8244d3c049d38b92198166cd4f16d6a77f67c731fd157683c25decf4e699867e

Sharing

Copy URL

Twitter E-mail

General

Target

dragonsetup.exe
Size

113.7MB
Sample

240416-ybd7maaf78
MD5

209ed849ea99b3d77c39dc916e2485ee
SHA1

98167b5e5d6b4166d11fcd677594bba3cea9ead7
SHA256

8244d3c049d38b92198166cd4f16d6a77f67c731fd157683c25decf4e699867e
SHA512

58dff600787b5562c519cca057fdf775ad30da8ca78f58dbb90f40ee0a61aea611e751dceecec613a740003619d3872bec61e9b654066896eaf22385dd843960
SSDEEP

3145728:3zf1QxlgnbaiR8AKUvUx70l/NDNfYoIznV:3j1QxObaiR8zUE70bDmoQnV

Score

7^/10

Malware Config

Targets

- Target
  
  dragonsetup.exe
- Size
  
  113.7MB
- MD5
  
  209ed849ea99b3d77c39dc916e2485ee
- SHA1
  
  98167b5e5d6b4166d11fcd677594bba3cea9ead7
- SHA256
  
  8244d3c049d38b92198166cd4f16d6a77f67c731fd157683c25decf4e699867e
- SHA512
  
  58dff600787b5562c519cca057fdf775ad30da8ca78f58dbb90f40ee0a61aea611e751dceecec613a740003619d3872bec61e9b654066896eaf22385dd843960
- SSDEEP
  
  3145728:3zf1QxlgnbaiR8AKUvUx70l/NDNfYoIznV:3j1QxObaiR8zUE70bDmoQnV
Score

7^/10

discovery persistence spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/InstallHelperPlugin.dll
- Size
  
  2.7MB
- MD5
  
  64f5c4568fb6c25a8f92a59e511423b0
- SHA1
  
  b606d12fe7b26d2f308c5fad6628b46c3221e821
- SHA256
  
  656ef52a9787664370e89e7b9e967300b3b1e65a8409058ac608720fb6adf752
- SHA512
  
  80590d5b94031368857d6a3ba8f25e94b9a26f6dc5f44bd221870b714d5675205b4fb05d3ea2e5820abf654fd274e8f98e3bb22801d9305d75f134a610ef835c
- SSDEEP
  
  49152:GM6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwY:V666666666666666666666666666666V
Score

1^/10
behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  033ee34c40e8fa85bf2739bcb2f3e186
- SHA1
  
  2ca942f35f77f37df3fc6097acac34f2e77341b7
- SHA256
  
  c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
- SHA512
  
  2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
- SSDEEP
  
  384:ErC43tPegZ3eBaRwCPOYY7nNYXCT/Yosa:EmTgZ3eBTCmrnNAh
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll
- Size
  
  5.8MB
- MD5
  
  2e13e03b7cf2d8c8338bbc3d29fd3e07
- SHA1
  
  173e6e67c5315474765dcd303b3214d5600c48ea
- SHA256
  
  ea1552de423ed1768bace344d9a07bf529845c75fe6fc6ce3c4ba91d4aae5409
- SHA512
  
  94220a07aea2f4a45ef6b7566baba5a9ce73e70236bf97fc2489bee50b662f3fd05824d7804dd544eef85d73e69091aaae5de3094f0866bf51521024eb3d168d
- SSDEEP
  
  98304:eF0Kg9frmFcqlMZ4vpHfOVlQnzW4Aogn/oXFdAaTZ8GcB7d0:eFFA7t2RHfYlQZJgTamGcBi
Score

1^/10
behavioral4
- Target
  
  $PLUGINSDIR/SecureDNSPlugin.dll
- Size
  
  2.1MB
- MD5
  
  ac9d241925b41bf7d897487a1c492bdd
- SHA1
  
  b592973b90fde9854695e639c7c06d7416043ef8
- SHA256
  
  cfc7f0a6ca334c46f72c97cfc578619eb615912d7fcd83ed05532d6dcb1baf98
- SHA512
  
  7923a3af06c438972d4c9c91fb03d9ed9cfc93f9116a8fff2eaed9d2807495b501cbb7aa7ed177d22826810f1a63627e54948ed996c10d9e58931b2104d62e09
- SSDEEP
  
