General

  • Target

    OperaGX.zip

  • Size

    29.6MB

  • Sample

    240602-2gtq2saf29

  • MD5

    9c4235c9409028c3f1681eba9d59aafb

  • SHA1

    28ef68f1363d23aea0cb91edd93637742aff957b

  • SHA256

    7b53f65c9fa363b021a8f907eebe15993ad71fcfb9f6060664e8a22d735a99ff

  • SHA512

    aea6a850d7ba5a8ee9c35841a603bbd60d6487f2b28c3380b1fc9f9be6366d13e64a9752a51d92e7f8fd239bfdeea660342a36c88b583b03761e36f7d5bfbdd5

  • SSDEEP

    786432:16XSfbpehupADvqs4VeFp+p3IxW04SpC+WwgIhs:gXSfYwAOiYYxW0DpC35j

Score
7/10

Malware Config

Targets

    • Target

      OperaGX.zip

    • Size

      29.6MB

    • MD5

      9c4235c9409028c3f1681eba9d59aafb

    • SHA1

      28ef68f1363d23aea0cb91edd93637742aff957b

    • SHA256

      7b53f65c9fa363b021a8f907eebe15993ad71fcfb9f6060664e8a22d735a99ff

    • SHA512

      aea6a850d7ba5a8ee9c35841a603bbd60d6487f2b28c3380b1fc9f9be6366d13e64a9752a51d92e7f8fd239bfdeea660342a36c88b583b03761e36f7d5bfbdd5

    • SSDEEP

      786432:16XSfbpehupADvqs4VeFp+p3IxW04SpC+WwgIhs:gXSfYwAOiYYxW0DpC35j

    Score
    1/10
    • Target

      libcurl.dll

    • Size

      529KB

    • MD5

      a2fd1e624f52f6bbbad54ffe46095e72

    • SHA1

      11aad3b1b30891b904afaebda45697d16374b5da

    • SHA256

      eb9788be011c43bb0326f20656741b7c40d7a9b2410c74d7209b7428fa87be21

    • SHA512

      cc3f3af270596ffaa241b552e7adef1c4d472d5fe194de456c84e06699734d44dccb0c43875249be24f71ded6e6204f8b8f5f4f6dde99a2b6d7f3f6b06180327

    • SSDEEP

      12288:PrHez66UMsodY6d4CDbMjP55bgBFrwhS:PrHelUMsoSc4qba50F9

    Score
    1/10
    • Target

      loader.exe

    • Size

      34.2MB

    • MD5

      48e6cb56036d902b44fccbaafc5298df

    • SHA1

      0343c0886317395a502ccaf5b036e5659a0b4b19

    • SHA256

      3a6233746617a17b6c0f039bde1863e08364dce539da71fcf0100176ec3fd007

    • SHA512

      a359de5725d3f04e81a3e0a58950da7ee2d5ccc82c11f570711e8b87e602da1714d710a693f994ee727a31074b73661f6df1f9425064dcb1c3dc432ad163deed

    • SSDEEP

      786432:zHpIrLvMphrdp+lqRmP3Y0wr+xtMVkJ5zBXCCp5o0khXZ:zIv6rG2m8Q8kJ5zBSCPo0

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      zlib1.dll

    • Size

      87KB

    • MD5

      336aa589ea0e4f435cd15d982773f0b4

    • SHA1

      e59afad43e0d13acff42b24113bdef36643e6ac1

    • SHA256

      ae031f0b42fe26dadd4a286234a1eab04aff7183d2bef21665ae33013f0662c6

    • SHA512

      ac164df6dd816fa58eab4c549bb80577bca1e2fc1fe172e7bb46f41533c5b7793a58038d0767a62af452a056d9f48654531aaf6fc94fa7f9a67b8dff42013da2

    • SSDEEP

      1536:ybADHM2s2n17hEWUpDZ0CmZnl9dFIOcIOsXNilMd52YD:yMDHjs21xUpunvdPSsXN+MdIYD

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks