Overview

overview

10

Static

static

10

TotalAV_Setup.exe

windows11-21h2-x64

8

$APPDATA/T...te.exe

windows11-21h2-x64

1

$APPDATA/T...io.dll

windows11-21h2-x64

3

$APPDATA/T...lt.sys

windows11-21h2-x64

1

$APPDATA/T...bb.sys

windows11-21h2-x64

1

$APPDATA/T...gr.sys

windows11-21h2-x64

1

$APPDATA/T...io.dll

windows11-21h2-x64

3

$APPDATA/T...lt.sys

windows11-21h2-x64

1

$APPDATA/T...bb.sys

windows11-21h2-x64

1

$APPDATA/T...gr.sys

windows11-21h2-x64

1

$APPDATA/T...io.dll

windows11-21h2-x64

3

$APPDATA/T...lt.sys

windows11-21h2-x64

1

$APPDATA/T...bb.sys

windows11-21h2-x64

1

$APPDATA/T...gr.sys

windows11-21h2-x64

1

$APPDATA/T...io.dll

windows11-21h2-x64

3

$APPDATA/T...lt.sys

windows11-21h2-x64

1

Microsoft....cs.dll

windows11-21h2-x64

1

Microsoft....es.dll

windows11-21h2-x64

1

Microsoft.CSharp.dll

windows11-21h2-x64

1

Microsoft....ns.dll

windows11-21h2-x64

1

Microsoft....on.dll

windows11-21h2-x64

1

Microsoft....on.dll

windows11-21h2-x64

Microsoft....ng.dll

windows11-21h2-x64

1

Microsoft....es.dll

windows11-21h2-x64

1

Microsoft....re.dll

windows11-21h2-x64

1

Microsoft....es.dll

windows11-21h2-x64

1

Microsoft....ry.dll

windows11-21h2-x64

1

Mindscape....on.dll

windows11-21h2-x64

1

NamedPipeS...on.dll

windows11-21h2-x64

1

Newtonsoft.Json.dll

windows11-21h2-x64

1

Nito.Async...on.dll

windows11-21h2-x64

1

Nito.AsyncEx.Oop.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TotalAV_Setup.exe

  • Size

    54.8MB

  • Sample

    240320-3fxxradh78

  • MD5

    7e1760c63553d56fd73d0fc2dcbf4b5a

  • SHA1

    3bfba02d7ecd632c34de3803faa73315be4edb98

  • SHA256

    b9a83fd92044028d1dd0264b972c95c2cb7564e8bbf480b245c8bf28a1dcb51e

  • SHA512

    5f732813fc40726f8762297ad0856232dd94c30695949915a1b2bc5303429765acec772c21408e9b88fc469a16ba721f58e1a8827ef797d002b666d756aeb00b

  • SSDEEP

    786432:lcAokzH8aNMYff0v2oOPWCf4/CK8aAsy5fkMOgs34S7F2MOoQJ+LAgsFGUET9Xhc:l7HHff0C74/C5a21VsKMOxa72GUWxA

Score
10/10
blackguarddiscoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      TotalAV_Setup.exe

    • Size

      54.8MB

    • MD5

      7e1760c63553d56fd73d0fc2dcbf4b5a

    • SHA1

      3bfba02d7ecd632c34de3803faa73315be4edb98

    • SHA256

      b9a83fd92044028d1dd0264b972c95c2cb7564e8bbf480b245c8bf28a1dcb51e

    • SHA512

      5f732813fc40726f8762297ad0856232dd94c30695949915a1b2bc5303429765acec772c21408e9b88fc469a16ba721f58e1a8827ef797d002b666d756aeb00b

    • SSDEEP

      786432:lcAokzH8aNMYff0v2oOPWCf4/CK8aAsy5fkMOgs34S7F2MOoQJ+LAgsFGUET9Xhc:l7HHff0C74/C5a21VsKMOxa72GUWxA

    Score
    8/10
    discoverypersistencespywarestealerupx

    • Creates new service(s)

      persistence

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/avupdate.exe

    • Size

      2.8MB

    • MD5

      e0947f2084e589a4d7f1c0f541b54321

    • SHA1

      3ca9be3bc2678b85e36b9823a617376a268ab889

    • SHA256

      afb45b8ae7d78085d95122ae01f6bac1515a89e7e2c87c55596670e2b5e922e1

    • SHA512

      316a214436031a498de8b2b6ca33cb9f73cacc3ee19f22f86d90583f817e35f0b93bd44e3af8e47baf1c7e44fc66b9c2031995cc4ce69a1bdbe980de93e5938f

