126fadf7c7ae9ed8762af791340fbbfbc2ab1dfd67c9a4abde14fdedac28f7ee

Sharing

Copy URL

Twitter E-mail

General

Target

d3ca12696888bf83808e98cca7c6b961
Size

1.4MB
Sample

240318-r9xnasbd57
MD5

d3ca12696888bf83808e98cca7c6b961
SHA1

36db77944f96021d25aa36bf1a132600832c888a
SHA256

126fadf7c7ae9ed8762af791340fbbfbc2ab1dfd67c9a4abde14fdedac28f7ee
SHA512

a28261e247b6b35c798c6e07d9cedc52dedbe02fca94668590d73b1ea6cff6a0a37da78db4208acc47fb78077c911a4a180b647b1e622693a18677e38aa9b9cf
SSDEEP

24576:41+1V88Rzc2WNnwTBUHt8dal48nW4I5PRC/Rodslrvci09cK5:v8SzaN8dalM4OwpnlrEiY5

Score

7^/10

Malware Config

Targets

- Target
  
  d3ca12696888bf83808e98cca7c6b961
- Size
  
  1.4MB
- MD5
  
  d3ca12696888bf83808e98cca7c6b961
- SHA1
  
  36db77944f96021d25aa36bf1a132600832c888a
- SHA256
  
  126fadf7c7ae9ed8762af791340fbbfbc2ab1dfd67c9a4abde14fdedac28f7ee
- SHA512
  
  a28261e247b6b35c798c6e07d9cedc52dedbe02fca94668590d73b1ea6cff6a0a37da78db4208acc47fb78077c911a4a180b647b1e622693a18677e38aa9b9cf
- SSDEEP
  
  24576:41+1V88Rzc2WNnwTBUHt8dal48nW4I5PRC/Rodslrvci09cK5:v8SzaN8dalM4OwpnlrEiY5
Score

7^/10

adware discovery spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/KillProcWMI.dll
- Size
  
  65KB
- MD5
  
  61fd777443084ed61c05c22e8e3c3eff
- SHA1
  
  607944fdcfad205a164f3ca84793ab13d3d4ba97
- SHA256
  
  a69a51de19784287ee9031322cda5104a6025d7cdf1ffd0e897fdd8ce4e8df4b
- SHA512
  
  ce12cc55088a2176bfc5de8b65b92db8def8e930ddffe3961bb855b9536a25632cd921903f616c885699fb2d00f5074d03a213e25a759ac0aa4ecdfc33878323
- SSDEEP
  
  768:T975+8fnoagj2S6CPNgWUkayghQaEn5BTNkljCIoEDzMdnoezOQsmCALO8C:p75RfoaypW3QfnLTNklCjsmbLe
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  254f13dfd61c5b7d2119eb2550491e1d
- SHA1
  
  5083f6804ee3475f3698ab9e68611b0128e22fd6
- SHA256
  
  fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
- SHA512
  
  fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
- SSDEEP
  
  192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  3a3a9223dd834d9898fdd8bf260bc373
- SHA1
  
  ec7ba0f20486cfb16bed7a2f8e62c228cb9f5e93
- SHA256
  
  e36cdce05b8858cf6841db19f5618f9335aa67a9a59ffe8ec2be0fe83b5bb8cb
- SHA512
  
  c8a4e07da6fe203f79f5c4314a6f5aa21b1a6648848bfa009a87b9af1d6c09ccf9c01ed3813442e57f7fa221ca088dbca236ea1bf80d033574c9670883d3611c
- SSDEEP
  
  384:7bJ8gOGtWY9gOvkERQ1YwxdXpU+zUhU7ya4LB0Ac9khYLMkIX0+Gv8gcLo:7WgBtvDRCYwxd5fzUhUua4Lv
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab73c0c2a23f913eabdc4cb24b75cbad
- SHA1
  
  6569d2863d54c88dcf57c843fc310f6d9571a41e
- SHA256
  
  3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
- SHA512
  
  99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8
- SSDEEP
  
  96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4MndY7ndS27gA:E6n+0SAfRE+/8ZYxldqn420
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/util_ex.dll
- Size
  
  767KB
- MD5
  
  4c429c2cadf1e454cc7d3b1fd75b7245
- SHA1
  
  dc4bc6c1472146d4952cd3abc42f15084fed58bf
- SHA256
  
  00c7fdabdc3360e1adf46da408b4312a805e1013f189bf7b5965a94ae201d719
- SHA512
  
  8750813681ecc8e6180d053630a6c53b0db397b0ed369c18363e4899bd08d065999a30e2297eedd048b65fbea6ba4c2c3a50911f88289285cbd54aa30c9aac40
- SSDEEP
  
  12288:cjpqkSSSSRuh2FUVTD6jv7l4PzP6pWgGZNoTsxpRQ0CL869U/S3xPAUH9lNqFdwx:cfSSSSRuhCD76TbgvTsjJCw6i4PBdlNp
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/version.dll
- Size
  
  6KB
- MD5
  
  ebc5bb904cdac1c67ada3fa733229966
- SHA1
  
  3c6abfa0ddef7f3289f38326077a5041389b15d2
- SHA256
  
  3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75
- SHA512
  
  fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f
- SSDEEP
  
  96:nPtMckE1e91BopVyXwUhn3f1I0vOKeoqO4d8QvS9:n1MMuOUhdI0c04yV9
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  $_35_/chrome/content/main.js
- Size
  
