Overview
overview
7Static
static
3Qt5Core.dll
windows7-x64
3Qt5Core.dll
windows10-2004-x64
3Qt5Gui.dll
windows7-x64
3Qt5Gui.dll
windows10-2004-x64
3Qt5Widgets.dll
windows7-x64
3Qt5Widgets.dll
windows10-2004-x64
3icudt51.dll
windows7-x64
1icudt51.dll
windows10-2004-x64
1icuin51.dll
windows7-x64
3icuin51.dll
windows10-2004-x64
3icuuc51.dll
windows7-x64
1icuuc51.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1msvcp100.dll
windows7-x64
3msvcp100.dll
windows10-2004-x64
3msvcr100.dll
windows7-x64
3msvcr100.dll
windows10-2004-x64
3platforms/...ws.dll
windows7-x64
1platforms/...ws.dll
windows10-2004-x64
1spoofer.exe
windows7-x64
7spoofer.exe
windows10-2004-x64
7tpm
windows7-x64
1tpm
windows10-2004-x64
1General
-
Target
spoofer.rar
-
Size
27.6MB
-
Sample
240510-2xf5wshc94
-
MD5
782a56fbe24bc419501d9e3d47a054f6
-
SHA1
1f2d386428c08ce8c296bcfef39c52f63c9b113a
-
SHA256
53adce61ae8d60998270effcc98ef86e311477635407a1df0b9ee1b21d320c21
-
SHA512
11c63dbdcb45a5ef72e1edbd14391b22387ca05baf52b31e7ab7885140b6e507aa5a9ef389941ee07352260b5ab6d19db2c5ea2467138f36f4710d83c44f9c72
-
SSDEEP
786432:RkENv4BQX3DFCzhUPehsC5R4uouIPPSMRzYfkq7Copu3H6:RkEFiQpYqeWC34L1aMxYcq7xW6
Behavioral task
behavioral1
Sample
Qt5Core.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Qt5Core.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Qt5Gui.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Qt5Gui.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Qt5Widgets.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Qt5Widgets.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
icudt51.dll
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
icudt51.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
icuin51.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
icuin51.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
icuuc51.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
icuuc51.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
libEGL.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
libEGL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
libGLESv2.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
libGLESv2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
msvcp100.dll
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
msvcp100.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
msvcr100.dll
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
msvcr100.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
platforms/qwindows.dll
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
platforms/qwindows.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
spoofer.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
spoofer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
tpm
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
tpm
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Qt5Core.dll
-
Size
3.7MB
-
MD5
8e4dacc3e44160be5615bc8f97cb363b
-
SHA1
9ad44c7d18aaf7e9e108956d76e1e7a5bbe47769
-
SHA256
71bf3859b71c395110e0167542a94558f44a7308d146acf35dc37e2cd10840d9
-
SHA512
b6f4ac0e85a1fcfdb274035d73b7b6ffd8cbf84101dbd9ef36f5af9519df7a2a7f22eba143899a3727d6108a44dc5b3beb097e62d9b201f1b7878b18d108a2e1
-
SSDEEP
49152:GVuHfzDizPlXqOa68n9yX1NjMtRJ8Njv5A8Jsv6tWKFdu9CjTH9ry0mRYPUFwR01:GVuHfzDiB8ylNItn8/HJsv6tWKFdu9C
Score3/10 -
-
-
Target
Qt5Gui.dll
-
Size
2.8MB
-
MD5
2e6e0d37b7876af3df53571d89d69dea
-
SHA1
5923daf1090aaa59f5289296381c2ea0144d9046
-
SHA256
5d1ff382f950deb2017dc981cdc11cff15c18caa4ebf274070adeb44e6e9aa73
-
SHA512
22f76c0aa8d8a65740e8313e447ad36b65d10ed4919f386a66901455b78d05596f8cb2a2477063440c2be8e3ad1ad19cd48af0e026558b67c4419694340f3390
-
SSDEEP
24576:aJ0hif8Ie6ufVgt7Baa440CqTdNu7VOzehw1ARLlbMK9ovxoR55DgRhz0nBE7nG/:I0BVBan0CqTMBhw5fXz6EuVMR7XEXeY
Score3/10 -
-
-
Target
Qt5Widgets.dll
-
Size
4.1MB
-
MD5
da9d27ff42f875d3803d20ab7d725b8f
-
SHA1
df9578285ffde620a260693567e972f1b1b32436
-
SHA256
4dd313ccaf0c6fe70b3c06d7350cb2ece59840d5c0fcfc91bb0842e2f64876c1
-
SHA512
1ffe5deba23bce9b4a78f3509441653692641c584ab8a765ef64ff57d9fd70985c5a050667af0f31dfe4adbc1cd4d7aa582ca2aa60a01d8fc91556da9fa7b49f
-
SSDEEP
24576:G6HNX+SaobmDAwmlhIB45JprYXFafATw93FKInnhTV8jF2IYJGlCrQORBFujN4Rq:x7bnOFlgQ0uJiphwWO10VmVsPBp
Score3/10 -
-
-
Target
icudt51.dll
-
Size
21.3MB
-
MD5
90fb58ca451b32be5ac406175901b7b2
-
SHA1
fa25ea12773d4c43697639983cd149f6db4d2ce1
-
SHA256
8d5d12ad3925bcb3d175e48c469f9d65887fe296624a049afe8658e00c45e0cd
-
SHA512
c325e1bfa25940ce358c1407a944c140b104115b8e7e73322248251252b0a06e93ad594494f89b62a16ca24a9e2607f94762dc58ffb5d2e8ad7f5ff5008a2f4d
-
SSDEEP
393216:buE2HH+yW1oBMUeHzl+4kbIWQOT0b8O8:s+P
Score1/10 -
-
-
Target
icuin51.dll
-
Size
1.7MB
-
MD5
a7f201c0b9ac05e950ecc55d4403ec16
-
SHA1
20b5b9aefd27b11bd129af6bf362d11dffafa5e5
-
SHA256
173092c4e256958b100683a6ab2ce0d1c9895ec63f222198f9de485e61c728ca
-
SHA512
0d3b3a3f2d5c39b7309943591e51587c1db4bfc70ea5b0fd4a9016aacf0ca9dfa69040e6d74e1b9424fd8e41b3b3e22ab5d7c5352af6c216e491edec78c612d7
-
SSDEEP
24576:7GWPHUAzlcNk0BjXxOKWf8e4VY/+AnattjtpKFJ/t:FPHUGOkIxOKW5OXlKHV
Score3/10 -
-
-
Target
icuuc51.dll
-
Size
1.2MB
-
MD5
dae4100039a943128c34ba3e05f6cd02
-
SHA1
22b25c997c8204ca104cb72d98bc7fe57ea02b48
-
SHA256
2357806ca24c9d3152d54d34270810da9d9ca943462ebf7291ae06a10e5cb8ba
-
SHA512
5155b812afecddfcc904ad403d04dd060d284a2e9a9a0b26ccc96fb593801176be2ba69ffd2fa2a6f246a84f6dc824f042adaca7e8c1d3d57aae3fc62c2c24e1
-
SSDEEP
24576:DCYW9S/7mMcs50Mf+Av1gQp3Y6ZBGB6riFv9Kk2HPmOh:DCw/8s0IaQp3Y6ZBj+Kf
Score1/10 -
-
-
Target
libEGL.dll
-
Size
47KB
-
MD5
fa21c09c83ad8c73c5f759662dfc7d28
-
SHA1
3200769281496cc61065ff856836e36a50690033
-
SHA256
cdb4ba8f6e622f63a94df438552acb08d13af7b4a80ddce4b459f943e636d160
-
SHA512
b763c878db6bbc15f7ebfec2b65e01ec63c8ace681662a4a844ae55fa6f5dbbbe066713ca47357e68a8d7cb1b8b81d901fa6622934b576e4cd5604061703a1d3
-
SSDEEP
768:4dp3loIiS+gbIdX9h9btywVT+0sdfLKc/IQiInhtTaQotOnKOdNGd3:4H3llRbIdth9JjTvsFec/IYhtuztOnTW
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
711KB
-
MD5
ab04036478f242066e47aebd26557250
-
SHA1
79042e6cc77513ee58d22a96d404a7fa494adf50
-
SHA256
82dd77ecc2ec3893d9f64d3bfb0db345fc82ccb11ec3fa2a4144828052e880a9
-
SHA512
386ae8a71f004da410e61c16ff567f6fe8c8dfedf0d9231f94c4edd9a9ac2e5bdcb6b09a4ed837c0ebc2d7e810c6e8ad60d2f9f0d52c33a585bcbc33f0ab5b54
-
SSDEEP
12288:fgCO4mFq3kAVoYQVggbGAoTbmnuNfMxJWVtrKnffO9Py0n4w0:ocmFq37JQOTbZpaffOFy0n4N
Score1/10 -
-
-
Target
msvcp100.dll
-
Size
411KB
-
MD5
bc83108b18756547013ed443b8cdb31b
-
SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d
-
SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
-
SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011
-
SSDEEP
12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
Score3/10 -
-
-
Target
msvcr100.dll
-
Size
755KB
-
MD5
0e37fbfa79d349d672456923ec5fbbe3
-
SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
-
SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
-
SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
SSDEEP
12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score3/10 -
-
-
Target
platforms/qwindows.dll
-
Size
813KB
-
MD5
a5f6bf2510039476d894a4dbdc1ebf57
-
SHA1
8127005b31bc3008bebb0f4c3fe3064bc02fd459
-
SHA256
60b2057abf8ad26da8571e36431d98854dbc5224c85be6b2cae5ef291b6fdab7
-
SHA512
6f39840915d41b6d2f904b90ffcff80aaed144f9556896fba51ad08bf59afda0bff85c10b80af8a1e3ada3baa68d8ff7c3346d33a9619f481dd4125f938b87ff
-
SSDEEP
12288:ME9A+8KGsbuY68kn3ldh57A5sqoFBuP4cs41Hsd2LgAN4yukK:MUGqxkn3l0sqo7uZf1cjyc
Score1/10 -
-
-
Target
spoofer.exe
-
Size
16.6MB
-
MD5
aaae9af892545b725f17b2234817fccc
-
SHA1
2cf5e4044bbc84f8d1898a9a9f71c7937bf876d5
-
SHA256
53245c0db33c4f8bab442ea125c58e50408796242462f81ed5bbef9d32f05352
-
SHA512
864a9d07e2880564ce97a52298b5a82aa15d968a5d2d512700f3c9b6de2c7da8e5b86a64106e9bb2d489aff1a302389d8eb7186ce7d94d03e4267ecd9b224708
-
SSDEEP
393216:CEkFqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lntEwPKksutK+:CND49YQFS1QtI6a8DZcIlt8kvK+
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
tpm
-
Size
54B
-
MD5
2b2427dbfb51f868c8b84755ed574107
-
SHA1
25f093b0840dc5c1b0a638724dfbf05faf4142bf
-
SHA256
a5ffc2c06af5be1226f20c21c3d03465a0801d38d9be82e5ece72444c4e8f744
-
SHA512
501871b37339ad76d643b54e03b9b79aae23c44ee195e70e20833b7649c2b95a514d55513ef581e3563c21ac59f2afaab4eea75b583aaaca1514eb6eefbfe59b
Score1/10 -