Overview

overview

7

Static

static

3

SenPalia I...er.exe

windows7-x64

7

SenPalia I...er.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

Sen24Insta...SC.exe

windows7-x64

1

Sen24Insta...SC.exe

windows10-2004-x64

7

d3dcompiler_47.dll

windows10-2004-x64

3

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

3

libGLESv2.dll

windows10-2004-x64

3

locales/af.ps1

windows7-x64

1

locales/af.ps1

windows10-2004-x64

1

locales/uk.ps1

windows7-x64

1

locales/uk.ps1

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

3

vk_swiftshader.dll

windows10-2004-x64

3

vulkan-1.dll

windows7-x64

3

vulkan-1.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fa637f04205998b312dee522a694b5f4e3629e38c0c97ecac5910a59414462e.zip

  • Size

    74.4MB

  • Sample

    240410-cl2j1sfb9s

  • MD5

    cd8965f100307025a9562c8ab7bdc021

  • SHA1

    015426b91df70d80bc3f40233ab19eacfddc3791

  • SHA256

    6fa637f04205998b312dee522a694b5f4e3629e38c0c97ecac5910a59414462e

  • SHA512

    3c368d3d28538a94b8a8e4055e91b6aab648461d320d9a49b0b46cc7c9b1eb7a39aeb33430d61a7d99fdbea5016eb86e858f428118eb94ee742f732872a3783f

  • SSDEEP

    1572864:ySv5+KBjaR1x7pB+3PPxVKPRBb0n1eoGyHg+EMzR12sok8RJl:tAuaR1F+BVyROn1eUH6i2sCp

Score
7/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      SenPalia Installer.exe

    • Size

      74.4MB

    • MD5

      bc181331f428bb02109541c553c07b4b

    • SHA1

      d6c1a161f9a60a357cc5c7d6cc5febed12f19eee

    • SHA256

      51298c3f8bf5253334c02f9ac1c3f5a465e23707d6c063515a7defc1a3a50a91

    • SHA512

      73f0b53a1a623879630ff894b8bd832ef8f9bf034213c713f3933e65d5f6243dc3722a2cd46adbaa1a0f48a7e5adeccd57ebf7f61d359fe053fe299501a8c3ab

    • SSDEEP

      1572864:946LBYjCvct2YQi2JrydyxvgJnsI0SNcucgzxTMWIyeKx:9LuCct2R3rEySJnsqN0QMWM

    Score
    7/10
    discovery

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    behavioral10behavioral9

    • Target

      LICENSES.chromium.html

    • Size

      7.9MB

    • MD5

      312446edf757f7e92aad311f625cef2a

    • SHA1

      91102d30d5abcfa7b6ec732e3682fb9c77279ba3

    • SHA256

      c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b

    • SHA512

      dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

    • SSDEEP

      24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj

    Score
    1/10
    behavioral11behavioral12

    • Target

      Sen24InstallerPaliaSC.exe

    • Size

      131.9MB

    • MD5

      105a7eae565ac472ac456c1b4b0a5b61

    • SHA1

      c5672809571f1cabfe1518d2791eefe4aef7affb

    • SHA256

      b07a5160659ab0a5bed5962998aace075be118381d353510125542c0d65fdd3e

    • SHA512

      34fde1aa4983b8a7f5f09fd8043857f1c42feee2880d413acd18f0f250cdefe75d7d583c271c4caac0db0b41438c28075e4336ce0d19b09610610bc9c78013ef

    • SSDEEP

      1572864:+4sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVF:3l/BkVVPBDgmPKa5Wnu3X7

    Score
    7/10
    spywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral13behavioral14

    • Target

      d3dcompiler_47.dll

    • Size

      3.9MB

    • MD5

      3b4647bcb9feb591c2c05d1a606ed988

    • SHA1

      b42c59f96fb069fd49009dfd94550a7764e6c97c

    • SHA256

      35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

    • SHA512

      00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

    • SSDEEP

      49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd

    Score
    3/10
    behavioral15

    • Target

      ffmpeg.dll

    • Size

      2.5MB

    • MD5

      1bb0e1140ef08440ad47d80b70dbf742

    • SHA1

      c2e4243bad76b465b5ab39865ac023db1632d6b0

    • SHA256

      c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671

    • SHA512

      29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

    • SSDEEP

      49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA

    Score
    1/10
    behavioral16behavioral17

    • Target

      libEGL.dll

    • Size

      371KB

    • MD5

      e0a5d1a5d55dffb55513acb736cef1c1

    • SHA1

      307fc023790af5bf3d45678de985e8e9f34896f7

    • SHA256

      aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669

    • SHA512

      094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

    • SSDEEP

      6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW

    Score
    1/10
    behavioral18behavioral19

    • Target

      libGLESv2.dll

    • Size

      6.4MB

    • MD5

      44f7c21b6010048e0dcdc43d83ebd357

    • SHA1

      d0a4dfd8dbae1a8421c3043315d78ecd84502b16

    • SHA256

      f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de

    • SHA512

      7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

    • SSDEEP

      98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC

    Score
    3/10
    behavioral20behavioral21

    • Target

      locales/af.pak

    • Size

      368KB

    • MD5

      7e51349edc7e6aed122bfa00970fab80

    • SHA1

      eb6df68501ecce2090e1af5837b5f15ac3a775eb

    • SHA256

      f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97

    • SHA512

      69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

    • SSDEEP

      6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd

    Score
    1/10
    behavioral22behavioral23

    • Target

      locales/uk.pak

    • Size

      688KB

    • MD5

      ee70e9f3557b9c8c67bfb8dfcb51384d

    • SHA1

      fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e

    • SHA256

      54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22

    • SHA512

      f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

    • SSDEEP

      12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK

    Score
    1/10
    behavioral24behavioral25

    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10
    behavioral26behavioral27

    • Target

      vk_swiftshader.dll

    • Size

      4.5MB

    • MD5

      65a5705d95a0820740b3396851ff1751

    • SHA1

      a692a80bafc41ba1b29ef19890f8465b3fb20dcb

    • SHA256

      4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c

    • SHA512

      0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

    • SSDEEP

      98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI

    Score
    3/10
    behavioral28behavioral29

    • Target

      vulkan-1.dll

    • Size

      786KB

    • MD5

      a947c5d8fec95a0f24b4143ced301209

    • SHA1

      ebf3089985377a58b8431a14e22a814857287aaf

    • SHA256

      29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa

    • SHA512

      75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

    • SSDEEP

      24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+

    Score
    3/10
    behavioral30behavioral31

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec0504e6b8a11d5aad43b296beeb84b2

    • SHA1

      91b5ce085130c8c7194d66b2439ec9e1c206497c

    • SHA256

      5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

    • SHA512

      3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

    • SSDEEP

      96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr

    Score
    3/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

spywarestealer
Score
7/10

behavioral15

Score
3/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.