Overview
overview
9Static
static
3074a14a6cb...ca.exe
windows7-x64
9074a14a6cb...ca.exe
windows10-2004-x64
9Uninstall.exe
windows7-x64
3Uninstall.exe
windows10-2004-x64
3js/errorHandler.js
windows7-x64
3js/errorHandler.js
windows10-2004-x64
3js/localization.js
windows7-x64
3js/localization.js
windows10-2004-x64
3js/main.js
windows7-x64
3js/main.js
windows10-2004-x64
3js/metrika.js
windows7-x64
3js/metrika.js
windows10-2004-x64
3js/polyfills.js
windows7-x64
3js/polyfills.js
windows10-2004-x64
3js/statistics.js
windows7-x64
3js/statistics.js
windows10-2004-x64
3main.html
windows7-x64
1main.html
windows10-2004-x64
1run.hta
windows7-x64
8run.hta
windows10-2004-x64
8settings.hta
windows7-x64
8settings.hta
windows10-2004-x64
8settings.html
windows7-x64
1settings.html
windows10-2004-x64
1start.cmd
windows7-x64
1start.cmd
windows10-2004-x64
1General
-
Target
074a14a6cbe12ea8bd8e24d82c352ac14334a79238b5e7c3732da8d5b25753ca
-
Size
260KB
-
Sample
240527-w6y46see75
-
MD5
75483a73cd224f28f6f672a293699a9d
-
SHA1
173e1ec63fe7f47337dd9b93650aac440eaeda65
-
SHA256
074a14a6cbe12ea8bd8e24d82c352ac14334a79238b5e7c3732da8d5b25753ca
-
SHA512
380c27039dd7563d1a6c5e52b08100d1474ca453a5163abfc7c53904e3eac4b6cc199bf35010a9712563c392e8b96f2dd3f0691e3af9fdefede35493e5672aa4
-
SSDEEP
6144:45/xR6oQrvlipmeYmDgTqsRCF+ugJWoV4BV+UdvrEFp7hK3Yf:4JRVQ+rYagWs8+Bh4BjvrEH7n
Static task
static1
Behavioral task
behavioral1
Sample
074a14a6cbe12ea8bd8e24d82c352ac14334a79238b5e7c3732da8d5b25753ca.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
074a14a6cbe12ea8bd8e24d82c352ac14334a79238b5e7c3732da8d5b25753ca.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Uninstall.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
js/errorHandler.js
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
js/errorHandler.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
js/localization.js
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
js/localization.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
js/main.js
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
js/main.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
js/metrika.js
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
js/metrika.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
js/polyfills.js
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
js/polyfills.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
js/statistics.js
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
js/statistics.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
main.html
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
main.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
run.hta
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
run.hta
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
settings.hta
