Overview

overview

10

Static

static

10

Install Termius.exe

windows10-2004-x64

5

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

resources/...dex.js

windows10-2004-x64

1

resources/...try.js

windows10-2004-x64

1

resources/...ry.dll

windows10-2004-x64

3

resources/...dex.js

windows10-2004-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/...win.js

windows10-2004-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/...acy.js

windows10-2004-x64

1

resources/...ist.js

windows10-2004-x64

1

resources/...nux.js

windows10-2004-x64

1

resources/...ler.js

windows10-2004-x64

1

resources/...ead.js

windows10-2004-x64

1

resources/...ite.js

windows10-2004-x64

1

resources/...ser.js

windows10-2004-x64

1

resources/...n32.js

windows10-2004-x64

1

resources/...gs.dll

windows10-2004-x64

3

resources/...dex.js

windows10-2004-x64

1

resources/...ain.js

windows10-2004-x64

1

resources/...ng.dll

windows10-2004-x64

3

resources/...hrc.sh

windows10-2004-x64

3

resources/...hrc.sh

windows10-2004-x64

3

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows10-2004-x64

3

vulkan-1.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$R0/Uninst...us.exe

windows10-2004-x64

5

Resubmissions

28-03-2024 09:19

240328-laa3cshc5s 10

28-03-2024 09:13

240328-k6zvxseh67 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Install Termius.exe

  • Size

    174.7MB

  • Sample

    240328-k6zvxseh67

  • MD5

    47dd221e93e67afaec0c9da2faad8c2d

  • SHA1

    cc6e78e778a6369022d16e218a8578ec4a7e64bb

  • SHA256

    e66fd24e29c4cd33772fbda049a4efc7b55a0c22959d0d56d0fa77bd34040864

  • SHA512

    30b4246bcdf4c34408fde8b0eb813301135b2e493ea069eda2f20e737bde667574b9c1ff08e2346977e945dc75a1c9e10211418a4d52703485e4906f5db6331a

  • SSDEEP

    3145728:pnTEziz7qeKOmhoSiH9wwDTD5yCeEQ3Tdpf+5bCGMNMkWxoU5oPb60:BA67qJhiSNwHtyZEQ33vDfQA60

Score
10/10
egregordiscovery

Malware Config

Targets

    • Target

      Install Termius.exe

    • Size

      174.7MB

    • MD5

      47dd221e93e67afaec0c9da2faad8c2d

    • SHA1

      cc6e78e778a6369022d16e218a8578ec4a7e64bb

    • SHA256

      e66fd24e29c4cd33772fbda049a4efc7b55a0c22959d0d56d0fa77bd34040864

    • SHA512

      30b4246bcdf4c34408fde8b0eb813301135b2e493ea069eda2f20e737bde667574b9c1ff08e2346977e945dc75a1c9e10211418a4d52703485e4906f5db6331a

    • SSDEEP

      3145728:pnTEziz7qeKOmhoSiH9wwDTD5yCeEQ3Tdpf+5bCGMNMkWxoU5oPb60:BA67qJhiSNwHtyZEQ33vDfQA60

    Score
    5/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    1/10
    behavioral2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    behavioral5

    • Target

      resources/app.asar.unpacked/node_modules/@termius/registry-js/dist/lib/index.js

    • Size

      645B

    • MD5

      493826fb324acada79d24a3a1338faa0

    • SHA1

      1d3fd0bd09dba9a7b560029e59f5f214a11d608c

    • SHA256

      57d19d5e336fc60806050342d813199cfa21100348b4c195dbb6be934af33f1b

    • SHA512

      18f025ec0da6af0894b667b2273deed294c7a203324785a131b7c849d6bfda23526fe8804ea805bf018e5dfc6fef5e65b7ff94242d4cade134c73f6c19fc9351

    Score
    1/10
    behavioral6

    • Target

      resources/app.asar.unpacked/node_modules/@termius/registry-js/dist/lib/registry.js