  49152:Tv4n/OcMUs1Zp/UVA8cfs21J/w3aoFVLgOvBarCep+Ch6LXT9Sc6KRj9fU3S7:Ob+8cV1JY3aapgO5arCe9h6LXTcc6KRb
Score

1^/10
behavioral5
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  99KB
- MD5
  
  98a4efba4e4b566dc3d93d2d9bfcab58
- SHA1
  
  8c54ae9fcec30b2beea8b6af4ead0a76d634a536
- SHA256
  
  e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48
- SHA512
  
  2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0
- SSDEEP
  
  1536:Lyy+HcFWrX52XWcS15c4DBVOw/bEQvWt6uouMw5m0mhdBu4NpBTvO7Fvo6mVS6oN:Oy+8ozImcSNd1YHbMbC
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0ff2d70cfdc8095ea99ca2dabbec3cd7
- SHA1
  
  10c51496d37cecd0e8a503a5a9bb2329d9b38116
- SHA256
  
  982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
- SHA512
  
  cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
- SSDEEP
  
  192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA
Score

3^/10
behavioral7
- Target
  
  $PLUGINSDIR/license.rtf
- Size
  
  399KB
- MD5
  
  12a533733784ad2e28d8239583c7f81b
- SHA1
  
  28affdb7af6bfbfb1c9828673d918402d2f1d398
- SHA256
  
  677fd1c9d60032ead052f28265a9e175396b0db4487351bee48e7d53b45555eb
- SHA512
  
  aa6541ab6e4b63158b04bc3c8c2ce156a27be661b8f985c6e9b4737177ad9b821528519d5cadb9a9936168cebe339cb82d91b8dec9bd7d8eba6afc2f71a5611c
- SSDEEP
  
  1536:fKgLHGOj4iaXRXeSWmgMeI1P3e+Zf7OYcc57uBppgUkkBD6dRGYKL/ztWOj+/Dgc:nb8ICYHBv15rvq26
Score

1^/10
behavioral8
- Target
  
  $PLUGINSDIR/linker.dll
- Size
  
  7KB
- MD5
  
  4e944d80e84525628c17a3a180032aa2
- SHA1
  
  e3c60df479140729c4f22791fddc70d96f151d96
- SHA256
  
  0503059d7fdcc3f9dc3d03fbd09b69005caaeb697d3ba1aadfd7be3af1f99874
- SHA512
  
  1d6dc455b0f6cbd1f4f4a01d3bfad4e21a09b5f83377e63318fb1379fea5545b4401bb80613f58b05237fbff61a43d1413e83747f62c84c6cf25ccbf05ad02dc
- SSDEEP
  
  96:efJl0ef3f8syw4CIXdpWODGQEkTyf36qtHbk3gvOa:eBl0cP85ftpWG9EkqttHbLvr
Score

3^/10
behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  d6c3dd680c6467d07d730255d0ee5d87
- SHA1
  
  57e7a1d142032652256291b8ed2703b3dc1dfa9b
- SHA256
  
  aedb5122c12037bcf5c79c2197d1474e759cf47c67c37cdb21cf27428854a55b
- SHA512
  
  c28613d6d91c1f1f7951116f114da1c49e5f4994c855e522930bb4a8bdd73f12cadf1c6dcb84fc8d9f983ec60a40ac39522d3f86695e17ec88da4bd91c7b6a51
- SSDEEP
  
  192:oWa8cSzvTyl4tgi8pPjQM0PuAg0YNyZIFtSP:DaBSzm+t18pZ0WAg0RZIFg
Score

3^/10
behavioral10
- Target
  
  $PLUGINSDIR/nsJSON.dll
- Size
  
  7KB
- MD5
  
  78b913fcd04259634a5e901c616e6074
- SHA1
  
  ad5e1c651851a1125bcad79b01ccdcfa45df4799
- SHA256
  
  e3ce60666bb88c2412615ef9f432ec24e219532dee5cc1c7aebc65ed9ec94d59
- SHA512
  
  cbe07179dd93011f3d9a8f83541961ff34fb83d96658ac82a433ef0aa3399b183eaec3e6a49ec1c1e478d1eada2d3ebc78ffb1ae0574984ae66a7a9cab5d59e5
- SSDEEP
  
  192:QTIBadVjvTMEE7bZATR4N65bhztNDcrGu:QkkV/JE7IR865bhTcau
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11
- Target
  
