General

  • Target

    ffdec_20.1.0_setup.exe

  • Size

    13.1MB

  • Sample

    240530-rfxq7sbb6y

  • MD5

    5621115d16a579e4f0bf229075511860

  • SHA1

    40e827b820239cf9c4716fe5b58bc7b1680d48bd

  • SHA256

    88ee06cae7f367cb6718473e32a8fb4596e62b602df2d69679739d2b12dc8975

  • SHA512

    be737450f90d852f1b026f54de83638d6790da465196742a8f852a027b6c1b118ed8766cdc75a00932ce3de0ee2c23b5ce1eee63c7dd2de131b1ffd612a51840

  • SSDEEP

    393216:ukD3fX8Jbp5Jk89+Cqnvu53FLqT6oxob92c:uk7fXAbpD79+W1qThxoR

Score
7/10

Malware Config

Targets

    • Target

      ffdec_20.1.0_setup.exe

    • Size

      13.1MB

    • MD5

      5621115d16a579e4f0bf229075511860

    • SHA1

      40e827b820239cf9c4716fe5b58bc7b1680d48bd

    • SHA256

      88ee06cae7f367cb6718473e32a8fb4596e62b602df2d69679739d2b12dc8975

    • SHA512

      be737450f90d852f1b026f54de83638d6790da465196742a8f852a027b6c1b118ed8766cdc75a00932ce3de0ee2c23b5ce1eee63c7dd2de131b1ffd612a51840

    • SSDEEP

      393216:ukD3fX8Jbp5Jk89+Cqnvu53FLqT6oxob92c:uk7fXAbpD79+W1qThxoR

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      8KB

    • MD5

      d227cb07eccf0357a498cb701d45c409

    • SHA1

      317dcf3816193351eb6894faaa28027b9e91968d

    • SHA256

      97be1de17449f225fd77ff5081a59629d7b641f8bcddbbd39315327de3e07d30

    • SHA512

      3c6d2b7ceeca659c1bccf37f5facf12eb5d08d804a50ecea227f80b2c091e07338ef4b95d0bc731c596eac9919803e2b1fd326215171b5dd5050e45f9cd7b340

    • SSDEEP

      192:FoFYYrGj2o9AEJ0VOYkv/Rm02Km/2/9bd:COYg9A/OYkv802K7

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      12KB

    • MD5

      dce59bea993492508ed7121b31b1fc6d

    • SHA1

      8d8dac596c5752b3c7d691535381fdb4a1ee9ad9

    • SHA256

      359a20bff59f02dd94d677ca715af93df76dee0eb5210608da6ef05d986dc7e9

    • SHA512

      55389cf504e97b00efef4e6bf1c66a5d632241ff6e127c79e5f218d5035cbfa8b92ef2e86440b6b81bddabfb070a6ede3e60be77b818d4dbb890733ca949dafe

    • SSDEEP

      192:v1BTusyjbq05hbv30wYYkv/RP6E+lUP93/I:5yi0Dj0wYYkvZx+lU13/

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      29KB

    • MD5

      ab5f9c0b0be59a625c321524fea9318e

    • SHA1

      9f839af38540ca1f44b5faf9e07a8c8bc63290b9

    • SHA256

      8b469c27532a082de93db76e0e1e123d1e72dafdedbd15e248113a99d097d5cc

    • SHA512

      88b9d91795897da3862817ec6677526c47ee59c5b7a6431b3768d735f3b464932a4eeae82515b56e39f6e5fde93934b0d855382964ac807bf3a87dcba1c13532

    • SSDEEP

      384:31ZNeD4lUtoDp3VZQmR9nfalm+NVin3YkvuyIfiBmKZDjJblVQFd/IG3:31ZN0SDplZVRk0+MvllBmKdVxG

    Score
    3/10
    • Target

      $PLUGINSDIR/modern-header.bmp

    • Size

      25KB

    • MD5

      6c89d5a7c988506755c68de07e6505f2

    • SHA1

      a65f414f82e4309fd8434186fefba55576bd8387

    • SHA256

      7324b33545fc9fdd9c0fee0597abe552982e6ff755b9ec1d7f81927d9450de9c

    • SHA512

      57d1588b005c5a84693706c649bbcb3497b7f968b1b5f813049ee0cf60e04c0d429a2eef593e5606709763fc81effab935ff7a61e6874272bd24ec8f31902cf9

    • SSDEEP

      384:vqfvdfpX+B12H8aKXs4iIYsQ4ulbUyv47OpRHBTugJp2bDag:vG81RlxIlbtg7oRHBTJpUx

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      150KB

    • MD5

      bb808c94d09fbef5f30b8b501566b7d1

    • SHA1

      3d7e680534955ddf9279be24444173eb45136b8e

    • SHA256

      5b27f52572bdcfea2454d27b5c22050a741b47a4eb866616007a44b82752892e

    • SHA512

      f612cb39d0fd0b3629fc83f45a17d476c778a272b0b26c02b7a3e978e895dda407a5d75df1463be83b97fad99b2cd0d19ee9e71c0b423f35bad09b1e5d8574f0

    • SSDEEP

      1536:ZWn8ieiZIvZdHoqjCh43QO9srlsGW/WqKwVUfcdZah8T:ZWn8i/IvnH304+lsGWOkV

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      14KB

    • MD5

      34678579d57527c2eaeb8d4d1733cf5f

    • SHA1

      5f6a8a6fd240c27f51548f9a51579dab7709343f

    • SHA256

      f61cb2ba67d6d8adb85509d20d35a0c6dbb940d85f668992178780bf4e6089e4

    • SHA512

      cb5f0cf13b67de0645d07c584a12e3ecf43ce6aba8b09eb809abbe13976992ca79d48bf50c44244a927f806cb36628c9ec4f99e81cf57fe72971be735ccc8f88

    • SSDEEP

      192:wtePawtmjSfGLexeQR1A58Ykv/RClhgF606SZSM3CANt:TiwtGSfGLexeQRyGYkvYlha60Xy

    Score
    3/10
    • Target

      Uninstall.exe

    • Size

      159KB

    • MD5

      a87c8e841233e3a750967a9eb0e2d7f5

    • SHA1

      a5b4816bd5b8888c48fde6753c3415d07a70790b

    • SHA256

      fc4f5276fee3fe674f6d0189c4f4feb7403785839f0259fbcf0904c80e9da103

    • SHA512

      01ae20893054fba012d29206fbb1fa46f4798a8594d30d74873e074759590954713e549747ced2c8779eccd1573e0eae7b1ca4eaa4455c0dabfeee1bbd87c8db

    • SSDEEP

      3072:ku0D3VWQx3y5xFATS98xQT+5U5qILmQceAVkwJu2R9z/BGlQ/XQInu:T0D2/FXB0SmQmVpJuozz/3nu

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      flashlib/airglobal.swc

    • Size

      550KB

    • MD5

      f8ba21161960eaab18b41d911d77e8ad

    • SHA1

      8d3d43659ad4e58e33867c6a8cffddc0c2a02476

    • SHA256

      169a531c3f4715e06fa31ecad80637253b33ceeb60b077fcd96c6f35fa03bc2d

    • SHA512

      f3dd343ee88f4d2bbe618b3599dfd6bf02c1d9133d3a064e23bc9dfc38c9930a2d9e5bffbdcb828e463a94d4ad92ed07e988dd0010e9a52b5ed4abd014c5f6f6

    • SSDEEP

      12288:vRCqa7eYiet+plRu1Fw4OyXlNt/Q288bjJ+A/ziptNAK3WN:vq7eYiet+peFoyXlNThJvzYuK8

    Score
    1/10
    • Target

      flashlib/playerglobal32_0.swc

    • Size

      461KB

    • MD5

      513a4f254444e43b94bb0758398ea23c

    • SHA1

      8d080b7b01152758d1dec77851e63e3e3d186e06

    • SHA256

      7d4d6168d27603cfb3b750302448e354e0bbc1bdd58f5d101c3dcf6891e9bb65

    • SHA512

      d401a6fe4d6e5b8b15fe0c1848fe4cbac59ececb959b888485046971ed685c2d2b99ff5e37f5de62b3a82c3a85abf14017e6a06698673de6abe7b68496e7ce9d

