General

  • Target

    CyberGhost VPN 8.0.6.2540 + Crack.exe

  • Size

    14.2MB

  • Sample

    240527-rmgnkagd68

  • MD5

    89a80be94a0925889e4235cd0455288e

  • SHA1

    71031291706ea11c2df2b38381e1588173f426e3

  • SHA256

    45e289f766b3c4ff06e41032cf1988e856a41442ee6aedcd45a84838595279c7

  • SHA512

    c913740f9aee0217b3bb13300c986e65dcc326c0b20b848a77a731252717442e41ef6dc6c3e63f2bec37f9434c354ab34dd2f8a61d0213986bd3fc69ad3c0eb2

  • SSDEEP

    393216:uRqfbDiqiFCrnWNCwiZgamThZoXYRv34TzzX:uaICn+7oXYmTzL

Score
8/10

Malware Config

Targets

    • Target

      CyberGhost VPN 8.0.6.2540 + Crack.exe

    • Size

      14.2MB

    • MD5

      89a80be94a0925889e4235cd0455288e

    • SHA1

      71031291706ea11c2df2b38381e1588173f426e3

    • SHA256

      45e289f766b3c4ff06e41032cf1988e856a41442ee6aedcd45a84838595279c7

    • SHA512

      c913740f9aee0217b3bb13300c986e65dcc326c0b20b848a77a731252717442e41ef6dc6c3e63f2bec37f9434c354ab34dd2f8a61d0213986bd3fc69ad3c0eb2

    • SSDEEP

      393216:uRqfbDiqiFCrnWNCwiZgamThZoXYRv34TzzX:uaICn+7oXYmTzL

    Score
    8/10
    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      25KB

    • MD5

      40d7eca32b2f4d29db98715dd45bfac5

    • SHA1

      124df3f617f562e46095776454e1c0c7bb791cc7

    • SHA256

      85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

    • SHA512

      5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

    • SSDEEP

      384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      1d8f01a83ddd259bc339902c1d33c8f1

    • SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

    • SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

    • SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

    • SSDEEP

      96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks