625c6bec52405dc8028322799222b5871253d4f71f5ee29e9155499a823fac1f

Sharing

Copy URL

Twitter E-mail

General

Target

files.zip
Size

68.3MB
Sample

240420-k4zr5sdb74
MD5

3fd27b37ad201d867bbd49fd8eef92e4
SHA1

030c3c6bb5afd32d89ae0bad8cc1ae9a9164deac
SHA256

625c6bec52405dc8028322799222b5871253d4f71f5ee29e9155499a823fac1f
SHA512

8afee14bef73c0a5c058fb22e27910ece9308c5903d3f6c65e9713607df0b5d92a1cb474f271ebf268b4edc28e9801895332b3ca3f31ac489a1e9fce56d7a3f0
SSDEEP

1572864:qwrrGYnyZTBWFjqs0K1pT9dLU0BJ5/SrGaYBeGDDZwrpVh93+2B4fFQ:xrPny5BWFO6dw0BrqpUBwF9u2B4NQ

Score

7^/10

Malware Config

Targets

- Target
  
  files.zip
- Size
  
  68.3MB
- MD5
  
  3fd27b37ad201d867bbd49fd8eef92e4
- SHA1
  
  030c3c6bb5afd32d89ae0bad8cc1ae9a9164deac
- SHA256
  
  625c6bec52405dc8028322799222b5871253d4f71f5ee29e9155499a823fac1f
- SHA512
  
  8afee14bef73c0a5c058fb22e27910ece9308c5903d3f6c65e9713607df0b5d92a1cb474f271ebf268b4edc28e9801895332b3ca3f31ac489a1e9fce56d7a3f0
- SSDEEP
  
  1572864:qwrrGYnyZTBWFjqs0K1pT9dLU0BJ5/SrGaYBeGDDZwrpVh93+2B4fFQ:xrPny5BWFO6dw0BrqpUBwF9u2B4NQ
Score

1^/10
behavioral1
- Target
  
  HorizonXbeta/FluentWPF.dll
- Size
  
  223KB
- MD5
  
  04416696f5d5454652f20fae00965a20
- SHA1
  
  63efd333f1c1ea688395813a6b645d4eff1f3c8d
- SHA256
  
  41b2c8fb6450bafb360e48c17efc970d9d78b12bb3d2b15f2aeeed9bdc460e5f
- SHA512
  
  286024b34cc2947c80f547b33103cbcaa20603ca63b5c2fbd23fa08760714a01a54be658b42598776658c76aca51f107409aa61fe1e78c968f978175d936f7e2
- SSDEEP
  
  3072:fDJqp0w0rvpDmYYA7dTLakKj5/gJxJtxAtEjeznuWRamV3QxoHSu:fzw0rvptNJbtxiECrZamV3QSHS
Score

1^/10
behavioral2
- Target
  
  HorizonXbeta/HorizionXbetaFIX.exe
- Size
  
  30.0MB
- MD5
  
  e3e408b7aaf6e1b6e41e4725ee03ec76
- SHA1
  
  34f9797389b574ddef7373770795f5f001e63263
- SHA256
  
  707df1515ab62e28470f1999946e7483abb5a41a4f5ac165871f56c47dc6b6a6
- SHA512
  
  6e905cf221184826cbcd44a7c2b20550662437c7fdea5566dddab24f48319fe086d6054d84824fae00f68ba18c3e00cef90ed942c2aacd698895348388094cd3
- SSDEEP
  
  393216:tv9zcQq08AUh2Jp5MPL+9qzTqSJHU1JfjJ+7j6dpdkqYv1:p9gQwhZ+9qHqSJHU1xj2q0qE
Score

7^/10

spyware stealer upx
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3
- Target
  