    • SSDEEP

      12288:dpc1tLSf9p3Phe3ca6whAAlRMam4HYca5xXAbbiRXu:dpGNMWZ6DAlRMN44cmxXASR+

    Score
    1/10
    • Target

      icon.ico

    • Size

      38KB

    • MD5

      e6a62514ae4ef4ff4580cb0e72844feb

    • SHA1

      dcffd31a935ecb74068c549c6b8fbf4b1856ab5f

    • SHA256

      00c81b847acf7d4e5225bc81372848ba8136c777f5abf3a69cef0ac2dcdfe10e

    • SHA512

      2b69b56966be494cb836b9da1adb028175a33b12abcd90872888119bec366441a15536fd8fe02eb1f9770a3a433267b2733cd4ea02badc4b6a6861cfae6e83d5

    • SSDEEP

      768:IIwy5tdr2yMcVctOyJpKD/Ik/Ir4R579glDVLaqq:IIwy5tdrLMoGOYKDQmsq5mlDVLa3

    Score
    3/10
    • Target

      lib/avi.montemedia.license.txt

    • Size

      372B

    • MD5

      5e832525ad85b6e94253f95b65c2054d

    • SHA1

      e8cab2f552f4bd0c5e422b63b145ff6c19d7e298

    • SHA256

      2726013856593a0eccbb801807ab141390d97be2ddae42e42265dff459156fe3

    • SHA512

      7fd846537282bbe0ac53597aa434aa4bb347a6a6e9f937ef83b36de4b2a8dbde1bfbacb4fe73f3ca49b5fe7f21a4406d31d7df7771affc04aaba0c6f15e8b58b

    Score
    1/10
    • Target

      lib/ffdec_lib.license.txt

    • Size

      7KB

    • MD5

      e6a600fd5e1d9cbde2d983680233ad02

    • SHA1

      f45ee1c765646813b442ca58de72e20a64a7ddba

    • SHA256

      da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768

    • SHA512

      da6bcf3b76076d488f9a728debc7297b1bed6d94eb9cc44b15344c9b663a240c34434cc5511181f2a9b0e810b22449f5b13d793b7f225336f810367153bc8fd1

    • SSDEEP

      192:wheJvhVL0qhYqlpIle4RrJQSqOBng4kS/cKM6L:rvjxhYWpce48engvA

    Score
    1/10
    • Target

      lib/flamingo.license.txt

    • Size

      1KB

    • MD5

      23c4a2e92a07a80db42ef64b309d0382

    • SHA1

      4a766e4a1a230d4c845cd111761cfc18deb07ad5

    • SHA256

      ca542c73641ec8a419d0d1016c28e515703b18bf5456489bbae9bb476bf9a5d9

    • SHA512

      bd8fa2c587df6c476b2041ac618f134c3f933dd0c920ad8a550ab9019ad5ff03cf5633d8ed0d6e54b3bdbbcab05f4058ea8c97a9e7e03bb40674bf22e3fd59d6

    Score
    1/10
    • Target

      lib/gif.license.txt

    • Size

      310B

    • MD5

      d6a786ea1d8d1f8c8dd69f5e4c00b239

    • SHA1

      52b7fc6f954e3551ab0bae6a7625580100f997f3

    • SHA256

      d1df955baf0125f2eef9c126c297776d13cdf516ca7c65d83d22f79ec3af1f56

    • SHA512

      2cfebcd968b87296fa7eab7f460c807e6d1816ce13e41720de4314266526b1fd44094b81a152a2d8a9e7a57c41b113e0a429ba14e3bc283518a980c1a57a58e5

    Score
    1/10
    • Target

      lib/gifreader.license.txt

    • Size

      11KB

    • MD5

      d2794c0df5b907fdace235a619d80314

    • SHA1

      c700a8b9312d24bdc57570f7d6a131cf63d89016

    • SHA256

      cb5e8e7e5f4a3988e1063c142c60dc2df75605f4c46515e776e3aca6df976e14

    • SHA512

      46cd9ba0455e2eeddb70b7c793a6476cfbb75fa306c3e3e4f66973cb3e4f3143a358ee6dd3b065d17ba06b2d63c2bc7cab8e1d01ede19a3eaa4fc18ce952cf65

    • SSDEEP

      192:O6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEjz7HbHJ:O9vlKM1zJlFvmNz5VrlkTS07Hd

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks