Overview
overview
7Static
static
3ffdec_20.1...up.exe
windows7-x64
7ffdec_20.1...up.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...er.bmp
windows7-x64
3$PLUGINSDI...er.bmp
windows10-2004-x64
7$PLUGINSDI...rd.bmp
windows7-x64
3$PLUGINSDI...rd.bmp
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7flashlib/a...al.zip
windows7-x64
1flashlib/a...al.zip
windows10-2004-x64
1flashlib/p..._0.zip
windows7-x64
1flashlib/p..._0.zip
windows10-2004-x64
1icon.ico
windows7-x64
3icon.ico
windows10-2004-x64
3lib/avi.mo...se.txt
windows7-x64
1lib/avi.mo...se.txt
windows10-2004-x64
1lib/ffdec_...se.txt
windows7-x64
1lib/ffdec_...se.txt
windows10-2004-x64
1lib/flamin...se.txt
windows7-x64
1lib/flamin...se.txt
windows10-2004-x64
1lib/gif.license.txt
windows7-x64
1lib/gif.license.txt
windows10-2004-x64
1lib/gifrea...se.txt
windows7-x64
1lib/gifrea...se.txt
windows10-2004-x64
1General
-
Target
ffdec_20.1.0_setup.exe
-
Size
13.1MB
-
Sample
240530-rfxq7sbb6y
-
MD5
5621115d16a579e4f0bf229075511860
-
SHA1
40e827b820239cf9c4716fe5b58bc7b1680d48bd
-
SHA256
88ee06cae7f367cb6718473e32a8fb4596e62b602df2d69679739d2b12dc8975
-
SHA512
be737450f90d852f1b026f54de83638d6790da465196742a8f852a027b6c1b118ed8766cdc75a00932ce3de0ee2c23b5ce1eee63c7dd2de131b1ffd612a51840
-
SSDEEP
393216:ukD3fX8Jbp5Jk89+Cqnvu53FLqT6oxob92c:uk7fXAbpD79+W1qThxoR
Static task
static1
Behavioral task
behavioral1
Sample
ffdec_20.1.0_setup.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ffdec_20.1.0_setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/modern-header.bmp
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/modern-header.bmp
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
Uninstall.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
Uninstall.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
flashlib/airglobal.zip
Resource
win7-20240419-en
Behavioral task
behavioral18
Sample
flashlib/airglobal.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
flashlib/playerglobal32_0.zip
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
flashlib/playerglobal32_0.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
icon.ico
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
icon.ico
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
lib/avi.montemedia.license.txt
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
lib/avi.montemedia.license.txt
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
lib/ffdec_lib.license.txt
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
lib/ffdec_lib.license.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
lib/flamingo.license.txt
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
lib/flamingo.license.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
lib/gif.license.txt
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
lib/gif.license.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
lib/gifreader.license.txt
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
lib/gifreader.license.txt
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ffdec_20.1.0_setup.exe
-
Size
13.1MB
-
MD5
5621115d16a579e4f0bf229075511860
-
SHA1
40e827b820239cf9c4716fe5b58bc7b1680d48bd
-
SHA256
88ee06cae7f367cb6718473e32a8fb4596e62b602df2d69679739d2b12dc8975
-
SHA512
