cc256b4e016a47ce4298e6fc3e45a693a085085dd64ded3b3d2713b4a9759ec6

Sharing

Copy URL

Twitter E-mail

General

Target

cc256b4e016a47ce4298e6fc3e45a693a085085dd64ded3b3d2713b4a9759ec6
Size

4.2MB
Sample

240526-tc5nrabg9t
MD5

497bce825ad05426ab94dbb68278a2b2
SHA1

f62ee82fa8c95caaf67024d8c604709fc2b54f63
SHA256

cc256b4e016a47ce4298e6fc3e45a693a085085dd64ded3b3d2713b4a9759ec6
SHA512

9ee499a92ea19a6d3eb5e00c89b61091e5855e20acd194dcc5d26b12b089e37d22151c0f560c6902e7584c176b889f8f0da774f65839178257981d1b9609e68f
SSDEEP

98304:ZHRlAeX6aD7xJORYW+ul1KCmLQ2C5A4HcxWRstUF7CIVg:ZRKaDdJORYW/qCAU64HcMRHF73y

Score

7^/10

Malware Config

Targets

- Target
  
  ARSoft.Tools.Net.dll
- Size
  
  312KB
- MD5
  
  5b1dae1529170d531828cdb9efaf963b
- SHA1
  
  2016db3750e9e386aaf502f659e7d6c7dbf033f6
- SHA256
  
  dda476961db399ed0f6a4ab11171537420ebcd3c705547ef0e505910710289dd
- SHA512
  
  8614ea4ae167613f8f97cdd74e8cc80c05d22d534a8a51c3cc830cc0a6a0b7f52c7b2570ba423e00a041172c7b6a5a20a7ba3d54678d8d907b45d6c1ae7b53b7
- SSDEEP
  
  3072:QsZ9LRRKgVq1wS289MWOFrImeDV4omB6pSLOKF39pUGSkXL0I2+rVf++GsmNNCIJ:f9LRlVhrMaFBtOKF39SPkXL0IY+Gsa
Score

1^/10
behavioral1 behavioral2
- Target
  
  AuroraGUI.exe
- Size
  
  870KB
- MD5
  
  f26858cb88f7f9a6e168bad462844a39
- SHA1
  
  c4df764f32aecf6db7333d9f60ceaad4325b0336
- SHA256
  
  747c06528859620b1350a4a39d68a4e8a9876863c39dd9338881b22c395ba046
- SHA512
  
  9cde96973d92bd7fd07743d2f6546a79a568a6795fccb819809dcc4cdd84182898830417f61b06d3e5e7f760d512658fa66798147f334bc47b1f6bc2e7efa308
- SSDEEP
  
  12288:0xnelwAKtbfdvfvRp7XVZ/SbwBjZAjPopUtuk1V3dg:qrdRvjnKQwf1V3i
Score

7^/10
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  BouncyCastle.Crypto.dll
- Size
  
  2.2MB
- MD5
  
  4ab3cc87b37ad2c1bbfdc998b78ef498
- SHA1
  
  02fa8c16512e503fec8de4e59d91f9a9b49e11f2
- SHA256
  
  b6da178dae18b48fcadcee98cbe2437a5a1551b650b44895f49969a61c0a9645
- SHA512
  
  6c9d7f9b0cb7d0f54bb514188dae70b0a32fd38cd2b0034a9a3563e2f893bc45756a964a2e2902ee3d1af5866f399bb51721fa3ea007ccb923c2c2fd711f86b4
- SSDEEP
  
  49152:CPsys287SKGF2/808qitqsseW338HTkxYjd:vPp7SKGF20JqI
Score

1^/10
behavioral5 behavioral6
- Target
  
  FluentWPF.dll
- Size
  
  207KB
- MD5
  
  87bfff110f0f04a89222a5695edb1093
- SHA1
  
  d2dfcf11eb550315a0dd71eaa2f66b712bc0ded5
- SHA256
  
  33f677a5563885908045de262c84f6f4754329f80181f6b46f4abee8e5c938dc
- SHA512
  
  51f0c10c939aff0ed14574d3b99539788e50de18b8c2855d2b3979ddfd0eadb6e60070754611d8db35fb4143b9cd6a00b1e1482f9af3c37d96fa40c0a36a1a33
- SSDEEP
  
  6144:vA0rvESENJbtxiECIGufiFXFky0FdfCXp3VkAVz:mNwECLVJ
Score

1^/10
behavioral7 behavioral8
- Target
  
  Hardcodet.NotifyIcon.Wpf.dll
- Size
  
  95KB
- MD5
  
  5fea5381909fcca75ed4e79b058e512a
- SHA1
  
  1d619f03449eaf4405008a97ddf05b313eedd21f
- SHA256
  
  9c5a27ab185e32c4599816db8df1c7b01b08b5cb7a15933215c9a237322abfbf
- SHA512
  
  8494b36651f1e36f8008de7bf6af3b378843d3e989206a5c3c17b7d1a5a33aa762153bcef642f66b8c1cd682b2eafb7102d129d77fcb4a47de7f724ececc7127
- SSDEEP
  
  1536:In5VJM3T5szyxa9PuIKb8wmtyYVzH0cfNbQSi/GoP4YNjZ34:IWsEa9GIdyAUKWeYNl34
Score

1^/10
behavioral10 behavioral9
- Target
  
  MaterialDesignColors.dll
- Size
  
  278KB
- MD5
  
  72899abae24eae3ccf365f79b5b52ca8
- SHA1
  
  2e18b2c72fd17fe273723614d01bcd0135d154c8
- SHA256
  
  a878a0631ac143cd21a7e1e31f9202c3529a9bbc40975b91bd938adda69b0b58
- SHA512
  
  ccb95b13203a8ffb7108f48b079deefcacb8ffe12d8a4c4a3da63c015b1dea9b694c6526ca0d44be6aceeae444a0921fdccdd1834d6e351f72d1b60ddb22f47b
- SSDEEP
  
  1536:6Pf4HKeWcS85vhJefw9G4zGJH2wJOikj6mJ+YvDQCiNBPXUI0TR/gUhef/iZnLRZ:6PfcnLwELBI2OgKpwPwg
Score

1^/10
behavioral11 behavioral12
- Target
  
  MaterialDesignThemes.Wpf.dll
- Size
  
  5.9MB
- MD5
  
  0bc51e2c929ba1e349aa778a51e4abdb
- SHA1
  
  49595eaeeea3e5ab4ca14e8224104641b6374396
- SHA256
  
  536c7a03c53eaa957b6176da812b0612900e0f4bf57dc94d1dd00243c2e739fd
- SHA512
  
  eaf3afe39a09d9dae5c40abc04d8f7b69b7583ea46c7e666367c37ebe31d6a6bc5d610261d0b37e90bf816e1a990a1e1a6c2e216c13243d9709103156e1b3d11
- SSDEEP
  
  98304:pa6XJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCR2fSS:paEnJ45/9iD54+V11bFv4zpx3PDlp5l
Score

1^/10
behavioral13 behavioral14
- Target
  
  System.Buffers.dll
- Size
  
  20KB
- MD5
  
  ecdfe8ede869d2ccc6bf99981ea96400
- SHA1
  
  2f410a0396bc148ed533ad49b6415fb58dd4d641
- SHA256
  
  accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
- SHA512
  
  5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
- SSDEEP
  
  384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
Score

1^/10
behavioral15 behavioral16
- Target
  
  System.CodeDom.dll
- Size
  
  27KB
- MD5
  
  2a42f86af609dac74fe6c898ccf958e0
- SHA1
  
  88c8065034ee0e4b9f6a3935fd32e541eff39ebc
- SHA256
  
  9dbce659a0ef6fd19709fe1d5b2a78be451daf28000274fcbc1cbe080ce71365
- SHA512
  
  cd4e71e91569b0a47bc5f5142b103048960929c5bb29d7c9412e4b5331377d44468e6a07af8b2b766d47ac04a2eb65965e722fba067370a1456f1686dae662ae
- SSDEEP
  
  384:DdgrnDxt3942O1NEIY3lzZIcKBxehzsCtZ7U6r1fDXJx/WpuWa/uPHRN7u7c+luh:JgXxtu5jEIYDhzZpmeMu7cH
Score

1^/10
behavioral17 behavioral18
- Target
  
  System.Configuration.ConfigurationManager.dll
- Size
  
  84KB
- MD5
  
  5dd78e2ca7ba1e18d9df1abc8a9416b2
- SHA1
  
  6a511a5688b188c4d1615cede33b1e5278376001
- SHA256
  
  f393396cb12fb0977e50fbbfd5a0ba7e28b97fe93b68a91a6fcbbfbd24cea8bc
- SHA512
  
  2096c182860e7b71942eb1d89624e501daa73eccfc8974dc1c8a27167bed2ce4b8a393f467345570bca7f58ba47faa23edb7b3e715cda37ad268747e3ea5ba46
- SSDEEP
  
