18ce929380ab15f9e9d23d156ff3cff56b94e33641a40379f57e7adc91130c3f

Resubmissions

09/04/2024, 22:11

240409-131wtaea38 8

09/04/2024, 21:43

09/04/2024, 21:18

06/04/2024, 10:55

06/04/2024, 10:41

Sharing

Copy URL

Twitter E-mail

General

Target

GalaxiaViva.exe
Size

69.8MB
Sample

240406-mrjaqsgd6z
MD5

62bda6829e7b08bd8f3c5b4057fa238f
SHA1

b3cadccbe3199cf72c8dd110b463137eed013e09
SHA256

18ce929380ab15f9e9d23d156ff3cff56b94e33641a40379f57e7adc91130c3f
SHA512

1966c014c929f8feff29f00aff837769b232890ad572b46d8056ea7b18de9b970ea8cdce0014fc2d040fc62476c1ffce222ad6b9209dfaec0bf535546de25147
SSDEEP

1572864:f85PaKHmqV6kLdNjObU5LwsagSbZFgagYjhSuyDV09arU7:uPaq1VddNaAwsa3bjhHyh09aA7

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  GalaxiaViva.exe
- Size
  
  69.8MB
- MD5
  
  62bda6829e7b08bd8f3c5b4057fa238f
- SHA1
  
  b3cadccbe3199cf72c8dd110b463137eed013e09
- SHA256
  
  18ce929380ab15f9e9d23d156ff3cff56b94e33641a40379f57e7adc91130c3f
- SHA512
  
  1966c014c929f8feff29f00aff837769b232890ad572b46d8056ea7b18de9b970ea8cdce0014fc2d040fc62476c1ffce222ad6b9209dfaec0bf535546de25147
- SSDEEP
  
  1572864:f85PaKHmqV6kLdNjObU5LwsagSbZFgagYjhSuyDV09arU7:uPaq1VddNaAwsa3bjhHyh09aA7
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  69.5MB
- MD5
  
  d69a8e4836dc74e3df52a4be7ce897d7
- SHA1
  
  86960d11064df344292bc656f87a889bc270f526
- SHA256
  
  b65b350aca339edcef90ee56996ff4b9e2b423e7fc62333de675b016c109bd83
- SHA512
  
  de0d2d21f27828122ac0a6be60b554580aa0c12c1e6762b3f00f77a43c64f38edce62dfe6e7b30656b859886e918b26a2e2d34c6358c8c51c03287b56dea4f2b
- SSDEEP
  
  1572864:w85PaKHmqV6kLdNjObU5LwsagSbZFgagYjhSuyDV09ar6:XPaq1VddNaAwsa3bjhHyh09am
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral10 behavioral9
- Target
  
  chrome_100_percent.pak
- Size
  
  126KB
- MD5
  
  44a69827d4aa75426f3c577af2f8618e
- SHA1
  
  7bdd115425b05414b64dcdb7d980b92ecd3f15b3
- SHA256
  
  bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
- SHA512
  
  5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049
- SSDEEP
  
  3072:DKzwqCT4w/qzOovg6/Csp7O2o418Gb0+VRLf0ld0GY3cQ39Vm2I:DKzwt44yrgKpyK18Gb0OV8ld0GecQ3f2
Score

3^/10
behavioral11 behavioral12
- Target
  
  icudtl.dat
- Size
  
  10.0MB
- MD5
  
  cf9421b601645bda331c7136a0a9c3f8
- SHA1
  
  9950d66df9022f1caa941ab0e9647636f7b7a286
- SHA256
  
  8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
- SHA512
  
  bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb
- SSDEEP
  
  196608:j5zwSv9AAyse6liXUxCGZHa93Whlw6ZCnG0:jyKlysTliXUxCGZHa93Whlw6ZCnr
Score

3^/10
behavioral13 behavioral14
- Target
  
  locales/af.pak
- Size
  
  327KB
- MD5
  
  c9312ff081e600e5fb4483b46ddd7c23
- SHA1
  
  1ff05a6a06cc73caf2d7545a3821d90c228ac0af
- SHA256
  
  b1987cdcbb8d76598422aa1739a246ed6690dc1b211f950fcbf2f040491ed7a8
- SHA512
  
  20c136b44770aa0e06259687656675a3e14310ea4e8ba214726b216bc1bcad6026267bf0132cbca642c0b5c49293386d0a1bd93ba40e1c33b648ae70416e8898
- SSDEEP
  
  6144:ZP+kgc+kVWlEvC9Z5D49Em7kLjB6oAYxjYgDbwxesB+xSK1IA3y25tHwDwv22iGe:ZPfclEvC2im4LjB6oAYxjYgDbwAVSK16
Score

3^/10
behavioral15 behavioral16
- Target
  
  locales/am.pak
- Size
  
  531KB
- MD5
  
  e8bac983607c5432f789afdacdda42ac
- SHA1
  
  95c26f47f7102be338263fd7f7e365632651f22e
- SHA256
  
  ee363b88697a26d486c77bbf05f5f7f62d4b40c235e1d85e11448083070576f7
- SHA512
  
  5e26f40c8dc088d21b9b6a01041ece3bd4b2899ee33fdd85be995545c7a24860fdc9c672da8c9345a08891e0bac04ccf4d65de543f4cfba0bab0ae3fb32354c7
- SSDEEP
  
