a1e9d2a0a36f1cb5b3fd09a3e07335f9987549fca015428369043031e2cc67cc

Sharing

Copy URL

Twitter E-mail

General

Target

A Installer.7z
Size

69.5MB
Sample

240528-tn4ktsce56
MD5

ca02966468cff37059f23d8a8ef155b1
SHA1

30ed1a790301a987dda1876a861bb2defb77028a
SHA256

a1e9d2a0a36f1cb5b3fd09a3e07335f9987549fca015428369043031e2cc67cc
SHA512

2e0f692093b31edcbf92346731994bc67b4427708f6963d39e33d1f79b62b29909fb93acafb7775174bd6d316db0c0cb760c76843ac46ad682d002d48cb438ee
SSDEEP

1572864:xw0UI/9EXbjreCngvrH2s43ROdntQtSllgABL1AW:x7oreC0P4UzQclPBLGW

Score

8^/10

Malware Config

Targets

- Target
  
  A Installer/FileZilla_3.67.0_win64_sponsored2-setup.exe
- Size
  
  12.2MB
- MD5
  
  e4acf0e303e9f1371f029e013f902262
- SHA1
  
  180f686f2afe1ad0ac6f3498e70af910fcbce620
- SHA256
  
  9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202
- SHA512
  
  fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc
- SSDEEP
  
  393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5
Score

7^/10

discovery persistence spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
behavioral1 behavioral2
- Target
  
  A Installer/PIP Installer.bat
- Size
  
  39B
- MD5
  
  9fb8ee5016cab4f6a26f1b0777b45114
- SHA1
  
  261a2433a9942694391a842459ffd632f0ace1da
- SHA256
  
  2d421b49f0d644f45e02a02569cad0925865b9846d9cf2683a3c6387db216ccb
- SHA512
  
  7e0849a049f8e4394bc3fa02acd822929dd3d93d390ef8804dc87ee59dfe01eb3ed6651d58e224a25b6ad5493fbe67e41a75259804fb2722e128562f655e3232
Score

1^/10
behavioral3 behavioral4
- Target
  
  A Installer/Scapy Installer.bat
- Size
  
  24B
- MD5
  
  e5a93ceba70853877e74754df0391a8e
- SHA1
  
  c7ad323d1c48a6a2e11d404dd47d0beb7f4093fe
- SHA256
  
  09a2bc8849dceb9c186d76923e413e4c4d6cd0abe543fb7d6bdf9b0fa98161cc
- SHA512
  
  8d25dc9a849c44e5f879c98486a6685117cfd4ea4f1ab9b0e3e2b2f7db4621f9f0d892267f6b6a7855b4e7383dc1366aac039429b2d73033b3587183a431c926
Score

1^/10
behavioral5 behavioral6
- Target
  
  A Installer/guiformat.exe
- Size
  
  76KB
- MD5
  
  2459a629ace148286360b860442221a2
- SHA1
  
  e1530fe47f34bfb18c7c01ce60010c7ff80652dd
- SHA256
  
  647fb4f5108af632c3d52fec34934922c50c70585697504e92fb80b3b7d05ee3
- SHA512
  
  3db860433a6522eff77736e1dc28c76543c2cce58e054f08700e781c52674dfa35f355853a1ee73c255956ea0ffbe47f288bc7b5f1e27be6d1eda07ecb27782e
- SSDEEP
  
  1536:aihX6I+ob6rhXaHTcOgECqvec4ZoGcy0I:0I+UchNOgECUecGoGT
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  A Installer/npcap-1.79.exe
- Size
  
  1.1MB
- MD5
  
  a4d7e47df742f62080bf845d606045b4
- SHA1
  
  723743dc9fa4a190452a7ffc971adfaac91606fa
- SHA256
  
  a95577ebbc67fc45b319e2ef3a55f4e9b211fe82ed4cb9d8be6b1a9e2425ce53
- SHA512
  
  8582b51b5fea23de43803fa925d13f1eb6d91b708be133be745d7d6155082cd131c9b62dc6a08b77f419a239efe6eb55a98f02f5783c7cd46e284ec3241fc2ee
- SSDEEP
  
  24576:q7INqm36s9R26Vhund3idw1/fayC9nHgeFhPuKX+dXlVp0WgB4:v13TR2ChAdLpfaVgUuZXlVpk4
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  NPFInstall.exe
- Size
  
  251KB
- MD5
  
  23af43847b2c8529ec7171d4a378e001
- SHA1
  
  06f1e0aeec9043bff7032bd4a79d0c4f0c33ceba
- SHA256
  
  5b1a62010bc7f9a58721d067919d6cedb0e8e414261e729e202e79334a791492
- SHA512
  
  2fb8117943c752956b4520e465766252e21d114c722d324fdd6f8e54e35871af765f910fec2c323dd1ac89e5dbe45b04ed72c090876ab1c3ba072b5ec305eddd
- SSDEEP
  
