3d921ee584d0984f694f60a771a6581a6f32a9de995a5cd4bca1931185a4e618

Resubmissions

21-05-2024 15:45

240521-s6292sah6y 9

Sharing

Copy URL

Twitter E-mail

General

Target

Wireshark-4.2.5-x64.exe
Size

82.5MB
Sample

240521-s6292sah6y
MD5

2e23b0e7ef14dac31eb825a284fcbad8
SHA1

0e3c7b4dcd5c247c8f9726195a4d5a70b99f8b1b
SHA256

3d921ee584d0984f694f60a771a6581a6f32a9de995a5cd4bca1931185a4e618
SHA512

6242031538a46b6576885228d74b88705f5c3c3afa7ffae4ee218010f0db6d4e4ac0261a2005c3ca27dcf929de963d4693623d402d7239881b4bbdf792e944d6
SSDEEP

1572864:uvPlDWPYmmW5ttwcR3fp5LR5wsS9ZZdP6kA1YifYd2rJwzR088LYBDJkV:uvsAmmWjtDR3fTXwd9ZDPxA1bf07K88p

Score

9^/10

Malware Config

Targets

- Target
  
  Wireshark-4.2.5-x64.exe
- Size
  
  82.5MB
- MD5
  
  2e23b0e7ef14dac31eb825a284fcbad8
- SHA1
  
  0e3c7b4dcd5c247c8f9726195a4d5a70b99f8b1b
- SHA256
  
  3d921ee584d0984f694f60a771a6581a6f32a9de995a5cd4bca1931185a4e618
- SHA512
  
  6242031538a46b6576885228d74b88705f5c3c3afa7ffae4ee218010f0db6d4e4ac0261a2005c3ca27dcf929de963d4693623d402d7239881b4bbdf792e944d6
- SSDEEP
  
  1572864:uvPlDWPYmmW5ttwcR3fp5LR5wsS9ZZdP6kA1YifYd2rJwzR088LYBDJkV:uvsAmmWjtDR3fTXwd9ZDPxA1bf07K88p
Score

9^/10

discovery evasion execution persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10
behavioral2
- Target
  
  dumpcap.exe
- Size
  
  513KB
- MD5
  
  025814d22e9f5c211d5a3f152a6116f1
- SHA1
  
  e7e18ddc368d3cf4dea5ff0136b71664df6c8feb
- SHA256
  
  423601a52a1ec782168b9d114fad1969eef2ed8bc67b2777549d001c9e2911f4
- SHA512
  
  dc5884c3bf2179fa9370c3d85e212ffb192921952f57774ec312bbdbf53d76ec55ccb064a7899ad847ca0bbfa79c9d5a91e089ad4a3a69bd96ee05f680b06b5f
- SSDEEP
  
  6144:JyKv/o2mmSw+6R7n5C+ibky8PPEMceJAIqHn3AuSFP9P9gh:tv/o2mm2i75BiYy2PExemIqXAjFP9Puh
Score

1^/10
behavioral3
- Target
  
  dumpcap.html
- Size
  
  28KB
- MD5
  
  44160f5741a7246c342cb45ca714d43b
- SHA1
  
  cee079c623e13ea36c31ce2cf6f7124cc1d41960
- SHA256
  
  6a6e8715a205e372a8fa7deca8e586d87184ab40af8bdcc79424b05e5df87798
- SHA512
  
  d7e5edbb65dfedd9e985c72318880edc87186060ee257237a763850001a1a7a9bc14a4a512192105e66ecf0734bf0f041b0c4d6e04ac6309e786c7aede044474
- SSDEEP
  
  384:zcLyTOwDtmYQjDQB0pHgjjeiGrheI2ZMyQIjM+/tIejjSqUT+IN8NbnTB8nU:cySwlQjUQHgjjei4heIemvoesfGnU
Score