  12288:GguzxX8xfzKsEYg95z9SBeuUPQvx30jH8+I:GX8xfzKnYg95z9SBoPQr
Score

3^/10
behavioral17 behavioral18
- Target
  
  locales/ar.pak
- Size
  
  574KB
- MD5
  
  d1d99f4f2045531edc47d37a367402bd
- SHA1
  
  825385e524ece779c641a4ce2a57d14ff126d509
- SHA256
  
  bfa2a3c3ebb3c6afbca42cb70b4da8f997068d511cf40ee8a952a893b8f9d7cd
- SHA512
  
  4255b02c19ed373d711068a2d4639d462372071cc2aadb6afce459d9fe19bda21ffcbf1604e4937617cd5fee996f9b3786be1c2bed4dc4919d849c7a988a6ac0
- SSDEEP
  
  12288:el2RFtqr0jXjiRp8DvYUBuSYRrA5SNbr+ATg8Y3MgSEN6h:m2Ru1fRk52+M
Score

3^/10
behavioral19 behavioral20
- Target
  
  locales/bg.pak
- Size
  
  608KB
- MD5
  
  96372403a9ded96f3a699262029a4580
- SHA1
  
  07069b20fe303f6eef1fb6c8c0a19266a0c705c9
- SHA256
  
  6c10b64d31e0dc2c4befc6703ac17343ca473b4350cfb3c6e01833f505b69590
- SHA512
  
  0df60fe13818f0c3c6838e77686c5de9fa03b97cbf0943f7a2a4ae2f3a0890d3d64b3a7652d8c81c23de876ac92e4c6b71d584fb106c3520c96ef76ba30250fd
- SSDEEP
  
  12288:dPnB1xlYrdAs1alUDpzaVVwsl867mFyY3SKN3rsbDxXs7Jfu64KGzrFSZp8VqJ5O:dvBjlYrdAs1alUFTsWoY3SKIVcdu6pGB
Score

3^/10
behavioral21 behavioral22
- Target
  
  locales/bn.pak
- Size
  
  780KB
- MD5
  
  cb203032925be270222dc2c20fe771e2
- SHA1
  
  2f2f20bbbd07ee01cc996247bd9c2f40037dff80
- SHA256
  
  297d52b252df0912490ddf26fa58706895e70c2a0f3f09d0dc756706720095ef
- SHA512
  
  052be75c51051949c84216566b462733b61026ba74e212b000cbed7d93cb852e74ae83d64d2eaadc3093af4265b6783184cf8e0368a75e077d4b75daba40f9b4
- SSDEEP
  
  3072:Kw+ZjJj+E7z0eC6HcvR1kgBbdawSU5ZwXll4:4tJXZ78vRNBbdz5ily
Score

3^/10
behavioral23 behavioral24
- Target
  
  locales/ca.pak
- Size
  
  371KB
- MD5
  
  de21c7d001b771d4d59e2acfdd67dd44
- SHA1
  
  ef5870e9cf34416edbec6aa76a6feb77b70b9acf
- SHA256
  
  78bbee9bf6c95d239418037fd4660d081ebc0f369e727e613b6b652e380e6dd0
- SHA512
  
  3276a84a4b4d90b47789a7ce6a3ae34afec187145a438fbdb7f398152b182e97ba10acda4941456ea2387c03c101bc2b1716a8950897ea3be180b3d8c073902e
- SSDEEP
  
  6144:moaCg6EDiYqdSIs3cehEYBC2l3nbh9aGHQl2SwAGwXZM0dLbpuQRBtryBocaGIlI:Hg6EO9dSIs3cehEYBC2l3nbh9aGHQl2t
Score

3^/10
behavioral25 behavioral26
- Target
  
  locales/cs.pak
- Size
  
  377KB
- MD5
  
  3e2c49143f4718ddd9c1c74f8599fac2
- SHA1
  
  7cce45de66a3895c3493b998fef7bedf045b29e2
- SHA256
  
  08e40f5efc616cdc0588fb4b1a706d997c69d17ddaf97eb91a4aabafaa11cee6
- SHA512
  
  a849ca0d09e0d4c025d9de6c8008c13e13581961c321f53a552deeaa210db891914386fd51673615aec8b5d8d68a921a968db5d0fe447963892ceb0948861e3d
- SSDEEP
  
  6144:QhKH/gwYPl/XACAjRe15q8+Y1zAXn5q8QM:9fgdPl/Q3e15q8+Y1AXnF
Score

3^/10
behavioral27 behavioral28
- Target
  
  locales/da.pak
- Size
  
  342KB
- MD5
  
  f3a47e259c59de0aabef03e6b5a263ca
- SHA1
  
  c45bd961c8bb84331d652f4399675b365f5dfe23
- SHA256
  
  13c9583127d9d723801c946039e60f72dbbde898dd23fb9f675b9e299d0ce72a
- SHA512
  
  4249456e572403249580905f1b4b4471b6a8d84c6c71201c42adc862d4e0d33f957ae1057109e900a10a029a8dfc45257b0e0e283ad9eca21a30498a0795eff2
- SSDEEP
  
  6144:eAzv/f19wl6qKJwRXFGZO2Z5nYryGzOWi05TWwc:5H9IF85Yr5T0
Score

3^/10
behavioral29 behavioral30
- Target
  
  locales/el.pak
- Size
  
  664KB
- MD5
  
  8f5a15560710db2af852512b7298b93e
- SHA1
  
  30a13ebef10108effbad8c24b680228660658415
- SHA256
  
  bc07e403272a4d65305fe24a827404d7b931d01cda547f8c07a840d19e591430
- SHA512
  
  e3cedc0eaa82b10a68a40aca8ec1379a6bb924766e1c5abd97e39c621dcbc195d6c1ff80921c2320f0f1c87d160bc2a6258108399876339e5104f98d90a861de
- SSDEEP
  
  12288:RdquNwK202pgaZH4q5OaPY3HvO9K63/fgBsbfFnxHuhWTT9rkv0pfBtMMkffFZig:RdquNwK202pgaWqsaA3Hm9K63/fgBs9I
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32