49d3da4a93495e17dc507de8e4e25cd5a038d199da49e34250f423b9fcfedca9

Resubmissions

16/04/2024, 19:44

240416-yfyf3aag99 7

16/04/2024, 19:29

240416-x7jljscb21 7

Sharing

Copy URL

Twitter E-mail

General

Target

Mauqes.exe
Size

74.4MB
Sample

240416-yfyf3aag99
MD5

14e19ac4fb9d73eddbddbf39f020b36b
SHA1

1a8caccf9c6f59c2562e39f475ed0e5f0e8c334c
SHA256

49d3da4a93495e17dc507de8e4e25cd5a038d199da49e34250f423b9fcfedca9
SHA512

57ffc0a2dd876967643bfe70297ca8d17a0df6dfbf764e7ec14e9b82a1910c03c170be0c9b1d463e82cf88f2504677c93afd3ea5ebbd0842d60b595f3eef8f4a
SSDEEP

1572864:oP6LBY5tJfzUYQdgJnsI0SNcucgzxTMWIyFk2JrydyQ:o2uqR+JnsqN0QMWxrEy

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  Mauqes.exe
- Size
  
  74.4MB
- MD5
  
  14e19ac4fb9d73eddbddbf39f020b36b
- SHA1
  
  1a8caccf9c6f59c2562e39f475ed0e5f0e8c334c
- SHA256
  
  49d3da4a93495e17dc507de8e4e25cd5a038d199da49e34250f423b9fcfedca9
- SHA512
  
  57ffc0a2dd876967643bfe70297ca8d17a0df6dfbf764e7ec14e9b82a1910c03c170be0c9b1d463e82cf88f2504677c93afd3ea5ebbd0842d60b595f3eef8f4a
- SSDEEP
  
  1572864:oP6LBY5tJfzUYQdgJnsI0SNcucgzxTMWIyFk2JrydyQ:o2uqR+JnsqN0QMWxrEy
Score

7^/10

discovery
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral5
- Target
  
  $PLUGINSDIR/app-32.7z
- Size
  
  74.0MB
- MD5
  
  06d2ecefe951040fa80fc7e71231afdd
- SHA1
  
  bf9593f195801f81591c737bb720c33087552c1c
- SHA256
  
  be4511a1cde25b04682e214fa507ecd4638d72be8d71cb6b1c4e20da5111756d
- SHA512
  
  049d3d4b0c3fe21d8db2dbb20678a313dc88d8cefe022ce61b9a11c67311f1e600ce6d5263975793d17fa8bb2da521f621148d302f62edef0a0104feceeacad3
- SSDEEP
  
  1572864:r6LBY5tJfzUYQdgJnsI0SNcucgzxTMWIyFk2JrydyQ0:yuqR+JnsqN0QMWxrEyL
Score

3^/10
behavioral6
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral7
- Target
  
  LICENSES.chromium.html
- Size
  
  7.9MB
- MD5
  
  312446edf757f7e92aad311f625cef2a
- SHA1
  
  91102d30d5abcfa7b6ec732e3682fb9c77279ba3
- SHA256
  
  c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
- SHA512
  
  dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333
- SSDEEP
  
  24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
Score

1^/10
behavioral8
- Target
  
  asdasdasd.exe
- Size
  
  131.9MB
- MD5
  
  7bfb255681df845fa08e937447fa5c4a
- SHA1
  
  3132cb69dbcf8964b9f8f286b2e2a14e47e614f7
- SHA256
  
  b018ff7173447e00dcdf50ea416152ca45eafa0b373d15c02a45f52ae9ce142c
- SHA512
  
  85aab548b1bfd1d9c4323af21a3c4231c75e8bd4484df53137799043c63677827779c3e99c00a95d5ea713165d29c9c95978a510c9ae33676e8656faf6e15228
- SSDEEP
  
  1572864:84sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVv:hl/BkVVPBDgmPKa5Wnu3X7
Score

