5af95489c5c3c6e2643a4218543e6e39b62ed6c5b4c97cef9c812ba913d4f7f2

Resubmissions

21/03/2024, 12:27

240321-pm75eada4v 10

21/03/2024, 02:23

240321-cvlj6ahf67 6

Sharing

Copy URL

Twitter E-mail

General

Target

5af95489c5c3c6e2643a4218543e6e39b62ed6c5b4c97cef9c812ba913d4f7f2.zip
Size

8.2MB
Sample

240321-cvlj6ahf67
MD5

d29f25c4b162f6a19d4c6b96a540648c
SHA1

12c8d43af0077c400fdf4d3e9c83fcef6111ba57
SHA256

5af95489c5c3c6e2643a4218543e6e39b62ed6c5b4c97cef9c812ba913d4f7f2
SHA512

f0fbe72f432699cb4840969cfef340cb44a422b2dd3e65388db5727e9c433f147b528d2b716aa16d0c668bdfef95876a5c67ab9b3d039feb12f5b05e375a0c01
SSDEEP

196608:E2/WKqkGTSOwUDpZm4NPaRzviayZenDJuOGZW0wU/Z73zNT:E2/b9OwQmeaJiay8NuzW0F/Z73pT

Score

6^/10

Malware Config

Targets

- Target
  
  npp.8.6.4.portable.x64/langsMod.html
- Size
  
  2.6MB
- MD5
  
  8f28087d8d0e716368314c2f1a159280
- SHA1
  
  7e383ae0f632c02ef98168b6c1a33fd449d6c393
- SHA256
  
  0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046
- SHA512
  
  aa21ab18a12a69ff25b24b1c255b0bdc7961985150b07a7f3f4b0909e212295bd781548cd8ea817f3144dfad845aff93df40a513bdb637db7b89bb08fff01eab
- SSDEEP
  
  49152:C+sGc1TASKVbmYIBotpg0TunuNeeigv0XIMw4h2pk4PxKS5VinRfepLm7j5:WTAfVbwotpgruNeW0VHhL3S5VicLaj5
Score

1^/10
behavioral1 behavioral2
- Target
  
  npp.8.6.4.portable.x64/notepad.exe
- Size
  
  6.9MB
- MD5
  
  8279706ad64d33bf4eceb2c1becef274
- SHA1
  
  582cd15c2d1bf27da142ced63ffe490818bf4fa7
- SHA256
  
  712abdd019cd2e4d96cee74d94eafba8f21ffc35c99a656c228a179ba6f5b310
- SHA512
  
  69d5f5a2ceaa10a822d24af6c0cfba91804886c7fdb634931c2c6149dec29b98a7770fa7e3cb8630a525c088c39a84382ad30556aa9d4092e4b2e356af39cf9d
- SSDEEP
  
  98304:1UZbk6fd56GkLWD9hWfa3s+wuP8ThKV/mo:ybkRVLUhWUz/PIK55
Score

1^/10
behavioral3 behavioral4
- Target
  
  npp.8.6.4.portable.x64/plugins/Config/nppPluginList.dll
- Size
  
  204KB
- MD5
  
  e7ab0446d3d300d93ab65dd9f94dd59b
- SHA1
  
  999f0dd30d4aa5224ade7b1bb2d4410494ee7324
- SHA256
  
  83bd50d9c6d57a58e75838e92c4d5cc61d1cc604b4db033559c756b857f267fe
- SHA512
  
  93016a843cee731c7b6195e36b218806734506e1aa44648731510962db1f8e405d1fc1952936a23340397c6b4fbb11ff0b832646970a79644042457cab3b159d
- SSDEEP
  
  3072:cuQtUEW4pggQikeV29r97Fo/rg4aSuhJFAcT15fabjsKeBcHzmVR53vi:ktUr4/Dkq2FH51lQ/q
Score