    • SSDEEP

      49152:JevEk9Vcz8AGAIaaQ2ldCPGwdYbO9ZMzYuWP011w99oUQ8Pbto:JevUsAz8ld+ubO9Ssur1a8

    Score
    1/10
    behavioral2

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    behavioral3

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys

    • Size

      152KB

    • MD5

      6b60c0a7fdbabe955a183ae3b524d543

    • SHA1

      be68e043fb0f6e0ca745b8361924ad0869bf2bb9

    • SHA256

      33d6cc050cefb737b70431c7e493a0d7b7f5ae7546d36fd24a5d4b1ebf29d307

    • SHA512

      040ecbb33bbba5bba6206cee7717cff01fc8d3436762a4f2af6647cd9f02b31d48538ebc0d91b627fd0f9324375544905c2e09e4040c55b3642480e683f73df9

    • SSDEEP

      3072:3dxo0Wbd5kOx92/nQdp2kRaZE/I+j8CR/ehwdwTe6vuypGe08Uxb24lOPy:3dxo0Wbd5pJ/I88CR/p6vAnA4e

    Score
    1/10
    behavioral4

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys

    • Size

      169KB

    • MD5

      a17862525867081a577923e210604a64

    • SHA1

      9b6f498bbda86fc464d6e5094bc8529ecd3e7579

    • SHA256

      2bf4e12f41f8d78737592b7f29b55206b2df15411cc2943e678f52096289d06f

    • SHA512

      e33c701cad149844913e5853187e4bbf43f6bc230fccaec21c847b373da7299849f2f3d93e6a07dc2c3c774f5119a31f0f44ed77821cc1e8dda93661e620b2ca

    • SSDEEP

      3072:E6zDMkFB5rqrDX7r5E2wnyKVxqxJNxBIRxUcx5VEv3QuhznmZmopCn7:3zDMU5cHq2wn/EJNIRxXx5KB1Omo07

    Score
    1/10
    behavioral5

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys

    • Size

      35KB

    • MD5

      20894c53c0b9db8f86993d9ecb78f9d5

    • SHA1

      7c18c5b571c906535d393a5165379f6316143107

    • SHA256

      d5e35a021e2a8e676b9034a2c712907f170d3f5b7315d516f317f51cd03ddd06

    • SHA512

      7fbd637c64a3ed5ce202864197ee26e0d97f84be8bb0bfd5bdbfcf500f370764545489de8d83c347e5f15a414bf5d614377a60983803924935453266f8af5d24

    • SSDEEP

      384:pSxWv2ZhZ4mAjuPUEA1aVrFiFdWeFuu9BTQe7r/nYPLvdJUHeMPP:gS8ZIuPwoz4dWeFuubQEr/KdkP

    Score
    1/10
    behavioral6

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    behavioral7

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys

    • Size

      172KB

    • MD5

      f16335a9102ffc99a8c8e07e1b2d57d4

    • SHA1

      32ddb4251591e40db352661be4721c5c6402b90a

    • SHA256

      33c6b1d49ab13d6ae9f22e05d77b70123de63c802363da0daf1be958b7d3d532

    • SHA512

      57746307cab7e82e9e7ef5f033628810997954a40cf57f34650cbc9ac77fc2fa3465f1206f87e0082edc4121114dd71f2f816a628872fde26136012766a5cc52

    • SSDEEP

      3072:mPhzNgtyTnwf3UCPID5tfaElzgbSvTR7VHhoxM732FrBT5t3BMXv8DBf:qhGtyTHC2tDcSvTZ9+Oarf9BMMd

    Score
    1/10
    behavioral8

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys

    • Size

      196KB

    • MD5

      18ed8302d083dad602823988a304a4f6

    • SHA1

      01014fd10d7babd6d81bb7e9511ffa7e13c890fa

    • SHA256

      629da28ac97f5b17b1603059242088727e1552d68fe350f97fcd0b67d412ab25

    • SHA512

      de9ea04221fb1270db37d35fcc1acdf7265103e079fd31566b0a043a1fa3b2267a034b720a3070538f289fd3847171d3d54277417ba0f67aede86f1b78db220d