    • Size

      5KB

    • MD5

      138e5803a608d16807671d52e35b5f3a

    • SHA1

      4af6bf0b0a90b3ad3e35617a9de1da63cefab1bb

    • SHA256

      7e6f33a208a09123a9745207085632364b66411ffbd2faaf6d4b7a7d32a2ce89

    • SHA512

      c28ab72c862f78cdaa3e4290338e3110fd4aea6ecbe72217c1fa7a8455bb9b7f7b7f118a82965e57a66d7231ab5bc35cdcb039659f57f8cf8fd398d9fdaa87db

    • SSDEEP

      96:KEQ8SLNvbyIz8IzPt7wUhza3aex8Mg72b5swZtanONdtethtMCH79pfwzoCH78p/:KFj3sLx8Mg72b5sitmONdtetht5H79yw

    Score
    1/10
    behavioral7

    • Target

      resources/app.asar.unpacked/node_modules/@termius/registry-js/win-ia32/registry.node

    • Size

      514KB

    • MD5

      9d073e89aec8d130b48a9c89310cf0ef

    • SHA1

      3ef3313c01e9b15580bcb6801bc46192610fd771

    • SHA256

      3c18490a5309077f1bdebd5d4fef4c7c9b0115e26506b5a05273a0ebff5c3dbe

    • SHA512

      b9582bfebc59ce2cadf85be722a06c5fbf69a0859b9506cf01393c8c264cd6d2d563f6f302a47396c88bf87179c30c7460076f742a5b09016905f5b7722e049e

    • SSDEEP

      6144:VuhFdOG52WOfy15LEG8ELzt47EVLbtkuQInJ7wQ:4tx2x615LGELouQI/

    Score
    3/10
    behavioral8

    • Target

      resources/app.asar.unpacked/node_modules/@termius/restore-mas-purchase/index.js

    • Size

      460B

    • MD5

      0a6b9616e9f700622deeb4ee5e28bb8f

    • SHA1

      d7182bbfb122f58515ff616927ad4a3820a60ba5

    • SHA256

      a8593c2673db5708c0e6aaafd42476de81e6f9ee65bed0953e145efbe82afbed

    • SHA512

      8002d7a9d6bcaff7159e007b04ca1f128de82782268547bb23f74ef79926b7c9cedeeb108e94667f974a15abc7334d640671f48c5bfab9beb66d9b33e31d00bb

    Score
    1/10
    behavioral9

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/build/Release/bindings.node/index.js

    • Size

      447B

    • MD5

      ea34502cd402f3f829a1d2d5c0480ec7

    • SHA1

      325a172672ed53149e09d3195d9ee981aff164a6

    • SHA256

      e3e75309bb751ec37a84e2195339e166311f7a4fbf4880add14c98e8efc0ea39

    • SHA512

      092c86fd12ed56ae40646ac47c19ce5965030723acc1ac23ff3d131b8331fb325cc4f01309ee89bbcca3404b77ee95ab30c74a52a14fd92c8c187c08bc067e05

    Score
    1/10
    behavioral10

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/darwin.js

    • Size

      2KB

    • MD5

      ac51fbe32ec674a687df1b97d6d68996

    • SHA1

      15269dc69e113e1b92ae56fafca5aa617702675d

    • SHA256

      3805d0cb29dd6f7d22873a24faa0dfc0f1799e63ab01d51360755d6def131283

    • SHA512

      36ef394d4686f75a1efcc2a05c1bab17f37c227a2f743402b86a01278b409661c91c2f530c7dea75920c215983d6c63de06c64a25c47356f8da674254030446a

    Score
    1/10
    behavioral11

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/index.js

    • Size

      375B

    • MD5

      b6b30af16a0e443558447f9a6dcb06b9

    • SHA1

      fc1136c64ed450979f9d59c111813efeb2b5112c

    • SHA256

      a1712039aa76f42c0bf5da9b0b3cc4080fc3da8b7366ad6f456d2348d1f55769

    • SHA512

      d264ba285a0a6130c5160ddf89b579ba4466c03c40c518d27cffb91280c8b75c931b6e7b062b54c8d6b884926e2f3512a89adca7fa8acec5e7d6f5c5ca656577