  HorizionXbetaFIX.pyc
- Size
  
  50KB
- MD5
  
  753be634e18fd28283d2f524dcd4bf3c
- SHA1
  
  492285399b0808ba9bb13059d1647341d6dcc4f9
- SHA256
  
  9ab30072813564afaa3f505f50c92f8acd25104f97d5ba053513050cfa3b6d45
- SHA512
  
  bac63a4ba2f74596e5c9106c0ddbf75f3e4d481923a8b94d726be4bb2b421e7a902ecff4971266168e6ca20db0a598786ac382b4175646682bb7235f95d893b2
- SSDEEP
  
  1536:t9MWFch4IX4GHom0HX68AkmDlhLx7USgeC:Ih7rom8XnADUaC
Score

3^/10
behavioral4
- Target
  
  HorizonXbeta/luaGUI.dll
- Size
  
  125KB
- MD5
  
  f0facbbd973b411643511460d2187404
- SHA1
  
  e6302833ea4e5230f919deeae93bd0069dccdc86
- SHA256
  
  99d6318b43bad0482ac947f1a7d60c3aff439a64fb98c004f92fe60d486e6eac
- SHA512
  
  b4a2e222169137a5a998277dc2d30ccb0b9943633c267f3dafd720ab10190aae86439c354b3218a0c5f2e6d6460035a56863273d94df1896b757b4b025c773ec
- SSDEEP
  
  3072:4mIUe7MhX6agixyKNq5tzdiTKTzEJELjjCjuD4DCUj:Rk7MhX6agZKN2D4DV
Score

1^/10
behavioral5
- Target
  
  HorizonXbeta/redist/dotNetFx40_Full_setup.exe
- Size
  
  868KB
- MD5
  
  53406e9988306cbd4537677c5336aba4
- SHA1
  
  06becadb92a5fcca2529c0b93687c2a0c6d0d610
- SHA256
  
  fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
- SHA512
  
  4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99
- SSDEEP
  
  24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral6
- Target
  
  HorizonXbeta/redist/dxwebsetup.exe
- Size
  
  281KB
- MD5
  
  fd6057b33e15a553ddc5d9873723ce8f
- SHA1
  
  f90efb623b5abea70af63c470daa8674444fb1df
- SHA256
  
  111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288
- SHA512
  
  d894630c9a4bdb767e9f16d1b701acbdf011e721768ba0dc7a24e6d82a4d062a7ca253b1b334edba38c06187104351203a92c017838bdd9f13905cde30f7d94d
- SSDEEP
  
  6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral7
- Target
  
  HorizonXbeta/redist/oalinst.exe
- Size
  
  790KB
- MD5
  
  694f54bd227916b89fc3eb1db53f0685
- SHA1
  
  21fdc367291bbef14dac27925cae698d3928eead
- SHA256
  
  b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd
- SHA512
  
  55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5
- SSDEEP
  
  12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral8
- Target
  
  HorizonXbeta/redist/vcredist_2015-2019_x64.exe
- Size
  
  14.3MB
- MD5
  
  f0248d477e74687c5619ae16498b13d4
- SHA1
  
  9ed4b091148c9b53f66b3f2c69be7e60e74c486a
- SHA256
  
  b6c82087a2c443db859fdbeaae7f46244d06c3f2a7f71c35e50358066253de52
- SHA512
  
  0c373b06ffe84f3e803831e90f22d7d73304e47a47839db614f63399ff1b7fcf33153bf3d23998877c96d2a75e316291a219fdd12358ca48928526284b802591
- SSDEEP
  
  393216:q5lptVYmfr7yBG/4WoI+j6LTinXKSf0fzTDv8:q7pttD7yBG/uljIinXj0fQ
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral9
- Target
  
  HorizonXbeta/redist/vcredist_2015-2019_x86.exe
- Size
  
  13.7MB
- MD5
  
  de34b1c517e0463602624bbc8294c08d
- SHA1
  
  5ce7923ffea712468c05e7ac376dd9c29ea9f6be
- SHA256
  
  ac96016f1511ae3eb5ec9de04551146fe351b7f97858dcd67163912e2302f5d6
- SHA512
  
  114bca1ecd17e419ad617a1a4341e607250bcb02626cdc0670eb60be734bbad1f3c84e38f077af9a32a6b1607b8ce6e4b3641c0faefaa779c0fec0d3ac022dac
- SSDEEP
  
