92638a7c733b36df5a859ed1c3b94be1b5d82753749c13b0184f72cbae0895d6

Sharing

Copy URL

Twitter E-mail

General

Target

jamovi-2.5.5.0-win-x64.exe
Size

325.6MB
Sample

240605-d837ssdc8w
MD5

c7b191ca9b8a0f27dd50d7c6e24a4bdf
SHA1

ead5c7aa3fc314be017d154c44ac10509eea55d0
SHA256

92638a7c733b36df5a859ed1c3b94be1b5d82753749c13b0184f72cbae0895d6
SHA512

17926317c1dd0f15b753fe8830d5a457818ccd5136dd0d693a62804acd31f08a38fac3a2c16f16526340a7a3be3fc4ab1d38d9f17644405bcd86a29777f04bf0
SSDEEP

6291456:EcwVVjA5CpyUw6dKqPQnc6edNaok9EkynxSq03HuRURTwvcLP:Ecwr/pyleYnc6edNaokakynuum0cT

Score

7^/10

Malware Config

Targets

- Target
  
  jamovi-2.5.5.0-win-x64.exe
- Size
  
  325.6MB
- MD5
  
  c7b191ca9b8a0f27dd50d7c6e24a4bdf
- SHA1
  
  ead5c7aa3fc314be017d154c44ac10509eea55d0
- SHA256
  
  92638a7c733b36df5a859ed1c3b94be1b5d82753749c13b0184f72cbae0895d6
- SHA512
  
  17926317c1dd0f15b753fe8830d5a457818ccd5136dd0d693a62804acd31f08a38fac3a2c16f16526340a7a3be3fc4ab1d38d9f17644405bcd86a29777f04bf0
- SSDEEP
  
  6291456:EcwVVjA5CpyUw6dKqPQnc6edNaok9EkynxSq03HuRURTwvcLP:Ecwr/pyleYnc6edNaokakynuum0cT
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/bitmap.tcl
- Size
  
  1KB
- MD5
  
  39dd76cfbad94b253e4625cf07dc6ec0
- SHA1
  
  1d36e70dec67fc89a9f77f21cba2d784bfa79004
- SHA256
  
  e9b74c16ac87ed4be29af6d8411c5303faccf3785c37e39441d30aa72798d8c3
- SHA512
  
  11d5d3c7db7482d9be7e29919c62a95bc2c6805106b88c26aa473c340bc330a1e41b760a304628442e239d74f6ef1efd7af7b09f49274e80d01fc9ed3eee9b37
Score

1^/10
behavioral3 behavioral4
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/browse
- Size
  
  1KB
- MD5
  
  4d2c45750efb0286f48e0bff71f92977
- SHA1
  
  2918078b6799b710528779844c35f304ec44ed85
- SHA256
  
  94cc98d07cdf57a9ed98c99cbfa8a271a76be207fcdfbfbd7e8d040ffd13739b
- SHA512
  
  151f5a4e0a6e680f49f42af337690850db1cc098baa1e1e9792e50f0ec528f4f2742b8c81e1856f900320794d4e87672fc36c6ccc1a18a6efa8f489bdd9d83ab
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/check.tcl
- Size
  
  2KB
- MD5
  
  432627e1dc6707fd439d4083fccd49d5
- SHA1
  
  266fb3fbcb90ecba361e2bdc8b9792c79a42f46b
- SHA256
  
  6c7bfcf02b7af72116c3e58edffa771ac83a4a0671a71a96266bc9646845ac96
- SHA512
  
  819fbae9793eb06f216693e504df0220e911f95b521868e2710a7cd8a498cf7b69260653ae7ba1bdf5b709abdd17a68432cb1115a4491ebe2061780176f1d05c
Score

1^/10
behavioral10 behavioral9
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/combo.tcl
- Size
  
  1KB
- MD5
  
  bbdc8c8096b5ab47985b112a7c1a8b8b
- SHA1
  
  c82e08d3190bd5c0bbf3d4737a45f1a4db20db8b
- SHA256
  
  ee5b329d98932b7493f4f9e830f1da21251a5ab7eda807c827ff6129e3c87101
- SHA512
  
  3feea8829bfd4282a1b6a371261de24b1ff70e8d3b12f9e01f0d5352cb8574413a08450febe4bb5f3b3db22c7ff0694f86857772b54290bc5036e4e19070baa2
Score

1^/10
behavioral11 behavioral12
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/ctext.tcl
- Size
  
  6KB
- MD5
  
  a3372b061b099c6874d8a24fb2680dd4
- SHA1
  
  e04f278fc5c7c3210f08bc7f8fabb9ad24c643c0
- SHA256
  
  64944957a9ab6a8d217052824378609b3a1a957e0d6a39246cc48e38595d482d
- SHA512
  
  d0510cf118e44859c3039153f7a61c43993e6c395520866cc14b428539730e8f827fe8bf2360c8d85c8079edf5287b77a31b39b6d81b29b3c7cbc4bef8f9e79a
- SSDEEP
  
  192:CgOxcQeBS5YwRy8mq8DRsUK9P9M9q2mjUoL0T6BJ8syhhY:pufebwY8mq8DWVW0Zd
Score

1^/10
behavioral13 behavioral14
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/floor.tcl
- Size
  