  $PLUGINSDIR/nsRichEdit.dll
- Size
  
  5KB
- MD5
  
  e81c4534fc882032078b39a01eece599
- SHA1
  
  4afd2f33f97ddd825ae0d7e22ad10e15854c093e
- SHA256
  
  add71c2a8ea08ca5a9ef7eb9e725443ae64939f7db0ad80e8adfb89267feb72b
- SHA512
  
  73874d23ff9c2eb573e961e730f17ba804734d79059d0b42c141be11c4cb923b9e377c4b17717e3acbfa00d0f3ba85d5addf933b54747b4b08434de956dc1f60
- SSDEEP
  
  96:ubs6zRonEMjZERSXL87ceU6AhOhB7lkZ3hBjB6wZ:azhMJLheUf+ZkZX
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral12
- Target
  
  $PLUGINSDIR/nsisdl.dll
- Size
  
  15KB
- MD5
  
  365e712eafd3fbfedcd9cd711526c977
- SHA1
  
  e5984443d51c95daa8ad3a7ea8c16e4f8b3e3466
- SHA256
  
  939e81ad5c29211790e5a1a8f6bea7b258bf37b55224631feb71dd31bb0ef852
- SHA512
  
  848f2fba59a2c19ee8d98d2ec7f8bc5132014601bb641179eea6d52695290d7ef21908bfd03482e065eb797dcb0f9f87591a9696c1ab399c739cd0348f2a67de
- SSDEEP
  
  384:Whyd8Y6pu8ZaLf6Uksnw1g8BUcyHisURb:Whyd8Y67WGg8B/Eih
Score

3^/10
behavioral13
- Target
  
  $PLUGINSDIR/version.dll
- Size
  
  22KB
- MD5
  
  fbe588b15eb1bd86defade69f796b56f
- SHA1
  
  2f63cf44039addddb22c2c0497673b49e6b3ad7a
- SHA256
  
  31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f
- SHA512
  
  e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d
- SSDEEP
  
  384:6Qx38r8QfiLpVjOXf4Rrd2IpZn8LI2EdGZ5D6PDo3rsyfyC8n:6Qx38r8Qgp1OvYd2zqGZ5D6PDmXf98
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral14
- Target
  
  WidevineCdm/_platform_specific/win_x86/widevinecdm.dll
- Size
  
  201KB
- MD5
  
  a5d2e984190d21beaa21a34e8f15da4a
- SHA1
  
  845bd2253553ef6296b62582566eaed1e1e72a8b
- SHA256
  
  56e9a542cd4fb7ddbe03ff3fab718b5f03a3e01447d0463ba0b8d28080a0ffea
- SHA512
  
  8577aa85424ba089936c892d477e938bec2ec8ee50ebb06291dd7ddda4b4fb97918415136c27bb01f0084ecbcd24d487269d7a9ef6f6bb5112446694eda90c0b
- SSDEEP
  
  6144:8W0GyR4o8ENm2eK7mnoUSgpAY8ODcDcm7cIsNSTa43E7lKtwAO1KQprS2:8WS4XfyE5brKarZ
Score

1^/10
behavioral15
- Target
  
  bundles/ccav_installer.exe
- Size
  
  8.9MB
- MD5
  
  25a371691bf11e30b24ebd315bb972d7
- SHA1
  
  458daa4dcdf8227069831e8342eb41689a6e5344
- SHA256
  
  08a38c341e88e586f36b185bc41bb2ff951260a00329f389ac2323e958df9d93
- SHA512
  
  0ed62de522ec0c672ad5af795e32f4493a7a04dafbebe1571753228f4670324dab592676aae2a71615bd2ca67c066fae828d847d22bc73009dba74956e727b20
- SSDEEP
  
  196608:kxBZqrin6pPG+GYxgC4Cbs6AKsMS0lbNR3u81qzzYx/n+:yBZYin+GUsLl0lZVu0x2
Score

6^/10

discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral16
- Target
  
  chrome_elf.dll
- Size
  
  2.5MB
- MD5
  
  da2feeb6acade61f1d31de705088b18d
- SHA1
  
  0aaba8314db7a0972bbafe12d911cd391bee7a02
- SHA256
  
  e188f182cd678b3929c9ade9922c1a02d9e15454046baf4aa71241dfcb39c6f1
- SHA512
  
  50911aeb33959591264f4aed218342444fbedd38fcf341c2de0db7db216e20f893a06ee63a39a173907ebef5885f0a3cbe477892d90e87aedb68cc4978d196bf
- SSDEEP
  
