f2b34a259d71a5358b99157ae1770874bf280d7e0eaeb4b0faf196ae04c3a20f

Sharing

Copy URL

Twitter E-mail

General

Target

02897375708db547487dd809c2c55552.bin
Size

67.4MB
Sample

240507-bdyygsbd2s
MD5

481424d0db8648508349bfa407c92a4e
SHA1

b820c1ed0190a26219a6b677175e4cc06d5d3642
SHA256

f2b34a259d71a5358b99157ae1770874bf280d7e0eaeb4b0faf196ae04c3a20f
SHA512

a8c06b5ea3527fff0a5b6c564a0af90854dcf2dcaaef1005338a83ff485a377110d017871b4f330dfb05b34ddac1850434f1d766660d94a4bcda90f44f93c24b
SSDEEP

1572864:T0ln5/U581ccONrhLIzDssRIWRXPLN608FC:drxKDsgl9jNf8I

Score

7^/10

Malware Config

Targets

- Target
  
  b4ddc8569108a593bfd2e8d5f14b9210a9143b2fb2c553e6931f8da5742afc1c.exe
- Size
  
  67.4MB
- MD5
  
  02897375708db547487dd809c2c55552
- SHA1
  
  aaecbbfe8d0f7637089cfbec15a62fd756adbdf3
- SHA256
  
  b4ddc8569108a593bfd2e8d5f14b9210a9143b2fb2c553e6931f8da5742afc1c
- SHA512
  
  cbd95d3603e974d7e95cecc7c6cff06f79b123720c429a926ce469e073db34b63af2d198bb12e98406e3acf59ef36bbf056c37c142ddde9be42fe8ecf1616063
- SSDEEP
  
  1572864:rjdduMKeCq3ZZIEzdcC5bAfWatAGXt0idRK2+DGSvraL39jo+2:vujWSEZcAOAGd0sMDaLtjR2
Score

7^/10

execution spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  LICENSES.chromium.html
- Size
  
  7.9MB
- MD5
  
  312446edf757f7e92aad311f625cef2a
- SHA1
  
  91102d30d5abcfa7b6ec732e3682fb9c77279ba3
- SHA256
  
  c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
- SHA512
  
  dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333
- SSDEEP
  
  24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
Score

1^/10
behavioral7 behavioral8
- Target
  
  d3dcompiler_47.dll
- Size
  
  3.9MB
- MD5
  
  3b4647bcb9feb591c2c05d1a606ed988
- SHA1
  
  b42c59f96fb069fd49009dfd94550a7764e6c97c
- SHA256
  
  35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
- SHA512
  
  00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50
- SSDEEP
  
  49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
Score

3^/10
behavioral9
- Target
  
  djs-embeds.exe
- Size
  
  131.9MB
- MD5
  
  da529fff6306b525609369630200ec16
- SHA1
  
  dcdd721a9a8a71a91277e1203e4e4d0ced638088
- SHA256
  
  19f866abbb2238812e32cb61ca9af7ca852d9f9d7865653faf1c57104e640da4
- SHA512
  
  900c4e5409a91143ce98e846b62f026e76b53970c926f0c9ef06781ebe39933616e9a0e4434cc7ecf4e9c2851cd4ce0f273279f1940f4524fee7c4a402bae6c9
- SSDEEP
  
  1572864:G4sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCV0:fl/BkVVPBDgmPKa5Wnu3X7
Score

7^/10

execution spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral10 behavioral11
- Target
  
  ffmpeg.dll
- Size
  
  2.5MB
- MD5
  
  1bb0e1140ef08440ad47d80b70dbf742
- SHA1
  
  c2e4243bad76b465b5ab39865ac023db1632d6b0
- SHA256
  
  c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
- SHA512
  
  29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a
- SSDEEP
  
  49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA
Score

1^/10
behavioral12 behavioral13
- Target
  
  libEGL.dll
- Size
  
  371KB
- MD5
  
  e0a5d1a5d55dffb55513acb736cef1c1
- SHA1
  
  307fc023790af5bf3d45678de985e8e9f34896f7
- SHA256
  
  aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
- SHA512
  
  094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f
- SSDEEP
  
  6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW
Score

1^/10
behavioral14 behavioral15
- Target
  
  libGLESv2.dll
- Size
  
  6.4MB
- MD5
  
  44f7c21b6010048e0dcdc43d83ebd357
- SHA1
  
  d0a4dfd8dbae1a8421c3043315d78ecd84502b16
- SHA256
  
  f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
- SHA512
  
  7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c
- SSDEEP
  
  98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC
Score

3^/10
behavioral16 behavioral17
- Target
  
  locales/af.pak
- Size
  
  368KB
- MD5
  
  7e51349edc7e6aed122bfa00970fab80
- SHA1
  
  eb6df68501ecce2090e1af5837b5f15ac3a775eb
- SHA256
  
  f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
- SHA512
  
  69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d
- SSDEEP
  
  6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
Score

3^/10

execution
behavioral18 behavioral19
- Target
  
  locales/uk.pak
- Size
  
  688KB
- MD5
  
  ee70e9f3557b9c8c67bfb8dfcb51384d
- SHA1
  
  fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
- SHA256
  
  54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
- SHA512
  
  f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f
- SSDEEP
  
  12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK
Score

3^/10

execution
behavioral20 behavioral21
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral22 behavioral23
- Target
  
  vk_swiftshader.dll
- Size
  
  4.5MB
- MD5
  
  65a5705d95a0820740b3396851ff1751
- SHA1
  
  a692a80bafc41ba1b29ef19890f8465b3fb20dcb
- SHA256
  
  4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
- SHA512
  
  0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d
- SSDEEP
  
  98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI
Score

3^/10
behavioral24 behavioral25
- Target
  
  vulkan-1.dll
- Size
  
  786KB
- MD5
  
  a947c5d8fec95a0f24b4143ced301209
- SHA1
  
  ebf3089985377a58b8431a14e22a814857287aaf
- SHA256
  
  29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
- SHA512
  
  75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3
- SSDEEP
  
  24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+
Score

3^/10
behavioral26 behavioral27
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral28 behavioral29

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29