    Score
    1/10
    behavioral12

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/legacy.js

    • Size

      653B

    • MD5

      b9c1da89bc06d5be7abaccda352ed4c5

    • SHA1

      bee9cddb45df4c110faab624d4c06a78c65c12be

    • SHA256

      5b81d2da89374aca3e891db5f79186e1c7288e73e4be39aadc16377e81d276bd

    • SHA512

      90acea408d18301c14186db71b0ff1cf99ad09f21f24cb0b5a699d3f71d09f44af5cb8c753f87e5b7162a2b39787144cd1e73f030127af3b2627a389873528f4

    Score
    1/10
    behavioral13

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/linux-list.js

    • Size

      2KB

    • MD5

      e27c38498c90871916a1d58a90365c3e

    • SHA1

      78f0474c257cb676a6f5229a7c21695ba9149226

    • SHA256

      b18cbd1238e8e7b228517641670b0d31a8f4110dc96acbe4aa120d82a586b92e

    • SHA512

      ed34b023a862292152b00763f60d43fd1d9927b97563ff9bc094f04c4cb6f617d6233577e457b32df30353bc2afda1953f3cd73134ece4240574140a084e5af1

    Score
    1/10
    behavioral14

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/linux.js

    • Size

      2KB

    • MD5

      c2ee0accbab5fd0c5faef21ba8df71c9

    • SHA1

      2a92a6d023f5b8bf0b78f0476cce146719604ab4

    • SHA256

      33141436365765d92db7e67261d83016fb5b491f90d73d13ca47e849f141f9b8

    • SHA512

      09821248e135d27f4c9c5b944d275f23f760ff169f2982f86962ee33b0651feec76aea696052861c52be3d0dcb2f78b80eced9c0b17bbc924d7b95f875d07737

    Score
    1/10
    behavioral15

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/poller.js

    • Size

      2KB

    • MD5

      551b10be9013921f9e7e1625ea38f581

    • SHA1

      9e0a5de3abdb274fd38dbd96ea07b6e52776b436

    • SHA256

      424e965a6ea648b39177e2755c8ea6b50b5d40b41c0c29d26bc227af28f60dfb

    • SHA512

      447eae850c38ca1609d433b436296af8578c08e37b8a5b3367e6f1ace857a4e5e6a9898b242cca1e39b90d52447376efb4d796a11a89ccc2800e42b6e873afb1

    Score
    1/10
    behavioral16

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/unix-read.js

    • Size

      1KB

    • MD5

      0c90ce2d28026c8588862a0daf1923f8

    • SHA1

      afcc1222ec212012160b68e932307be94fb7b68d

    • SHA256

      8d3cfaedd7aa7a565f73cd0bcb3e7dac1d5d74b231f7e966f5dcb982d12a1289

    • SHA512

      dae9945a35f5c0989ced6532427d2086777663c76585dc1436cf4767aafc171529f4fd434112d23a455cf6b2ade2b34d0b50512d7fbbcaecdb39b6bcc801f97d

    Score
    1/10
    behavioral17

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/unix-write.js

    • Size

      1KB

    • MD5

      ccca0472defa0da2ea5055dd3c74bbe3

    • SHA1

      75646446c938fab8d8878282e754c225ef8cc3fd

    • SHA256

      75416bc5bca63b31889fdabe6e29d6f00f696e05c469f868c70829da062fa8f8

    • SHA512

      699f36b33c8aae4432515c21c3caf48780e0b713cb17ab0177c6f88d92136a5d7b3b2abedf81d59bab7e4d584337f5c16b8a229786106f720ae59c1611028361

    Score
    1/10
    behavioral18

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/win32-sn-parser.js

    • Size

      263B

    • MD5

      40bcfdb5ee6eaba2dc0b6caab9477679

    • SHA1

      34e36ea3b9074a8406c6e103a56e20e42400e51a

    • SHA256

      5e814ca196ff403a42fe5ab90c7555325496841f410ae6a35b1f0aa6415364e7

    • SHA512

      bec28e2df2dd85c520cec4b9c6d96f48492e382b5c2444bd1b00a2db8b87f0e083f6c567bd9fb27da4d352efb06336c9e6f8ccd67722e68ac7612c977513fdfa