  3072:oeAvCTO25maSEPJJ1SxLtfJ5OGydgzwpXzcbU0ZFoecBkB3K9GyNyOLbTOa1sf3g:oTCS+bM3MEU0Tjcb9rNyhrN/2
Score

4^/10
behavioral11 behavioral12
- Target
  
  x64/NPFInstall.exe
- Size
  
  300KB
- MD5
  
  c01beb6c3526554ec9dfad40502317f2
- SHA1
  
  89f468496bd7e6d993a032f918c5baabb21c11be
- SHA256
  
  5d54a5e7230baf2b80689ee49d263612a6011bc46ec52843e7b4297e9656d32d
- SHA512
  
  a7fdb3d69cc2b12c9795c8f5e34f64014273e471dc0639ff4693f18e3d5ea758f38f58a5dfc4d1800511ce3e130a7454fd371579e31dbba049770fb74b889339
- SSDEEP
  
  6144:s7sjTspITygzeDpTkkUyyC5KEmg37kpFwQOj8Vm:9jc2byDpTkdyT5fTrkpmQlVm
Score

4^/10
behavioral13 behavioral14
- Target
  
  A Installer/python-3.12.3-amd64.exe
- Size
  
  25.5MB
- MD5
  
  c86949710e0471a065db970290819489
- SHA1
  
  b1207fba545a75841e2dbca2ad4f17b26414e0c1
- SHA256
  
  edfc6c84dc47eebd4fae9167e96ff5d9c27f8abaa779ee1deab9c3d964d0de3c
- SHA512
  
  0e19181bc121518b5ef154fecc57a837e73f36143b9cb51114bd3f54056bc09977abc1e4ef145a03344d9ad2b8e49faa483b4ef70e4176af2bc17a8e5a3cd4ac
- SSDEEP
  
  786432:QqJaMb8rrFiWxc+HI9gEPYZG07rn7EBFsMEbi:FmrrFiEHHEPYtrFtbi
Score

4^/10

discovery
behavioral15 behavioral16
- Target
  
  GoldHEN-beta.zip
- Size
  
  257KB
- MD5
  
  1aed5990bf647690c816e16c88a85d78
- SHA1
  
  f08f09855f5948c750a0fe8ece250fd628df28d9
- SHA256
  
  a05ea416d776d54e1d8901541d79001364f6304a39e6c0af8cd1f2bcbe984a6e
- SHA512
  
  6d5507573f4a961c7a97faf840aed0270a31af5249d1a77da59fc66aea2bf09e66b87fe93d9a3f22f1c3560221128f5324f24e159205179b47a91b3aea5a449e
- SSDEEP
  
  6144:9OdbZRyGRv50PAcUSccctwqudsv/en/rG3HrivzrsSH:94ZoGIocpcz2BAOrQurr1
Score

1^/10
behavioral17 behavioral18
- Target
  
  GoldHEN-beta/goldhen.bin
- Size
  
  289KB
- MD5
  
  90ccd6f7cb8c5d8a2c0957d2814d0d6b
- SHA1
  
  282205c213262a0befad51a9dbf89ffc3c5221e8
- SHA256
  
  313a1ef8b52c5f2f5fccee32287c182220fe6737b903db0c01b42d31e8854bdb
- SHA512
  
  c303b9e7af725ddf55a6c65e261fa565cb6200f704157ba7285f9fab7560605d969cd9e062c39b221ca1e34eed51732b7660764548093e82ab7e9427136cbbb9
- SSDEEP
  
  6144:KiFeclBdD+MBaqyAhg9D2EnUXSMAb+bsv/en/r3eoEVsivzfR:KKBvxpyAe2wYSj+GOr2trfR
Score

3^/10
behavioral19 behavioral20
- Target
  
  pppwn GUI/PPPwn GUI 1.5.exe
- Size
  
  20.1MB
- MD5
  
  7b72bb8284553c8d777c1a64ae06f5ca
- SHA1
  
  8aad5238aec545849cd4785a56147cef8b07fad4
- SHA256
  
  45f2d7215b13d44264aa07e4c01374d1cdf9dcd76b43de912062fb6e2ce537e2
- SHA512
  
  aa68212a8b810ba9a799a1dda9fd07b2ebecb7eaee26f3abd844f16877d482b8c5712661f51959a20008a57e375bbd2a3e2da80de08ed6d6fa6cc6e84f130217
- SSDEEP
  