7^/10
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral9
- Target
  
  chrome_100_percent.pak
- Size
  
  124KB
- MD5
  
  acd0fa0a90b43cd1c87a55a991b4fac3
- SHA1
  
  17b84e8d24da12501105b87452f86bfa5f9b1b3c
- SHA256
  
  ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
- SHA512
  
  3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774
- SSDEEP
  
  3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
Score

3^/10
behavioral10
- Target
  
  chrome_200_percent.pak
- Size
  
  173KB
- MD5
  
  4610337e3332b7e65b73a6ea738b47df
- SHA1
  
  8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
- SHA256
  
  c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
- SHA512
  
  039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51
- SSDEEP
  
  3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
Score

3^/10
behavioral11
- Target
  
  d3dcompiler_47.dll
- Size
  
  3.9MB
- MD5
  
  3b4647bcb9feb591c2c05d1a606ed988
- SHA1
  
  b42c59f96fb069fd49009dfd94550a7764e6c97c
- SHA256
  
  35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
- SHA512
  
  00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50
- SSDEEP
  
  49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
Score

3^/10
behavioral12
- Target
  
  ffmpeg.dll
- Size
  
  2.5MB
- MD5
  
  1bb0e1140ef08440ad47d80b70dbf742
- SHA1
  
  c2e4243bad76b465b5ab39865ac023db1632d6b0
- SHA256
  
  c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
- SHA512
  
  29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a
- SSDEEP
  
  49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA
Score

1^/10
behavioral13
- Target
  
  icudtl.dat
- Size
  
  10.1MB
- MD5
  
  d89ce8c00659d8e5d408c696ee087ce3
- SHA1
  
  49fc8109960be3bb32c06c3d1256cb66dded19a8
- SHA256
  
  9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
- SHA512
  
  db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37
- SSDEEP
  
  98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
Score

3^/10
behavioral14
- Target
  
  libEGL.dll
- Size
  
  371KB
- MD5
  
  e0a5d1a5d55dffb55513acb736cef1c1
- SHA1
  
  307fc023790af5bf3d45678de985e8e9f34896f7
- SHA256
  
  aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
- SHA512
  
  094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f
- SSDEEP
  
  6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW
Score

1^/10
behavioral15
- Target
  
  libGLESv2.dll
- Size
  
  6.4MB
- MD5
  
  44f7c21b6010048e0dcdc43d83ebd357
- SHA1
  
  d0a4dfd8dbae1a8421c3043315d78ecd84502b16
- SHA256
  
  f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
- SHA512
  
  7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c
- SSDEEP
  
  98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC
Score

3^/10
behavioral16
- Target
  
  locales/en-US.pak
- Size
  
  338KB
- MD5
  
  5e3813e616a101e4a169b05f40879a62
- SHA1
  
  615e4d94f69625dda81dfaec7f14e9ee320a2884
- SHA256
  
  4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
- SHA512
  
  764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594
- SSDEEP
  
  6144:xiLqIY2MuZYLMMP9ecGmM8faYdY4K55TiSbn8vMwS:xiLqIp34MM+mM0Y55eSKMwS
Score

3^/10
behavioral17
- Target
  
  resources.pak
- Size
  
  5.0MB
- MD5
  
  7d5065ecba284ed704040fca1c821922
- SHA1
  
  095fcc890154a52ad1998b4b1e318f99b3e5d6b8
- SHA256
  
  a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
- SHA512
  
  521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d
- SSDEEP
  
  98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
Score

3^/10
behavioral18
- Target
  
  resources/app.asar
- Size
  
  44.8MB
- MD5
  
  d9be45a20c59b9ed861905fc6ab1d5ba
- SHA1
  
  f2d56ea7cf841c89544a7f6e79cd1addaa362d0d
- SHA256
  
  6512399a6daa4052e7a78a9d3ef3abe452b33c393a51d134403b344eb7670be8
- SHA512
  
  738643884b4868184c6bedbdbf6535ea2225485548aaa063d82a1c8eb23315e587e047c24525a99b05602014eb2168e1a295e4142d21fd52b14a96a104eb38ad
- SSDEEP
  
  786432:7/Wy7lAnutWTAZKRP4QDM0WyfzANtP6ChuVc:71lmwizANtP6ChuVc
Score

3^/10
behavioral19
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral20
- Target
  
  snapshot_blob.bin
- Size
  
  214KB
- MD5
  
  916127734bc7c5b0db478191a37fc19a
- SHA1
  
  f9d868c2578f14513fcb95e109aec795c98dbba3
- SHA256
  
  e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801
- SHA512
  
  d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297
- SSDEEP
  
  3072:PCwB4XM5LZsfo0p7SnaCCz3wqTYLmN6hdSajAvDGc/dH4WBlkwHvwi0UQn1nWIa3:KwNsf5PBt
Score

3^/10
behavioral21
- Target
  
  v8_context_snapshot.bin
- Size
  
  511KB
- MD5
  
  4f4d00247758c684c295243ddedd2948
- SHA1
  
  f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
- SHA256
  
  4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
- SHA512
  
  2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45
- SSDEEP
  
  6144:51ZU4IFZ/X+KBIViMMg8zYOK8B4UnK83ItBaUHK:nZaZ/OiY2BnrUAF
Score

3^/10
behavioral22
- Target
  
  vk_swiftshader.dll
- Size
  
  4.5MB
- MD5
  
  65a5705d95a0820740b3396851ff1751
- SHA1
  
  a692a80bafc41ba1b29ef19890f8465b3fb20dcb
- SHA256
  
  4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
- SHA512
  
  0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d
- SSDEEP
  
  98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI
Score

3^/10
behavioral23
- Target
  
  vk_swiftshader_icd.json
- Size
  
  106B
- MD5
  
  8642dd3a87e2de6e991fae08458e302b
- SHA1
  
  9c06735c31cec00600fd763a92f8112d085bd12a
- SHA256
  
  32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
- SHA512
  
  f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
Score

3^/10
behavioral24
- Target
  
  vulkan-1.dll
- Size
  
  786KB
- MD5
  
  a947c5d8fec95a0f24b4143ced301209
- SHA1
  
  ebf3089985377a58b8431a14e22a814857287aaf
- SHA256
  
  29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
- SHA512
  
  75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3
- SSDEEP
  
  24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+
Score

3^/10
behavioral25
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10
behavioral26
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral27
- Target
  
  $R0/Uninstall asdasdasd.exe
- Size
  
  135KB
- MD5
  
  c19800b5afd0a1cd4bb8582e02b99c14
- SHA1
  
  5273804157c1bc20dfa3e41ac30c1e829c34cfd7
- SHA256
  
  a823c20b85e04cedb0a326f5e1c8b7461548dd5c7a323de6a8316a036aff935a
- SHA512
  
  6ebf8a45ee0d8109ada63d5966163c3fe209d654e6a6bbc7ff6ccd6dd10f86545d3d0f079f0a4bfec5fac8ff2be3642fc0100b2618528e8973bfe80a90919c84
- SSDEEP
  
  3072:sn77v00hEoDEtautceAsg82aH2tvhOEA1RJCir86SrSrv6Ia3B:s740Idmsg82s2t0EyL+yax
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral28
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral29
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral30
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral31
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Drops startup file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Looks up external IP address via web service

Loads dropped DLL

Looks up external IP address via web service

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32