  49152:Uw6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwV:j6666666666666666666666666666664
Score

1^/10
behavioral17
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.0MB
- MD5
  
  d9712d33f13c76382d169ace4412950c
- SHA1
  
  aa9a70a2504652c74c954a19bddf9abbe5ed846e
- SHA256
  
  bf35aa54602bfacaf119a1f461f38318b6317560bd2922bbb70552b1859b0a5f
- SHA512
  
  01672dcddf65d3f98e6fad5368485ea804e14b94836ef52b238614865d14083ecba8cf5417afee8eea95d569092c552649d60974a8d645147304c406f713edb2
- SSDEEP
  
  98304:t4Xyn7IfxiYMzgom1mEU/AJC/vujMD9CUa:H09om1hU/Aavu4D9CUa
Score

3^/10
behavioral18
- Target
  
  dragon.exe
- Size
  
  3.7MB
- MD5
  
  1759ce8d9ba00e3da7767493082ebf55
- SHA1
  
  72ad25c40b5e4da1e7a3ef2f63c5326c3e7fee60
- SHA256
  
  de1aa6087d9d604d4b72ffe113b242d676e7a75b932906dab6a5605167412957
- SHA512
  
  11121750e9ed98a9ac023aed9ab9f46cb30281c499ee46d69e2b1438dc08b87c98b9243ae0ff1574de34a300d8092572154d87d4c1914dd36c995368041c5a7a
- SSDEEP
  
  98304:Yl35G6666666666666666666666666666666x666666666666666fwwwwwwwwwwO:Yl354NFq/wJE8s3
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral19
- Target
  
  dragon_install.exe
- Size
  
  38KB
- MD5
  
  54ca748e529703533a7bf1f98df48e8b
- SHA1
  
  a1ebc6154dfa79ab6a4db457cda2227d3cb48f3d
- SHA256
  
  7a52ce0ff8671e4766b49d80465a76b43eb67f1d82b2453df8615779183fccc4
- SHA512
  
  5085f51d8cc05e3f02c756fcc77f0ef8b9849fbf1e43ec6557ba46bf486b3be1c1c8ed3feaa873811b27c4ea20b03b92704fefb9eea8a8e0a7422707fe152267
- SSDEEP
  
  384:kqIkibl1lYnm2WJXtl/bQ/FP8J2aMSgp4aRcxrWf/PzrK4erMqPg96wFwkjvpHXR:BBBGvUp8J2UTdKSEqGHlkvbrwAyiRPw
Score

1^/10
behavioral20
- Target
  
  dragon_register.exe
- Size
  
  119KB
- MD5
  
  7967b9801cd729454e7250d9a2f6ddbc
- SHA1
  
  35bc53616206fc93e833b8ea924615d2121bd749
- SHA256
  
  6d21b73da7826cc2b8784429c0746068654098d6809686ec1a2de37cf4a75fdc
- SHA512
  
  472d60a30df3f29cb0b5f97a4a284ffbd8f3fd1eed68565fc712a55bfec799ad3b7c51eca420034acbffa0a2bd3cb68dd4dd758ad68f655080509def10d617b2
- SSDEEP
  
  3072:pu9Zu+/36ImFF4SbnHJetsE/kXuZSWpv7K3tbVg8ty:pu9ZvffmISdeuXBZS8E
Score

1^/10
behavioral21
- Target
  
  dragon_s.dll
- Size
  
  172.2MB
- MD5
  
  80a8a2ae9f0f6eac1c525df97c67b590
- SHA1
  
  d54771fb72f2b66214a35dc6e3d2c0d5ea3e4383
- SHA256
  
  affae89dfdbbb18ef4c0a1a870830cdddd423e60fc72a42bb987ae56df514a00
- SHA512
  
  3f1509b1e357deedfa7a5a581f52c6c2044d5c36da6908f19816613be309b154b1a17577c2c6260a672eb186d826c5d3a60dc14c18614ff3f1b24a17489fc9e5
- SSDEEP
  
