General

  • Target

    0aa976dd2023c98efea0a3bde2c2e390b85f06400730525a4a4d1db863c9064b

  • Size

    7.1MB

  • Sample

    240403-w4rbjsha4w

  • MD5

    2447261a0ca12fa149ab0303ea1a7923

  • SHA1

    307a6212241a0612bec022db5a5c591575137509

  • SHA256

    0aa976dd2023c98efea0a3bde2c2e390b85f06400730525a4a4d1db863c9064b

  • SHA512

    92cd329c21fa3e41b58758d744e176b85f56bd506214bcc006090d656bb0aa31123ee5981221dea8d2b9f23670bd45d6a156cd3070368f1957f12ade94f741a9

  • SSDEEP

    98304:+8Q3SiAcmngwlR/33aE1yv78pev9uKLZTUbECI2wdtgh8prZ5GdiRwd2kLNh6:+LZAcYgwPfqE1uDv9uscXnYZcsR22I6

Malware Config

Targets

    • Target

      0aa976dd2023c98efea0a3bde2c2e390b85f06400730525a4a4d1db863c9064b

    • Size

      7.1MB

    • MD5

      2447261a0ca12fa149ab0303ea1a7923

    • SHA1

      307a6212241a0612bec022db5a5c591575137509

    • SHA256

      0aa976dd2023c98efea0a3bde2c2e390b85f06400730525a4a4d1db863c9064b

    • SHA512

      92cd329c21fa3e41b58758d744e176b85f56bd506214bcc006090d656bb0aa31123ee5981221dea8d2b9f23670bd45d6a156cd3070368f1957f12ade94f741a9

    • SSDEEP

      98304:+8Q3SiAcmngwlR/33aE1yv78pev9uKLZTUbECI2wdtgh8prZ5GdiRwd2kLNh6:+LZAcYgwPfqE1uDv9uscXnYZcsR22I6

    Score
    3/10
    • Target

      $PLUGINSDIR/Dialer.dll

    • Size

      3KB

    • MD5

      0b47f20abb0c1160d6ec2866e2f834c2

    • SHA1

      a04c89619e5775ccfe33ac64a433b2c8d192a14e

    • SHA256

      3baecec709ffec8676668f67454d594f5a66771f8b3f4e153d0da9bb31e367f9

    • SHA512

      7e31405ff815fe9abb57af0c07fd63f2b6c152026729d0eb0eb3a214a9e8cf64d48101571180876af0dcdc65636fd4466da994151679b98f6f7eb04bfab32031

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      18KB

    • MD5

      02d7f5e5dd1512bee2343a21d9970eba

    • SHA1

      382abcdc03c3a0990d4482427bff757a8c5b8796

    • SHA256

      e203bd2042cc75d229cfa18d2862c4c90754b8de1361fd4b65aef808076f5a27

    • SHA512

      681908f5c9075e5b18862ac3a52e07c8c1e0a7412c54ee6d5a765f72ab7d7d19e3b67fe9ef59279cfb0b77e042277e7b06a6bec788198977415407d520340706

    • SSDEEP

      384:Hzdp+8vYqh+KhpR3+OftfWdrierxIwAWguQhxtzUl2x5fTz:HzdhvYqh+KNNVSierywAWTwOlYtTz

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISpcre.dll

    • Size

      133KB

    • MD5

      414124231a0e8a71a820b2c39513c7d7

    • SHA1

      8b08717c2c6305a327598f663b17cc5cd60eaefa

    • SHA256

      1be9ee2ae3b05441f08987d4ffc4dd8219b020c4c44b6df023c3c259d1da305b

    • SHA512

      eab202f56aafb1b4330621bbbdafafc55330ed35216e77c55e882d9057d11e4703eddb8815750ea7c80de7309b0bf12e5ef1a9eb7ddf7624b1b268170a50f2de

