Overview

overview

10

Static

static

10

tor-browse...14.exe

windows7-x64

7

tor-browse...14.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

1

$PLUGINSDI...LL.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

1

$PLUGINSDI...em.dll

windows10-2004-x64

1

$PLUGINSDI...gs.dll

windows7-x64

1

$PLUGINSDI...gs.dll

windows10-2004-x64

1

Browser/Ac...al.dll

windows7-x64

7

Browser/Ac...al.dll

windows10-2004-x64

7

Browser/To...nt.exe

windows7-x64

1

Browser/To...nt.exe

windows10-2004-x64

1

Browser/To...rd.exe

windows7-x64

1

Browser/To...rd.exe

windows10-2004-x64

1

Browser/To...nt.exe

windows7-x64

1

Browser/To...nt.exe

windows10-2004-x64

1

Browser/To...nt.exe

windows7-x64

1

Browser/To...nt.exe

windows10-2004-x64

1

Browser/To...or.exe

windows7-x64

3

Browser/To...or.exe

windows10-2004-x64

3

localizati...ols.js

windows7-x64

3

localizati...ols.js

windows10-2004-x64

3

localizati...ols.js

windows7-x64

3

localizati...ols.js

windows10-2004-x64

3

Browser/d3...47.dll

windows10-2004-x64

1

Browser/de...efs.js

windows7-x64

3

Browser/de...efs.js

windows10-2004-x64

3

Browser/firefox.exe

windows7-x64

7

Browser/firefox.exe

windows10-2004-x64

7

Browser/fo...ar.ps1

windows7-x64

3

Browser/fo...ar.ps1

windows10-2004-x64

3

Browser/freebl3.dll

windows7-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    tor-browser-windows-x86_64-portable-13.0.14.exe

  • Size

    99.7MB

  • Sample

    240502-24p2daah85

  • MD5

    756994cbc174b3e69dcb4377e8a7b3c2

  • SHA1

    2fb14aceba0c8df3478aaf8c039d76c6abe3ac36

  • SHA256

    8738a94ae5290d577f3aa700e918239a4bcdbe91d41d201434dc93620617997b

  • SHA512

    a870822e4268b04f1fa8b937e1b1be29286df4492173e2fe5f21d4bff1aa69ba8f8e50670a40b5a372ff2bf23a1881ae9417fc36c20c03bcb9166afd64c22a17

  • SSDEEP

    3145728:kuNbhCOwoW3EaXaXs9Z5kRCQq7fV75gNj:ku5jwofqZ50q7frgNj

Score
10/10
privateloaderevasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      tor-browser-windows-x86_64-portable-13.0.14.exe

    • Size

      99.7MB

    • MD5

      756994cbc174b3e69dcb4377e8a7b3c2

    • SHA1

      2fb14aceba0c8df3478aaf8c039d76c6abe3ac36

    • SHA256

      8738a94ae5290d577f3aa700e918239a4bcdbe91d41d201434dc93620617997b

    • SHA512

      a870822e4268b04f1fa8b937e1b1be29286df4492173e2fe5f21d4bff1aa69ba8f8e50670a40b5a372ff2bf23a1881ae9417fc36c20c03bcb9166afd64c22a17

    • SSDEEP

      3145728:kuNbhCOwoW3EaXaXs9Z5kRCQq7fV75gNj:ku5jwofqZ50q7frgNj

    Score
    7/10
    evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      8KB

    • MD5

      59888d7d17f0100e5cffe2aca0b3dfaf

    • SHA1

      8563187a53d22f33b90260819624943204924fdc

    • SHA256

      f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

    • SHA512

      d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

    • SSDEEP

      96:NtrTcnv5RhqRIwfIis6o6bOl8MNysjgdKXSY7Jemv6ZwMDaH71pj:PHKxqFfzs6o5l2hKXSR6Xj

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      25KB

    • MD5

      480304643eee06e32bfc0ff7e922c5b2

    • SHA1

      383c23b3aba0450416b9fe60e77663ee96bb8359

    • SHA256

      f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

    • SHA512

      125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

    • SSDEEP

      384:aZyRQ9dweQ9XYD/isN7lCEjgw4U/ktKi+RIcq1uCJOz3cDv+doYD:aR9dYIrx7lC7TU/kaG1uCJ43cb

    Score
    1/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      14KB

    • MD5

      990eb444cf524aa6e436295d5fc1d671

    • SHA1

      ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

    • SHA256

      46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

    • SHA512

      d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

    • SSDEEP

      192:+yWhF6MuqMgndPvg/YWkNLiY8vSKXS6Hn5gIIblaks89HAH9Edeqe4B0:zWh4MFvdw/YWCLXASKi6nAlbrAl4m

    Score
    1/10
    behavioral7behavioral8

    • Target

      Browser/AccessibleMarshal.dll

    • Size

      25KB

    • MD5

      d236cd8d7e54b848ab2def0c607a0068

    • SHA1

      fc01448a3b099976bdd4f1259372d9b737b69fd8

    • SHA256

      2cfc7d5e05e94c7e60485937d7e5fe9d6d93f74750cb760ff4b6767666309398

    • SHA512

      4404833a7005333f263543faad894f6a38e027b70fde57fc58d4d00efef04d03bab7eab12fbd787f46dc00f9996801e359e000884eccbfd15ac83e054390153a

    • SSDEEP

      384:RrUrKdJpDPepeEOGfc54yEI9M88JjUycDieoI:yEpSpeEOGfKEZJjgDB

    Score
    7/10
    persistence
    behavioral10behavioral9

    • Target

      Browser/TorBrowser/Tor/PluggableTransports/conjure-client.exe

    • Size

      8.8MB

    • MD5

      0045ec19c5d0678614a8462146fef08c

    • SHA1

      5b2f453ce883f0d335490766635b750cfac26f29

    • SHA256

      1b2437daa92e618a6e1a5cb3c7a4359714c27fbea00861b2614e692b3b64a310

    • SHA512

      2c535b6e364812b17707b8024cb6f566295b7946fe63eb6ff9480974bc377c180fab9b0713f8a3658dc110c3813a4371a84c79cfe851cd490b11acc30373c5ff

    • SSDEEP

      98304:hCLo0jJzIoZrnQovOYEp1ssEnjwQEjPEnvHHsPYwnennWsAsnnv6FD6JVE:ZmQovQU

    Score
    1/10
    behavioral11behavioral12

    • Target

      Browser/TorBrowser/Tor/PluggableTransports/lyrebird.exe

    • Size

      6.8MB

    • MD5

      d13e683bf656c228e69c9d0c053b0d25

    • SHA1

      da5cef24856b4561932b042b029cc12a92d18b38

    • SHA256

      d53dcf8e7a2979607ecee97a4614108062e6c70717120daad664bf8447594d72

    • SHA512

      55150b6c1125541cb48dd1e5117ed9379fba7f25107089b025769eaf79df06bee8e12f31846bf6a131f3a02e3ddf0846accf479b2e0560c7ae2c69faa75c1173

    • SSDEEP

      49152:qqH2dzn7qrb/TIvO90d7HjmAFd4A64nsfJ2SrFDMRS6cwJNVXq7CKKCcGqdbngdh:eZkRGrVqlNongda8REosrns

    Score
    1/10
    behavioral13behavioral14

    • Target

      Browser/TorBrowser/Tor/PluggableTransports/snowflake-client.exe

    • Size

      17.9MB

    • MD5

      f7027ca6ffa23d9fee473c3f085a2dce

    • SHA1

      1ea3fcb125cef8840c3cb3c8360866827f54b830

    • SHA256

      252bbe002b2a3e5791b3dc2d8868dc541d666099c417f6ee86ec1f746c577231

    • SHA512

      857960ae38e569e2d70ea7bbd8642da28f8af868aae2eede225411ed2747748ccffd05fcbc1d55451c952fd93e24f663d06e01e59459f74a9bcd87ab533eb290

    • SSDEEP

      98304:/Ar6hyNIzEqbpND+ovz20wr4IfUCvE5Q+tEmfNq6+Ds488NSj0yWi+0y+2HKD7em:sIzE6pNtzbI8JZ+mfSQOwHV

    Score
    1/10
    behavioral15behavioral16

    • Target

      Browser/TorBrowser/Tor/PluggableTransports/webtunnel-client.exe

    • Size

      4.1MB

    • MD5

      976b08039e0e69732d6ab8bb2e6d5c22

    • SHA1

      4f31ec2ac871fe75aac8eaf7bbaf1cc32a2c189b

    • SHA256

      b58978883f7d05f7fb59177f9e46059684145428c34c34333bb91848a6657447

    • SHA512

      ac2e7141b0e7a4ad8191185f36619a97a921bf6f571249083c910b7c8dc55ff446cb2a9186526a29f2385b475a2acb91d8bee01e3d03fcc03b54edd46417f0b4

    • SSDEEP

      49152:L37+O+4RTrb/TyvO90d7HjmAFd4A64nsfJ5Wgf/ioNayWbnOUOH7H5o24+Z5EDpD:K4RJvuyCcX4cEA5L

    Score
    1/10
    behavioral17behavioral18

    • Target

      Browser/TorBrowser/Tor/tor.exe

    • Size

      8.6MB

    • MD5

      47539d0337e97e22a728afc2638d461f

    • SHA1

      d97b37079543b33b9b605c787945f809aed66fd6

    • SHA256

      262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5

    • SHA512

      3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

    • SSDEEP

      98304:jmqFOu7JIl0ipQUUcm2DBkA+Pd140+1h8mKwTvlUUyAa5s:vhJInoiDb51h8KyN

    Score
    3/10
    behavioral19behavioral20

    • Target

      localization/hu/devtools/client/perftools.ftl

    • Size

      5KB

    • MD5

      313e8d9557b92fd334bd054e98dbc9cc

    • SHA1

      6335da7b561be037be5054d9d834f7a23eb84529

    • SHA256

      c21ac3aab8c77871db476b34ac690144d422d25e0b1fa40739c271490b1bcc6f

    • SHA512

      0a74e192fcad5993395886c7359d8aee3c3214d53729fdc2e3897c63c17219148e01dedcf05d90b4ce331ada0f6ab7fde92b5d2ba6e1a8ca570a7688a7ae1576