    Score
    1/10
    behavioral19

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/lib/win32.js

    • Size

      2KB

    • MD5

      159e0262a8e1bdbdd5c9845b8445ffe7

    • SHA1

      49d53bd70b327d0c30c3505d8929dca59d1bdb88

    • SHA256

      e51b6213a8da449e23cc99a4858a51269c1a662d95c37b8cc55f85566469e501

    • SHA512

      a8f298c2c492fa58c5d20f3c1f6d86b2d33ccfb280134acc0cd484c0a6394369a61d1c50094a750b64aad8ef1cb03d516fe95447a1101eeac9c952ccc14c24f3

    Score
    1/10
    behavioral20

    • Target

      resources/app.asar.unpacked/node_modules/@termius/serialport-bindings/win-ia32/bindings.node

    • Size

      562KB

    • MD5

      7218d39726bf53fd3257f016f9797994

    • SHA1

      e6e442d8f3d379370653c1e2cb92584282e1ace2

    • SHA256

      4a2952c98d2d9365b320e9d8ae288f32281ae8d3081d26efcc8a436ba860e5a0

    • SHA512

      87f862867c0fad25c5dbaef006de9f5cd4b3a7d14874a2db470984fde783d73c7bfd5d96a709fa02449c415013def853721faf116228f53cebcea76e88555c8d

    • SSDEEP

      6144:Akzv/ZIPdk4AUZXFGwXCgAUxd1pgRA2BFT2UUfud09bxOueyJKr:vzv/ZIPd6YFGwXCgbXcSud0tMTyJU

    Score
    3/10
    behavioral21

    • Target

      resources/app.asar.unpacked/node_modules/@termius/windows-iap-bridge/build/Release/binding.node/index.js

    • Size

      445B

    • MD5

      15dda3a05bc8bd8bc55e5dff76a6d027

    • SHA1

      c79d7121a06d9100937ceb006900c74ecde6d1c4

    • SHA256

      344f250e0df725f02292fe3296cebe37f2b5958cf76f690ef22409e0e9b89235

    • SHA512

      956d01a7ffe7849375330969e3eec020a5de77952f00f0379d19adbf519dcedff069ec2378ec96384fdf70b5d2dd0dcbfe54d4c1df7724d3cfe014cfcadff013

    Score
    1/10
    behavioral22

    • Target

      resources/app.asar.unpacked/node_modules/@termius/windows-iap-bridge/lib/main.js

    • Size

      268B

    • MD5

      747ec0e0fbef1db6b6b240f78b94b8f2

    • SHA1

      dbceb5807f94f8d2caf962e11a2130aea90bc55f

    • SHA256

      37b4437a8e833d38aa914efffa033c60363b31eff9005b805e1b54db3e340772

    • SHA512

      c6ee1906491445e066e9cd8852075155e2a624f28e3d21ef60dd44ef2722e49f27eb604e6a6ca1dd7140d37ec49023b316b044ec84f83d1ba615466c7ec6277b

    Score
    1/10
    behavioral23

    • Target

      resources/app.asar.unpacked/node_modules/@termius/windows-iap-bridge/win-ia32/binding.node

    • Size

      706KB

    • MD5

      d0bed07d11ea06d6bf4ac0baa228c4de

    • SHA1

      33f3c3bb0f2789981c5297dba66505dc008605fb

    • SHA256

      c1b244c395c03d29774593d7d9fa7183a9bf06f06970e7d06243ad5b74e38880

    • SHA512

      3da2e1b7171f4a9a60e9871eb5a5b53b0f690c139d9f9ab771ea06e20a207981497c078cf44184369b9ea71abae17fa77bc7c0045c5bb6846c7e4a978e59fdfd

    • SSDEEP

      6144:i0Rs4zCbge4GzRElPAuZU6ON2NKeUPXcyoq2Z6DBwJYfZrmVKuDsutn9Ulda9qLZ:i0DGOJAuZUXNX/cyoq2Z6DsIuDsudCZ

    Score
    3/10
    behavioral24

    • Target

      resources/app.asar.unpacked/out/shell-integration/bashrc.sh

    • Size

      1KB

    • MD5

      b97b17710549e1455a522e49d4f691d2

    • SHA1

      43bdf9c6250029cc207ab37e482fe572842a68fa

    • SHA256

      7ebf5ff6a15228778758f14d08c3abbd6098ab6bf6a8cbcfbe5f74eabb054cb7

    • SHA512

      d0a7c8fcadfdd104e60ffb7e7ef1527dea64d0acb0b83d692b87d3eef895f72bbfd185214350adb61f14cb11b51897e8e64995f34bcd53a920f7bf322f2f9cc1