be737450f90d852f1b026f54de83638d6790da465196742a8f852a027b6c1b118ed8766cdc75a00932ce3de0ee2c23b5ce1eee63c7dd2de131b1ffd612a51840
-
SSDEEP
393216:ukD3fX8Jbp5Jk89+Cqnvu53FLqT6oxob92c:uk7fXAbpD79+W1qThxoR
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
8KB
-
MD5
d227cb07eccf0357a498cb701d45c409
-
SHA1
317dcf3816193351eb6894faaa28027b9e91968d
-
SHA256
97be1de17449f225fd77ff5081a59629d7b641f8bcddbbd39315327de3e07d30
-
SHA512
3c6d2b7ceeca659c1bccf37f5facf12eb5d08d804a50ecea227f80b2c091e07338ef4b95d0bc731c596eac9919803e2b1fd326215171b5dd5050e45f9cd7b340
-
SSDEEP
192:FoFYYrGj2o9AEJ0VOYkv/Rm02Km/2/9bd:COYg9A/OYkv802K7
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
12KB
-
MD5
dce59bea993492508ed7121b31b1fc6d
-
SHA1
8d8dac596c5752b3c7d691535381fdb4a1ee9ad9
-
SHA256
359a20bff59f02dd94d677ca715af93df76dee0eb5210608da6ef05d986dc7e9
-
SHA512
55389cf504e97b00efef4e6bf1c66a5d632241ff6e127c79e5f218d5035cbfa8b92ef2e86440b6b81bddabfb070a6ede3e60be77b818d4dbb890733ca949dafe
-
SSDEEP
192:v1BTusyjbq05hbv30wYYkv/RP6E+lUP93/I:5yi0Dj0wYYkvZx+lU13/
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
29KB
-
MD5
ab5f9c0b0be59a625c321524fea9318e
-
SHA1
9f839af38540ca1f44b5faf9e07a8c8bc63290b9
-
SHA256
8b469c27532a082de93db76e0e1e123d1e72dafdedbd15e248113a99d097d5cc
-
SHA512
88b9d91795897da3862817ec6677526c47ee59c5b7a6431b3768d735f3b464932a4eeae82515b56e39f6e5fde93934b0d855382964ac807bf3a87dcba1c13532
-
SSDEEP
384:31ZNeD4lUtoDp3VZQmR9nfalm+NVin3YkvuyIfiBmKZDjJblVQFd/IG3:31ZN0SDplZVRk0+MvllBmKdVxG
Score3/10 -
-
-
Target
$PLUGINSDIR/modern-header.bmp
-
Size
25KB
-
MD5
6c89d5a7c988506755c68de07e6505f2
-
SHA1
a65f414f82e4309fd8434186fefba55576bd8387
-
SHA256
7324b33545fc9fdd9c0fee0597abe552982e6ff755b9ec1d7f81927d9450de9c
-
SHA512
57d1588b005c5a84693706c649bbcb3497b7f968b1b5f813049ee0cf60e04c0d429a2eef593e5606709763fc81effab935ff7a61e6874272bd24ec8f31902cf9
-
SSDEEP
384:vqfvdfpX+B12H8aKXs4iIYsQ4ulbUyv47OpRHBTugJp2bDag:vG81RlxIlbtg7oRHBTJpUx
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/modern-wizard.bmp
-
Size
150KB
-
MD5
bb808c94d09fbef5f30b8b501566b7d1
-
SHA1
3d7e680534955ddf9279be24444173eb45136b8e
-
SHA256
5b27f52572bdcfea2454d27b5c22050a741b47a4eb866616007a44b82752892e
-
SHA512
f612cb39d0fd0b3629fc83f45a17d476c778a272b0b26c02b7a3e978e895dda407a5d75df1463be83b97fad99b2cd0d19ee9e71c0b423f35bad09b1e5d8574f0
-
SSDEEP
1536:ZWn8ieiZIvZdHoqjCh43QO9srlsGW/WqKwVUfcdZah8T:ZWn8i/IvnH304+lsGWOkV
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
14KB
-
MD5
34678579d57527c2eaeb8d4d1733cf5f
-
SHA1
5f6a8a6fd240c27f51548f9a51579dab7709343f
-
SHA256
f61cb2ba67d6d8adb85509d20d35a0c6dbb940d85f668992178780bf4e6089e4
-
SHA512
cb5f0cf13b67de0645d07c584a12e3ecf43ce6aba8b09eb809abbe13976992ca79d48bf50c44244a927f806cb36628c9ec4f99e81cf57fe72971be735ccc8f88
-
SSDEEP
192:wtePawtmjSfGLexeQR1A58Ykv/RClhgF606SZSM3CANt:TiwtGSfGLexeQRyGYkvYlha60Xy
Score3/10 -
-
-
Target
Uninstall.exe
-
Size
159KB
-
MD5
a87c8e841233e3a750967a9eb0e2d7f5
-
SHA1
a5b4816bd5b8888c48fde6753c3415d07a70790b
-
SHA256
fc4f5276fee3fe674f6d0189c4f4feb7403785839f0259fbcf0904c80e9da103
-
SHA512
01ae20893054fba012d29206fbb1fa46f4798a8594d30d74873e074759590954713e549747ced2c8779eccd1573e0eae7b1ca4eaa4455c0dabfeee1bbd87c8db
-
SSDEEP
3072:ku0D3VWQx3y5xFATS98xQT+5U5qILmQceAVkwJu2R9z/BGlQ/XQInu:T0D2/FXB0SmQmVpJuozz/3nu
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