  1536:J8KGCEPg1QqF3BhejEpvS/ZFQ+2/NVQ8GLa0Uh55T3lEC/IOPbZkxqN4bENZJlf6:GHCXBheNQ+2/NVQ8GLa0Uh55T3lEC/IJ
Score

1^/10
behavioral19 behavioral20
- Target
  
  System.Diagnostics.DiagnosticSource.dll
- Size
  
  162KB
- MD5
  
  5feb12f4d71c2edeedc693e876fef299
- SHA1
  
  adedf5042aeae3a0482125c01ee4334b04c5e585
- SHA256
  
  81e664880042e451495a1be22624ab4ab5e8a06803eeda5bdda7c69df2439815
- SHA512
  
  06dbd0a560739f6b445b97ff2db77e12864709a025c556f07e762b1c4ea34554f09daf1caadd3bdf1b76ac30a44e532ca3bbbcad234eecec50a598d0803b6ed7
- SSDEEP
  
  3072:OkvQK1h3HKCY+oTOrBW8cpm7L6kzpF1V8K++7MhVf:O01h3kQlx7LtpAuy
Score

1^/10
behavioral21 behavioral22
- Target
  
  System.Drawing.Common.dll
- Size
  
  52KB
- MD5
  
  3c2445d3095f82ec8a526e7843a98ba9
- SHA1
  
  2f2c9d016ffc2bd7078104234e27ab2b010bd765
- SHA256
  
  ca18383a2070518ae8c3e96cbd1705da283c8ada4ddf396217d2bcb7dcd03103
- SHA512
  
  9cb5564ee52c1b71c732026d0bdb8414c09ba0037e12440f1d122644a977fb95fa4f9c13666053e4fcce811e265f9b8afe60fe1b007d9d2e278cf0d0a8c243fa
- SSDEEP
  
  1536:4JbgUxvrIn01EkO/69KzwmOiGeCcSP8UIrdMe:41xvrInsEkO/AKzwm3C0UOdl
Score

1^/10
behavioral23 behavioral24
- Target
  
  System.Memory.dll
- Size
  
  137KB
- MD5
  
  6fb95a357a3f7e88ade5c1629e2801f8
- SHA1
  
  19bf79600b716523b5317b9a7b68760ae5d55741
- SHA256
  
  8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7
- SHA512
  
  293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0
- SSDEEP
  
  3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2
Score

1^/10
behavioral25 behavioral26
- Target
  
  System.Net.Http.WinHttpHandler.dll
- Size
  
  135KB
- MD5
  
  2bd5b5d9e4de1473307e0996a289e6bb
- SHA1
  
  1d7bed30658f3b53244b81d77a0c11df1d207ef9
- SHA256
  
  5203b606353609aa9c058bcb4a5f9f4798e7bbea98992aa03be99a1fe93f9077
- SHA512
  
  c5e558ae6b1233c9aad55fcfed082fef479960fa468c633a8cbec6c1c7cc4df6a8d4a1d5474960293a4ebfd6a5c2e7d4c81375489d0c729fca2b5d50e8f7364b
- SSDEEP
  
  3072:SqKEZ5a+XE1ePqiiDut3zkkiwU4HmqJvS6CFMg2E4zHIi:S1EZLt3kklKqFfd
Score

1^/10
behavioral27 behavioral28
- Target
  
  System.Numerics.Vectors.dll
- Size
  
  113KB
- MD5
  
  aaa2cbf14e06e9d3586d8a4ed455db33
- SHA1
  
  3d216458740ad5cb05bc5f7c3491cde44a1e5df0
- SHA256
  
  1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
- SHA512
  
  0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8
- SSDEEP
  
  1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
Score

1^/10
behavioral29 behavioral30
- Target
  
  System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  17KB
- MD5
  
  c610e828b54001574d86dd2ed730e392
- SHA1
  
  180a7baafbc820a838bbaca434032d9d33cceebe
- SHA256
  
  37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
- SHA512
  
  441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396
- SSDEEP
  
  384:EybU8ndrbbT9NWB2WL/uPHRN7bhlsQVryo:Ey5ndvWbMPVryo
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Unexpected DNS network traffic destination

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32