General
-
Target
OpenVPN-2.6.9-I001-amd64.zip
-
Size
4.1MB
-
Sample
240320-xcw86agg3s
-
MD5
2fb575683a87dacadb774e454e2de01a
-
SHA1
3ffcad1cb36e9226f29b07ba3018870079867ba3
-
SHA256
1d0dff8786d281f7c930ec91e9efd2f03b010bc49b08211b8fc56ca4a6dd22d1
-
SHA512
be82bfa5f4554628955ff22d7dc3c46289283d861f18cb507725566132d5b64d37240b662b0f80c9c9e61be185b1a4dd2578382dd8b5cd4a97ed849c987d74c1
-
SSDEEP
98304:m6YZLCJQRuKz0VeUFzAP/wR+ORDkkmXLesT5vBIN/24dMa5694:oLBUCcesAns7Rwkeyso1562
Static task
static1
Behavioral task
behavioral1
Sample
OpenVPN.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
OpenVPN.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
libcrypto-1_1-x64.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
libcrypto-1_1-x64.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
vcruntime140.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
vcruntime140.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
OpenVPN.exe
-
Size
801KB
-
MD5
41dcc29d7eaba7b84fd54323394712af
-
SHA1
ddc0100723cc2dc9ae8b02a0cb7fe4a86c02d54b
-
SHA256
a909bef708a47ae428fedbc566132c56f15ae7511dc460cf22055ec1a72d485a
-
SHA512
5a3e8c1eda558e0b90470d752490bc4d04610f93e453cbfd9013a363cfdf5e607974d526c49efe2ef0440e241d775b66bd7c48c74ee9e8677a37cdedc30c42ee
-
SSDEEP
6144:xmbuKA33X1rgMuu+xdaXkW+zF6m8XZPELSrPzA:x6XA33X1rTuuyrVZ6m8XGH
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
libcrypto-1_1-x64.dll
-
Size
4.2MB
-
MD5
73ec39ec810c866be4f7393b751df61f
-
SHA1
5b7851beeafabb79d4bac78b02e6ab9447193bcb
-
SHA256
764a39a5533d4d34656154c80fc20a2bcab3e93901d00f158db335f30f5d0239
-
SHA512
b99d86e9ebad49cbf13e29f3a6cef0e5366bfb4658246282c50a78cbc79e4d00bd63d57044f922ddf6eb80fdf8b6593336572c8036977bbd6a17468ae9b28b7f
-
SSDEEP
98304:Bsaj8qr2b4ETnwhvGPS2tDQOiFLe+ft7n27D24dW2H6911CPwDv3uFfJ8k:Bsag284uwFQjtUO6S+4rH6D1CPwDv3un
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
vcruntime140.dll
-
Size
94KB
-
MD5
5797d2a762227f35cdd581ec648693a8
-
SHA1
e587b804db5e95833cbd2229af54c755ee0393b9
-
SHA256
c51c64dfb7c445ecf0001f69c27e13299ddcfba0780efa72b866a7487b7491c7
-
SHA512
5c4de4f65c0338f9a63b853db356175cae15c2ddc6b727f473726d69ee0d07545ac64b313c380548211216ea667caf32c5a0fd86f7abe75fc60086822bc4c92e
-
SSDEEP
1536:yOHL+4KsAzAfadZw+1Hcx8uIYNU5U9H0Q8ecbjt1lLN:yOr/Z+jPYNV9H0Q8ecbjt1j
Score1/10 -