General

  • Target

    Not Here To Play - GIPHY Clips.mhtml

  • Size

    7.6MB

  • Sample

    240522-pz878sbg89

  • MD5

    38bed88379d0d2e28e008b8cc075a54e

  • SHA1

    1cd992b5b56a0971e284762eaa4c6a2c9f2b9fe5

  • SHA256

    045b591c05f1023016175e757abdb042c0bf7c6e9831b3e5d979b42fcc46dbbf

  • SHA512

    80e7bac7ceeef988415a4102761b9712b7347851aaf434dd484dbe338ef1556adf536594fb36fd498752d93c4bf8e9517d60ba472bd962c12e9cfe3fb8179ba7

  • SSDEEP

    49152:76xKaEejjHf5Icu6R6hpql2RSQ3Rwz/SNGcEQAzyFawJn7zlqLdu3Urk1u8vOjVV:Y

Malware Config

Targets

    • Target

      Not Here To Play - GIPHY Clips.mhtml

    • Size

      7.6MB

    • MD5

      38bed88379d0d2e28e008b8cc075a54e

    • SHA1

      1cd992b5b56a0971e284762eaa4c6a2c9f2b9fe5

    • SHA256

      045b591c05f1023016175e757abdb042c0bf7c6e9831b3e5d979b42fcc46dbbf

    • SHA512

      80e7bac7ceeef988415a4102761b9712b7347851aaf434dd484dbe338ef1556adf536594fb36fd498752d93c4bf8e9517d60ba472bd962c12e9cfe3fb8179ba7

    • SSDEEP

      49152:76xKaEejjHf5Icu6R6hpql2RSQ3Rwz/SNGcEQAzyFawJn7zlqLdu3Urk1u8vOjVV:Y

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      attachment-10

    • Size

      20B

    • MD5

      3b288788e28cac582c6ebd9a98a1f793

    • SHA1

      2c06b611a44162aa35b1a919e8827c8afe6109d0

    • SHA256

      e353cbfdb200b15ddc523e92e7b803e3ba8cadb74a5270baa3aea5b779319c98

    • SHA512

      d9ff6cdf035867e3e92f9a71577a19a4176f02b77f869bef76d5e6ed9094f629182bdcb4b72501e6f24cfb46d0ce9faa2888311b9289cceb64718ed26412f0a2

    Score
    1/10
    • Target

      attachment-11

    • Size

      666B

    • MD5

      8f64be48e3d0615e93c0bf3acebcccac

    • SHA1

      9bd952e3b9f93b5e7a446d3317a2a1ba4e1b7ef2

    • SHA256

      378fe28ca9a7750ee4770116caffe4f8384f647813d385494a8d5a7f5d006093

    • SHA512

      bcd8ae2a2519cddfdb9befd6acf6f064a22dd35e7e9ee5e6432c9cf9fdb690fb0f26d11e0e8b48ff56bd79125eb527d0da3f662fdb1a246ca023e6d1d14ce1f3

    Score
    1/10
    • Target

      attachment-12

    • Size

      3KB

    • MD5

      8dd4876d966fdc7bd5327fe68f33080c

    • SHA1

      422d21f566680c14637e8611f11d60b0f6b057af

    • SHA256

      d2baa052576ed995f47b314f9c8ea267194de5843798b19824bb8d34ce633822

    • SHA512

      90f35570e4b61d8791c2d0aa5ea79ab8e80eaaf3a97e6fae6047c7961ee3145d140b67baa4af5e7aa12f4283747179e08d8031aad04569eb510aff73dad66eac

    Score
    1/10
    • Target

      attachment-13

    • Size

      696B

    • MD5

      89313cace6fe6b079267d6835aa854bf

    • SHA1

      8dc819e9ccb20b84799302196db1d1f84a2ba830

    • SHA256

      a0de7b89166f3dcc6d9dda7735bc7031f5108b7aab06bb1e60bc851ea92163c3

    • SHA512

      ab72905491bf3015000ca58d05f5dcb9c278ec833b0169bcdf5945b5d471e537c3843d6a23185e37832b3052780c93f1c0ac391f480bed4d7bb68fd43072ddb0