    Score
    3/10
    behavioral25

    • Target

      resources/app.asar.unpacked/out/shell-integration/shrc.sh

    • Size

      473B

    • MD5

      c7eb4ba69b991df27bc493b4e941a3be

    • SHA1

      be81457a0b35cbc496945de6a18558b454bec59a

    • SHA256

      83adce96883210f34f102c13de0406dd6ad06d0cb6fbb93ed511be701b329e45

    • SHA512

      d65d2450d4d6eae177615d129ce4882ad00e0178f7031ef151fea1ca50ea7a24669db273cfebad12277b512f97c9d7333abb42275e0585b257707a5b2c4c8e34

    Score
    3/10
    behavioral26

    • Target

      resources/elevate.exe

    • Size

      125KB

    • MD5

      8740839af76d89c255866d764cf1dcd9

    • SHA1

      ccb2b39fa24471254c0010a31c58ab6f69b7336d

    • SHA256

      60ef4cf3d32aa4f74b303052e21fb0e15df1e38c1a5ff1671f6dfe5870a402ca

    • SHA512

      dab60b4c9c864ee8874ba6b3d2c963adc0acb3a796b353318952e8343b01666f611cdc74992650dfeb47da4c375f7e89f8e409764303e6b637c019ad1242736e

    • SSDEEP

      3072:IVbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlbS/v5e0:wPrwRhte1XsE1lQv3

    Score
    1/10
    behavioral27

    • Target

      vk_swiftshader.dll

    • Size

      4.2MB

    • MD5

      dd3a757828c6cc214fac84486f69ba8e

    • SHA1

      5f79beada6f80c903b5d1c04f0eb30e8acd396a2

    • SHA256

      baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c

    • SHA512

      9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

    • SSDEEP

      49152:kaaVmf9fmJEZVCnIveij/+L0X/4oNu4M8ixT9c06huefekRMprAzsxCOBLiwFVx:kabWqSho94uZwNEp9KFGvLqH

    Score
    3/10
    behavioral28

    • Target

      vulkan-1.dll

    • Size

      744KB

    • MD5

      bb7496239e0f1b44c935df3954c3fc42

    • SHA1

      d063da60766682cf40b690bc03094e5c7ebd8669

    • SHA256

      e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c

    • SHA512

      7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

    • SSDEEP

      12288:c3KEZau9CO/FfYUHIr/aNnUXhdhKdjLv74eusp:caEZau9CO9flEi+RdhqLvUcp

    Score
    3/10
    behavioral29

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec0504e6b8a11d5aad43b296beeb84b2

    • SHA1

      91b5ce085130c8c7194d66b2439ec9e1c206497c

    • SHA256

      5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

    • SHA512

      3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

    • SSDEEP

      96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr

    Score
    3/10
    behavioral30

    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      424KB

    • MD5

      80e44ce4895304c6a3a831310fbf8cd0

    • SHA1

      36bd49ae21c460be5753a904b4501f1abca53508

    • SHA256

      b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    • SHA512

      c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

    • SSDEEP

      6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

    Score
    3/10
    behavioral31

    • Target

      $R0/Uninstall Termius.exe

    • Size

      504KB

    • MD5

      075b439a007c1d8a5f63056c43596b57

    • SHA1

      b9f3cd25662e6d9301f4567576e25b3333cbcb6c

    • SHA256

      2155fa750414475c8969918e141790bf6884d3d59e9529e3e8ca202f191a491a

    • SHA512

      36341a1ef46ac8ef2998a6e976f09323542480cc9c37aa305964f569e89ca7a18d1c360f2ef2a5762a1d8c03fb95e2c12fb2923d62d165d899b730e288cdae65

    • SSDEEP

      6144:S740IGdWkvrRNaUomD6XA8gs2t0EyL+yak:gPvrGY2vRKJk

    Score
    5/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

6
T1082

Process Discovery

2
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks