Overview
overview
8Static
static
3winamp_lat...ll.exe
windows7-x64
8winamp_lat...ll.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ch.dll
windows7-x64
3$PLUGINSDI...ch.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...ip.dll
windows7-x64
3$PLUGINSDI...ip.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...mp.dll
windows7-x64
3$PLUGINSDI...mp.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3Components/ssdp.dll
windows7-x64
1Components/ssdp.dll
windows10-2004-x64
1Elevator.exe
windows7-x64
1Elevator.exe
windows10-2004-x64
1Microsoft....40.dll
windows7-x64
3Microsoft....40.dll
windows10-2004-x64
3Microsoft....40.dll
windows7-x64
3Microsoft....40.dll
windows10-2004-x64
3General
-
Target
winamp_latest_full.exe
-
Size
12.4MB
-
Sample
240325-tvpp9acf98
-
MD5
39b72e2cbf2fb8da961538de3e892eba
-
SHA1
237ce8611cb8e2ede8a5d6b982597f7e93b2cd81
-
SHA256
fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e
-
SHA512
36e8b9d759d960390e8f1b4ac420d591204cb95a776be668db365c453cb702cadee9b34c03779044fdc04c2d2929ac542e01bba50094f8352e2724a082611b59
-
SSDEEP
393216:udNH1gz1+ZUUG9NWpHYV6ohIBfqHts7UU2wP3:udZk1vUG964V6ysUs7U/u3
Static task
static1
Behavioral task
behavioral1
Sample
winamp_latest_full.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
winamp_latest_full.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Dialer.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Dialer.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/ShellDispatch.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/ShellDispatch.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/execDos.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/execDos.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/extstrip.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/extstrip.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsis_winamp.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsis_winamp.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Components/ssdp.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Components/ssdp.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Elevator.exe
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
Elevator.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Microsoft.VC142.CRT/concrt140.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Microsoft.VC142.CRT/concrt140.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Microsoft.VC142.CRT/msvcp140.dll
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
Microsoft.VC142.CRT/msvcp140.dll
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
winamp_latest_full.exe
-
Size
12.4MB
-
MD5
39b72e2cbf2fb8da961538de3e892eba
-
SHA1
237ce8611cb8e2ede8a5d6b982597f7e93b2cd81
-
SHA256
fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e
-
SHA512
36e8b9d759d960390e8f1b4ac420d591204cb95a776be668db365c453cb702cadee9b34c03779044fdc04c2d2929ac542e01bba50094f8352e2724a082611b59
-
SSDEEP
393216:udNH1gz1+ZUUG9NWpHYV6ohIBfqHts7UU2wP3:udZk1vUG964V6ysUs7U/u3
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/Dialer.dll
-
Size
3KB
-
MD5
adea8024c99d7802fa3c9e5d34877aad
-
SHA1
4e015a5be3e668aa3e9758370413f2bb8ec5ad1a
-
SHA256
242b6aeb759e31b64e014e3df6b5c478fb309d56b4df8cdb59b2cd03bfa77db2
-
SHA512
717a9f08842e96e9395fe8fff19138d7e599e3dd4f44b7b55d9be86211f20cd89a1d315df1f241afc52456da738623401ee721b17e9fd5949fe1decfc1b2819d
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
1be3fc5971da6f9b86843d0763912fb6
-
SHA1
e921bfa5b330102630420007a63fde0c439f0cdc
-
SHA256
89ed50600e7046184f80b2a20b5299f35a0439fab1ad1f9f5fc55606955b6186
-
SHA512
99e5a4e888c6cbd2b67464162516aec5a564447fec389012acd8873aa6312020bfe5f0d68e83f54a7320355c5f828f7769f666d5cfd12f2ceed02a6d5b66dc4d
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
68b287f4067ba013e34a1339afdb1ea8
-
SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
-
SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
-
SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
SSDEEP
48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score3/10 -
