f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264 | Triage

Sharing

General

Target

HandBrake-1.7.3-x86_64-Win_GUI.exe
Size

22.6MB
Sample

240429-fhqj5aah73
MD5

1a1598a4f8a2d8d6b1925cb22a74d5aa
SHA1

ce693673a6f207be639fc07d21f90833dc386072
SHA256

f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264
SHA512

63706b168aa11c6370a36fce9d73b585486f2a9e396c183eb725430f70a67d5c301701823b1e566b70a601443b748ad428de2c91e507b4a8f8d14e344571a18f
SSDEEP

393216:Xx4SBEeiv1+mx9BQNCX3fjSfy05s+EwWAa4ND046BsZdCu17QCnqXd:X3BE9l1XLSf9ZE5iD04RZD2d

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  HandBrake-1.7.3-x86_64-Win_GUI.exe
- Size
  
  22.6MB
- MD5
  
  1a1598a4f8a2d8d6b1925cb22a74d5aa
- SHA1
  
  ce693673a6f207be639fc07d21f90833dc386072
- SHA256
  
  f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264
- SHA512
  
  63706b168aa11c6370a36fce9d73b585486f2a9e396c183eb725430f70a67d5c301701823b1e566b70a601443b748ad428de2c91e507b4a8f8d14e344571a18f
- SSDEEP
  
  393216:Xx4SBEeiv1+mx9BQNCX3fjSfy05s+EwWAa4ND046BsZdCu17QCnqXd:X3BE9l1XLSf9ZE5iD04RZD2d
Score

5^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  d095b082b7c5ba4665d40d9c5042af6d
- SHA1
  
  2220277304af105ca6c56219f56f04e894b28d27
- SHA256
  
  b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
- SHA512
  
  61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
- SSDEEP
  
  192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral5 behavioral6
- Target
  
  HandBrake.Worker.exe
- Size
  
  713KB
- MD5
  
  94d1e5aa26613b328286af8539ead1c6
- SHA1
  
  a95a082a2e49d8a69fc274aabe6bcdc3a6264a8d
- SHA256
  
  53748f879f972d9abfc6bb528c9c9a95fd6d1c7462fbb7b61a665b95f71b95c5
- SHA512
  
  2906955925e33e960968d9afa08a136b497045f586fbdc11776ee5ff701d22ddba2a0f11ee0f435e30b7f86d7d65f32d9e76c3a0b1801f679cc8d796f5964d84
- SSDEEP
  
  12288:hhNAl2RY5MkvpEC4+j8Uijlp8czEW4ThvBtJTPXoVTDIQbY5MkvpEC1sJq:7NziyC4wLiSJiiyC1j
Score

1^/10
behavioral7 behavioral8
- Target
  
  HandBrake.exe
- Size
  
  35.6MB
- MD5
  
  ee3cbf592c24b1bf04d906ded5c7d1a9
- SHA1
  
  1931bdd5d120635c357b3000dff08ec9110ce1e3
- SHA256
  
  ee818fe194c29f1f31d6edffeb8256405618dab251f3765bbbacfb91ea666336
- SHA512
  
  97b52abf6cab8540bb7e6467eddaf02199c34fb40eb561ee022e626f9976e9a6d5b1006d053f2f1234c4a8760d686a6dfece1c5fd25483ff2d67bae43e38d8ac
- SSDEEP
  
  196608:cGSU8sdauO4miemcjYXCe5njhhKt39VxwgTluwKqVWyAAh:1SybLnJX/9jhhKtNDwgTluwKo5
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Registers COM server for autorun
  persistence
behavioral10 behavioral9
- Target
  
  hb.dll
- Size
  
  66.1MB
- MD5
  
  d3f0f312725a18d683820cd9def15860
- SHA1
  
  521a515d3683e4c37500fcd6576aa19bffa0e512
- SHA256
  
  0af40481a7c392c68069b1a8c225beb3e7062760131ae09bad467d84b09c1862
- SHA512
  
  08a346c13f9c602e8ff51c3f461dc9002dc5ac1f16e975e53f39e094d9fa7f7934e7ef63daaedf10d0524b80308dd6ee792e706b3999cafa0fd07ce4f76ce2e0
- SSDEEP
  
  393216:trqy505Di6M+Ak+rymPyujJ6ze7jyIoPkoQBgTgrti6o0rYEtHTghJL5FR0J2KBg:trV6M+Ak+GRWjyItng8YGmNFWv/dZw
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12