flashlib/airglobal.swc
-
Size
550KB
-
MD5
f8ba21161960eaab18b41d911d77e8ad
-
SHA1
8d3d43659ad4e58e33867c6a8cffddc0c2a02476
-
SHA256
169a531c3f4715e06fa31ecad80637253b33ceeb60b077fcd96c6f35fa03bc2d
-
SHA512
f3dd343ee88f4d2bbe618b3599dfd6bf02c1d9133d3a064e23bc9dfc38c9930a2d9e5bffbdcb828e463a94d4ad92ed07e988dd0010e9a52b5ed4abd014c5f6f6
-
SSDEEP
12288:vRCqa7eYiet+plRu1Fw4OyXlNt/Q288bjJ+A/ziptNAK3WN:vq7eYiet+peFoyXlNThJvzYuK8
Score1/10 -
-
-
Target
flashlib/playerglobal32_0.swc
-
Size
461KB
-
MD5
513a4f254444e43b94bb0758398ea23c
-
SHA1
8d080b7b01152758d1dec77851e63e3e3d186e06
-
SHA256
7d4d6168d27603cfb3b750302448e354e0bbc1bdd58f5d101c3dcf6891e9bb65
-
SHA512
d401a6fe4d6e5b8b15fe0c1848fe4cbac59ececb959b888485046971ed685c2d2b99ff5e37f5de62b3a82c3a85abf14017e6a06698673de6abe7b68496e7ce9d
-
SSDEEP
12288:dpc1tLSf9p3Phe3ca6whAAlRMam4HYca5xXAbbiRXu:dpGNMWZ6DAlRMN44cmxXASR+
Score1/10 -
-
-
Target
icon.ico
-
Size
38KB
-
MD5
e6a62514ae4ef4ff4580cb0e72844feb
-
SHA1
dcffd31a935ecb74068c549c6b8fbf4b1856ab5f
-
SHA256
00c81b847acf7d4e5225bc81372848ba8136c777f5abf3a69cef0ac2dcdfe10e
-
SHA512
2b69b56966be494cb836b9da1adb028175a33b12abcd90872888119bec366441a15536fd8fe02eb1f9770a3a433267b2733cd4ea02badc4b6a6861cfae6e83d5
-
SSDEEP
768:IIwy5tdr2yMcVctOyJpKD/Ik/Ir4R579glDVLaqq:IIwy5tdrLMoGOYKDQmsq5mlDVLa3
Score3/10 -
-
-
Target
lib/avi.montemedia.license.txt
-
Size
372B
-
MD5
5e832525ad85b6e94253f95b65c2054d
-
SHA1
e8cab2f552f4bd0c5e422b63b145ff6c19d7e298
-
SHA256
2726013856593a0eccbb801807ab141390d97be2ddae42e42265dff459156fe3
-
SHA512
7fd846537282bbe0ac53597aa434aa4bb347a6a6e9f937ef83b36de4b2a8dbde1bfbacb4fe73f3ca49b5fe7f21a4406d31d7df7771affc04aaba0c6f15e8b58b
Score1/10 -
-
-
Target
lib/ffdec_lib.license.txt
-
Size
7KB
-
MD5
e6a600fd5e1d9cbde2d983680233ad02
-
SHA1
f45ee1c765646813b442ca58de72e20a64a7ddba
-
SHA256
da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768
-
SHA512
da6bcf3b76076d488f9a728debc7297b1bed6d94eb9cc44b15344c9b663a240c34434cc5511181f2a9b0e810b22449f5b13d793b7f225336f810367153bc8fd1
-
SSDEEP
192:wheJvhVL0qhYqlpIle4RrJQSqOBng4kS/cKM6L:rvjxhYWpce48engvA
Score1/10 -
-
-
Target
lib/flamingo.license.txt
-
Size
1KB
-
MD5
23c4a2e92a07a80db42ef64b309d0382
-
SHA1
4a766e4a1a230d4c845cd111761cfc18deb07ad5
-
SHA256
ca542c73641ec8a419d0d1016c28e515703b18bf5456489bbae9bb476bf9a5d9
-
SHA512
bd8fa2c587df6c476b2041ac618f134c3f933dd0c920ad8a550ab9019ad5ff03cf5633d8ed0d6e54b3bdbbcab05f4058ea8c97a9e7e03bb40674bf22e3fd59d6
Score1/10 -
-
-
Target
lib/gif.license.txt
-
Size
310B
-
MD5
d6a786ea1d8d1f8c8dd69f5e4c00b239
-
SHA1
52b7fc6f954e3551ab0bae6a7625580100f997f3
-
SHA256
d1df955baf0125f2eef9c126c297776d13cdf516ca7c65d83d22f79ec3af1f56
-
SHA512
2cfebcd968b87296fa7eab7f460c807e6d1816ce13e41720de4314266526b1fd44094b81a152a2d8a9e7a57c41b113e0a429ba14e3bc283518a980c1a57a58e5
Score1/10 -
-
-
Target
lib/gifreader.license.txt
-
Size
11KB
-
MD5
d2794c0df5b907fdace235a619d80314
-
SHA1
c700a8b9312d24bdc57570f7d6a131cf63d89016
-
SHA256
cb5e8e7e5f4a3988e1063c142c60dc2df75605f4c46515e776e3aca6df976e14
-
SHA512
46cd9ba0455e2eeddb70b7c793a6476cfbb75fa306c3e3e4f66973cb3e4f3143a358ee6dd3b065d17ba06b2d63c2bc7cab8e1d01ede19a3eaa4fc18ce952cf65
-
SSDEEP
192:O6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEjz7HbHJ:O9vlKM1zJlFvmNz5VrlkTS07Hd
Score1/10 -