18ce929380ab15f9e9d23d156ff3cff56b94e33641a40379f57e7adc91130c3f

Resubmissions

09-04-2024 22:11

240409-131wtaea38 8

09-04-2024 21:43

09-04-2024 21:18

06-04-2024 10:55

06-04-2024 10:41

Sharing

Copy URL

Twitter E-mail

General

Target

GalaxiaViva.exe
Size

69.8MB
Sample

240409-z5mxasbe59
MD5

62bda6829e7b08bd8f3c5b4057fa238f
SHA1

b3cadccbe3199cf72c8dd110b463137eed013e09
SHA256

18ce929380ab15f9e9d23d156ff3cff56b94e33641a40379f57e7adc91130c3f
SHA512

1966c014c929f8feff29f00aff837769b232890ad572b46d8056ea7b18de9b970ea8cdce0014fc2d040fc62476c1ffce222ad6b9209dfaec0bf535546de25147
SSDEEP

1572864:f85PaKHmqV6kLdNjObU5LwsagSbZFgagYjhSuyDV09arU7:uPaq1VddNaAwsa3bjhHyh09aA7

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  GalaxiaViva.exe
- Size
  
  69.8MB
- MD5
  
  62bda6829e7b08bd8f3c5b4057fa238f
- SHA1
  
  b3cadccbe3199cf72c8dd110b463137eed013e09
- SHA256
  
  18ce929380ab15f9e9d23d156ff3cff56b94e33641a40379f57e7adc91130c3f
- SHA512
  
  1966c014c929f8feff29f00aff837769b232890ad572b46d8056ea7b18de9b970ea8cdce0014fc2d040fc62476c1ffce222ad6b9209dfaec0bf535546de25147
- SSDEEP
  
  1572864:f85PaKHmqV6kLdNjObU5LwsagSbZFgagYjhSuyDV09arU7:uPaq1VddNaAwsa3bjhHyh09aA7
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  69.5MB
- MD5
  
  d69a8e4836dc74e3df52a4be7ce897d7
- SHA1
  
  86960d11064df344292bc656f87a889bc270f526
- SHA256
  
  b65b350aca339edcef90ee56996ff4b9e2b423e7fc62333de675b016c109bd83
- SHA512
  
  de0d2d21f27828122ac0a6be60b554580aa0c12c1e6762b3f00f77a43c64f38edce62dfe6e7b30656b859886e918b26a2e2d34c6358c8c51c03287b56dea4f2b
- SSDEEP
  
  1572864:w85PaKHmqV6kLdNjObU5LwsagSbZFgagYjhSuyDV09ar6:XPaq1VddNaAwsa3bjhHyh09am
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  Installer.exe
- Size
  
  147.0MB
- MD5
  
  2fcb65fc8b2bc9505da8dd94033cc7ad
- SHA1
  
  ff12916a1d57eb26d9e5856d91c450b155a35f65
- SHA256
  
  708543f3ca34ffe8e4d33c09560d4e190fe35bd2aa7a57369291174d537ffc32
- SHA512
  
  4927ede0dead3f947513add783a150245185ae1872b0f59d8159448423b33e636956e69b8278c37f62dd9a6a4ca59247f83beea4d59d1a6832ce5ce4533ed585
- SSDEEP
  
  1572864:EgGRqQdeZ4K5M0PmL0g6dKXPRYGO1QwOVnMKVbmd6LpL28nHQ5OneFBlwb:OV6msmCUhN4lS
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  6.3MB
- MD5
  
  6e638956244aaded2c92b77f9d421a81
- SHA1
  
  f5269556b6fe04cfca5a1da21af718641708a666
- SHA256
  
  652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e
- SHA512
  
  f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1
- SSDEEP
  
  24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn
Score

1^/10
behavioral11 behavioral12
- Target
  
  chrome_100_percent.pak
- Size
  
  126KB
- MD5
  
  44a69827d4aa75426f3c577af2f8618e
- SHA1
  
  7bdd115425b05414b64dcdb7d980b92ecd3f15b3
- SHA256
  
  bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
- SHA512
  
  5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049
- SSDEEP
  
  3072:DKzwqCT4w/qzOovg6/Csp7O2o418Gb0+VRLf0ld0GY3cQ39Vm2I:DKzwt44yrgKpyK18Gb0OV8ld0GecQ3f2
Score

3^/10
behavioral13 behavioral14
- Target
  
  chrome_200_percent.pak
- Size
  
  175KB
- MD5
  
  9c379fc04a7bf1a853b14834f58c9f4b
- SHA1
  
  c105120fd00001c9ebdf2b3b981ecccb02f8eefb
- SHA256
  
  b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
- SHA512
  
  f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13
- SSDEEP
  
  3072:oDQYaEQN6AJPgqzOovg6/Csp7rfR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNN:oDQYaNN68gyrgKpngx5GMRejnbdZnVEd
Score

3^/10
behavioral15 behavioral16
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  cb9807f6cf55ad799e920b7e0f97df99
- SHA1
  
  bb76012ded5acd103adad49436612d073d159b29
- SHA256
  
  5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
- SHA512
  
  f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62
- SSDEEP
  
  49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI
Score

1^/10
behavioral17
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  9eaea9979eaaceb2874e898c753974f7
- SHA1
  
  89fd07f1af4a235ea699006d9128b9f071d4cf61
- SHA256
  
  96b6556b2130751422b836db4e2a18517733e4d92a6628dd96fed4ef7c335ab2
- SHA512
  
  1ea096a2f4f533e9ca648d35e7b10cc1ab6c44f0ec8000fe55f2de187dec8ae0fb6e88a5fdff093ae6ea5334ec66e10b8201becae1ebb7471808b27b0f419247
- SSDEEP
  
  49152:6YuqVaqc35GHXVNtcZ44yODvSEbO/1o/GRRpYN4MJ8eIknusyUUjkU+jLtyTzQVD:6YLVl54yODvH/ySJUiLtyTzQVkU5qkJx
Score

1^/10
behavioral18 behavioral19
- Target
  
  libEGL.dll
- Size
  
  464KB
- MD5
  
  504f695201c11a3c3fea7794b2e30438
- SHA1
  
  0709b6d703235b945c323fd59f72ccbe5985ab95
- SHA256
  
  1b90b893e82dea90caa19eaf773dc989406b8ca518dee803053ea9359d49c0e7
- SHA512
  
  dc1b4c633f728eb051adea4c18959cee9ab3900441606055eb565afecc4cba7e3c50c3fed4d058839ad1411c0195d53fdb86281af3159c1faab0a7db70467b4a
- SSDEEP
  
  6144:63rGS+e87yDqHfFetvM/jvtGgJ53B6Zj8s1al2zl0ovk1S87e:AGS+e87A6eZM/jvtGgJZB6ZirS
Score

1^/10
behavioral20 behavioral21
- Target
  
  libGLESv2.dll
- Size
  
  7.0MB
- MD5
  
  549f919f0ba15ba2554a749d19459809
- SHA1
  
  88af358173817e6da196be70c0773b4d07b28524
- SHA256
  
  ce1ed0fb50875472fb3e0a9a357e243a80f374b18be406dd2d8db90da5e75909
- SHA512
  
  0d1473f948737297fa54985b6ea18860cca20d437d4e978c53ca09078f40956f7076ca1671735ade0ac4e3cb24eec0388d015b7fab1a70ca041673865abeab06
- SSDEEP
  
  49152:8cRs1/VOY14IRwMqs5Jbkqd0bRh7yWXSnYUIV2Wi5zi1lJf3Lnn6cB7/h2Hmbs2t:XG2Ipp9eR+UDGRSoGetN42n1
Score

1^/10
behavioral22 behavioral23
- Target
  
  locales/de.pak
- Size
  
  367KB
- MD5
  
  cfc9d90273c31ccf66d81739aa76306a
- SHA1
  
  ecab570041654b147b3dd118829e2f7ae668f840
- SHA256
  
  8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a
- SHA512
  
  c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380
- SSDEEP
  
  6144:F+QNkAjzYyqSFaPjON3Be0mzBWCj0Xs5HgIxBI0gql:cQLjMyvFaCN3mzBd5xy0gql
Score

1^/10
behavioral24 behavioral25
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral26 behavioral27
- Target
  
  vk_swiftshader.dll
- Size
  
  4.8MB
- MD5
  
  6de7d79b89044a3c307b84b7e77085ce
- SHA1
  
  8b8f1b4391b8bd2481314e209b34ca00b0171f10
- SHA256
  
  5377dc1e04d1dafc540565c2e82e80066603794e94a433e8cb76cdb2e269ccc7
- SHA512
  
  1560accac1185a5ca334373d7521a1834b2d26160fe26797b135badee0f1220ab023bbaee48c69de7d8f869534d772dac31c67e19225d253842c3750a6577121
- SSDEEP
  
  49152:cveyoM/h2BPSjPJEvoSNxxJanAf9dX2kcngUkomWPG2pu6n9MT5F9AZCeqx7l1ZP:WQM/agZaHt7A4P/
Score

1^/10
behavioral28 behavioral29
- Target
  
  vulkan-1.dll
- Size
  
  858KB
- MD5
  
  1fa7e2a7de659abf98500dad8a8559d9
- SHA1
  
  e915365296802e1a2556d5b4bc12673e5d98e5e4
- SHA256
  
  eb4ed249c3fba6607dccadb24e96f336dfb6106984d1e7b3c49aa00e9dbbb0dd
- SHA512
  
  3f93b5495a3247dc9fd760a77d06b952f6cf1217749d9715ab3ecc4ed8816604b535332dd79d89cfa6cfd2c1abffa6a20c5c447e85c078870ccd4fd46d659dcf
- SSDEEP
  
  12288:xefVW1lX8MvG9E0wsYox2Nmp6yWEaAT6bJUQzH3To+vAEir1iS:xOcTX8p20wsYHmXaATmXj2F
Score

1^/10
behavioral30 behavioral31
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32