1^/10
behavioral4
- Target
  
  extcap.html
- Size
  
  8KB
- MD5
  
  f738cde79e96769d2b88f294550235e6
- SHA1
  
  bf45e4f7efdb779d874ce93c7f22044109186f0a
- SHA256
  
  6b01f9040e156292ccc5f1466618b24678f076473e0b7be65450711a266d637b
- SHA512
  
  b27fbe3f6659590ba05a43fadbdcf3a5022d1f47de36d5b628b219682487b0c03c43a681df00319f442a28e9ab861405886b4d662433005142ac7c5b9e04c7ef
- SSDEEP
  
  192:ZK1pwWZzPlmkFsOndHLk3AHDA2OkghZAp:Zqp5Zjlmmr5kc3p
Score

1^/10
behavioral5
- Target
  
  generic/qtuiotouchplugin.dll
- Size
  
  92KB
- MD5
  
  a4793051f363446d022be521372a70e9
- SHA1
  
  c773f1185d31525dd96b293e65943260487ed1db
- SHA256
  
  e9eab8d0e6b2ffdbf3d6d5a28877ee441be1c8b55719492977952fdaaaad84a5
- SHA512
  
  95be490815954811183b45be7024e2b9b72f3d1ba75d61bcf1a6b93f45cfdbe1082149ca9f3b73d981cec090a991ac839f3cd3ac294f978bdfd247a1a2b42bdc
- SSDEEP
  
  1536:OuIdQo4xs14ruc74oi0KhxwmSIvRkpVHxbAxDUgbk8grxi:loQpru4Ohx3SIvRiHxKD9bk8g8
Score

1^/10
behavioral6
- Target
  
  glib-2.0-0.dll
- Size
  
  1.2MB
- MD5
  
  7fcf74105aa50ebc1f924fb078a543dd
- SHA1
  
  c12690c939eddbbccc530c455882923c94cb4f8a
- SHA256
  
  d6445fddc3625d9501ab386cf885fb2b38985e5ef81d239738db5ab72d492378
- SHA512
  
  2131680f0e8235a55408963bf49205cc14b3e9ef4f11fec402051d430c41524de023309aa35dfa439f5d2e5657a7e0182c654ae68b1f015e9d7b712dbdbf79bd
- SSDEEP
  
  24576:6kBrw3/19gl2oWb0LmdJrASjICaxqLi8krsBViBdJIvA2+fp56MWtvCMHt7q:6krw3/19aXWbNdJrjICaxqLi8krsBViJ
Score

1^/10
behavioral7
- Target
  
  gmodule-2.0-0.dll
- Size
  
  30KB
- MD5
  
  f36ffd302cab6f9b13d33810159b3c10
- SHA1
  
  831fffc249964f32b57f9cda72a8f786e0ee86a5
- SHA256
  
  938732c2cbf8591df1b073a697a2ad8fae66a64f7ae96b6d8689ce49c576005e
- SHA512
  
  ae89fd782061c9afc0809d07a7023d0986d9c3549ba796f90f5d9c8936e0c42a3b33dd348ba96519ed051abcc203c7b96e69e3db9d47a157fafbd9471005e113
- SSDEEP
  
  384:wyejOSqHahJOnbwZi4BYV1U4BZ7bpwKNsgxGwPAM+o/8E9VF0NygT:wtjFqHa7OR4iNL7IgxLAMxkEQ
Score

1^/10
behavioral8
- Target
  
  gthread-2.0-0.dll
- Size
  
  21KB
- MD5
  
  dbaa44e5ca2c6547aaf9453fe5c2caa8
- SHA1
  
  ea50319f2272db29ec8b0ee4c4352c1ba4fe0c93
- SHA256
  
  e193be90a77f369bb99fc050c40cf91bf29f0c24bedf01ab3cde2f899e7432a5
- SHA512
  
  9ebca3817c3627f8d81cc6d1e754b27784fd2972d0a54c3328016c516b71fcef5edd9012ab5a09f8de72b62436a95522c26999e2d9fde18550a8aa54fc75d6c0
- SSDEEP
  