  3145728:QEp6Ccl8pSGZeyDFtr6PLK617pE3ZJ+90Ho:QEECsxGZeyOK47CZJG0I
Score

3^/10
behavioral22
- Target
  
  dragon_updater.exe
- Size
  
  2.2MB
- MD5
  
  4c11a8c2b3a4fc3e656ebfa4ff8bc07d
- SHA1
  
  5a1a8f3e9f71cb885e1f3aeb291e491c22cb7408
- SHA256
  
  5c02cb663251c6fd6219494f96da2d5425a562b58b7dc577efac0c1adec5c952
- SHA512
  
  acd5a9cc3928b1ef1b7878369150a148d1ac25e51c54b78ee20c38ec1be92a5215a3b23483cb269a571e7ab3cd53bf8f62bc9ae35cec5f14fc726937219f7e00
- SSDEEP
  
  49152:tF8wyMDbWVglO/YPIeovdJw051ZiwE/hExhCmmypBx4:787MDSGO/YPIeov/l51ZiwE/hExqyPq
Score

1^/10
behavioral23
- Target
  
  elevation_service.exe
- Size
  
  2.9MB
- MD5
  
  913bea10f5a9a23861e4a406b01a8ca4
- SHA1
  
  fd96c957152cc9cd186af6d8da64f6ba4a76d90e
- SHA256
  
  0b63be0ba8ae908cdbf339a5e2d1678016b1a3d25882493ddeca217b4a9c3848
- SHA512
  
  d66c3d242960d13d87e94ccb1b2a78466e20b4230aff7b8bbeb5ad3e16257976abf84bb1a0b8279879ec41cd1605b5fd29ca5635778cbef8c1c39abd96984f11
- SSDEEP
  
  49152:Be6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwz:E666666666666666666666666666666W
Score

1^/10
behavioral24
- Target
  
  libEGL.dll
- Size
  
  375KB
- MD5
  
  c23ad99aa43d41318de5953a3d44ac2b
- SHA1
  
  26d24c18052b0c2e4defc57b1e95ab7c38068865
- SHA256
  
  8512c82b15ff10bd213da7b4e3417b16d400d21492e95752da8f114dd6a324e5
- SHA512
  
  c7fd821b7d309c3523debe49ebeab4b00df840e92c6a2d5fb99a6842c1ef1ca55ba915df4d14c47fc4c44329b0b4fb1ce1ba0f5617c3bc6bb862168de6268e5c
- SSDEEP
  
  6144:6Fj6Mmg/tqVUwMdssryt4GSmJGXVNUkRXqtTS:6p6ClwMdsuyImEFNUkSS
Score

1^/10
behavioral25
- Target
  
  libGLESv2.dll
- Size
  
  6.3MB
- MD5
  
  5a3d6c2e4c8b1a0c663710e075aba135
- SHA1
  
  b81ffaf3979bdafb3fb12abac00df88bfa21bc03
- SHA256
  
  2647f7adf5b294ace3934a0f096f815e7292de7311ac8ceb064d03ca1c8487fd
- SHA512
  
  8e8431afa8e18811be659a1a5e73217da6e3bf6667beedb5ed85a8b57d76fca2eef0df8440c9678807a6e9bcb49fb81a2bd805f6d2857e834fa9f07d3be095d5
- SSDEEP
  
  98304:U2z+7RIskSWkNRxsgO1rH4Ju6hBNWQzl/Le2ZaOPeNilZWFYy5VhY8ShBNp6/Uh1:Rz+7ErHYu6BHlTHeiXun5UNwhha
Score

3^/10
behavioral26
- Target
  
  locales/dragon_install.exe
- Size
  
  38KB
- MD5
  
  54ca748e529703533a7bf1f98df48e8b
- SHA1
  
  a1ebc6154dfa79ab6a4db457cda2227d3cb48f3d
- SHA256
  
  7a52ce0ff8671e4766b49d80465a76b43eb67f1d82b2453df8615779183fccc4
- SHA512
  
  5085f51d8cc05e3f02c756fcc77f0ef8b9849fbf1e43ec6557ba46bf486b3be1c1c8ed3feaa873811b27c4ea20b03b92704fefb9eea8a8e0a7422707fe152267
- SSDEEP
  
  384:kqIkibl1lYnm2WJXtl/bQ/FP8J2aMSgp4aRcxrWf/PzrK4erMqPg96wFwkjvpHXR:BBBGvUp8J2UTdKSEqGHlkvbrwAyiRPw
Score

1^/10
behavioral27
- Target
  
  locales/dragon_register.exe
- Size
  
  119KB
- MD5
  
  7967b9801cd729454e7250d9a2f6ddbc
- SHA1
  
  35bc53616206fc93e833b8ea924615d2121bd749
- SHA256
  
  6d21b73da7826cc2b8784429c0746068654098d6809686ec1a2de37cf4a75fdc
- SHA512
  
  472d60a30df3f29cb0b5f97a4a284ffbd8f3fd1eed68565fc712a55bfec799ad3b7c51eca420034acbffa0a2bd3cb68dd4dd758ad68f655080509def10d617b2
- SSDEEP
  
  3072:pu9Zu+/36ImFF4SbnHJetsE/kXuZSWpv7K3tbVg8ty:pu9ZvffmISdeuXBZS8E
Score

1^/10
behavioral28
- Target
  
  modules/coresys32.dll
- Size
  
  552KB
- MD5
  
  0368dc708c4beb959655df57fb977d07
- SHA1
  
  3cb5b8dd033d53014ed119187f3f75a44931be74
- SHA256
  
  22e16760928fdb928c473a71323286e7ce467e909e3953baba3dac53b6b9d966
- SHA512
  
  5e2b12911ae94433820a7c3405bcc26837228b2164d4be2f8574e843c18b84bf01366855b28e58a41afd3a7b79fd29f8ffa6251390ae0217eb585aa215473d95
- SSDEEP
  
  12288:lyZbN6/R1kdzE0BkDVoXmsUqDAf+UW0avTb28gvHjeiC7joOl90UucxKs4:l8N2izE0K0msUqDAf+UW0avTb28kq8kE
Score

3^/10
behavioral29
- Target
  
  modules/dragon_helper.exe
- Size
  
  2.5MB
- MD5
  
  fb73146fdde8674ff2de699759d7c882
- SHA1
  
  3cf5f8fe7e9e0cf6f567db65fdb8496e23d6e3d0
- SHA256
  
  1239a9ae886b211f8d0e3eb9411bcef329eba213142b4999f1c0a759e9efd213
- SHA512
  
  d39bc3e5c1bc74e6e45141737d34d4b7cf299f75da4ddc838a4f372f5331d98fbbcfcfd7946ffcf701b3914147f854b6cb33900ce551d3ec96d84396f7597fa8
- SSDEEP
  
  49152:DSQ+nxr2QWuPGKJKoL3ENbaLa1Y2rTSbtDjpAoaoewfhcotimutyWV:W/r2QneKJKe3Eaa1Y2rGbtDjpswf6f7
Score

1^/10
behavioral30
- Target
  
  modules/dragon_util.dll
- Size
  
  2.5MB
- MD5
  
  f064decf723b2ab04341a8bab62c3cf9
- SHA1
  
  d7b94805ebe5ae414463afe67f462dcb4c42a3e1
- SHA256
  
  f118d842ec6b068265ab4e16ab9f9f688857ac4d227ba7059fde899bc5f9ce8a
- SHA512
  
  a975b74cb2c16fdd6c1cd76e2c1e29039442935df129b4e54bf86a570a1faa1e25a58631bf141e30a606c0659b855547ce0edfe76d6aaaf7afe2ff30799b776e
- SSDEEP
  
  49152:2X6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwl:+666666666666666666666666666666g
Score

3^/10
behavioral31
- Target
  
  mojo_core.dll
- Size
  
  1.3MB
- MD5
  
  8c073f670b71394b922422cb3ea3a0a3
- SHA1
  
  9d57232681a0bc269a67242c9e3f8545caf726ce
- SHA256
  
  9b2c0fda0b9802dfba296f8e594ef48b9d030bf1a2b1d47c0020b3f64e8c9287
- SHA512
  
  51188e3507a4f70d048e60cfb0380b72f26538b6327d99897a5d08c15a13ad6f07d65ec07444c098695f67bdae175cde80a9557bcb47c6a680b6b83eee2e043f
- SSDEEP
  
  24576:Sy5k9j5NPK7Qg4q/asgCeeI1wIOPuHzDV11AVS8UHNSWv:C9j/PK14qisgIIrOPuH/V11U8SWv
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Reads user/profile data of web browsers

UPX packed file

Adds Run key to start application

Drops file in System32 directory

UPX packed file

UPX packed file

ACProtect 1.3x - 1.4x DLL software

UPX packed file

UPX packed file

Looks up external IP address via web service

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32