-
-
Target
$PLUGINSDIR/ShellDispatch.dll
-
Size
4KB
-
MD5
9c266c2dc7eca5bcab2d8df4990e0c1f
-
SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa
-
SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd
-
SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139
-
SSDEEP
48:SEhtu3nH1xOKMd3afu3fnkXfaq7qFBtHugUhA:fu3VxOhham3Afx7qFDHAA
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/execDos.dll
-
Size
5KB
-
MD5
0deb397ca1e716bb7b15e1754e52b2ac
-
SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
-
SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
-
SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
-
SSDEEP
96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score3/10 -
-
-
Target
$PLUGINSDIR/extstrip.dll
-
Size
2KB
-
MD5
720cc2e5a1f83a7db72e009353f21ac0
-
SHA1
4b6ec18d4971738cbd9ba42211f51d5295f86002
-
SHA256
89e8931f2adba8aa67ce199a510965fd51ce430acf067478910c5b622827e08d
-
SHA512
a17fec91066e1ef7f1ef39b61cf077481dda12204690f5006010c9bfb1899721d10c22c3a95a7f6276d2689380eea93e32a45b24dd153ee9006c79ddb70ced80
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
6c3f8c94d0727894d706940a8a980543
-
SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
-
SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
-
SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
SSDEEP
96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
675c4948e1efc929edcabfe67148eddd
-
SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
-
SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
-
SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
SSDEEP
96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis_winamp.dll
-
Size
4KB
-
MD5
1e1ded1cf1c69852f2074693459fb3b5
-
SHA1
81b165cae4d38a98760131989fdd8aed2c918679
-
SHA256
5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec
-
SHA512
a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96
-
SSDEEP
48:SEdAWvTa5HlE1m198EqtjbglT68HY06mzWB+wUKCmMpzm7n4/ZS9:LA2a5Fcm198EqtjMlv47mzWBVgaj4/w
Score3/10 -
-
-
Target
$PLUGINSDIR/nsisdl.dll
-
Size
15KB
-
MD5
ee68463fed225c5c98d800bdbd205598
-
SHA1
306364af624de3028e2078c4d8c234fa497bd723
-
SHA256
419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04
-
SHA512
b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107
-
SSDEEP
384:7py18oahashajPmIYInUJggBOZgAHhUKijb:7py18oafmeggBOCAHpij
Score3/10 -
-
-
Target
Components/ssdp.w6c
-
Size
31KB
-
MD5
80e53207d1f5f684b098bf70b66c34b1
-
SHA1
848367ff79a68319c9211abfae289a3802a809f6
-
SHA256
dd55372e906699c3e35f02313736f74a13d1e526d0b9620cadb70d57e530af63
-
SHA512
cd7e0b59a2eb0ccf164e958e758d53646dd6a229a67cb37e2d524fb36d19116117b7390a368bc47043faf407d788e839aee20f501b7c90d367515acdf65690ac
-
SSDEEP
768:mZsCH6rVPhn8cIdHbiGFCglWMEpYiTPx3//:mZRUVPh8cINbiGFCgq7TPxv/
Score1/10 -
-
-
Target
Elevator.exe
-
Size
97KB
-
MD5
59803a5bb88b88a6d83342eeb3816ad9
-
SHA1
cafa43cacd584deb0d54ac31ae9030f90455c6b7
-
SHA256
a8e9655510906994fdef3993bebabf0a5e0b6604f02c0ccc28fd31be3aa684bf
-
SHA512
85038570bb2fb39e7ee8994ccb3f8f9203c0d8360fea889d238c13b3b49a7ab85488edd01d3ec7e37288ffbd0db7e84cfe0353e199289a854311d27990cb9eea
-
SSDEEP
1536:S8RRcfSJKxaWWWxVz7MW/UXFue/mu67TPxvn:S8ZJKxaWWy57eVue/mu6fx/
Score1/10 -
-
-
Target
Microsoft.VC142.CRT/concrt140.dll
-
Size
237KB
-
MD5
9ad549c121108b3b1408a30bee325d08
-
SHA1
898ffc728087861e619dababd8e65cc902276d06
-
SHA256
263975e4f5afc90e91f9f601080b92c9fbc5e471132f63ad01c6c4f99b33b83a
-
SHA512
9a9005acf2af86d6a0a95773e968d98e90b7e71e8e71d58949ff51aad49050dca57d94a19671b1b5026bd74e7b627f31d0c8a50bb66ab740d629022c3a95d579
-
SSDEEP
6144:aLy1UNAZHA2nSG5LbEcutDsSaqiOHYb836TLLOeHFQyS9uLms12z/NpJ9yne:2hkH0Yb83KLxmuLmdzoe
Score3/10 -
-
-
Target
Microsoft.VC142.CRT/msvcp140.dll
-
Size
426KB
-
MD5
8ff1898897f3f4391803c7253366a87b
-
SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0
-
SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad
-
SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03
-
SSDEEP
12288:/gO0BGzePo6+J+4P0xYv7IQgnhUgiW6QR7t5s03Ooc8dHkC2esKcWKe0:701Po6+J+dxYv7IQgk03Ooc8dHkC2ezc
Score3/10 -