cade322bf1c5f58f44d8970de70ca83cf53d2d6ab5e43f53a8ed26a343c95309

Resubmissions

17/04/2024, 17:04

240417-vlpvbshe81 10

17/04/2024, 16:36

240417-t384vsfe75 6

Sharing

Copy URL

Twitter E-mail

General

Target

1_npp.8.6.3.portable.x64.zip
Size

8.5MB
Sample

240417-t384vsfe75
MD5

2bf7b316ba201c859d0e0b21722ac551
SHA1

602407aa754ef29b76d294922a83f320de4b19d5
SHA256

cade322bf1c5f58f44d8970de70ca83cf53d2d6ab5e43f53a8ed26a343c95309
SHA512

3f434c5bf630149d0c626f2142e1933325b6d930defea149982cd5ba5588be60a2667a809f81afddc62b975db3c2a95024b304c97f27e41866218a99bf5ea6b2
SSDEEP

196608:bzmu7WKqkGTSOwUDLMpvM4KBCmbhOj+UIs1mkSA1IND3RA:bznb9Ownp/0lTsUxND3RA

Score

6^/10

Malware Config

Targets

- Target
  
  npp.8.6.3.portable.x64/contextModel.html
- Size
  
  2.6MB
- MD5
  
  8f28087d8d0e716368314c2f1a159280
- SHA1
  
  7e383ae0f632c02ef98168b6c1a33fd449d6c393
- SHA256
  
  0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046
- SHA512
  
  aa21ab18a12a69ff25b24b1c255b0bdc7961985150b07a7f3f4b0909e212295bd781548cd8ea817f3144dfad845aff93df40a513bdb637db7b89bb08fff01eab
- SSDEEP
  
  49152:C+sGc1TASKVbmYIBotpg0TunuNeeigv0XIMw4h2pk4PxKS5VinRfepLm7j5:WTAfVbwotpgruNeW0VHhL3S5VicLaj5
Score

1^/10
behavioral1 behavioral2
- Target
  
  npp.8.6.3.portable.x64/langsMod.html
- Size
  
  646KB
- MD5
  
  2661f8272ada236cf3aeb9ce9323626c
- SHA1
  
  98683c358724eda64bd5c1df5df6d2af8bcedd15
- SHA256
  
  e451287843b3927c6046eaabd3e22b929bc1f445eec23a73b1398b115d02e4fb
- SHA512
  
  59179122d10d9bb17b5e929eccd1cbed6d4012d99622032fa883e82c2e704656ae66c0efe3daf9e42459ad7936d4838fceefc30eebf451158dd7cbdc0d18da5d
- SSDEEP
  
  12288:Ne9/rEo5t4OVoq54eyitAoC/9uwcitKUJAqxw5tG3:EFrECLVoQ4eyitAoC/9uwntKUfxw5c3
Score

1^/10
behavioral3 behavioral4
- Target
  
  npp.8.6.3.portable.x64/notepad.exe
- Size
  
  6.9MB
- MD5
  
  2cd84602fc2428e0db00dbce5e20dc80
- SHA1
  
  965a62dbba7cbb95b6a7694dc33963ffb105819a
- SHA256
  
  4e271372528a9b439d99a7376fc1ac9c67884226a2f7bcbe2f68694c80548287
- SHA512
  
  a6f715224a5e9ffb35833591bdc5cf1b76da479c2a6fd2108d921526708f918e6d5d2e9569c879d1d4c76e4606cdd271364b6f85acd8c811439bd08b61665fd2
- SSDEEP
  
  98304:QtGdbdZUv5vuLYgtbUK5b8PTnwe65w/mod:Rdbvou8guK52TP6525
Score

1^/10
behavioral5 behavioral6
- Target
  
  npp.8.6.3.portable.x64/plugins/Config/nppPluginList.dll
- Size
  
  204KB
- MD5
  
  18a0b5fef18fc27926a4aa3965374fea
- SHA1
  
  a1517a5c1356f00c63c60e464276b115ef7087e7
- SHA256
  
  fd046bbe51b6106ff41cf766ec002f2fd9e5ec18fb60c6c1b3224c0963036f85
- SHA512
  
  ea056caa9dfdd23df08bc47058246b4430e71ec4d2646055d11ed99e82d443397e48bc44a3c3532ff89e1b0eebb304453df3bb6935d558a91df6ce8da0b7d92c
- SSDEEP
  
  3072:8uQtUEW4pggQikeV29r97Fo/rg4aSuhJFAcT15fabjsKeBcHzmVR53vi:EtUr4/Dkq2FH51lQ/q
Score

1^/10
behavioral7 behavioral8
- Target
  
  npp.8.6.3.portable.x64/plugins/NppConverter/NppConverter.dll
- Size
  
  198KB
- MD5
  
  3469d4e293654053868b54ca8cf7c5c9
- SHA1
  
  48a77bd9369465efe93db1afc173836e38f1c63c
- SHA256
  
  d03c1a63ea0dfb0eb588168d36ffb6141f5780abe24c8c19873549788c1c7a6d
- SHA512
  
  3494869d7e1c80d8c6f1bb17cbc648e80ebdc6ce57fa9a66b1f341d3eb54304def7e5ce39ffd7e4798757ad6b966439c7feb15b7f56400bab98afce7259d047c
- SSDEEP
  
  3072:CsyQLpFufl6OPM07zq06MuUy8wqy9XGOeXLXTbi0A7zR9zk:NFLIl/M060Or6ucjb5AfR9
Score

1^/10
behavioral10 behavioral9
- Target
  
  npp.8.6.3.portable.x64/plugins/NppExport/NppExport.dll
- Size
  
  153KB
- MD5
  
  4f465c958622681513e45ced7fa456ad
- SHA1
  
  22766bd48fe89128c7242377053bcae532d35e70
- SHA256
  
  e0a90cd22bee74bf16b42961ea373303a74bebe3ac19107eb90c25c1687586c8
- SHA512
  
  9d27edb6c3ae548a56806dc63ff8259f52c089c1d0adf7193b9aed558735450555f434e73e5f264310cf555a7232bcc87668acf15a3641a18cff9414bb96eeac
- SSDEEP
  
  3072:2HWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6yS:wWYwtRxCYAKfb5uwodsIjd6k6
Score

1^/10
behavioral11 behavioral12
- Target
  
  npp.8.6.3.portable.x64/plugins/mimeTools/mimeTools.dll
- Size
  
  145KB
- MD5
  
  5de91467a03140948dcbca0b627f42d3
- SHA1
  
  b6766dffb5257f0007fcca00f14ff932bd60ef69
- SHA256
  
  1d6f76acecff63fb373b5774a3cb34b87266a4a4bbb8e3a0757d107187d280ee
- SHA512
  
  8abba9f2cb202ae547863f9bc6a12f62914069f6dacf9d68f3818f3127a88dbb69336c261c2e5e006aab117e4eddd176229590282d6daab1d524beabcb889d4c
- SSDEEP
  
  3072:w3/HUI6sNus15py8qLlCat4HVOtzNNG0vBxN049K7lH:w3H6sNuUzy8qLJ4VqNm49Q
Score

1^/10
behavioral13 behavioral14
- Target
  
  npp.8.6.3.portable.x64/updater/GUP.exe
- Size
  
  818KB
- MD5
  
  fabdd8cc1e50874481688659ea63b7ec
- SHA1
  
  d498dc918010810822902df29ce54ac1766fb446
- SHA256
  
  d056ae6e45a62a86199dcc7d0c696469374253fba05a45c877caf28b0b897df3
- SHA512
  
  1bda8cd73f00f0e7fd6a924ad6234dc47a183f3f4c5a40d5ca6cc0cdd116ee07fce7a1b744cba31ab2a491e89b23f653b5d38a74eaf5138e3289c799f99b7450
- SSDEEP
  
  12288:PySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoQ:qqMo2aWqT2KbpIFZ6PNeTwt
Score

6^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15 behavioral16
- Target
  
  npp.8.6.3.portable.x64/updater/libcurl.dll
- Size
  
  728KB
- MD5
  
  2d031d5f3a4e10a94b1c8297d269e2c8
- SHA1
  
  dda72a32b31883ea021311a986a7166d2239cba6
- SHA256
  
  afce00c928629a699b2c253f4536e23350098fa1318275fad0677c5e8b09f0b5
- SHA512
  
  b18bbf6741a0149c9fc2ec6d9a7a3e684ec5bcce4ca9cb559dbac1c6fe853a4fa2d5eec3e9b9ba46fd8658be726e95a33205764fa4eb7e24060d4aae6ca11557
- SSDEEP
  
  12288:GvnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:GVekCoa5l2P2B6hdQvl03msMy
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18