General

  • Target

    Authenticator-7.0.0.zip

  • Size

    450KB

  • Sample

    240607-x2nnbadc84

  • MD5

    1a567fa885b3ac63caa1028b1df5506b

  • SHA1

    bc52c4e47542efb3814a77e6ccd424de7ff59594

  • SHA256

    6476f7687d4aee100d659f19a57a0a23af4e5c88df87f24fde105cd5d8b21e02

  • SHA512

    1b4f66dce8f68acf815cb728d6409778dce195594db9cda1ee9b8df003795ce03f38e1ca7ae94cd58f45ec2feec2d09b82f3e4f2b9076bdf6a9e342fbe946d04

  • SSDEEP

    12288:57/kMCyJUBZUxel02BQKoGF6Mlob6qxKBtcoKbOf:5NOBZg01QwF665Btsbe

Malware Config

Targets

    • Target

      Authenticator-7.0.0.zip

    • Size

      450KB

    • MD5

      1a567fa885b3ac63caa1028b1df5506b

    • SHA1

      bc52c4e47542efb3814a77e6ccd424de7ff59594

    • SHA256

      6476f7687d4aee100d659f19a57a0a23af4e5c88df87f24fde105cd5d8b21e02

    • SHA512

      1b4f66dce8f68acf815cb728d6409778dce195594db9cda1ee9b8df003795ce03f38e1ca7ae94cd58f45ec2feec2d09b82f3e4f2b9076bdf6a9e342fbe946d04

    • SSDEEP

      12288:57/kMCyJUBZUxel02BQKoGF6Mlob6qxKBtcoKbOf:5NOBZg01QwF665Btsbe

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Target

      Authenticator-7.0.0/.eslintrc.js

    • Size

      486B

    • MD5

      331f0c523d22bfb3e65a424486610d2b

    • SHA1

      a53085afe99a4d9e0a1b900b293afd0bf6cb6c52

    • SHA256

      17701e137dd03c96ffb90b2b2ee7ec9aea663b7ad636e41c2a85e87facc2cb21

    • SHA512

      95007555e44dc124c338954a2b4e2e90d5e653ae33f29b899da19b85a6c265a74e28423cdf86fd227e77f841f79e764dcc5e77ede17e6a9f128c4ead9001b4e0

    Score
    3/10
    • Target

      Authenticator-7.0.0/scripts/build.sh

    • Size

      3KB

    • MD5

      d6cdfb802e26da08a22c58ed951a1f6e

    • SHA1

      4d5b5d2c26f10da9bf13e53e099805c2b04ae053

    • SHA256

      0a34f01021f2152c2af3c099279ae0e2af881bcb17f821f1a3be1c38e46b55c4

    • SHA512

      1ee3d923d0a78fb2643846976cd25c37ebd98a731871ae77bca71dd9798d6f4977d1e418349cde5f1da64a44577ddc51e9fbef3582b79a4df85da4820084da00

    Score
    1/10
    • Target

      Authenticator-7.0.0/scripts/i18n.js

    • Size

      1KB

    • MD5

      91e03e9997176533cdb583fd623612b2

    • SHA1

      0efa0d81885d51b2450e30c5d1892d4d6abebd05

    • SHA256

      29aa8ab7a39042913692168c0e1dca5425b5de1e40e46f6be02b4e0bbdafec1c

    • SHA512

      c6ffd78d6c5f61c02ff73735a2db791ea37cd12bfc3ea1fd844453af90eb0035206f7f41f9f8956e98766d0cdd3a8348a8e582f27902e6e6172355c312df33ce

    Score
    3/10
    • Target

      Authenticator-7.0.0/scripts/i18n.sh

    • Size

      1KB

    • MD5

      1023d40bcf6a3979d34d9c33dcb51f3b

    • SHA1

      2b82d8d6f5e29356073724bfaeba1affe1a5b169

    • SHA256

      65fe42939a476b05f9f016cb135be23998c26440ff3bbe9032f16c5272b04210

    • SHA512

      d85a5cb91cf6b6bf4b341e65133761e8dfdbab6a7bac73f9231622963ca672c97a3c67ccc5426dd848af34a7b6e1277f8fa68f5794321a93490ae710487e5a40

    Score
    3/10
    • Target

      Authenticator-7.0.0/scripts/licenses-template.html

    • Size

      1KB

    • MD5

      02b023db1ed3647187a685a098b0381c

    • SHA1

      4e5cf755d3bf9a9103ff33cee0bc0968d72d7584

    • SHA256

      a86f89cd596717ceb99e2c7d9a3275e7242efedf85bd2d4cb8ec6e6e4d687a3f

    • SHA512

      7ecff6c6e5bf1bcdaad109306c397850f0f477d1a42ae52df774654557be2126b2eb3498aacc3aaea2024f82820531915b07dd86096f4b2aad4c6e27b0793f3e

    Score
    1/10
    • Target

      Authenticator-7.0.0/scripts/release.sh

    • Size

      356B

    • MD5

      9e5fc292d1668f45d8b09c51e96317b1

    • SHA1

      cd2560d7956d1c2b3dc51b64fff23dceb4800773

    • SHA256

      325831ccd9fb808c59c659461cffc3d49c63e6be6936d1226e1bb3af286f74f7

    • SHA512

      c17a6054c04977edb11ca53a07e4d3ffb7953150b422429a72e9aad8a2c4bb166f7c2a907b92e32d128b96e9e3c0d080667aae205d9114e25f8c9e07d4eee8bb

    Score
    3/10
    • Target

      Authenticator-7.0.0/scripts/tag.sh

    • Size

      864B

    • MD5

      bdb00ac9b89092405cf3e37ee3071377

    • SHA1

      a439fa02788d615bb9c5ad520069ba119fdc3ae2

    • SHA256

      09dc939ce3feaa0f2cee9a01c15acd5f72891cfa05db0bfea95352e00368982c

    • SHA512

      0491a7710b1d73ce8d92241d7c3a0be8cd4e40a0d1754b92fe594a64e6d0ff84390ba53c0a3ba9c980689d3c14c8de0b1e5ccb8a346f05c178180d658b852ea5

    Score
    3/10
    • Target

      Authenticator-7.0.0/scripts/test-runner.ts

    • Size

      3KB

    • MD5

      2adbd3c492903d9b589abe664e88e5df

    • SHA1

      e05e32765fc8f89b6d5ee270f31b0f419c4f9c4d

    • SHA256

      f5cea9957744c494df1f5222f10ccfb1cbaacfae6a99e50dac67074c4503154b

    • SHA512

      aeebfc6c554d48c5124cde476936005a70baf993a4dc837cb093f6e643b79a37239a4ab68cd547b7f1c044a4b499196ee7154a2b62f29315e4d9ec7b3f25a0bd

    Score
    3/10
    • Target

      Authenticator-7.0.0/src/background.ts

    • Size

      17KB

    • MD5

      80365476b5838f772e5f75de37644e84

    • SHA1

      9ac8b9983a7ba0fa9a02d113c2f1b451c86bd828

    • SHA256

      5b19bbe3a41b22181f0dafbe315a47781d05680033e0e00390e4e49a775e174c

    • SHA512

      94f8119c5f81a19c6783650308820359e126e5138c7a1e3d60e8c5451998fd07d4c7d124fc74ece7a4a7b1904527fedcb088b21df32fb341c1d7f03d917eb557

    • SSDEEP

      384:MfYfesQvy9dCw1tlj9Oj9EVbkbDIVHtVMmEnaZakFxi:M5sQrU7MmE+xi

    Score
    3/10
    • Target

      Authenticator-7.0.0/src/components/Import.vue

    • Size

      2KB

    • MD5

      b1145e084bc5028fdb4182cd64664748

    • SHA1

      795816757d36f58b4b07412743da83575fb3b181

    • SHA256

      0b710f5a3247f9ffa21b3471f311e584e7e401552998df7ccef26df2c3132ade

    • SHA512

      212aee39005cf8ba3e73e3ffc86e0ec508a5e6e91fb105d34e22f1c44eb730e346ec51885ab848914f9e76dd0babf60b9d5775a92fe3e38c4ee97b3eb5c4b07b

    Score
    3/10
    • Target

      Authenticator-7.0.0/src/components/Import/FileImport.vue

    • Size

      4KB

    • MD5

      43295e2d44551ea05b9f02c655599135

    • SHA1

      faf527e0ec3c40a35b838801a79ee8d661219315

    • SHA256

      53a2d0248f423343c6249319848e801ef5fc444649291c86321f570f1129f6a1

    • SHA512

      9498d764d9c2b2b6b86b7d57870420fc760dc1dc229384a942b2297a71de08a20bebd7aab99a7667b32e7bc7985e7db87f028ce1c21fd4fc6b8586ef5b7688df

    • SSDEEP

      96:OuZEzgqXR7eFKzMQ7qiXa3L/QkT69VVBzlCqRb2cgauj9bP/yus:OuidB6+MhiK3MkT6/VXCqRb2cgacP/y5

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

discoverypersistencespywarestealer
Score
8/10

behavioral2

discoveryevasionpersistencespywarestealertrojan
Score
8/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

Score
3/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
3/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10