  384:OuJb5G1ojrurpwKNsgxbiV5M3AM+o/8E9VF0NyiED:OupQKq4gxM8AMxkEzD
Score

1^/10
behavioral9
- Target
  
  iconengines/qsvgicon.dll
- Size
  
  61KB
- MD5
  
  31e06050cb915d4e89f373b9cfcd86a3
- SHA1
  
  710d26ef78667fe161d964256d1e97c159a17f62
- SHA256
  
  61a006b4952b6d45d9b3b64e7114f46d31200a2b44f3b8fac344bf750b023add
- SHA512
  
  77f2c72ace4e3bc5eaf67cc3f0ba387a982b3e35fe595ae2da0687f79d40149be891d52d4b7278acaae2fd953e344ac31d50c5e6832b9b983f8726dd5480d1c3
- SSDEEP
  
  1536:+cjQ9xCOoer+KpD3ajbyj6S+IqriFBWKMjP1tjoIbCXMhR5P9guxP:2q4ajbe+Iq245jP1tjoRMhR5P9gE
Score

1^/10
behavioral10
- Target
  
  iconv-2.dll
- Size
  
  1.0MB
- MD5
  
  b593c7fe341ff1945599537417b97b5f
- SHA1
  
  560aaed02dd685835e14f53adac277927477838c
- SHA256
  
  cc441303536536672fdf1c7cfec2a0f359dc1e8f4360ab646de217a246332607
- SHA512
  
  0018bfdb13a2f95dea9569d8dc5f6b3d434e625094d65833275bb60149935f2e4e9989f6348f78655568d4ae308b02ec730d60599f966709485505f15f0a176f
- SSDEEP
  
  24576:3gHftbBAUZLYTfYlaQuwGavkg3NyXHbbTgscK6wV5:ctBAUZLYT2aQuwGaXwEsJn3
Score

1^/10
behavioral11
- Target
  
  imageformats/qgif.dll
- Size
  
  46KB
- MD5
  
  b72697752159a6011ca674ce5aa2df21
- SHA1
  
  4d693b2e59202f1fab060e17b780e7f898e15a78
- SHA256
  
  2ff94f5fd04accd13b2591cf084c98eda4d9011a995346404f77bc05898df68a
- SHA512
  
  5c476f34ebc8bcda186a44f374c6897f772ad40c94c6e8c03bb1d495a8ce49be5b584390b87fecd3372b0a06dd07950ec1996a3e49c9bc5d78db4afacd0f9041
- SSDEEP
  
  768:8b1BgMAbGKdSySwa0r3EDVQPi4bNqZiQzad2pWxCozDc9gxjAMxkEQzw:41tAbSXInPh4zadkWx7vugtxUzw
Score

1^/10
behavioral12
- Target
  
  imageformats/qico.dll
- Size
  
  45KB
- MD5
  
  5c18471e3e53cccac8727377db59f078
- SHA1
  
  c11041d01ed0889592c366916bf79f2105074fef
- SHA256
  
  b8193c061d9000e5bb837fc7d7dc7bb5a7130b267d43d4cfd8368b0f540dcf21
- SHA512
  
  fac081d884b837609bd4cea34e5e5a0cf4408223bde448ba68cce4ad19ff1058b3c5adc44b0b91bd74275e7b70c095e46e1e12ba3002eecac3e3b0812c712305
- SSDEEP
  
  768:ZNh/rHNzM5yECWkF0EuXc19QAo3E3xv2gxOzAMxkEb:zpS5fCVFBuXc19QAoU3xv2g0zxP
Score

1^/10
behavioral13
- Target
  
  imageformats/qjpeg.dll
- Size
  
  604KB
- MD5
  
  3b2a60da75276e094de2675a8fb65dc3
- SHA1
  
  1fb85b68228b98f66239f0323f2b1f24a7d33341
- SHA256
  
  d4d75b47df8977e9fb496a6985370bdec28315cb863e6ff6aa17541cfe575285
- SHA512
  
  16400cf304c9372069262d759325cfb5fa61c7b0d3540ec2a037125558c9780c3e4c1b7e9222167579440da5f33cdc24ca40cc55e67371144c1997b0b0aaf3b0
- SSDEEP
  
  6144:QkY20xwNvMjZM09UGzjdr9N2F6iXSh6eKUm5QSNu3a99XHBHR+29zHn8cCl4RVDI:QINvMtgXMKUvSC2eM8HvTF
Score

1^/10
behavioral14
- Target
  
  imageformats/qsvg.dll
- Size
  
  38KB
- MD5
  
  bec25670e65e9a26fc9ca219421a6b58
- SHA1
  
  49f9ca89b1314c6df43ba3c19f3080681d3d495d
- SHA256
  
  b5a5552b73517b0c929e1749eb5fcbbe3949cad2ebfbb2428ce4237a45c2573f
- SHA512
  
  5edca28f656e44db45ae0fda1ac2672ba337bef0f5f4721da939c9d5f2c76e7544d25c603484aeba548da792607dc518081d69019f86520ccc2c85a0c5dd46ed
- SSDEEP
  
  768:aEz05YLHnGW21B3zSgTkyYwE7Rqgx9J1AMxkEe:wYLHnGW2tSgtYwEdqgtNxa
Score

1^/10
behavioral15
- Target
  
  intl-8.dll
- Size
  
  95KB
- MD5
  
  eb843a190275a4bb9b6a54af62cacc0d
- SHA1
  
  14babbfb806c963a3a90603944b7f3c9b3674c5a
- SHA256
  
  3ca3e67168e088bd6ee6a43bea26ec8b07a23759ced66542005ac909e3403e52
- SHA512
  
  02227139e0af9d5eaf568068547432e34890449251ec743e21880bf952033a2853e513f66150eaf4bf8a9fed327d012f3bbc7442e24b881b7554c21154599064
- SSDEEP
  
  1536:vPMqq7gvpDhtteBo1we7kCcLYVM1KIwSqNUMhEMb4004k+f/QZcFQiPESvhxNy/w:XMeDsh8VMcIwSUEMb4004NfYZ6ESvhxX
Score

1^/10
behavioral16
- Target
  
  ipmap.html
- Size
  
  13KB
- MD5
  
  0b42ca55f66492db4643cb115e7621d6
- SHA1
  
  5c05d5d3917316f8fb8b2f469675b7c53725dc87
- SHA256
  
  dc731f8df1b2f9df4a49fade0ec096e575c709aca79a87df3ce10572dc5db784
- SHA512
  
  8b6604a407957cedbd9b83d780b3495433d16d2a0c51e17bd1b3d1c91f73d2e4d4c3749889d245a6b507ba51c97ecc4bc6650413fa1da0e1197a2cb03c695b12
- SSDEEP
  
  384:Dv3AEPgci3CPKZhkKgF6HSdqqwc01Uw2EpxvDgw:DmPZhjgF6nF0w
Score

1^/10
behavioral17
- Target
  
  k5sprt64.dll
- Size
  
  73KB
- MD5
  
  0831183e45988e8d21c33bb9830c0540
- SHA1
  
  c3862573f7b38c7c81d2ba40caf659fcc831cebd
- SHA256
  
  83b1267c99b5b87949ade0eb1a5834791bfac6bded43936f61f0ec8fd84c0a90
- SHA512
  
  6bada32edbbc551687b2a9a919e361d78235d25f66ffaac9dc01684bdd9639984dba7b6864aa8f3216a6ea5ac8cc85a8f540b22f8a57ce6ac604d87d21cad41b
- SSDEEP
  
  1536:0ZpvaQbYrTYDsKiKFn/CNBHBFb4B+J6zVgHGxdqE:2pGrTYQBBbjJ6zVgH2N
Score

1^/10
behavioral18
- Target
  
  krb5_64.dll
- Size
  
  1.2MB
- MD5
  
  aa6e212e1391d1abbeffa1e9faefb4d5
- SHA1
  
  e3ff656387c5194c593f7c682bbeb88200298867
- SHA256
  
  a9ae1ed66c645ea514c19490fe5e9cfd11d7b79eb1ab6d12abb7307e3d16e153
- SHA512
  
  7c49de7b16aba82a737910d211ca28465ca246ff15f6a533bdbf8058e68d5b96d4fb7db6c2c288c79d2a628183e3241576282ed6a2a5d4440cb2621465ec680c
- SSDEEP
  
  12288:SqUC2f+2Z99Dc5MBj4nCJaQhlRxW1rhNESUqSoak3TtoPArLE34:xUtf+2D9vBcnCJaQhlorhN9UBo0YLy4
Score

1^/10
behavioral19
- Target
  
  libbcg729.dll
- Size
  
  100KB
- MD5
  
  d6466cdbf543031a6dd2dee4dd0cf796
- SHA1
  
  281f6f58c06ebdc0b266fa1ac35f1366494012db
- SHA256
  
  2ed3dfbb95695c354850417089fdb30f957dc17169fee47afe75b8d71db72931
- SHA512
  
  ffeafd93c122d399721792ef8adf24d5c65eb1892ed0eb312d07b8cb5894379d54305bb096078361d3d8b55084bd6cf42454719e0936758305f09b40c2ecbc6b
- SSDEEP
  
  3072:prhCjTYJWlSNE+WHNYfnnkpETJXkGbWVe5Ehnvvvvvvvvvvvvvvvvvvvvvvvvvv1:pdC/YsKEAXkGbcL0gL
Score

1^/10
behavioral20
- Target
  
  libffi-8.dll
- Size
  
  51KB
- MD5
  
  f339e567c4e1be13a00fc100c7bab5fe
- SHA1
  
  81513496af82ca10436e67bda6c74d260c25d8af
- SHA256
  
  8408550a5669cb7d101325f86a85fc601166a484047d7b38c146d165be81ebe3
- SHA512
  
  0308195d8ae96329d3e54ed6efca8409c4bf862c3cff51044c30f1f6314cc4ebd2f6e151729d247abab71a61b82a6fe42c710b8b3e79ff0db2476bdff95b3b8c
- SSDEEP
  
  768:saZFoOZVoc+zg7A1ro1CIoxQG1wH9AFHtqBUoITjhz2KpgxJQ+AMxkE8:xZFokicKgE101aQpZCoITjN2KpgbpxQ
Score

1^/10
behavioral21
- Target
  
  libgcrypt-20.dll
- Size
  
  1.3MB
- MD5
  
  d7e5e8e50f35efcb5f4e2d99eb6aa903
- SHA1
  
  847b3da72e27ebe6717071e03dd9f15ab1e712b1
- SHA256
  
  67a0f4ffa826763e4e80a345ae40543ec24ab043b1edac31d177f5ad633ef020
- SHA512
  
  871de93bb81e51019abafb508c97bf821d9fe3bfe89305b039abdc7841830b6d1f2f2efa02042ae524a0309f31de6524a88d7dce4e2441d5d718c983d807eb3f
- SSDEEP
  
  24576:wSr7GiADcjimMy1N0LgQS41PkXoD2ZKtPSdN85/QnjG:wm7GAumMeN0LgkPkXoDpP5/QnS
Score

1^/10
behavioral22
- Target
  
  libgmp-10.dll
- Size
  
  718KB
- MD5
  
  94feae5d9ea9605391340d122bb2e4a2
- SHA1
  
  9c2112699197a251747b5ed4b1e391a06f3beac6
- SHA256
  
  0902bd1b61e93b9f45c257c56ccf2169d5d4421c2c2b7c832275e68d28ab5187
- SHA512
  
  0433dbcbefd6a5b0f1f866366869d303ed772df1deeb47fd6d7cd418f2fa33491dfa02c4820b645af9a836ba2f0e6d8c609d02a043a20584914966357b3de695
- SSDEEP
  
  12288:1YgTb0BRt+WDLEQzKEoTRH22VvC83tE7Oj5wJ++8hrZHG7Op9:SAwBfEQNoc2Bl3tE7OtwJ++8hrZHG7OX
Score