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
settings.hta
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
settings.html
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
settings.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
start.cmd
Resource
win7-20240220-en
Behavioral task
behavioral26
Sample
start.cmd
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
074a14a6cbe12ea8bd8e24d82c352ac14334a79238b5e7c3732da8d5b25753ca
-
Size
260KB
-
MD5
75483a73cd224f28f6f672a293699a9d
-
SHA1
173e1ec63fe7f47337dd9b93650aac440eaeda65
-
SHA256
074a14a6cbe12ea8bd8e24d82c352ac14334a79238b5e7c3732da8d5b25753ca
-
SHA512
380c27039dd7563d1a6c5e52b08100d1474ca453a5163abfc7c53904e3eac4b6cc199bf35010a9712563c392e8b96f2dd3f0691e3af9fdefede35493e5672aa4
-
SSDEEP
6144:45/xR6oQrvlipmeYmDgTqsRCF+ugJWoV4BV+UdvrEFp7hK3Yf:4JRVQ+rYagWs8+Bh4BjvrEH7n
Score9/10-
UPX dump on OEP (original entry point)
-
Modifies AppInit DLL entries
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Uninstall.exe
-
Size
58KB
-
MD5
cbb2157876ee3c5064c865b4adb02fe1
-
SHA1
4af6fb0c18e8f905e6f97fbfc723e499bf04c04f
-
SHA256
be3e1629f1d6d35dfa5a04a3bd26df442a5839803d6622dd5691e5d7d5dc4430
-
SHA512
dea86170076742c04556a0b2d057ec4e57067a97e8a5c2e06f1a539d480c6476abbe9a8016900c876e11235b81f234791d63154df8dc0ecdc3e1d6583410d766
-
SSDEEP
1536:4TcVLz+DsD9wFggbycZ71J/gdLeAyNxBy:4Tyf+ZFggmcjJ/ceAey
Score3/10 -
-
-
Target
js/errorHandler.js
-
Size
519B
-
MD5
fdd3749773f0e6169728b4fcf512b2ee
-
SHA1
e6bba8cfd6c5ef7d99b6b7a3b7e24da3beb52e3a
-
SHA256
60b66884ddfd91c2ad2f7d3774ff8647d163f469ebe8b8f2769a575cf7c0585e
-
SHA512
42b02e60b0359563a99be2c99cd6da4e9e8c4e95b44370196ccaf7acee732f511631265dddaaa69742e9939ad6b6201ae7d74d78dc09d9e2e96a696665097c99
Score3/10 -
-
-
Target
js/localization.js
-
Size
7KB
-
MD5
a1d858742e4ccd0173aed604947e24a1
-
SHA1
439b54ac8278f78d1fa5aaebc6aeebe121260c65
-
SHA256
3f12a4f665330563e702f82dd69a4054034051f0ccb48744c6e5469ebb3715f2
-
SHA512
9cb232a91db762cae99a10c4b7c07754ea545b6a1ea4f7edd4246e1e409dfed7d08ec08320db10ac98108890083107f624ca8a1397c514846c7810c69d93b87c
-
SSDEEP
96:tY2nKEA7w1p5bDbXspJKJ7VecBr495J1Sm7o9GCDe9DjGlEyemenoyaOv8:N131fHqnJ1Sm7o9GKe9DjqEyexoyaU8
Score3/10 -
-
-
Target
js/main.js
-
Size
5KB
-
MD5
315600288639221beb2f29c9d3834660
-
SHA1
1753f5488a3fa1e3bae9434b51f0e6ab289f330b
-
SHA256
7b7e7df885cd9159f216b97dbc84121e9622acbc67d22a1f5f42501cb0adab1c
-
SHA512
30df07ec115e80ff0b0f447bfa72cb9f4199c0840b22e2f6e0ada141e445a91930089036a092a3db24025d437576b4d7e2c0a6b78ddfbe736d231f4b53b25121
-
SSDEEP
96:3jpH0YPDF/hDknsg5+i8RDtxjWL0n5RVVpGbfw9pLXWCfUW1zHffJpUJQNJWC5pU:lHD/DksgMZ5gIRAb6pLGwh1zHwJQNwoy
Score3/10 -
-
-
Target
js/metrika.js
-
Size
359KB
-
MD5
8da054bdff5af362d234c027b59d30c7
-
SHA1
7f4ce9cd6619c2724d37fb87d815d0e8f8dba296
-
SHA256