    Score
    1/10
    • Target

      attachment-14

    • Size

      487B

    • MD5

      06e88f1f8a0f270c750710ddf829b8e0

    • SHA1

      878e2af57b667846c00eb58a425c6bc3d01b410a

    • SHA256

      196a89f3b0e43d947b883a6b5dde103670856bf2ca29bf27828b10ff43b4ae4c

    • SHA512

      3a355b3162878bb58d08fbcbd64a50f70078fb278c4415118d1f9f89bae306e898ec8eb351a3c874e9a748deb0d04a742654b8beb7662930c911fad7fb9ee083

    Score
    1/10
    • Target

      attachment-15

    • Size

      160B

    • MD5

      2fa2dec108680ed852cab690b930c438

    • SHA1

      9d40e0f23f872e9df60c37da70f55704f54c7b7c

    • SHA256

      4ff8900bd1ffbe609214327cdc2675912777fad97429917d61e49e4c541d95c4

    • SHA512

      25dedb8906d89eebece6b08e3eafc3dea8921ac39ad02994664fb2f653c2368dffbfc90fd65dd3755dffb9558e22150f605734ed4f73f1d1b0032edad5441ccc

    Score
    1/10
    • Target

      attachment-16

    • Size

      20B

    • MD5

      3b288788e28cac582c6ebd9a98a1f793

    • SHA1

      2c06b611a44162aa35b1a919e8827c8afe6109d0

    • SHA256

      e353cbfdb200b15ddc523e92e7b803e3ba8cadb74a5270baa3aea5b779319c98

    • SHA512

      d9ff6cdf035867e3e92f9a71577a19a4176f02b77f869bef76d5e6ed9094f629182bdcb4b72501e6f24cfb46d0ce9faa2888311b9289cceb64718ed26412f0a2

    Score
    1/10
    • Target

      attachment-17

    • Size

      376B

    • MD5

      273e2c4602b0ffaa42188ef8b3ad28be

    • SHA1

      3ad295c16fef49c0ca42e7b0dfbd659bc79f4e1c

    • SHA256

      c5bfcd70f253472e08c4b0bf938cf89085c5daa181a8b8511facbfcaa4373345

    • SHA512

      bd8bd6a094698e05d8cc161c5740d0c881e23531fae56f76201c63d81175a95e0c529df747b6ae17b74ed335647f81f85f149755efe468530c276e9adf67ca1d

    Score
    1/10
    • Target

      attachment-18

    • Size

      857B

    • MD5

      fcb26dd6840f35db730d94503b7b9822

    • SHA1

      412cc2378c9ffefa9373da942f556025eef6cb35

    • SHA256

      d4f7bd60c6b1ef042bca1d86853ad5c311e22d4bee7922fd5f4bd9d1735a5f62

    • SHA512

      b8740a602c86f105b5940053dd9b92bad70795659b7a756a0b7b670e02653f1349d1fc0e404c4471f5522132452e59400e01177ae1f0eb62e96170dbb92989dd

    Score
    1/10
    • Target

      attachment-19

    • Size

      1KB

    • MD5

      6501c29d108106d31a02435f554b8423

    • SHA1

      faddcda7ac465fbd476e31ca86def10a3f5b90f9

    • SHA256

      c28bc54ec9091e4c0c91f041be36d922f8b9540f68fd46ce83be636266c7fae5

    • SHA512

      8f0b17751dd9c6e0282c9a8425431b2037db0cc6778b2d6648a7a6f8aae09ae5ab776d1efbd6e9c884ca0f1b685e6f542ab9aa14b0837e19807eb725e6db2c9a

    Score
    1/10
    • Target

      attachment-2

    • Size

      975B

    • MD5

      a3c6cf3543f7572677e04dfa63d63baa

    • SHA1

      5952905e7a89bad5c767687bff95188d5e063ca9

    • SHA256

      03368058eee7ca784e9fd635d4d66a0b7f2315d2c9be2180f2201a5a7b4bc3ab

    • SHA512

      fbaa213a6d9fd317016ee3a1d3bf8f157fd5ecf96172b52cc7d408bacf30b78c9f5d3d19c29be9bef26869c73672a071c87745802bc2bfe5475b034a9165a83f