    • SSDEEP

      3072:PzI/+0JxD+eXv2aVeKsVUM+3LO0RKks0b9596:Ly+0JxD+eXOaVeK8UM+CAW0b9q

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      58KB

    • MD5

      34aafdcc9ba1a2acc6d6fe9ca347ac7b

    • SHA1

      23a4f3ea483d8643d427b29ed92af8253c0d3e6b

    • SHA256

      baf9f333f6276ed10cd1c29c619d1e9143e9b751c5a043d8212567333d0aa9cd

    • SHA512

      1ded039235005fc6ea3bdbaac2e4d74892188e089d95ddca1486a1c83dba1b67eca72b3e1318adf3d8753a0f3fe805c6df46f9e6f1fef44bc1f469a93f6466f5

    • SSDEEP

      768:oFTOjdPSKXRc/7SfH3qMnJQfhLNjhtajfYwnTED8ekOvnv8cUyWuZ:oAdqA+yHFJ6hrtWlIRv8cUy

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      f7b92b78f1a00a872c8a38f40afa7d65

    • SHA1

      872522498f69ad49270190c74cf3af28862057f2

    • SHA256

      2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

    • SHA512

      3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

    • SSDEEP

      192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z

    Score
    3/10
    • Target

      $PLUGINSDIR/nsUnzip.dll

    • Size

      178KB

    • MD5

      bde32fc5dcc9d98520c95fc23fa7bc92

    • SHA1

      e81891aa3f6e500c33474c21ff324083cbb50fcd

    • SHA256

      1fa8f2dfbe9fb83c0660e25e193e5aa09e1d4cd4af4f62e056b2930eb595c4c9

    • SHA512

      99b8d5671fe0a6d6b3a660fd94cef91a69f20863bff2faaae686a673c15789d3d52dbc44c9699fa90f13f4af7d1bfb40c6449d73f608d9c6b5c1fffbf29383b3

    • SSDEEP

      3072:97AFxQv5aD8vzH4upPcj/n/TEUruv/H3cwvZmBMRKqm5wJqb:97nXzpPOooAH3cwvZkcPPob

    Score
    3/10
    • Target

      $PLUGINSDIR/nsisXML.dll

    • Size

      12KB

    • MD5

      c5285d861243f3b41648af5c0ffd5678

    • SHA1

      50012e20b898e2f1abad27a4bdca12033e618add

    • SHA256

      35e54b12771f671bd8d9677369eb8216b54de0608a07a92ef17a4c29a841935f

    • SHA512

      92c687319e989199e392a81bbd16c00a551c1df9fc3535e98b2da0604424b148a4c379578837aacfa4e204d494c0f0b0ed4f7638cbf7462bc937b4e198631350

    • SSDEEP

      192:3/ufSdX+LHASTxwSODR2bzdA74gB0jpYEfb:3mfSEL9lwpRv50FXj

    Score
    3/10
    • Target

      $TEMP/AwrAskToolbar/ApnIC.dll

    • Size

      174KB

    • MD5

      016b4cb0f363e8563ae9d4c97189ae5d

    • SHA1

      1eff205d7d0d82baf841a98c176d700114e13fe6

    • SHA256

      c07ad5ccb030fc1d4c950c63fa6d01976222e437b356f0e0ccbf625a3414735a

    • SHA512

      d21c739b0c60057cec944acdf049f513bae5e502f67c99012f837a4ceab5088c2a98d151ff66eb1472bf329a586a25a45c8643c8a8642454491752875c9aff61

    • SSDEEP

      3072:JYlCPp/oNWXAUovx4gxr/joJK21uraIL6cmnw+nR6ibbv:JYluqNWXAUov7xreKrrfSF

    Score
    8/10
    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $TEMP/AwrAskToolbar/ApnStub.exe

    • Size

      139KB

    • MD5

      c36923084822c017f69396418a999d39

    • SHA1

      fdc2005ced8acf86c68fe1b86b0698d0539e8ce0

    • SHA256

      7a158fdeea8f7107be5ce40242546a503193aa1c278f74a4730871b8edd0ba76

    • SHA512

      fb1106d4f4a138cad28a4282cb00c72688e03610be1d31a7cdd7b42b23e00e4f7ca9e731a7ab016d5920411707e165e3ee48164ef520112d8ac36fad85749c44

    • SSDEEP

      3072:kchfXbup04LnomgmlgV5sUjbW/+lt5qqqqqqqqqqqqBYFpbO:BPbue4LP+V5f6U7qqqqqqqqqqqqH

    Score
    1/10
    • Target

      $TEMP/AwrAskToolbar/ApnToolbarInstaller.exe

    • Size

      3.3MB

    • MD5

      813eb60a3f2e3587deaf57e8693d9b7c

    • SHA1

      b761f6a793deed25ed47ffa20fdb18c0f38b95e3

    • SHA256

      0fd523732aef47be98d3b588a5993f64a4e7e14cb4c94d46be477a0813d7fac6

    • SHA512

      0f108aed4fb9b464e9606e25040acad0800c657e3ceae8e985a133a997cd9cf65ae781fe6343f2fea4dc3bf0c3f74fcf24347b326eee6c415ff3e3db629725ef

    • SSDEEP

      49152:JUROVbT7fkbVCs/2cex8CfdVY36EfrTzcZweOCPySER2UXUJ9dMGNnAwbr/CHo9Y:JBVDfjDYKEgZD6SRUERMGNAl7hHk2

    Score
    1/10
    • Target

      $TEMP/DefaultPackOffer.dll

    • Size

      574KB

    • MD5

      27bde90956cb180933dc47d7a4853e4a

    • SHA1

      51a286b37b0c79ba991fda9956de6f46f38b49a7

    • SHA256

      1ec5959f8bb72f4f306390048375126898eef52fa85a8f269fa612c901b343a7

    • SHA512

      713bdd2692535501797a1315f1fbc9745940aa7cb3c92780e64f97a2f059255f39da1ad4f9208126c08099a0cb47ece48fcca644b0e239233622aa819970967e

    • SSDEEP

      12288:+uoI6SDTJmUb9kxI6vXQuXiKQi8lnY36LKVN/gUw:+/I6SmUyxI6vguQzlY3lVN/Fw

    Score
    1/10
    • Target

      $_21_/Alawar.url

    • Size

      44B

    • MD5

      530d6f2372c4e6487bc4dd0dc14841ea

    • SHA1

      86f8e5f97885906f5287c68d49f914cc976c09c7

    • SHA256

      3456e6cde68af8a36437fdd8443f79d3cc9abbae7b49d5820114eba357fd82df

    • SHA512

      8a910e06b474f09e113114eb52546003e41be260cb054b938d666d500ccdbf0247ba2d0ef25343e3fe9b89b6ea6b9be545ae47b94c5bc7871828623a4790cd51

    Score
    6/10
    • Target

      Alawar.url

    • Size

      44B

    • MD5

      530d6f2372c4e6487bc4dd0dc14841ea

    • SHA1

      86f8e5f97885906f5287c68d49f914cc976c09c7

    • SHA256

      3456e6cde68af8a36437fdd8443f79d3cc9abbae7b49d5820114eba357fd82df

    • SHA512

      8a910e06b474f09e113114eb52546003e41be260cb054b938d666d500ccdbf0247ba2d0ef25343e3fe9b89b6ea6b9be545ae47b94c5bc7871828623a4790cd51

    Score
    6/10
    • Target

      D3DX9_40.dll

    • Size

      4.2MB

    • MD5

      eea5e428ce63804f9b12d21c97b5968f

    • SHA1

      77a7f48f4bdb7e66ed5e524bb8879e3da0d6cd1d

    • SHA256

      16fd909aeb68d0d1aca8529dc7f78880b97d6649d70ce8d03a2c858bc28e216b

    • SHA512

      545518dabd82441ddfc17fe1c1cbd7d14603bb58130de1307a31f73b93ca42afdf25dfcf481f0383c4e039edfe4a88ae7b84b06a2850c29bbc3550114e499c73

    • SSDEEP

      98304:E6EoQ715V9VRhAuR9ClDt2iHbEsX0sycGoKO0nceqyaWd2U:/Qp5VUuR9ClDt2iHbEsX0s6LO5Wd

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

spywarestealer
Score
8/10

behavioral20

spywarestealer
Score
8/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

evasiontrojan
Score
6/10

behavioral28

Score
3/10

behavioral29

evasiontrojan
Score
6/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10