  393216:BLks+O16QIg1ugcnq8PG8dU6XmDGZ8ZZHPx3gZpVYGA9xJRYl:1Nd1ugcn9GL62DGOZZHZkt8
Score

7^/10

pyinstaller
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  pppwn.pyc
- Size
  
  44KB
- MD5
  
  5c39d9e4d8d1d0274b1366a06ef543ce
- SHA1
  
  da05bc2b5bbfa45bc75801a6389a58dd4d124a49
- SHA256
  
  78a9c3146e1c2d0ad7d97771633aa89ce10aab0278f54814e96f522df098f6ca
- SHA512
  
  29c1b9fc9ad8dabb249a26363043ba111bea546f26c07bc774a9cf59c1b2c00931ec0b215fe0a29e172eb0a1257a4add0ebe8feb12d26b25969ce3b70b653295
- SSDEEP
  
  768:KUfnb9aQXfYcMHmX5GwyRbe8sOdz1xZjueRF1HM7S:rfnJBYYSe8DDT7CS
Score

3^/10
behavioral23 behavioral24
- Target
  
  pppwn GUI/Unpacked Version.zip
- Size
  
  17.9MB
- MD5
  
  829b30d659dc74ae8c2c340b43cd0032
- SHA1
  
  daca48da42114e38bdf39996ce0735e3b1a5cec6
- SHA256
  
  96216a202dad7e6284d56e70f852dd839b8167a637ee4e1f7dd12b91b792c36a
- SHA512
  
  91ca85dc445b93a64364765bda4938afb5a0d04959bf481db7197fadb1a7eaff9055cbf0be511a2a5e4d663bace095a44ca63e6a2360b08c6d68d9bc55a6fd4e
- SSDEEP
  
  393216:897YYA/ufDGwNNdOsBpjOXr0zxUOx/3XouszT9x7h+jtHRgpV:8awfDGMnOPQHx/3Y1lEe
Score

1^/10
behavioral25 behavioral26
- Target
  
  Unpacked/pppwn/DevComponents.DotNetBar2.dll
- Size
  
  4.9MB
- MD5
  
  c554d8572ce8619ec94597fcbfef09d7
- SHA1
  
  b2e2fbfbe4e3747d824f5d6cabb5607275559929
- SHA256
  
  2e16f7eb5e8aa4ef66a1c0cc5e4b72290c3182d6f3d0a71f32d13fd2db732ef5
- SHA512
  
  73c08723319ebddc2023ea1436c27583894834f6667640de09c967cf149e7d564486ede7d256abad4987e6b4a30b994383095a2c969069a71be481531790a85b
- SSDEEP
  
  49152:jfbOajjkPV5M6BEng14kVsAtLMu5fnChs/V7aqONj9o0eXDRNnxfJtqUrSPNk/0R:GajjQ5M6Bcg1uAt3/VuqON
Score

1^/10
behavioral27 behavioral28
- Target
  
  Unpacked/pppwn/PPPwn GUI 1.5.exe
- Size
  
  8.5MB
- MD5
  
  62a1d287a17007f98f776e9581de43f0
- SHA1
  
  3cd8aa22cf404c2b985c779e0653bdf6074cff3d
- SHA256
  
  de1a2c5f67fef973d84d32e8d469d5ac7f1f0aa071e35260ff0c959705b13b29
- SHA512
  
  2d4fa3f61f420912cf5a6531fac05414f3e3de7bc02e02aaddfe60314ccf3fa8f5d250681238643b02d9feb853e06a686faebfc68771932612420980e385fe84
- SSDEEP
  
  196608:UbvpiZgqLDs2PxBRKb5ZWDl98canLcWnPOA+j8OGE3BbbRYl:48ZZHPx3gZpVdGR9xJRYl
Score

7^/10
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  Unpacked/pppwn/exploit/pppwn_.exe
- Size
  
  8.2MB
- MD5
  
  4495b20ab591002c3dddbe78ad8039aa
- SHA1
  
  4c05606b4caadac43cd87b9edc9618e193b318c1
- SHA256
  
  1d97f2c2368e6c727d3bfeab62e256fb5ab1cfa877342b03b7c9b7858b121327
- SHA512
  
  466b911df96f83b3995e6205e45056aa612b177c9ee12f039935c61cdec6cafe1b46a49ae3216e1d0fecee214799b79edf61d58222df9c1e088854d52365b4fa
- SSDEEP
  
  196608:QavpiZgqLDs2PxBRKb5ZWDl98canLcznPOA+C8OGE3BbbRYl:d8ZZHPx3gZpVYGA9xJRYl
Score

7^/10
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Reads data files stored by FTP clients

Enumerates connected drives

Command and Scripting Interpreter: PowerShell

Drops file in Drivers directory

Manipulates Digital Signatures

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32