1387306cf47156d36dd9c1d4e8de4e0abb2d3ac2d750d802f54a5b5d84cd7260
-
SHA512
f8484d84f7be22462e39d543db9ee9cbf1eadf714f94ab604f1fd968ea1bc2e680ede401039c923eecab4a8cafb8fcc2fddcb998688cecbc5f872e11ba45a9c2
-
SSDEEP
3072:25HURkBAJW5DfcuSvGgsq2Xh0evTzzUXVFFA0yrFGajhS8NezA4iSVfEQZ4fm:pkqaTKuZCevTzzUXVFFA036ezV+fm
Score3/10 -
-
-
Target
js/polyfills.js
-
Size
3KB
-
MD5
1e67d39cc362848a78d636c77ac34d96
-
SHA1
f90e780f4542b8b4ee6b0e59fd31d86add59b7e4
-
SHA256
5531dff73c1af1a3375eccbfb2c99fa55c454d320cf127d5ea6d06e25371f746
-
SHA512
fcaa8e72589fe26976ca6447fcde8b122ef45f1c12746c8e89a851cdf49551d773c05c4a7f468a19d69a038398db87798dee0f12834fe03d7d6f79f1a4e562b0
Score3/10 -
-
-
Target
js/statistics.js
-
Size
3KB
-
MD5
0957dbb0c8a34dc1fe425f8b873f5b95
-
SHA1
3597ec4f6ae2eb92a7a3421d291935da25057e52
-
SHA256
3556b2a93632c6f4def228ff77eb862f3f415eed66b44bd6e30d053974916aaa
-
SHA512
dfd91f2eeb4c05c76bb472fcf1b01610164f9b4de1555b3535d2f71e3e10c3446cac7cada4f13a2470651d4722b09128d4fd4d0b68b7522f14efab1d0e75d5da
Score3/10 -
-
-
Target
main.html
-
Size
2KB
-
MD5
83eb20ed9a049a4270774907d5769b30
-
SHA1
a6cdd077211b78566dc0b7c63f10dbb3cb320ffc
-
SHA256
c8cb6d6c9477be521503e22701e68b7b6a8f4073e591ba47e3a07ec2a83c8420
-
SHA512
12425eb9b3725971c8de62f85055b1af50099cf54f8d2d0b03fe350772398172bef9a59d5757613f23f789a436da359fb282eb178952f84c7e11d13adb908b1a
Score1/10 -
-
-
Target
run.hta
-
Size
1KB
-
MD5
7d2c494778be2b7a3a1d3b780b058ddd
-
SHA1
32009f732f3fee3a3c91326f3815df8f43375790
-
SHA256
006693ec698c4c3c7410fcbeba07c0cb7ab638f17e74786db0b6e72ba7d8b4b7
-
SHA512
b33f0cc32fd200d4f91d1af931c72ba388c0711b60df07f4fd94924d7d863199d4cbc60fcead95d94bcb6d2da77f05bc742262371305364966912bc4e64070b2
Score8/10-
Blocklisted process makes network request
-
-
-
Target
settings.hta
-
Size
2KB
-
MD5
5fcbafe4e2e1f2e0ef7fd24bda8ba026
-
SHA1
14592d16442f0d941deb76b4283e47b2e883a029
-
SHA256
b4c138e5796bc6035b4ac818aa5eb691176d7e4397e101ea1c1f9d2a1ff1d683
-
SHA512
e380a7b203a62533d65b3550fc60ec61ba52c85cc49ad49d82bc6905c37d1406e1ab9621e2c3c0378ab168f434588592c66aa90fc8048ea0b5d8cf9304a0feae
Score8/10-
Blocklisted process makes network request
-
-
-
Target
settings.html
-
Size
2KB
-
MD5
a1097f9d7670f194d5fba02754015848
-
SHA1
c8055faf23e8b4a3f1bdebc0aaafe92237f4fdb6
-
SHA256
879190619b5f5ca314e86bb3b6bf9f4b24597236d4435fb71f01840bb35c13e5
-
SHA512
88b148c08e19607db5a068adbc87ea1f1eebaf011c45c504193fa6a97a47007a10468d044f0fabe7291bb2aa17655337e36a270b8ae27a70d0331d37e3d6615e
Score1/10 -
-
-
Target
start.cmd
-
Size
32B
-
MD5
1ba015901ba41d49f1184b36e8233a68
-
SHA1
96dfd02b3d32be2502d7996446b51a4f6d6d0d21
-
SHA256
c22466420f3524025a79158743419d069c883dad1d74fd2f36b1522af00268f4
-
SHA512
d61d8e23ce32538c44e3df85e530f541d1ba93a7d445ca01af4b8326f263ec0d6831163f4799e0143fcfef91a643b6be3673c53855eb30648370a0e3ac580d3b
Score1/10 -