    Score
    1/10
    • Target

      attachment-20

    • Size

      1KB

    • MD5

      96fcef539922aee6fb8c7cbc96e6b9fd

    • SHA1

      08c51d17e9f57356feffa7414517a5adbbdcf704

    • SHA256

      7ffcca01d2f28974a9f51979b09cec75afa250e9241bc7d74f6a75ba90025a56

    • SHA512

      3bec7ce2741a2baaf5eda6fc2a3ef5af7f345bc2c0f27fe60b7324c209aab818a86b54c8d5d79a0df70b29b1f133d82e2c4d86f62be5a728ea5abc6be58b3cbe

    Score
    1/10
    • Target

      attachment-21

    • Size

      1KB

    • MD5

      3577798841b5344f809536ecd2c1a664

    • SHA1

      b9796e231dab832de0412bf5f9be9ed5c8910bfd

    • SHA256

      150edc23f6f9cf6c2d176ebe90d528a62ed71dd64813d6097c6bf220996cb85a

    • SHA512

      ae7bfb8b7aace538f51ac634741044041551aaf8e9fcbac54e12c3902f7b9f1547b7242a7f5c930bcf4a7e949e8cba93620e4a4508fbe7350e6795b4cde836dd

    Score
    1/10
    • Target

      attachment-22

    • Size

      1KB

    • MD5

      19da7d0194367ce97ef8b93b24d0f7b3

    • SHA1

      8b3ff35c9a77d0df85910f4e82a9c6613e1bc5eb

    • SHA256

      5cdc8f22b9306816bdc683e6fe0d71877e73e40e40302c066eac42f58c1d1f5b

    • SHA512

      d897430253a9d3bf625783e98b9646625b3e2d1fe2b5b728ae651098568221b137834c6ea5357ba125160d51836af0e9ebe1c2c66473399c0ea27f30e271c926

    Score
    1/10
    • Target

      attachment-23

    • Size

      1KB

    • MD5

      800cb62bab8e838a000782e093cc752c

    • SHA1

      cf6ffb98e8f8285f58c027651c3d93fc395e05b4

    • SHA256

      799ffb9d75afaa62d1deb322dd3fcb625576e996556cf849687108f9267b28a4

    • SHA512

      d61f845449d69055c86a4de082b890584fbfddc121342b9154962efd738696c8b7c7f788c12b8fbaebe1f2414ccaad790fbaa17f7b27d1570f57db8ea00ce0b9

    Score
    1/10
    • Target

      attachment-24

    • Size

      2KB

    • MD5

      47388484ab93671bca7a88b387a11de3

    • SHA1

      f4abd2b37be8575610c8d1d130dbc06d6777d0fa

    • SHA256

      7fce504464e1efb4167a43a70a65117d2bc58b8a8eb4f80cd168e8d0a6c725c1

    • SHA512

      835b27d2a51a94f2b4fffc444b411a234bc8f1fac5aebe41eda3a3fad01f7616cb8086115b9c23d8e1af56a2838b9f62048902253c97309eb60f9e9d87509395

    Score
    1/10
    • Target

      attachment-25

    • Size

      962B

    • MD5

      63d2a6d462404099768cbd5c6a0bb364

    • SHA1

      62e470226c0efdcd85ed88a39c5818e6ba7d145d

    • SHA256

      29aa9733d31e18d5a1e9a787508dbbbf77272303c49a99a41269ad6cf6fbe2f9

    • SHA512

      6a8b270724d498c80675b72ae6572ab1056d056f07dc20ba770a584d51612d518f5952441c0bc6e214e8234efbf0b82c3ef87bcd86e8ad60d060a96ccbf2212e

    Score
    1/10
    • Target

      attachment-26

    • Size

      1KB

    • MD5

      54a7cd42720ef033feae19728b54bbc8

    • SHA1

      498669d6fe6762bc5ee9024f5edb24f38766e1d1

    • SHA256

      e17482ef4047cc011fd8f579d0987f2402e68b4041e3f6118ddabfd3a12f982b

    • SHA512

      18350a0f7603395b9e8765aa9afa29269bf36582d6e3e55007a6e0b3000bfb5b3de4958ccecc92e9a424bd03a5e48cace68b2191b75e6d5961c9bd0148f9b4d4

