42ad279878792b976f051847fc40e8b31fb4a043cc440455fca28b8f9a252271

Sharing

Copy URL

Twitter E-mail

General

Target

GDLauncher__2.0.9__win__x64.exe
Size

111.3MB
Sample

240605-xljz7aff79
MD5

02cb50dc6c2d8a0b158397dbb88364e6
SHA1

a47c3b438761d74f0b6f5881286578f4cecd24da
SHA256

42ad279878792b976f051847fc40e8b31fb4a043cc440455fca28b8f9a252271
SHA512

62d87a1b097578e8c5807b5e993699962cedaf39d574bf22aa987ba723c782d139092860a049cbe5f1074926a11893fdfc7b8b8fa5b599a7f52dc1ca0e11d7e5
SSDEEP

3145728:Ise4/oxf03ZRozA76omzShIsS3sklyK6XllaG:44/YsOc6F6IsS8k81aG

Score

7^/10

Malware Config

Targets

- Target
  
  GDLauncher__2.0.9__win__x64.exe
- Size
  
  111.3MB
- MD5
  
  02cb50dc6c2d8a0b158397dbb88364e6
- SHA1
  
  a47c3b438761d74f0b6f5881286578f4cecd24da
- SHA256
  
  42ad279878792b976f051847fc40e8b31fb4a043cc440455fca28b8f9a252271
- SHA512
  
  62d87a1b097578e8c5807b5e993699962cedaf39d574bf22aa987ba723c782d139092860a049cbe5f1074926a11893fdfc7b8b8fa5b599a7f52dc1ca0e11d7e5
- SSDEEP
  
  3145728:Ise4/oxf03ZRozA76omzShIsS3sklyK6XllaG:44/YsOc6F6IsS8k81aG
Score

7^/10

discovery execution
- Modifies file permissions
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral5
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  110.7MB
- MD5
  
  ad49abc43e48acc5077a37b8e78ba17f
- SHA1
  
  44e7cab7e0cc6796a22113535bd4b7ca0e443f90
- SHA256
  
  3edf14fe6166fbd6de6141f8839d5cc16add45401ed47e29af12e0d24afa3812
- SHA512
  
  ae0a5bb6abca00739d166af18c0852d24ca83498a8e5c9e91e4e7e38e5d2d539c3a3a56af3f55e7cacdd7ecfb45b15243b3754cf1cc7a217f7d17a51374f1ae3
- SSDEEP
  
  3145728:ve4/oxf03ZRozA76omzShIsS3sklyK6Xllas:24/YsOc6F6IsS8k81as
Score

3^/10
behavioral6
- Target
  
  GDLauncher.exe
- Size
  
  169.9MB
- MD5
  
  f96c065714738a4008c9eebc4f0ccbb3
- SHA1
  
  0461a73a7500bbaf033dcc308d29d8968891388f
- SHA256
  
  c8c3e212a56976e087a49d7fc5a007a9950c1b2b0426b5bf48e6ccec6ce7ae78
- SHA512
  
  a3584d8d2a87870523a04a1aad8cc9d1aa388305650558621e3808fdf5a0bc26b55cba684a87084fc3989e47a8812b73d359e0e04e9bdea352c488d0422b8fcc
- SSDEEP
  
  1572864:es+fxQiW1vVzbHpUcEtmLd7cF3PPHNzLuTe7ulsxM/Gyr/w7VoB4X+x2CFRXQQSz:ze8BWNg3DFxfw
Score

7^/10

discovery execution spyware stealer
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral8
- Target
  
  LICENSES.chromium.html
- Size
  
  8.7MB
- MD5
  
  fcb299831276a7c8bdeb036142da1c25
- SHA1
  
  bf6990abb92ab627b7f2e7aecbd5a58b86d2e09a
- SHA256
  
  6daa3cd398e5380222c6b6bdb4d66a4b4273d4bb74d6bf53495a5722f03ac0dc
- SHA512
  
  1e31ac0b6836d24488e32d04b5028ac2a9e00ebd8e29aaf742d9e0cdb50d5a9d4f7bcc3919b22a793552d31aaed2104415268f14e903754bf25a86510fbc98c9
- SSDEEP
  