    • SSDEEP

      3072:FiRnqR7d4wgBQIFnh/Lpx211rrYQwKiYB+Qua7KjoLxkAAFP:Fiq4PbL/2THYQwK7B+Bau0S

    Score
    1/10
    behavioral9

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys

    • Size

      53KB

    • MD5

      e3ab0eeb7613ddbacc0388b96048ff5d

    • SHA1

      f6e382597081451d6546339948edd3e854b7dfae

    • SHA256

      5fdde96d05b4284fa7ee985a7777739c46040ad89b3b8217a729da9695e3e542

    • SHA512

      40c0c7ac884297350a40d58a6a870796381ccb82ade22d69ca3cb9be0c3251b8768f95ab4b0f28f209ed65aed23894a7e77529316250ace7e5da8a99d0bb81a1

    • SSDEEP

      768:ginpYN85Ry72IqbyReYU6uPwoz4djHIEoF+NdKduH1Qk8AI24o3whJ:BpsK64yRGwospoJFsEuH+k8AH1ghJ

    Score
    1/10
    behavioral10

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    behavioral11

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys

    • Size

      216KB

    • MD5

      d9f90202659f8ce4d5db6e83d24b46dd

    • SHA1

      29a7b1068a5090ee59db422364b42d2c8f072a46

    • SHA256

      31a3f5c4b19040eb20bc15b4609068128fb6028e137e98f2b2c6c679d0311c4d

    • SHA512

      b0a9a0c0f18446e6a2b9ad3200dbd2cb94acae5df553beb971b41220304941219d12d3e94ed91dec254e6b907dac6fcb1aa72a822a09a8e523cc76071b221c31

    • SSDEEP

      3072:vMPogiYZ1dqoWYYCGxbceUW8bUDsQWBsMPelkz4IQ9RLNM/qIn20aqB:vooQZ1ddW5VUWvDTMGls4IQ9ZN

    Score
    1/10
    behavioral12

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys

    • Size

      172KB

    • MD5

      b49a44df6fe77ccb861985f5a5dd7ba5

    • SHA1

      6e5163e191dd789f8cc33a531ce9ddd9bed2a842

    • SHA256

      e442e66d3e24d54696c8687d1bd1a9ab41ed34b723d2b25af195589d11c4fcde

    • SHA512

      d53f56966c8750edc513c86c8e9b47fa1f0445a86a1d92621f1aa5fc9b9400a4a7f65b9ae0d2e537c9dde1b23b16fbd56af8ab74d62a8a777106e9b16e58be89

    • SSDEEP

      3072:sUnNOdMrlqdSL3W3TRjWLKcudx0TzBrt6Ozv7druQuxAmP9FrN:PnQurlLLmxQu/0SOzZSBxDX

    Score
    1/10
    behavioral13

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys

    • Size

      35KB

    • MD5

      eb5c2402e2f402a19504bf6ca9c3e06a

    • SHA1

      63aa9690c36d743951558422d841276c25cde77d

    • SHA256

      f8d33bbf769786163105c0fa794970054bad34cc5985416af553df1d9a64039b

    • SHA512

      9b6b7c06e904cf36aefc17e14a108e9636c3a8920a34960dcb26fa520326c7ff47f03c24bacaec6ba91440237fb16afde0df01c299cdd7a89c40cc489a3f0151

    • SSDEEP

      768:p5UbgvCkoe+nuPwoz4dC2xfDKKdqe0nKUbZ:88axeLwos42xfDpqevq

    Score
    1/10
    behavioral14

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    behavioral15

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys

    • Size

      204KB

    • MD5

      ec059af10524644bddcc073916e78375

    • SHA1

      93a9466afee21f61f643f540b2ab82ac7db60b62

    • SHA256

      868ecdf543865035a3703e8837869441683b8ab396eaadf6aaa0e455e8393c5e

    • SHA512

      88310251e07eb6edda3eb28d057a18fd7d1ea7a9adc5f861fa7ad127561bfb035468974fd11685b66654fc37dc3577d7d720e2e9e4f4fc38d116c1089ee9afe7

    • SSDEEP

      6144:S2M8JRGRI16YO/HqUU2miFjq5K3vPRTh9EsRbmN6:S25ERI16htvo5K3vPRr+

    Score
    1/10
    behavioral16

    • Target

      Microsoft.AppCenter.Analytics.dll

    • Size

      13KB

    • MD5

      d4041b4e6cef641e52922aae24358e67

    • SHA1

      03cd00c2094e6747b0bc489f1927d29dae39b5ea

    • SHA256

      ac8b2f3785163b38c4473f1aa25616a4616e2fbb29332fe3dd8da9574fc3c4cf

    • SHA512

      728dcee4a9e3909f760edbd6a6e582c6c40162f37cf0c5e61bb092679ef91e47e8e5bdba468c40f24010ae795f6e277ff1c60b9e46bee2dbc94b3d9c6491570a