1^/10
behavioral23
- Target
  
  libgnutls-30.dll
- Size
  
  3.4MB
- MD5
  
  e4161050b505dcdeec71fd73b70638d9
- SHA1
  
  32e3b513e6d8a6ff05aa1d1ee83f03294394a0f7
- SHA256
  
  ad8b1489d4fe1fef0db4b6d348252d71b08a8b1c652c2a8ae82ab1856c44f6e9
- SHA512
  
  53176d781d77d4fcc55d48a8961f75925922c94062afeb81eac8716f8086801217197cb9606fed9d94dd19c12e08b8c1ad4b252c70b770847976431e274ca0ff
- SSDEEP
  
  49152:aAMW5L1N+3YXy1etkKTmb4f7Ifj9oNtmX47GtlqSYXeK0pAc2XAxONXtVKPRajwU:tmZiXeLOnV1jwJCCKm+
Score

1^/10
behavioral24
- Target
  
  libgnutls-openssl-27.dll
- Size
  
  323KB
- MD5
  
  133280fe6cccaf182332686cbe8da167
- SHA1
  
  a41131dd38ae4060478bfee5d025485bd87ba077
- SHA256
  
  ef8a0c607e3e892050cb720d4e6b0de9bf0a3524757aecc3dfb2125d40fe3750
- SHA512
  
  b5f6ea7edd26a86871811e2afeb15afde9b1cbfccd4ce5a6a6de7382c50db42af18ba4fdcf0929ce994630497720589715a60d5605501c6ff383aaeeff355b74
- SSDEEP
  
  6144:uPNCai7cC0SsxaBDDHV17rsgu/Ptcd1DmMzWfg3B:uPJiDdAGH19Nu/WdRmMzVx
Score

1^/10
behavioral25
- Target
  
  snmp/mibs/DISMAN-EVENT-MIB
- Size
  
  66KB
- MD5
  
  6c7bf2eb8aef70b616ed89424e908e6f
- SHA1
  
  a50ed173ee70103641a804b160a3f8da2d50e0e4
- SHA256
  
  095bf95ad1000b3e97f2eb605f980c58ef1c9881e8be01047ade616b09073365
- SHA512
  
  efc75599aca2a12473c2a948627cc51b48eb8e55c5595528b1fd4b19e02042f6c6a82ae5c3b8adfc881d268291b9991890d8cf1007e15ed935a019612573e6d4
- SSDEEP
  
  768:U+nF3As7M/xAoiZovDouCwcmTtojoBUuo4TUy:UEVA/nD3o4TUy
Score

1^/10
behavioral26
- Target
  
  snmp/mibs/DISMAN-EXPRESSION-MIB
- Size
  
  41KB
- MD5
  
  362689166c52ae7fcea208ab537dc442
- SHA1
  
  84f0489a6ce458e87c7477ce1ed56b74405a0d76
- SHA256
  
  4c379e2b6acec5f523aa70c1c7b5a8d6cc5688daff06d7385f34357bcc96d751
- SHA512
  
  1ff08451b45e0cd5943bae4fae5b6601fbc0cb346c0c6f11411096a5d511b5af317605cdd0baee9816af23f1ed7b5c4fbdc06c98c096ade4ba4b8405ab2297e2
- SSDEEP
  
  768:IUji4lYvGXAprQOgBZD9hH4GuPqeKReUZFWHpRK+FMba12j6Pr:IL4wGXAiOgBZDz5heKhZopRK+eba12j4
Score

1^/10
behavioral27
- Target
  
  snmp/mibs/FRAME-RELAY-DTE-MIB
- Size
  
  32KB
- MD5
  
  7aa196b72b4161c6ff37dfa752e089aa
- SHA1
  
  b0a1125d499c5070a4980e527adfce76da6dc169
- SHA256
  
  7df9f822131b2bce72072e62b47d99a69fd7f844be295e49882e7247012fb9e4
- SHA512
  
  c91799625e42eec9cf86814ce5901ce33b6ffc7e5c2f6671c81b4446484d4170f076706901fe9bef23d0dcd70c4261312f19a52d2c1f314b94ff7cb4d815b902
- SSDEEP
  
  384:T8zrqLq3HFK+JCgvZw1xttp/ZwfF9fiU9qjlluf:TEkIKOCAw1xbKvlcjKf
Score

1^/10
behavioral28
- Target
  
  styles/qwindowsvistastyle.dll
- Size
  
  138KB
- MD5
  
  c963a92958bae755dfff9e5626b7a2b4
- SHA1
  
  2a1ce9c4380050a76b37fe4137754e6c7df5a700
- SHA256
  
  24d193a1770faf3ec5616c517c2fb00dfffb344792fb25c8e4b371c1a1385c83
- SHA512
  
  3de2584b971ce4a3d542df881c1c2d6306fdfd441740355df189e6559d06376e6d98670032a035c08346cd7c4166d803f3264ca97e2ebc1633e8b9670fd9670b
- SSDEEP
  
  3072:EcKd1HYMSZAcTrvt4www2OmPBxshbge20NMyKsbyrUmVst7sVXg0SU:EcKdGCcTJpXhf20NVKsOrUmVstkgG
Score

1^/10
behavioral29
- Target
  
  tls/qcertonlybackend.dll
- Size
  
  95KB
- MD5
  
  d734ce348860377c97fff304ff4e138b
- SHA1
  
  5984adbba6a33d28cd80965bd3fedc61e8558b26
- SHA256
  
  fdceb1feb4e7b1f84649b051afe9a4d2d6c1f56b1968cf540e70aa3fe582ec9b
- SHA512
  
  69a2951ea565bb3ac685e7de943ea07574e7db0024027983a148b2cd94f606e50fcda27629b1c9c388f16952c0ce295b6682dc6bb255ca238447e1c279fa1708
- SSDEEP
  
  1536:YlXjWRvE58Cy2DoYLaCu1V266s+MwWXFnvXx08rT9hI/TUjgMQLx6c:YtC25v6bKM5FnvSIhI/TUjgzYc
Score

1^/10
behavioral30
- Target
  
  tls/qopensslbackend.dll
- Size
  
  297KB
- MD5
  
  80cfb22935ae0cd53caf84aaede6a84e
- SHA1
  
  ea7fd138fafa57f9948d3058126158e07f3fd1ad
- SHA256
  
  ab82ccde75c88fa52744dabf9f96f23571eabb7bb6bb64fe7b073ea9393e47a7
- SHA512
  
  94681c47ca2f106a619df385a9bd317e476aeabc8b55e76cf42f70a4271de72120ab176a43c260f53dc5a523340e70e8364e2fa8f61c831d12c4afa0504e90be
- SSDEEP
  
  3072:6uhWIJop9PbsCpoBfdWvtYt/DbxqMRMLqDZMVT8PX5bu5hJrze6N8UU28Ik+cDEA:NObsdcvk/fxqSgqOo5KZr66xT8Iu4Gg+
Score

1^/10
behavioral31
- Target
  
  tls/qschannelbackend.dll
- Size
  
  212KB
- MD5
  
  ae4c9bd2429e8b40632361aafe63ba64
- SHA1
  
  c665b1d2e4bbf1b8f862819565f9640055775a8f
- SHA256
  
  4648571fa6174e3d6ec7f2003b69055b728cbd0288597e37abbae8c81e10c549
- SHA512
  
  5eb0d34e456ad108f3f79087e0ef1b1d723d1bd7617db3025ecca8e370b26daf3359db1878cb58e415790a5f21cb2cb1a26091e63f33fb0ce555a09389de55fd
- SSDEEP
  
  3072:MzULkZWS3lsIY4TuAYS8npM3TnHSdSmtebGPc39rpri0hZ1NL8sZDJxfKTga:MYapIZM3TnHAmHrdNZDJxmga
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks for common network interception software

Command and Scripting Interpreter: PowerShell

Drops file in Drivers directory

Manipulates Digital Signatures

Adds Run key to start application

Enumerates connected drives

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32