eb21a698101b0781187b0df85ea6683043e36d5e4229dc692b0a2e410c8adc6e

Sharing

Copy URL

Twitter E-mail

General

Target

Launcher.exe
Size

82.3MB
Sample

240421-qh5ddscc38
MD5

0d4e7d0156d3970478044f39bf459b4c
SHA1

a6ea139427a0a728047f3d2a7d1dd38bf1efbc0f
SHA256

eb21a698101b0781187b0df85ea6683043e36d5e4229dc692b0a2e410c8adc6e
SHA512

e3cd426580cef260d29f0f1f41b78dad514d75f975f192d1118da6197724f56ccb5e8266dfd823abf588634c0d0df5ae004af973d428f5eb7255ed5d573b86fd
SSDEEP

1572864:m/WHHr99Ee2cS8LN+W5NBKfvEeglx6mQR/LLoK0+OUIzhsbnQ4VbX+7:m/8L9Ge2cAW1KfvEHqR/IKFjSE+7

Score

7^/10

Malware Config

Targets

- Target
  
  Launcher.exe
- Size
  
  82.3MB
- MD5
  
  0d4e7d0156d3970478044f39bf459b4c
- SHA1
  
  a6ea139427a0a728047f3d2a7d1dd38bf1efbc0f
- SHA256
  
  eb21a698101b0781187b0df85ea6683043e36d5e4229dc692b0a2e410c8adc6e
- SHA512
  
  e3cd426580cef260d29f0f1f41b78dad514d75f975f192d1118da6197724f56ccb5e8266dfd823abf588634c0d0df5ae004af973d428f5eb7255ed5d573b86fd
- SSDEEP
  
  1572864:m/WHHr99Ee2cS8LN+W5NBKfvEeglx6mQR/LLoK0+OUIzhsbnQ4VbX+7:m/8L9Ge2cAW1KfvEHqR/IKFjSE+7
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  81.9MB
- MD5
  
  ce0262745e494245aa405094dcbcd774
- SHA1
  
  a860d108db8f2eb2f4addc46b2a88d5d2133636c
- SHA256
  
  81ab832fc79a755c5d9d7903593af50d0fbffb282bbbb527b05a59ace210134c
- SHA512
  
  aea253715bfbb397cd4561172fd24f5e54b734f00e14f4c8f556199205fb64fb82aa084d098396d64258cfbec3f8e3ed7a202c64b44e97f58a7fdf2b339344f4
- SSDEEP
  
  1572864:i/WHHr99Ee2cS8LN+W5NBKfvEeglx6mQR/LLoK0+OUIzhsbnQ4VbXg:i/8L9Ge2cAW1KfvEHqR/IKFjSEg
Score

3^/10
behavioral7 behavioral8
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral10 behavioral9
- Target
  
  System.exe
- Size
  
  158.4MB
- MD5
  
  cffa9e1a647f72fdcc842ba3da48792b
- SHA1
  
  76ee43d18988acb7860a323c94f8559fb28dee36
- SHA256
  
  f4981b913419aeb80dc44619f1f9eb9e6ec6092100eb9bbc02ab60ea8bcf9111
- SHA512
  
  00b9a5be25fb38042e831bd3ab5563a6b5161085690cab452db56b7d56e6f6e235a6725de07aedc6459b3ce3765e57c228775d16b3bf2e037c8d53f8dfc2072c
- SSDEEP
  
  1572864:eS1SzoKmF9m9VRTgoIbBPktdQcm3fsFBYtIRJS9i1JBAeI/5UYsMPQt40ut6hE7Y:estl0pFRUu1
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral11 behavioral12
- Target
  
  chrome_100_percent.pak
- Size
  
  132KB
- MD5
  
  e4cbb48c438622a4298c7bdd75cc04f6
- SHA1
  
  6f756d31ef95fd745ba0e9c22aadb506f3a78471
- SHA256
  
  24d92bbeb63d06b01010fe230c1e3a31e667a159be7e570a8efe68f83ed9ad40
- SHA512
  
  8d3ea1b5ca74c20a336eaa29630fd76ecd32f5a56bb66e8cef2bce0fa19024ea917562fd31365081f7027dde9c8464742b833d08c8f41fdddc5bd1a74b9bc766
- SSDEEP
  
  3072:TzwJCGIekwc9W2bg3yhPaL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Tzw1IekZ42k3yMK18Gb0OV8ld0GecQ35
Score

3^/10
behavioral13 behavioral14
- Target
  
  chrome_200_percent.pak
- Size
  
  191KB
- MD5
  
  99b95d59d6817b46e9572e3354c97317
- SHA1
  
  6809db4ca8e10edd316261a3490d5fc657372c12
- SHA256
  
  55d873a9f3ac69bbf6eb6940443df8331ebd7aa57138681d615f3b89902447e7
- SHA512
  
  3071cfeb74d5058c4b7c01bfe3c6717d9bb426f3354c4d8a35bd3e16e15cde2f2c48238cb6382b0703b1cc257d87fcecfb84fbf4f597f58e64463ceede4366dd
- SSDEEP
  
  3072:ZDQYaE/N6Mrvy/3JPD9W2bg3yhPaafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+y:ZDQYaSN6svydD42k3yxgx5GMRejnbdZR
Score

3^/10
behavioral15 behavioral16
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral17
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  750bb5679a709b6037a68951cd7edd49
- SHA1
  
  10d3b066ab068500ed3226d0e80cc6778efd5fd9
- SHA256
  
  737d37d28b1eb03cb588672896f22fe8fec35b4cad1d2286e86394f1af0b381e
- SHA512
  
  d92b28c6f8ce199e85135f5b91bed8b6a8450698adf9bfad6fc26498654ee2a3f9dd8dc74e4235983e67b9ff8e4744f7719f71c74f8b3060421b24f591cc70ee
- SSDEEP
  
  49152:D8h7ilnY895zc09Myl6QL3n6F+hTf6yfPvJr8PNStFwLluJMWykOFf:zn1H9MDCn6OFMWyBf
Score

1^/10
behavioral18 behavioral19
- Target
  
  icudtl.dat
- Size
  
  10.1MB
- MD5
  
  62880b7d351a9f547b62b8da6c97ce25
- SHA1
  
  057f11003013cfb3f1c63e6bdd4f2f9949ff0104
- SHA256
  
  7c40c811d30d459dbf04a04c141b60eb4247cd58a008fb836605317df665748f
- SHA512
  
  0d6f83175a91d90f4cc3ec4d9071b7acd0cd8ebbcc592322e46fde2adb7198e035af62c45a11a622f2a908e26d4dd8b8d1af023e634a74d0824d02c791ba3c1a
- SSDEEP
  
  196608:1IPBhORjFQwCliXUxbblHa93Whli6Z86WOH:1kwVAliXUxbblHa93Whli6Z8I
Score

3^/10
behavioral20 behavioral21
- Target
  
  libEGL.dll
- Size
  
  469KB
- MD5
  
  fcb51da609bd12c4be7add00d785076e
- SHA1
  
  b87e5cd567308fa79f5a51409dc5fbd44c03a16c
- SHA256
  
  70b4d7a9c5a6414bae754e9195ce4116c267435d859515a6247d4970e5cfc2a0
- SHA512
  
  4c4d4040969cbf6d7bda4e23c6fa41da0cb1ddede0400bee1a2d623e604c71ac812770f41f90c99ae5e6bf5f55ffdca6bd197ca3b1251efbd892c12a7f8581ed
- SSDEEP
  
  6144:EI9l960ewE3X883ZrzMkBmi12EvUGsAD4IgHc:EClY0WM8JrzMIKODy
Score

1^/10
behavioral22 behavioral23
- Target
  
  libGLESv2.dll
- Size
  
  7.1MB
- MD5
  
  b8c51e8dbdeab2339ca9e33885553ff6
- SHA1
  
  026c284e7c3ddf3ee491bf3073fe4c54628746da
- SHA256
  
  a8ce28ca36e63d0cae939b9a72271bffd44d4df3bee586f884dcdde91353e3ec
- SHA512
  
  bb09cf5262c2af7ad369b06346abf66e41c428dc53109083d12fc9cfa969e5499c28afcdb57b66cd5187530319307de8284eea5a211cb5f1b040639fe3f51a9c
- SSDEEP
  
  98304:Nt5gLbmQACQYA7g4fdYlDOckpKOgeSXwu:NE/AVuDSoZ
Score

1^/10
behavioral24 behavioral25
- Target
  
  locales/en-US.pak
- Size
  
  391KB
- MD5
  
  c9c2abcb04e1ad5f1a20244da8d595a8
- SHA1
  
  89ca81da21900074a5ccdcdc852768277b2b620b
- SHA256
  
  0364c73f320e441b03cb2afcaaca3ffbfac51a3559dcd0ff99a1accf82c7f762
- SHA512
  
  96bbf21174f56a111a2fc6ec024ab2f143945306797e77d773367a7fad42b7828ebb7b08d0dab76858d9fa340bf3205be403bc53df9e5e4e390058c94a751ffd
- SSDEEP
  
  6144:1InAdQi32OqOMWvX3BO4XMP9ehWMIfaYRGrc55FSMnC/M1UwB:1IAdQqOONvXMyWMGv57SoUwB
Score

3^/10
behavioral26 behavioral27
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral28 behavioral29
- Target
  
  vk_swiftshader.dll
- Size
  
  4.9MB
- MD5
  
  c055a29d48eded654fc91227af64dfa7
- SHA1
  
  2e9dde9c9d1f612dd4ff85d6b9415c2571e20741
- SHA256
  
  f34b0949439787926295b2a7c0f45b0c8176c1668d881fd0f9f1f579f9c58295
- SHA512
  
  6948c4236394b885ae5a059376d6b78aec039cf6574689d7d8fd0c0ec7965c12e63df19b8d0834e764ad06e8f48cc6f298f7262f3549ea50376f116c7a209767
- SSDEEP
  
  49152:u6PkZFjKeDTIEvAvlo6coVQxa8sVr0yN1J+MuXy557nDOPNt7wpr30sN+05uQKY1:uNZFjAgpOz2VeCCAkEvkCvGZv9z
Score

1^/10
behavioral30 behavioral31
- Target
  
  vulkan-1.dll
- Size
  
  917KB
- MD5
  
  71700726c19de427a698771df0305fd9
- SHA1
  
  878c75ac6225c269edd26c295489b44cd99bdf31
- SHA256
  
  a8c740555266e601857a088ceb9c7c1b07a240fc496ad7f4124c6c7b8a694503
- SHA512
  
  cd26f9e050879ba60cbe6acae59d3d424901817775514a018bf23d606ebf52b8b3310bd0bb566dbe8681e4f666c850621ccc699aecede9fe5a827fa76c0e8dce
- SSDEEP
  
  24576:7V9nIy2kwpHHPDnCo3A1XpQ66Z5WoDYsHs6g3P0zAk7UG3:vt2zNLnxA1+66Z5WoDYsHs6g3P0zAk73
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32