    Score
    1/10
    • Target

      attachment-27

    • Size

      99B

    • MD5

      4f35f015aaf9bd9cb18bc297f5fbbea1

    • SHA1

      f8fbb1b3ec18165bfd9c33feaa51a8af412ce73a

    • SHA256

      773f61b7fd3c31db0c526d5ab9f2b59ac181a4e0bf355aaac3c36c435dab680d

    • SHA512

      3127e54a0a33130b3c21ba16398bea30d05ed6f43722d929f89c8dc3f6b88a3b015b692a8fe6cd88cc10c5544aa0f6ec0221b2450fccb9374985e9e8a05c2cb7

    Score
    1/10
    • Target

      attachment-28

    • Size

      850B

    • MD5

      8f3d7dcf6021c63da56265fd8b27a697

    • SHA1

      fd64300f8ec6503810ef38952b079962effee3d1

    • SHA256

      971f879f125a2523455cd934d59afa4cb24cbae0154990b56c960e7f69975582

    • SHA512

      ff9004bad313957e9e53b30094c7c5f2f9d12505545919467351175d8fce290edfafadc84e3a6330c701caa81d0e82e4ccfc1d96d4cad1302d7ffacdcc9fc16f

    Score
    1/10
    • Target

      attachment-29

    • Size

      4KB

    • MD5

      109aefaa9d0453b89cc2e5f04d8ddd7f

    • SHA1

      7ccf88b4db365be9cf72936bd02ada48e80d6b11

    • SHA256

      77a710b8c3a3642d417e7299f2af2326f033e67b339058ae8eced874ed6befd7

    • SHA512

      32f7e2d2a520b4820a092446cba1a12a8354b71892889736854a076e30f4ed6c635bc95ff4675d5b30f3889a248fdd54d15486ec47ed1e70abcc3e15ae17e940

    • SSDEEP

      48:bn1t1WSiXWAWuSaoy/lIWII9JJc7SxVZoxPIm34XJa/k7V7ekmY/VBypSkiABkh/:fuqHyN7ixPIm34XJCk7V791UgWjc

    Score
    1/10
    • Target

      attachment-3

    • Size

      20B

    • MD5

      3b288788e28cac582c6ebd9a98a1f793

    • SHA1

      2c06b611a44162aa35b1a919e8827c8afe6109d0

    • SHA256

      e353cbfdb200b15ddc523e92e7b803e3ba8cadb74a5270baa3aea5b779319c98

    • SHA512

      d9ff6cdf035867e3e92f9a71577a19a4176f02b77f869bef76d5e6ed9094f629182bdcb4b72501e6f24cfb46d0ce9faa2888311b9289cceb64718ed26412f0a2

    Score
    1/10
    • Target

      attachment-30

    • Size

      1KB

    • MD5

      f93049f3aade776688356e86569bad9d

    • SHA1

      df5d710a92c4054a05664fc2059e20f8470a16d6

    • SHA256

      06310fff8157cd3b9fee645491dddcdf98343214092325b66b6ecaeb35df16e7

    • SHA512

      cff442a16140265bb0dc49827fcd4fc69694fc29ee1ea1975f0014cb526af94f4bdec97b4526474429b50664590345dd239a5fcd0c18e209d008840e6ba0fdaf

    Score
    1/10
    • Target

      attachment-31

    • Size

      262B

    • MD5

      ca5d60359301aa8bfe6479c69e88c47a

    • SHA1

      8d26da6abb9aa632f9096468c2a24e6c5161a21c

    • SHA256

      5970eb4beef1052121736a0534a9a3e312ccb68a7e23e429d554859870d77f9e

    • SHA512

      8d90bfe9782e06b9444a4582904efcecec2bd1613e63aa2834b8b4ef28124155d5b3ef0c39d773ec60a348d41a798eae01bf7aa2b3c3035d832fda858629a30d

    Score
    1/10
    • Target

      attachment-32

    • Size

      1KB

    • MD5

      d4918e222bf74205af04dfb2552bd84b

    • SHA1

      3c0de022d7a4f91bbe5fcdb622f613f0e0868db5

    • SHA256

      f8776692f4603382dbfa4d7839003f1470c4ccfed67ef712e47288968b1fbb69

    • SHA512

      af2c2a550dd6a09405fd09c9e05215c1a5e16046eba70cf7e5e56ab609abc1b601e00d21eb91481919ceb473e6c1450991d0e0197553dc0ff9bc659176050ded

