEP
  
  393216:mktMY5dmLqNyGgUVuXb9eDjtUj7gNZyQLfrtjJ1b9Rd9vwRQYiPzDaOg:PfmewkuXpYsykSjJFb0RQbft
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral6
- Target
  
  FP_AX_CAB_INSTALLER64.exe
- Size
  
  757KB
- MD5
  
  c7a36096c3c7fe45a70fe9375cabfbd7
- SHA1
  
  a8ce9a12c963874a28cf067eb4f187d63e82f356
- SHA256
  
  b1124fb749b2e46e6d5e572b28f847f20c3432dc693c41c765b569e17485d95b
- SHA512
  
  06c9eadeddcdd5c4274b430336c96d39ee3df2fa6814272cbf937e24a8f07661bad276de9486fb5570202855b97e7a1fa266d4f36885457215f581fada88000b
- SSDEEP
  
  12288:FZi53OdV+TLBLD5bHoIP4+9B7OzbgxyT08CAAAAAAAAAAAAAAAXAbAAAAAAAAAA6:FZ23Odc1R94zbvT0bW
Score

3^/10
behavioral7
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/lol_files/you.js
- Size
  
  1KB
- MD5
  
  0f2443c5a2e2694487e134455cc2cac4
- SHA1
  
  54caa6da51e9de80aee8f29d0fa3f9a3ce38d0a3
- SHA256
  
  7ed2b253fe8bfbbb4c08f3390b23b55158833796d081529b507e61de6dfe2f6f
- SHA512
  
  edc95d265d1bdb441ed113a51ff9f4dca3a3d0bb5f00f0078f3086f433795baf26af104e9f4623598259f625b739e5c81ba0fce727f78ae4ad7dc56740b24395
Score

1^/10
behavioral8
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Online/Idiot!.html
- Size
  
  2KB
- MD5
  
  1ee06193bd858b693cff2ba6d7870c5d
- SHA1
  
  f07955983e8ed8c76a947629b8310bd51bccb2fb
- SHA256
  
  7756de87f1fee7112ef50a06c9cf64187041a07cab1681a48d1e529105884273
- SHA512
  
  92b96a1efb3dc64e051cdf9b3ae1d63676cf28cd5ec94630f12c7dbe99213c6d360134d672340c99dee074efd592a72ccd68ef6c610db359012a42dc96a152d5
Score

4^/10
behavioral9
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Online/Idiot!_files/you.js
- Size
  
  1KB
- MD5
  
  275e9ad779553160d5cdc5f55be61c0c
- SHA1
  
  5282f731e0efec0481421f8d6a4bea24638af290
- SHA256
  
  c6869abc2db9309edeab76c79e44e4e91e500ceb37329906c4a5944228619af4
- SHA512
  
  45be29b7f11a2d8d5624763e9b0a64cfefce4626153ff2aaca72219bf6ba217910f4166539938f9eebf7f31f1f203754d8ca8426ae33b4ff2bd63845ae3a9bad
Score

1^/10
behavioral10
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Online/lol.html
- Size
  
  932B
- MD5
  
  dc3daa72e92dd02f70f667d52ff570d1
- SHA1
  
  4183d006b8c4e3b8f4f6aa44a310dea9e2631975
- SHA256
  
  b576556e51f4bf0546e891d51b834c284e5c43c9de92a81359c192cdfcbfaa47
- SHA512
  
  f94f120555dfec51bef92b69ec0f9c2c705b94263b43d4b8b0b346272b9d246bba1f26c2ae315e14fcc52a053b3cc3f9c37514b5763e6c68d11f2262e0f1aa73
Score

4^/10
behavioral11
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Online/lol_files/you.js
- Size
  
  1KB
- MD5
  
  275e9ad779553160d5cdc5f55be61c0c
- SHA1
  
  5282f731e0efec0481421f8d6a4bea24638af290
- SHA256
  
  c6869abc2db9309edeab76c79e44e4e91e500ceb37329906c4a5944228619af4
- SHA512
  
  45be29b7f11a2d8d5624763e9b0a64cfefce4626153ff2aaca72219bf6ba217910f4166539938f9eebf7f31f1f203754d8ca8426ae33b4ff2bd63845ae3a9bad
Score

1^/10
behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12