05c2e4a22b9e3d4e01a06533d6cb8d28da47811cb451593b2f4d34cc71a67743

Sharing

Copy URL

Twitter E-mail

General

Target

x644.rar
Size

2.3MB
Sample

240506-sfv32sah25
MD5

ab87b4afc48370e27b36afea045b04da
SHA1

9dd6fe8ae20365c327fd2e2fca15114bca469952
SHA256

05c2e4a22b9e3d4e01a06533d6cb8d28da47811cb451593b2f4d34cc71a67743
SHA512

3d2f72667ee8b2cb76a998ac13d85d28cc13ff980731bcf09de2fd996613dbbf7203ecbc6ba90fa8d638e98c2096369c55ba5fbef38e4c3cc1937ba5e8cee3da
SSDEEP

49152:lQDbrti2d4eu6/cMA+GsmgDANRY8Z15fdYmn/nrLHrmAirq4A0xwwslN:+Dbrti2qx/smZRY89yiLTirqJW1slN

Score

8^/10

Malware Config

Targets

- Target
  
  x64/Release/net6.0-windows/DiscordRPC.dll
- Size
  
  82KB
- MD5
  
  c6115a08c8e50dac0194fb98d3edc9d2
- SHA1
  
  903da7fb7ad47b7ad8eb5984ed54a865f6148744
- SHA256
  
  4dd4d48e0681604e3a7a72b6eae42173421d0b806b1af8fa03b45d9999978499
- SHA512
  
  3e43f721cf7b1ab28a4ff771b4186c70523eb2bd236063111593453c08dc8a7cf3fffd6a15af72502e8b800a35fbc7a7bd4ebb5b8f5f41796ee62a7a4a96c324
- SSDEEP
  
  768:eZGfuhWbsoZkmJPTsERSrxWjOFB8ZZnwUMOpSJAT9wQtc3nIYH+nijpJRMnk56Ha:TWIbP3QxWjOQ5pYlPMkh+mTxtSNy
Score

1^/10
behavioral1
- Target
  
  x64/Release/net6.0-windows/INIFileParser.dll
- Size
  
  28KB
- MD5
  
  2e77f841dbf271fd1ffc460bfd87a1d5
- SHA1
  
  18125861f0519cdf643560c0a988bf70c87d47b3
- SHA256
  
  f81ba0dd987d46a67b1879ef4ee11c14f32940ff211eace347a68e42bf272554
- SHA512
  
  556e4133d28935c13d93e5190178804b13c98334332316ced50b878f35730b92c62f0440f1c2e1bc3f5c36eaeced5ca794cd2fdf9ad5434af6194940aed0e346
- SSDEEP
  
  768:3FBulP+gma9/YzvPtAlzIzlpAuJa2kIhW9:1B8yaWzvPtpAEa2kSQ
Score

1^/10
behavioral2
- Target
  
  x64/Release/net6.0-windows/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral3
- Target
  
  x64/Release/net6.0-windows/ThriftNetStandard.dll
- Size
  
  38KB
- MD5
  
  633ddbdc588152380af7addeaed89301
- SHA1
  
  a900afa228956265dc6ff529cc73e074358227f6
- SHA256
  
  e423c8f28b9984db388e034e238e76adc5d37183586f6a11db62561b6647ec47
- SHA512
  
  a45c5fa226e5859b2a0d9aa71c8d3abd7894c2a345c75bb3e0453a0dc2bedbe8dbd643645352687af40865751df5c979f07a095e5b7fa5e33dae2fa0a683ddf0
- SSDEEP
  
  768:IGb6ly21JBGYYgdEIPxsVGJzNe6VnywBM4M9P:Id9hNEIPxtJzNfVnHBi
Score

1^/10
behavioral4
- Target
  
  x64/Release/net6.0-windows/WindowsAPICodePack.Shell.CommonFileDialogs.Wpf.dll
- Size
  
  262KB
- MD5
  
  6a2fdbc61dbce86b9fd294264543ca51
- SHA1
  
  de94deaec65ef0465875c233860e18f0c8de3ca9
- SHA256
  
  4c0e231d0caff06ff1d50c7bd9d69cd70c1993823fd5a2f0e558b5fd07b7112c
- SHA512
  
  86f6129f998298a196b3ae61177776fc19afaf93ace3db3d5c6a0b84bdfad8e97781c6f78cdb56a51013038f4bc8168f761660e4e40eb6aef83acc606d70887c
- SSDEEP
  
  6144:C+U2132z3MBcJu0XbB0CSN8qGIMg6Lj+8pnD/+RAyj:oi3/0XbR+c
Score

1^/10
behavioral5
- Target
  
  x64/Release/net6.0-windows/WpfApp1.dll
- Size
  
  1.9MB
- MD5
  
  83495b061525ec1f812f827ab4ce98bb
- SHA1
  
  3702e7cb6cd95d993fa6914e507b4aabbcf17260
- SHA256
  
  22011868be67336619c2b7db61364848502b1abe6253bb2770255556a454bc8d
- SHA512
  
  0a7f4dbe861d6f9c760b4b7574f7107d601aba7c0d25cc598d5af1d8d5fff25956e5de7e19c706e05d7f68d73d5efa2b108d770783935ed74da78c0834aef864
- SSDEEP
  
  49152:tm8hnTbZOwRqH+UwBTCYvZLt2us1vI6qRn1:bhn/YAPyvI6mn
Score

1^/10
behavioral6
- Target
  
  x64/Release/net6.0-windows/WpfApp1.exe
- Size
  
  146KB
- MD5
  
  e54d0f9f1142680972a8eba9b3925b9d
- SHA1
  
  2ee0ac858e7b5dee03ea42fe78f71068e4f88d14
- SHA256
  
  9b8597eac0d22891e3ecf4cf287822d4cda4ed3fda60bf98f04948f6611cf2be
- SHA512
  
  02f00e17ccc84623bc32927401b46251038b830f0b41b058cb22462beb24e2d7219e19ac1aa4afb51ef1e04aa800c3c999b59e71fc94a3868c74c4f6ff16564a
- SSDEEP
  
  3072:7czkitvo4BpYN/6mBPry8TXROLdW5m4mURh9OOGj0k9:7A4NCmBPry/N2VOOe
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7
- Target
  
  x64/Release/net6.0-windows/zipkin4net.dll
- Size
  
  82KB
- MD5
  
  b582bc892f88c625466a126546926403
- SHA1
  
  f6ec94203152113ba95c27dfb752bf58a956e082
- SHA256
  
  fff3a835eac069657ec24ba633fbcfad0ce3477ffdeaa0b750bd7d434d5d1311
- SHA512
  
  ed7f8ea3b7b1b29891608fb458365fc1d039a5c8dce7e2e0679400597d0b21286b11b68027443d7f338cc892500222ae9bbcdaac4aaddcb955cec8a96b552fe0
- SSDEEP
  
  1536:7aEEjMBFnJo/yDJFExgJ2PcW2IhZE9fJBlHC/YS1fePLBp62JNcSRcxGS10U9mmz:7YslHC/YKeDBUgNciS1Z9mmpY5T6u/FS
Score

1^/10
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8