  79KB
- MD5
  
  ee1033574067ac508e161db3813269de
- SHA1
  
  5839b253088d59241b6b8b8d8e562023da4dbdab
- SHA256
  
  f2095013b336c91dc0399922df53019418e5bb4156893c85f76d8d49f6121f74
- SHA512
  
  2a3887a0cdce91ad52b409136f91c2bf5d7a361608ad53ee1f617c326855bc7efc0b1ba34bfa9bfb7f55b57c88c02a9c75ed57472cd7449493fa6f1ae4fdd75f
- SSDEEP
  
  768:bAY7PpAv+OHqFk3y7YwBWVhX7dWuAA+HYSRVplAhOkyxOF:8UPo+OKNYwBWVB7dWuvSPAhOkyMF
Score

1^/10
behavioral15 behavioral16
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/goldberg.tcl
- Size
  
  55KB
- MD5
  
  a33315c9d2640cce9e46b0ec83b2033a
- SHA1
  
  89f9bc16870297343ea6c35e1e0e0b9d67a1d1a8
- SHA256
  
  f3ed9c356bd652ccfe31e14ba5df39717838b35ce5a8acba509ead329d582430
- SHA512
  
  0cfdfde40e405dfd5d698a6a104199648ba7c9f29cfedfdb75e21791517d7f511a09d8f8a36d9da0139a53a7276afa0392fcce143097666d1c6360e1b774a072
- SSDEEP
  
  768:Y2zGGarFZLIfGMqKjY3wCTvKOj1+mcptngVym61qBj7ZToqIX4J+5bnaVRX:Y2XarP4GrKjWvKm1+Jmn7nIfmVh
Score

1^/10
behavioral17 behavioral18
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/hello
- Size
  
  511B
- MD5
  
  bf97f5ca8444c474bb8e8e4d5d0b7794
- SHA1
  
  8f2906b0f136decbd2996f2ee18a2e0e3977b876
- SHA256
  
  913357103891825ab4b7aec76dc7c8185fa7860ed798b8d4d60b9cb97ccf6da9
- SHA512
  
  0edb75fee17873715c43b583231e98171adead6408c6c9d9633450620d01141496d9d90932885787ecd1a430711c97ad7a643d64396ac4dbd324a997cd28fea5
Score

1^/10
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/items.tcl
- Size
  
  10KB
- MD5
  
  68a37f872d39ce4e2ac070cbb198a014
- SHA1
  
  634df330582699ff533d96f7a72c57b677246ac0
- SHA256
  
  379a46bf92770c64376483a99782d3d89339780eaf2b00ab48050fe2886163ac
- SHA512
  
  a6ec5ca66a9acc7fef4f0953038863cfb31a9ba89034118332e026b2360cabf62954d0919465538a0c34d71df864c036d47c9ece0315876fe7ac69af23fa511c
- SSDEEP
  
  192:0O/DtpqEF96FXdvyVxtT4zffvCfoGf3vfMgfhd+htuqIKYCfO7gbuXJAHZbsYlBh:0wxpFFkFXdvs4Lif3hpWcKYCm7gSXJAf
Score

1^/10
behavioral23 behavioral24
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/ixset
- Size
  
  7KB
- MD5
  
  967f3f45fc3bad22bd319029c9817ff3
- SHA1
  
  26ab5661fc5e0cd3ca85f8ed3b9bac9dd73d9985
- SHA256
  
  070bb1ed6c689568cd6fd7ec9e61d8a4e58605bc99864d1ba791bc88d6dbb985
- SHA512
  
  da37773be32c48cca602e7e5bf6d55f3ce81fd5e3db36c160342f77abe37a6745ddd149afe5e9c7c1e42d89c7de0d4408367272bf643f40a47eb282bcdfa2bd4
- SSDEEP
  
  192:1K/sALdwDD0FMe0N3RF8opw5oVUGPEtfg:duK/0D0N3n8oYK
Score

1^/10
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/knightstour.tcl
- Size
  
  8KB
- MD5
  
  46f4ec552437a6151ce3c2dc8ba3d281
- SHA1
  
  028c4f57e0cf41912cba7b219531d27a25dd46d8
- SHA256
  
  7c1e5f21e8833b85947ab52ab1ebeb7ecfb8cfcd1122fcee57c3ad96fed8d8cd
- SHA512
  
  0eefe8ec8990192fb695c6d2f6b543d7d290fb628a1117ba3ccee466aa12567e331758f9b9d09ec8a3fd9a5f5e302b0776b3112aab7adb4156e64068cd784a8c
- SSDEEP
  
  192:wp0NViQkeiQkD+I7+zyiQKKFLG+XYQctEfNCAeshdkM6qkxKMDOR3pxIQVAdisP4:waN7I7+0YZcOWqqADYxwUC+jYa0E
Score

1^/10
behavioral29 behavioral30
- Target
  
  Frameworks/R/Tcl/lib/tk8.6/demos/labelframe.tcl
- Size
  
  1KB
- MD5
  
  84c5ae01935052baf7be97e586ff9cd9
- SHA1
  
  f605ae473d80a7c30d00fd596d247666fe10b9e7
- SHA256
  
  a964cd6526509801cd0873a63fe23fafd6d959136fd046133f480af2c6359b24
- SHA512
  
  539a92652fb6cbbf964b240382c42f6b0eb9e99de1465548359d4568cfdfeddc635a3a55c70862f7afd5c09a6efb032864581e1e715768437024cdf85d7fc04c
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Blocklisted process makes network request

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32