  393216:/d/FlptVYmfr7yBG/4JU4TRjtjUMy4i6kgsY7i:/1PpttD7yBG/QHTJtYMyke9
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral10
- Target
  
  HorizonXbeta/redist/vcredist_x64.exe
- Size
  
  5.5MB
- MD5
  
  630d75210b325a280c3352f879297ed5
- SHA1
  
  b330b760a8f16d5a31c2dc815627f5eb40861008
- SHA256
  
  b06546ddc8ca1e3d532f3f2593e88a6f49e81b66a9c2051d58508cc97b6a2023
- SHA512
  
  b6e107fa34764d336c9b59802c858845df9f8661a1beb41436fd638a044580557921e69883ed32737f853e203f0083358f642f3efe0a80fae7932c5e6137331f
- SSDEEP
  
  98304:EuLgywiNHBeSLxYK/bxE3q/BlZkWMGPQflVJ/EK1sLyzs2T2Q1mOjq4/:V7wqheSVYK/bua/BlWWnuVhsus8nm+qi
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral11
- Target
  
  HorizonXbeta/redist/vcredist_x86.exe
- Size
  
  4.8MB
- MD5
  
  b88228d5fef4b6dc019d69d4471f23ec
- SHA1
  
  372d9c1670343d3fb252209ba210d4dc4d67d358
- SHA256
  
  8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8
- SHA512
  
  cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8
- SSDEEP
  
  98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral12
- Target
  
  HorizonXbeta/redist/xnafx40_redist.msi
- Size
  
  6.7MB
- MD5
  
  97c2eebb30c5a88c68c8f24f37183f1d
- SHA1
  
  49efdc29f65fc8263c196338552c7009fc96c5de
- SHA256
  
  e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7
- SHA512
  
  c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da
- SSDEEP
  
  98304:wynfL329J1XswfXO6wiBB+4RZg6aENaCZAU5PMO0MntfERyJGH2YPq/:wYD3C1XXfzH+4cLHU5PM/Mnt+YGlq
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13
- Target
  
  HorizonXbeta/x64/leptonica-1.82.0.dll
- Size
  
  4.0MB
- MD5
  
  2813455700fb7c1bc09738ca56ae7da7
- SHA1
  
  54de0b23a10acc5a97c61b00dbfee9a4b4ce0a80
- SHA256
  
  dfcb3e6ed0b16bc55bfdbcf53543cfe42a354b87c3e35bd3a95eebf005d73e76
- SHA512
  
  49c2d2f22daadb2b3d60344c2b4b1387c79ee8dc56fdc3d9e023088f1a5a18469a220a499802c1aa58498fb3dcc0d070e6c9fea9eea470c072eb8f8d02b9e647
- SSDEEP
  
  49152:AyeqkefPjBthD9lmJ/teqmlWjIBpSbVqS/hlpC5GiptUw2qv5Nan6hI7G2f7S5V:9NDPqBEWbq2qv7J
Score

1^/10
behavioral14
- Target
  
  HorizonXbeta/x64/tesseract50.dll
- Size
  
  2.7MB
- MD5
  
  446370b590a3c14e0fda0a2029b8e6fa
- SHA1
  
  58d38c3e3acc8fb6c9e6e540e5877f89e09b5272
- SHA256
  
  de4d04ec75095374d98f5dd7a60d14d7e2e0f76589db693eccf7ae658be8cb2b
- SHA512
  
  51e29a643dd9d873ad67bd73b0fa05d887e3d1f6914227aa20513f1cbf6ce58088f24ac228087ca4a4470d93558769369f0065cd409083a6f140e17d66935c25
- SSDEEP
  
  49152:zEuBRPoTZPD1JvFQomLfqqzn1CKVnc235nlilIQ9O6/J:DY1rg1BFcU8T
Score

1^/10
behavioral15

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Checks installed software on the system

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15