    • SSDEEP

      96:asPtq+UHKiszI+Q2L01cD5852BAjqwUCS+oC5/dufSqvcJcAPyy+PuPFrC:ttXUqN7Q2LYO6EBSqHCSXC5/dufSq0JO

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      localization/id/devtools/client/perftools.ftl

    • Size

      5KB

    • MD5

      862aabe815d17420c49ad4a9ef78d7bc

    • SHA1

      aa843d18314acade5cfb3c0b2d3f1634ff6c960a

    • SHA256

      f2b767ebc756266f3d4b540540e902e52b0396a4d12009b158e2faf3983dd94d

    • SHA512

      17bb3335a9497f56619e99a860ca118f2cd79170b55d13365a3c4c7123a554e74804634ad6572ce62010d0ce8c73b267f4391aa83fd224dc35c3eafcf07bd982

    • SSDEEP

      96:mb7cd3MbqPO6jPBs7iEPPBNJfN0hgVBqINnvaRZop6YhWV7:mbYd3fPO6jPBy5PTJfN0hgVBqINnyLoQ

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      Browser/d3dcompiler_47.dll

    • Size

      4.1MB

    • MD5

      222d020bd33c90170a8296adc1b7036a

    • SHA1

      612e6f443d927330b9b8ac13cc4a2a6b959cee48

    • SHA256

      4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

    • SHA512

      ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

    • SSDEEP

      49152:D5EfJYiVk9w6hAPqzag2At6i5K/8Ub6Lg3MEq/NHiQTtVr+5kb62QgdD6zoodr7P:l7iNPWHYE+Bnm8

    Score
    1/10
    behavioral25

    • Target

      Browser/defaults/pref/channel-prefs.js

    • Size

      429B

    • MD5

      3d84d108d421f30fb3c5ef2536d2a3eb

    • SHA1

      0f3b02737462227a9b9e471f075357c9112f0a68

    • SHA256

      7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

    • SHA512

      76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

    Score
    3/10
    execution
    behavioral26behavioral27

    • Target

      Browser/firefox.exe

    • Size

      1.7MB

    • MD5

      65aa9b0f57d72e4d70e9226322221adc

    • SHA1

      85fec174d0977afd8c0100c9d9b53c958e1949bf

    • SHA256

      51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410

    • SHA512

      f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

    • SSDEEP

      24576:M7iOs4gKM8fqEneVGiiEOwaJwORKTCRj:MOOs4/qEneVG6LAwE

    Score
    7/10
    evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral28behavioral29

    • Target

      Browser/fonts/NotoSansNKo-Regular.ttf

    • Size

      38KB

    • MD5

      675a36c0b084fd16c8a0c466da26df2f

    • SHA1

      08cb816c2d82646eb012477ca9180a9ccbe94f10

    • SHA256

      c756efb2c40f754107d76fa4e401fc3b8b7edec5cc65db549d3d0236ac6d08a1

    • SHA512

      685ac3f7e308a1d32f0bae0571378897b2b59a56da8c871d90bd568ccacbfc3d58976f33e6e3dad23e9473c6d7bf38465f257ae8824b6cc57585b769015b8508

    • SSDEEP

      768:Fzr0MfLbiEt/HoF4ssQiwNgJ3I/R6oBWmQYYY5iH95ETFsQPRzT9xFFrDW/iSD5:RNfL3+F4+gJ26oPQYYY5iH95EB5VFBaV

    Score
    3/10
    execution
    behavioral30behavioral31

    • Target

      Browser/freebl3.dll

    • Size

      690KB

    • MD5

      0b2fae3c680dd4292503d1127918e158

    • SHA1

      3ae591bf2a426f38ae5ada27ad1124ba89639b4b

    • SHA256

      a67ec38faacb85dafa1780ad01133a742716db58bff6d9b1f3ea47e0346d8b61

    • SHA512

      dedc6213d4708821c754301881832b7f84566d56bdbcb2617262893debe916d26dbd45e0011e8186cb8448be2142693ad0a3fdeca9408afbc2b993cc8af93a80

    • SSDEEP

      12288:meHxOsFcvL2c5mCcN9XrIdvupR/VUMZs/qnh6:m1sFpc5mCcN9XkUphOMU+h6

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

privateloader
Score
10/10

behavioral1

evasiontrojan
Score
7/10

behavioral2

Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

persistence
Score
7/10

behavioral10

persistence
Score
7/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

Score
1/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

evasiontrojan
Score
7/10

behavioral29

evasiontrojan
Score
7/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

Score
1/10