    • SSDEEP

      384:FHusqPUYyBiwwu9sXZsQb+Jx4veT6pzBcwyWUVMW:FOsqsYb9w7UBcH

    Score
    1/10
    behavioral17

    • Target

      Microsoft.AppCenter.Crashes.dll

    • Size

      41KB

    • MD5

      389e880efe79f750488feed7fa52b1d2

    • SHA1

      b0a58209ddd87d4ec1240bc1b556889850965148

    • SHA256

      1ac20df009a8879ff946388741b781b37f8209ac93260ff8a00573376def08be

    • SHA512

      ce378858dd67c8ff7972036db1b558603c0c7bf74b82c0c965fcd039138be3eee08fb729b879a1c66b41d8fab7c70c0a9ad1c8e5c9490c4967cec87b2f62b436

    • SSDEEP

      768:qs8Fis/HebQPbM9z9iDk+gGCHeHGoSMwdevPf:qr1bMvHXlemtde3f

    Score
    1/10
    behavioral18

    • Target

      Microsoft.CSharp.dll

    • Size

      287KB

    • MD5

      550c3defa28f7da52cfeb896254d5446

    • SHA1

      9769ad55aee4cfbc94053e885d229ca98d953254

    • SHA256

      d5ce9323fc09281f1f8d86d741a594e29f7a9797de0284e1b168b1043c6c9a02

    • SHA512

      264181da5f80966f2b0a76912d496ad55b403f99d31097b258c9ab87d39b41435015b8e702bfceed5f333fac9367f542dd397778504c8ed2a4b4ff4bb3a82370

    • SSDEEP

      6144:3MsCfqudVKjZSkSNw1oxu0LhdkjVsZBwRnIfPk9eG3u9yHcohyz:csCfidSkSNw1otkcG3u9yHc

    Score
    1/10
    behavioral19

    • Target

      Microsoft.Extensions.Configuration.Abstractions.dll

    • Size

      12KB

    • MD5

      542b6ef0d8d600f43cecdaa5fe6a99a5

    • SHA1

      3e5626ab326b8e0a08d48f1347c09eb3a8b1b882

    • SHA256

      e9e4bf73dfed3d5aa9ff25780e87109a985cb6e2feab30bea42689cf7d1d4ed1

    • SHA512

      4ba7499c2b5cab18d185f63f857f8e94785642b5d0909d2c978b039d8920aadc0401f57ab7603f2ddae396c4c8edff5f56b31de36d24620733c9847f5b3152cd

    • SSDEEP

      192:DMt6XYVhN6y0mb+dXM+4POdTJ6V2fGtbn/PTG/AxXEzRjz6P+M/FbSZbWsKTWM:D+V/6PI+1z8bXTG/ABEzRjz6P+M/Fbk

    Score
    1/10
    behavioral20

    • Target

      Microsoft.Extensions.Configuration.dll

    • Size

      17KB

    • MD5

      d29ef3e603946cdd964ded903c205d62

    • SHA1

      959896475fe1dd758adf857b72bea25cdcd405cd

    • SHA256

      91be5d8e169d4e809d077108827c041988018f37924c312dcf3c3c77264eaa7c

    • SHA512

      3f82b58932bbe771fd102065399e36822f061c769a211b85661d4b0575cbca90cd18ae92d76101e2219f22bc247a163ba95718a4303a6d43784723437f7b88cc

    • SSDEEP

      384:/dfVJtVnucJYXVJig3xLm+NMsTks7WK4WJeVWWM:FtluT31Ugi

    Score
    1/10
    behavioral21

    • Target

      Microsoft.Extensions.DependencyInjection.dll

    • Size

      61KB

    • MD5

      692c5f999645b4e9babc2e830a2534e5

    • SHA1

      da1ce989d55ef32809a4c0471be5ae9e5614e483

    • SHA256

      21d64f47e3d226854b93ec5b1f94d3b8ecabb0000a5b759decd96507789c307c

    • SHA512

      ee6da0eeb5617b6b0ddb754cdced46a68a4aa95e5127ed94090f3640d4d0df3f003135ca84e5b4870679b0972e3c4f6b8059bd8a9c870ce8c5237cb0930235d7