  17KB
- MD5
  
  ff60ecac3a6253c3864a1e6facc56864
- SHA1
  
  ca0377e18372cc350dda2a236c042aa90e2b1612
- SHA256
  
  24cde4587122df15f1ee54789499a0a6f7e83b26215b4a7dbd661f41f8f26937
- SHA512
  
  1e1c96c03b9a56dade976a0a6efc4644512c3e9374ac1a61cfb7600b19b91258e66d488b8aca6e60d0b3a62864d981326c79aa63638c9086bbca5bcd3c6f77b6
- SSDEEP
  
  384:0awGCdh5T5xt2xOEWnrJYJjHpuyq2o/n3/HFB6Z0mBMp+7Z40CSP5zFS5iSJ+0Wk:09dhZLt8OEWn18Tpuyq2in3/HW5ep+7E
Score

1^/10
behavioral19 behavioral20
- Target
  
  announce.js
- Size
  
  383B
- MD5
  
  f9b22790fe47d80a214c192d1034f60e
- SHA1
  
  742a661cb82d28707b3e5ed297e3e3834dafb06a
- SHA256
  
  a2dd7e64813177f4c3cedaf4991a8f6b68577a3e56fe17a5e57ec24db69ef1ac
- SHA512
  
  d0e7fbfcf08545b022a8b5e6f2b426b327bb19faf76a4381affca1715714016a7942943eb6ecff877948336c22583b62066db4eb6d8c4dedc08de8718ad55303
Score

1^/10
behavioral21 behavioral22
- Target
  
  background.html
- Size
  
  102B
- MD5
  
  217a46404343dbe25a34dd731d741b97
- SHA1
  
  48219413b2fafe169a052969d30a2eed43d9891a
- SHA256
  
  0247278570472603063097649aab0eef51160de0d3a02c101151e57ce39c39ad
- SHA512
  
  2ad67a5ca2ea0ee92ddd6a0f77b381170393b1cae091c1beb2a2b0f046d84fea2fe6edd4612fa260885a1cdfb0975e70d40161a9aa1e7036552e19a2f6fc35ab
Score

1^/10
behavioral23 behavioral24
- Target
  
  common.js
- Size
  
  23KB
- MD5
  
  8244fbe27f153c29444e97dd24e8b650
- SHA1
  
  e492990c20b71e42d2e0affbf95b8c67f9670683
- SHA256
  
  66ed00ce33b3271171eecb11c232ae4ad41ebd7f26bd7a6c890c32cc7667c7a8
- SHA512
  
  28e75d4acf4e556e251567b516555c5d42cdf0253e17ba45d55a8d11a76964a89601605faac58de5a9bc19e4bf0a6620db3ca0aecb8f344edbe9a27e264dd12f
- SSDEEP
  
  384:q7g7Na4t9RLwJqu/0yy8RjqsDOv3hEg8pxHlB+1FZTqFX:xdtbsJqEqEOv3hEg8pxFB4qB
Score

1^/10
behavioral25 behavioral26
- Target
  
  contentscript.js
- Size
  
  12KB
- MD5
  
  f030a5c6d83cb0c8c2ede3e69b0c36b4
- SHA1
  
  c3f151af02e1b709159c6acbff2198a524027a3e
- SHA256
  
  21af151000be87c34a7c0f5c6bbbedbe0cfbaaa9f1cfbbe4288c414e68a65e62
- SHA512
  
  adb8c2d4ff49e3a6d83c8d7c12eae445c0fc225142956c5cf527dfcf80d03fcf2e9931ec05ba5ba37918538527549f0df56b971d778796ae5f3ca5abb12c87bc
- SSDEEP
  
  384:Op/KHhP8DCIaeHxisCB+u6OlhKaVVFcNreebrCTV64x37I9moooLk34:Op/KHhPcCIaeHxisCB+u6OlhKaVVFc9l
Score

1^/10
behavioral27 behavioral28
- Target
  
  iframecontentscript.js
- Size
  
  2KB
- MD5
  
  6b4a037a383f645e3f06f5fe8ab22866
- SHA1
  
  4c31a76658528876aa18a7d09af333f65f214401
- SHA256
  
  463410067419ed6efd03a4e83ae9bab1d881d342b74f0073e33cb8f2aaeae611
- SHA512
  
  ff4eb7bd9df7d7011c9bf761e7000cd0536852c447c293dc49a7b86c8611098a4308e2ad176c58b9e5f9a44525a9370d07956c141f25fa3f9ca001c52edb306e
Score

1^/10
behavioral29 behavioral30
- Target
  
  Firefox/chrome/content/main.js
- Size
  
  17KB
- MD5
  
  ff60ecac3a6253c3864a1e6facc56864
- SHA1
  
  ca0377e18372cc350dda2a236c042aa90e2b1612
- SHA256
  
  24cde4587122df15f1ee54789499a0a6f7e83b26215b4a7dbd661f41f8f26937
- SHA512
  
  1e1c96c03b9a56dade976a0a6efc4644512c3e9374ac1a61cfb7600b19b91258e66d488b8aca6e60d0b3a62864d981326c79aa63638c9086bbca5bcd3c6f77b6
- SSDEEP
  
  384:0awGCdh5T5xt2xOEWnrJYJjHpuyq2o/n3/HFB6Z0mBMp+7Z40CSP5zFS5iSJ+0Wk:09dhZLt8OEWn18Tpuyq2in3/HW5ep+7E
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Installs/modifies Browser Helper Object

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32