1^/10
behavioral5 behavioral6
- Target
  
  npp.8.6.4.portable.x64/plugins/NppConverter/NppConverter.dll
- Size
  
  198KB
- MD5
  
  7ce0e43b22274d55d7c8fbe937fdd70a
- SHA1
  
  b8b42b145e0fad49c3f497dd291d95629b24bc0e
- SHA256
  
  15b522475027a659988edcd0b9efa18f2cf9d04ecf5f88d1c577eb8be1f55156
- SHA512
  
  98c40c83b9e4c7f92f83a3c8fc8974c818edadc89b1aeb59922062b514fac47be9a3cf90859ee07dc9f641066a4d65182dc6b7641c41bde55c601bf08302533e
- SSDEEP
  
  3072:esyQLpFufl6OPM07zq06MuUy8wqy9XGOeXLXTbi0A7zR9zk:5FLIl/M060Or6ucjb5AfR9
Score

1^/10
behavioral7 behavioral8
- Target
  
  npp.8.6.4.portable.x64/plugins/NppExport/NppExport.dll
- Size
  
  153KB
- MD5
  
  b29065b03a282b5560464fcc657945b2
- SHA1
  
  b4f9cec583775c22ed7fbc967743df9effeb7d2a
- SHA256
  
  f235cc34e126b47847b9aa89bf5ead47948de4d190b5fe2117ae6deff47e63e6
- SHA512
  
  3872f4d85a88363c2538b41d85b6cfbfc14b1abe2b452cb9f71cbe310f53cc2522f1f072fc33853d17662a3cb39c656d698559b4a40bf5d9cffdfa11c47116d6
- SSDEEP
  
  3072:JHWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6y/c:lWYwtRxCYAKfb5uwodsIjd6k6d
Score

1^/10
behavioral10 behavioral9
- Target
  
  npp.8.6.4.portable.x64/plugins/mimeTools/mimeTools.dll
- Size
  
  145KB
- MD5
  
  8b7a358005eff6c44d66e44f5b266d33
- SHA1
  
  a8473f2db5cc7d2cba76416be23d7c55fc38c8dc
- SHA256
  
  c6c250e1cd6d5477b46871ffe17deac248d723ad45687fc54ae4fc5e3f45d91c
- SHA512
  
  c27e0e85f1f50c4434e0bd199a07a4d751bae19fa54e869bcd62452dd5128306e52c02ae6e91292323bbd5d2290f10ba89f5b57737d95ebdd494f464551beffb
- SSDEEP
  
  3072:w3/HUI6s8IkJx5py8qLlCat4HVOtzNNG0vBxN049K7lH:w3H6s8Zxzy8qLJ4VqNm49Q
Score

1^/10
behavioral11 behavioral12
- Target
  
  npp.8.6.4.portable.x64/updater/GUP.exe
- Size
  
  818KB
- MD5
  
  7073a8f48d526090a30c5c7e6191ca08
- SHA1
  
  2908951eb08202ae355a4e5a6f06076725bee725
- SHA256
  
  35663bf0e84cd3f9ba8949375fae8451263954154274ad4454b86920252424dc
- SHA512
  
  74705e6275b8a9e9e2eaf99e0c64ef041a52fc78ddf20190cfbe96a2e7412d92a90d912c17b996c3c4f7d5cb4f3f647ccfe4da56a0e592f15e7b86644e319753
- SSDEEP
  
  12288:ZySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoJ:QqMo2aWqT2KbpIFZ6PNeTw
Score

6^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  npp.8.6.4.portable.x64/updater/libcurl.dll
- Size
  
  728KB
- MD5
  
  608dcba727dd4d046051968605e71553
- SHA1
  
  859eb7b3b1eb4c79b6d90b2eff0429c6a766f499
- SHA256
  
  012c73ef798e6656e0f2180c5b1f2175be4e72bfae830d1f2521a2566d2d0ec5
- SHA512
  
  16fd945825c6d7f55854a53bea1a780bf350c6134c9b41f2d8440c376c38fd7f6ec83ae0c3bd3063245938465b18b38158d35e7bea6ff69bda2f6e93ce2bf8f6
- SSDEEP
  
  12288:KvnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:KVekCoa5l2P2B6hdQvl03msMy
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16