    • SSDEEP

      1536:CPkLGoLSeeeJHlFDj4aQsxYZiKdD4Zfg+:Q+XHzjeN4ZfD

    Score
    1/10
    behavioral22

    • Target

      Microsoft.Extensions.Logging.dll

    • Size

      24KB

    • MD5

      1649856f9ae8ea8aa53b5aaa04da894d

    • SHA1

      03574a2e9baf4edab20375bbf968228ca717ce8b

    • SHA256

      30f4630b82b19f77abf33c8287cf4a00e8285aa71df1bb3fc05b7abf9026841b

    • SHA512

      20dda82a3c9501c7de052c86c09dafe4251042011305a7224bdd7bbf99f7b705cf6f5992f9fc27fdd5526dcbb3fd6caf6fe2128631c769c59fbbd5c639dbfc17

    • SSDEEP

      384:uUNoqS641Wkrb90zrAj1+dOECTEPC5nnAKacrWYrqpWraVWM:uS/SkkrbqxdOEQ3AFchr+

    Score
    1/10
    behavioral23

    • Target

      Microsoft.Extensions.Primitives.dll

    • Size

      39KB

    • MD5

      79dec1364dfc994ba0e0af665cfe1379

    • SHA1

      67080f49ee9ed691253ffc4475d912cd2385ec44

    • SHA256

      16ff7d5019e361cfe19de448166383f9a915fe9ea1e08a475a59abe1ec8aa9c0

    • SHA512

      88f1cc84d919ae86d141c0dc95aec3eb20961a81a50c2bb30a85439cb980d9933bb5667eaddd3eea94378d11d632fb2bd1c1b6737e6a9ccda513eb33cc79bb40

    • SSDEEP

      768:k3/GX+hgQVTGdJS6CPIUqOF0vWusFQaui4m1/LcfJtVKAMxkE9AqYa:q/GX+BVTGbfi9qOF0v3sqauiJkJtaxJR

    Score
    1/10
    behavioral24

    • Target

      Microsoft.VisualBasic.Core.dll

    • Size

      1.1MB

    • MD5

      4ca0c139b698ff4b1a4fbaf653d8b607

    • SHA1

      4881028e15d3fe3e52a6e0e8a10a3d926f3400d3

    • SHA256

      e0864f46e0f0ca66143b43c12a4b37dbe2fbe8fd138d5da59326fd632d6a3571

    • SHA512

      db0e1eea47f75bde5427234888d88829fb184e31be0aefcf687e2dd4e351d9daa7cd5fdc5457ac445f17c5f784f4602f48fa8f49faa2c22c511729c5f550b93f

    • SSDEEP

      24576:92o6FIAG8DgwIB0RLQh71gPOpxEDoQt7g8m:f6FjDgwAps2Itto

    Score
    1/10
    behavioral25

    • Target

      Microsoft.Win32.Primitives.dll

    • Size

      7KB

    • MD5

      8607bdfc638e4fa1d8e716486a9c6475

    • SHA1

      9e246a9f462097de2b3b2472950eb6273e874efc

    • SHA256

      85c9a4fac07761d259bd91c669e4e1c10cf79d0939e64ee96e32abdcce51c86c

    • SHA512

      91314554e0937194f74c802c695090582e9a6b857da72026ccf5432f5ad960547b4f4e2235f0a56108a63cbb40d60fb7d7bbb30b39f1851606a09bcf34371c5a

    • SSDEEP

      96:/0TYpaXzERVpxxeDZeoIqA4NVPiDKWUOLfW+qxv87xbO+XDS8PODxVWhPIeWE:8spQgrpnkeQwRUOKlxEdr50WhPIeW

    Score
    1/10
    behavioral26

    • Target

      Microsoft.Win32.Registry.dll

    • Size

      33KB

    • MD5

      90ce1c7910d0f504b2e3787e1ba199f1

    • SHA1

      3acb3b6dec3b9c51e887f6a750035357bea5ee5e

    • SHA256

      d72bbe2fe0fbc2177dd211308ae7331504ba0317aae60761e94817dc8856580a

    • SHA512

      da7f23717e9341565d36bfaa90ec1e37d7d1ec59df91e495c607d404b00324d7e1c8d216e7adb64ba4bf7973888342098debbb8b8a4a95019200e1735b5204d5

    • SSDEEP

      768:anNkMiBZdxRhmlhOPXwYMIKNwqSAVi2jsd/v:qkBZFhmlMPXJpkIAViWs5

    Score
    1/10
    behavioral27

    • Target

      Mindscape.Raygun4Net.NetCore.Common.dll

    • Size

      64KB

    • MD5

      2520a5a2506531cf6f8b4f2a733957bb

    • SHA1

      202e824c042d89400c856a64624db4bd98e51f52

    • SHA256

      9ea613cfa8e489c15d44bc1360e11be1d321de2d0327386df657425db4ebd847

    • SHA512

      8a95c483023177a8a88a1ebcdf8e00577f14a7b8603b722896ba1c714b2cc10477a74a0ff0bf7ffb70aba7e51327e54d07ee5dff6bfaffbb0ef51f08fe9adfac

    • SSDEEP

      768:jOwA4HYdvQRXNJThTFYZSRcxEpZL5BWo1J8Bm5LhPUEfTZ75QluC9cjQvU+FlsLv:jOJ8PXNB5FZPL5BmBi8Ex+lbjkv

    Score
    1/10
    behavioral28

    • Target

      NamedPipeServerStream.NetFrameworkVersion.dll

    • Size

      46KB

    • MD5

      f8d4f30967bf2a130721f2ebc084cc7a

    • SHA1

      14d81ae3e20c321636262cfca5c2fd6caa59fb9c

    • SHA256

      463e1a53996e8de4d2ff2a7b3919e24358c1895da120060d32c1bf4f9462bc83

    • SHA512

      a9cdf2ae64e408349e321a69fe609f7b9e7d14505468c9d986bf46fd9ac77d5c79bb14eefe67f6b977705150a2787a41b74e685545240d7d60c524b3bfbbcbca

    • SSDEEP

      768:g/VWCKBOs3a0k/c6sYB3zYD0DvlRGh/D/QPi:6WXBK0c13Bu/Ai

    Score
    1/10
    behavioral29

    • Target

      Newtonsoft.Json.dll

    • Size

      667KB

    • MD5

      3c88cafb11eb9ee403dc2980edfaed36

    • SHA1

      b9664b423200e28882a8e543cfdb8bca5ebe25de

    • SHA256

      74deaa342747cf77f6efac6bee1cb6da2e7fa31988b3f1304eb1d01d621ba4ee

    • SHA512

      c5044bcc98bbb639c40cac5b5333c890feb4afb2d54b55d5d702ee7f83d86d3aa329303f88c70683f89658d7fca279104bd2c94ef3641a6fde522716c8365dd6

    • SSDEEP

      12288:7QXc8tdRz3R5TzIQ/cVEfH9LbCtubHkttbXBfGpYoC:kXX33R54Q/XbCtuWhXBfGpYoC

    Score
    1/10
    behavioral30

    • Target

      Nito.AsyncEx.Coordination.dll

    • Size

      38KB

    • MD5

      805c7a0a6c838cd2e96b402417638ee9

    • SHA1

      843ae9a6129c73f17df1a91ec09c4ac2a06099c6

    • SHA256

      fe34dfb558d65d8b072f466021a0d15de8d202513b1f13a7b45ffc3e9125b588

    • SHA512

      ccd6383841af4188b448d1ba153672b5861814ea8570d29ced77cffc10346c403a6f37bbf2d003b705f7a50a9c008e3a5e45a6bc30f617d9a34f64e0bc103e55

    • SSDEEP

      768:m5MwEXdl+dbSMyWJ9TFOOo8pufD1oq2UcgFixdHGIcxCJVENySzWi+G:m5MIOEwJoDU1ixdCa

    Score
    1/10
    behavioral31

    • Target

      Nito.AsyncEx.Oop.dll

    • Size

      5KB

    • MD5

      73c77e64e8e1f0f010fc4158a1a7060f

    • SHA1

      ed7a2e982f5475d4479467aa248e1e6cc4adb455

    • SHA256

      75a30af7c9e46e45e6c2b11a8284d5eaf681b8d71e531200d4b480fc66b0f65e

    • SHA512

      0fbfa1d573da283c5898e9222349c523cb9c8b22f650af24b6980ab9202249020ee74e079acb6ed9ea3c1a74debef2aa70d33448d1012fc66868fe2f8db32c77

    • SSDEEP

      96:zfaZaAMFhVyhCEvX7O+pqCbS0X1V0TzCw1:TAQ7QX/KCqz8eF1

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxblackguard
Score
10/10

behavioral1

discoverypersistencespywarestealerupx
Score
8/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10