  24576:RQQa6NA6P5dWWSmwRFXe1vmfpV6k626D6b62vCuApj:RWfTF0
Score

4^/10
behavioral9
- Target
  
  chrome_100_percent.pak
- Size
  
  163KB
- MD5
  
  4fc6564b727baa5fecf6bf3f6116cc64
- SHA1
  
  6ced7b16dc1abe862820dfe25f4fe7ead1d3f518
- SHA256
  
  b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb
- SHA512
  
  fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2
- SSDEEP
  
  3072:IOzwJCGIekwdLpsXYFAXg6IL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:IOzw1Iekam5QpK18Gb0OV8ld0GecQ3Ey
Score

3^/10
behavioral10
- Target
  
  chrome_200_percent.pak
- Size
  
  222KB
- MD5
  
  47668ac5038e68a565e0a9243df3c9e5
- SHA1
  
  38408f73501162d96757a72c63e41e78541c8e8e
- SHA256
  
  fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32
- SHA512
  
  5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89
- SSDEEP
  
  6144:QsDQYaSN6svydHLhQegx5GMRejnbdZnVE6YoppO4:QBfSN6svydrx6edhVELoXO4
Score

3^/10
behavioral11
- Target
  
  icudtl.dat
- Size
  
  10.2MB
- MD5
  
  e0f1ad85c0933ecce2e003a2c59ae726
- SHA1
  
  a8539fc5a233558edfa264a34f7af6187c3f0d4f
- SHA256
  
  f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
- SHA512
  
  714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28
- SSDEEP
  
  196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
Score

3^/10
behavioral12
- Target
  
  locales/af.pak
- Size
  
  464KB
- MD5
  
  862a2262d0e36414abbae1d9df0c7335
- SHA1
  
  605438a96645b9771a6550a649cddbb216a3a5b1
- SHA256
  
  57670eae6d1871e648ad6148125ee82d08575bec5b323459fc14c3831570774a
- SHA512
  
  a789a4cad72106a5c64d27709b129c4ae6284076f147b7c3fcb808b557a3468b4efe3ede28033f981335d5eab986532c0497ddd6ed24b76189fe49366692ee73
- SSDEEP
  
  12288:KYHoLheVm/Wnzo+E+VOSMKlNu+d2ZH2Jynua2VIzfXo0vIFNgRU2Sw+2Ss37xzOZ:LoL0Vm/Wnzob+wSMag+d2ZH2Jynua2V5
Score

3^/10
behavioral13
- Target
  
  locales/am.pak
- Size
  
  756KB
- MD5
  
  4eaa15771058480f5c574730c6bf4090
- SHA1
  
  2b0322aae5a0927935062ea89bd8bd129fa77961
- SHA256
  
  b05dcb8136751aee5eced680a5bad935e386bfce657dd283d3ec00ee722fd740
- SHA512
  
  b67e7dd24eadc91d4cd920f8864cfb23a9c67b2cecd54ec97e01705636604ce504dc417d6af1c53f374b58eddf71a12bb82248bd8fd68307161d4833342681a9
- SSDEEP
  
  12288:sjsuGn8MVs2TZIuHzLzxBT2qE36jpECuzA+5P9LlVrClOwPQVx30jH8+F:HnG2TZVLzxwqEqjpECuzA+5P9LlVrClj
Score

3^/10
behavioral14
- Target
  
  locales/ar.pak
- Size
  
  829KB
- MD5
  
  2b2dfafb0d258c1d2b58e51ae1ee9ab5
- SHA1
  
  2a538491ff4023d29bdf2a053447c6016138d9f2
- SHA256
  
  ea49bc2ceb6b185030eaa0ee0155feca90e632390417299113b02fbe365ff731
- SHA512
  
  6b629ed83edfea1b1ff3c379009332e413c420de651a24160fae859e1e0948fbebab99c9da714df6dfad3b9e472dece7bee95815ceca428183f4ac0bd6d42ff3
- SSDEEP
  
  12288:whjQkIYBukM/T/RJGX4Yxwv4UPCNakEz5cN01++QIYkpT:gjfGv9T5b++
Score

3^/10
behavioral15
- Target
  
  locales/bg.pak
- Size
  
  861KB
- MD5
  
  0e8005b17ac49f50fb60f116f822840d
- SHA1
  
  f2486da277de22e5741356f8e73e60b7a7492510
- SHA256
  
  50e4f6b9c387adf4baba3377c61d99326cc3987928d8d60b88d1ac29352820ea
- SHA512
  
  5df18bbeabd56e70d4c5a80dee5b7ce48259000665941634937e556e3b3a1c6403aa45c410f6f755607549c9dd35d722987b447c50efca51228ffeca4628756d
- SSDEEP
  
  24576:9MCo3qBsklYOdAs1axUYVbOAHi373Z5+3aAK5kVDV5uRumpod2JK5ITOuORx6QKq:9MCo3qBsklY/UYVbOAHi373Z83a1kVDj
Score

3^/10
behavioral16
- Target
  
  locales/bn.pak
- Size
  
  1.1MB
- MD5
  
  c8173f0cc63ca9e02c07abec94892b53
- SHA1
  
  2688b199cc40bb2082247fa451eac1304608e48b
- SHA256
  
  e6adcfb4f3b3bccd4a27edadc168b503c36551cd6b27fb24043efeb21f691ce5
- SHA512
  
  3d2317430722dc15c5d938fa55235af1caa03dcff7a574b44d37d89e7cf2c94dd2e84518b3eeca4a5a8dbec1b99d94aed97429aaf55c63998002d50ce9cb5019
- SSDEEP
  
  3072:HPvKTlIymMTAKhwg8KgMokBw20kzhY0/ukfe0/Q8hhar6j7dkjBbJrlD+B5rwDlo:HPvtMTAKhwlFpKAShhG6j7wBb85mlo
Score

3^/10
behavioral17
- Target
  
  locales/ca.pak
- Size
  
  524KB
- MD5
  
  d193a3ac614f64f4754c9df5cf00e880
- SHA1
  
  0da0f7c1a4048074f6fe9d70704aa93ff75e42f9
- SHA256
  
  4ecfa3785ab52564e0bd7dda04d59a30163561588a04f3bd1b1b71de051d2c53
- SHA512
  
  e85d18951f9a1a86514d577f9b19a4b3727523c15b4ccdd17217f6fdf69a0e774a36874108a05de1be3dcee1720b0cb19eced2d3283f57f41f5f9c5e233e1c68
- SSDEEP
  
  12288:BLUzxDV3sCB/7kREeopxA3n5PqF4N3Mw2juwHzejm0t3lvq8+x9sfR+IsjcmlLER:2zxDVJwY6vR6QZIMN7vsyL5fdjiu
Score

3^/10
behavioral18
- Target
  
  owutility.dll
- Size
  
  1.5MB
- MD5
  
  dc3a7e94e4ff005423566c0c6dc315cf
- SHA1
  
  c10c692dc98b8987e3c6c42f07bdbfe0322765c6
- SHA256
  
  0e5cbf02be8cf9c2bf15bc6c85377227b6dbe6e9c09076944aaf0705d8e80a0a
- SHA512
  
  45bb95fb1e39aaf092c3c178e55ad6329823dbf370334e3b92e6e3675e94f167f689a583d9af57430d4601511ddcaced3f7339088e58b80bafe19c9ac339fbb0
- SSDEEP
  
  24576:pjjAyN7CbTB3Iu2VIMiFryCF9fLp34G5cdHSdslQ3m3oGch+XaxLaXpb:pjcyNeR3IuUIMiFLFpLp3z5cdgsvYFhA
Score

1^/10
behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli-win32-x64/bin/sentry-cli.exe
- Size
  
  7.3MB
- MD5
  
  d2dfca1c628015ab94ada595b3f29945
- SHA1
  
  650541ed0a93c85f787957499eb76f12f5668262
- SHA256
  
  e2c7d3b63e837a4d89cc9e247b8bf3c404cc85c967d43da4c27e92d2c09d416d
- SHA512
  
  0e2df55d141d685cd93882635fcf33d51636194092b2dfad4eb1e05366e306cfc1e486bd92c1b7abd3c06b6530df1d7585fb26daff1cf0543e630bedeac87851
- SSDEEP
  
  98304:XK/JXOfs1oY6qWAIhUzgtDZhyfstGwAxDujtC3wdHErg7eYSG8G+PS:a/O/5DZteZu2wdHErgURG+PS
Score

1^/10
behavioral20
- Target
  
  resources/binaries/core_module.exe
- Size
  
  26.1MB
- MD5
  
  d78b9a9a820c9f39dcacf6756d8ef5ce
- SHA1
  
  0cfe541a6ac9e1fc6153fa3c9fa11b70c2210b0d
- SHA256
  
  59170447cf1e7e758ad6f54b6a8982316de21cfebb543c35f61347ab08c8ee24
- SHA512
  
  14d7a9ffdfa861cf3c2366980ec63496e285ed7f897719ada5f486df766b7a2352297f40529ff5534167be57f54a8d15902a4171fe07467696c98655fc1aa3d4
- SSDEEP
  