    Score
    1/10
    • Target

      attachment-33

    • Size

      1KB

    • MD5

      5d123de418b0ffcac682c28bb86cf864

    • SHA1

      b4cd1fd092c537342de4a34e8c75a89da5f40cf0

    • SHA256

      cd916055df1c392fba57e09ee637530767dad8ef4edcd7e3fa3f06a163428caf

    • SHA512

      ad3d2499415f1547f1b33aa4d6129e604e347355daca16c40766bfd84f663d07e0b7df9e50dd3d2a741fbd9b89df620fbf0fde9ef4cf446d61206f5cd10fb12c

    Score
    1/10
    • Target

      attachment-34

    • Size

      4KB

    • MD5

      8f9c1193b842bdb1def1796c724a21f0

    • SHA1

      330afdb829825d26ef31e0f9a68417460a71ac15

    • SHA256

      0051f5d1ad1f1ca502c55bfd3afedce56c698e5499ad85bcdb9d955a41b7e4f9

    • SHA512

      362227d9b2c1eb3bd7a058fb68db52e399e5f70a5ebc211f02b6cba42160cbd51db310cc0af1e109c0230108edb2bd4c7b5357c8d773143101cf7a665709986b

    • SSDEEP

      48:zFq00fN9rNZZHNumnRkMPcNZWQcGHNq4N7XHNCqgbkRJHNGb6gmgJyzFXyZogmgR:zaFfTHjK5RTEJMrI8ZSPbof9vUt

    Score
    1/10
    • Target

      attachment-35

    • Size

      598B

    • MD5

      f7f640b7b5c79b527e0de115194b9883

    • SHA1

      b2a017cef8091fe5ef071adf6d4521dd1cbe2791

    • SHA256

      fea4760317bcb6708e491f906f752d200c121d2097fc1c62e84020d243c8784b

    • SHA512

      aa69a43920cf1c6cf7c5c5b53b249faba3fe2a761028f9e9d723ded5346163811f4b4d8ea1b10520d1d0a3815559fd31e84d012cd1c682f5f2d9807fab301202

    Score
    1/10
    • Target

      attachment-36

    • Size

      1KB

    • MD5

      ad16abd65624033eb2f14d74e7651c90

    • SHA1

      40285f8f22887aecf43a879c0144d2dacd135ecd

    • SHA256

      2460a4ab9f0617c2fa5537cedcf70c842217b100244c457c88ba9fda9c780370

    • SHA512

      31bdcec773aa9f04012a6def3f2a029e84b9216efc1a615749c4a409cbf3177b8cf631e927145307d5cee7d46aeff2b6399d9aac4b29e2bd373067dc0b5f256f

    Score
    1/10
    • Target

      attachment-37

    • Size

      428B

    • MD5

      fcd63519a4ef11ae14d784d2a7cc1781

    • SHA1

      6129915cc1ea138c1c7cb3f254cda65d87f580b5

    • SHA256

      808e5565651bd5ece13ae8aa4aa5f3fc51cc320766c55315c56c1767fcb823ba

    • SHA512

      ddd675ee3c6afc7f00dc3a1bbf8c87e2d4b0ba93c4e8e8c8c83866d06b794e954a49511da79b7a82f104ba701b1cf2d0f5a69e5f748e6943efb20c56ce9bf1c3

    Score
    1/10
    • Target

      attachment-38

    • Size

      1KB

    • MD5

      308923fa13fef1e25339959285465a88

    • SHA1

      949a228d4c27008cbf52462d8bd9b513d0a279bb

    • SHA256

      d0e92c019d0a5eaf885ccc7efa49f94896812364eb19420d2c26e4934c698e6d

    • SHA512

      1e0b1285d38515dfb75efe50c9c85cf18c49b3e7d86b1c4a1a7f43aa4c62742f8db241731963862df2cc8280a02b47cc79bb51a7c20f75877b1160591e934813

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

adwarediscoveryevasionpersistencestealertrojan
Score
8/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10