  196608:0rmuXNYaqEB5T6OBvFsaHHfEVd/munw9val:um6WEB5X7EVd/muOval
Score

5^/10
- Drops file in System32 directory
behavioral21
- Target
  
  resources/elevate.exe
- Size
  
  115KB
- MD5
  
  d53dfeeb4d0e73a3f7ad0eafc96da9b2
- SHA1
  
  b24cafd25092b94e133c0e4ed515ab3854244a6a
- SHA256
  
  939a5e8ac7b0251d7f8cc37370e7409b1091aa28b91d061bf78883f78be05d69
- SHA512
  
  2fc6926dd8132f8a0d7244a69e86bf37ca12ba33e9136c6e99a1c81233c0a5b790499e6e144afbbd9513912dee5d3f314c1cd33d8707d1ed78a991363c56c618
- SSDEEP
  
  3072:labLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl8X:sPrwRhte1XsE1li
Score

1^/10
behavioral22
- Target
  
  vk_swiftshader.dll
- Size
  
  5.0MB
- MD5
  
  31322799446e60785a3d0d3c2c3232b8
- SHA1
  
  730aebd7f83dd711dc263cbf4aea06a082cae75f
- SHA256
  
  ab1a7f53d6a55a311ee6daf8c396ede9908a01fa014d891a2eb05bf5977acf51
- SHA512
  
  f45a3cfc254e8ff43e5e1de9e5af0cc09d8f1a3f32c9d62831f5fcb34ca201fddaabd05063cd87314962e4359a865a168522cecad1a640be0d4f8c1d0d2755ec
- SSDEEP
  
  49152:GO6ftEjL3Zdon2+a/EgBqB1y91lxfAV7xWV9cO6NZ8m8xg1drRXmVEZvMUn0Hjyu:GLftlUSot6EmXxZdIOl5bzLB3dIW2
Score

1^/10
behavioral23
- Target
  
  vulkan-1.dll
- Size
  
  935KB
- MD5
  
  cc8d44b42069f6fcf2d87cdf5addef0e
- SHA1
  
  eae8a663198b991c1f7deeed63b3bfd795e26ac1
- SHA256
  
  77d0df2de42a77b936c155e701ed6a98a8efa0e7b9dc710f95384da20635aaad
- SHA512
  
  5db36695451a484debb276597d0d5d1b5a532b26324026f34ca7ef7b2aa958a228ecfc104b759d9a1a09bc64ead00935b5c73089d0e4d183ea94ae4fcca61bad
- SSDEEP
  
  24576:Yy+lCO+5ian96u6WbEJXay6Z5WdDYsH26g3P0zAk7o3uv:YymViaWbYT6Z5WdDYsH26g3P0zAk7ou
Score

1^/10
behavioral24
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10
behavioral25
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral26
- Target
  
  $R0/Uninstall GDLauncher.exe
- Size
  
  268KB
- MD5
  
  d455870757ad6dffb3e24ff810715022
- SHA1
  
  7b74d8c70a4a35b557770f535c719ea1dec94e84
- SHA256
  
  6c4b71d9734d469d634236436bf40fae8c20c4718d2ddc16d73a68f5b7306780
- SHA512
  
  9c4ba1b3a6a2a1966dc9cfbafdaeec9e27d0842ce205a1d7c6063edafaa4d666fb028aca0db68ff6885cd6d67510beadc3e5b2ba288171d0e630ee50f6e7940e
- SSDEEP
  
  6144:Y740IAE2lMbfuf3s2t0EyL+yaCDPFH6XdR+EkiH3yL:SlWfuMRKJCDPNKT1zH3U
Score

4^/10
behavioral27
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  238KB
- MD5
  
  38caa11a462b16538e0a3daeb2fc0eaf
- SHA1
  
  c22a190b83f4b6dc0d6a44b98eac1a89a78de55c
- SHA256
  
  ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a
- SHA512
  
  777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1
- SSDEEP
  
  3072:hD2ekNFXiQraqoDDfbrH6ZgxkzStPpwGxqeujXj5Bif/Pa0L:hD2vhaqoDfb6mxk2LqHXj3if/Pa
Score

3^/10
behavioral28
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral29
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral30
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral31
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies file permissions

Checks computer location settings

Modifies file permissions

Reads user/profile data of web browsers

Enumerates connected drives

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32