Overview
overview
10Static
static
10TotalAV.exe
windows7-x64
TotalAV.exe
windows10-2004-x64
$PLUGINSDI...re.dll
windows7-x64
3$PLUGINSDI...re.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3API.dll
windows7-x64
1API.dll
windows10-2004-x64
1Accessibility.dll
windows7-x64
1Accessibility.dll
windows10-2004-x64
1AntivirusLibrary.dll
windows7-x64
1AntivirusLibrary.dll
windows10-2004-x64
1Brand.dll
windows7-x64
1Brand.dll
windows10-2004-x64
1CacApp.exe
windows7-x64
1CacApp.exe
windows10-2004-x64
1CacApp.exe
windows7-x64
1CacApp.exe
windows10-2004-x64
1D3DCompile...r3.dll
windows10-2004-x64
3DirectWrit...er.dll
windows7-x64
1DirectWrit...er.dll
windows10-2004-x64
1DotNetZip.dll
windows7-x64
1DotNetZip.dll
windows10-2004-x64
1EndpointPr...et.dll
windows7-x64
1EndpointPr...et.dll
windows10-2004-x64
1EndpointPr...es.dll
windows7-x64
1EndpointPr...es.dll
windows10-2004-x64
1EntityFram...er.dll
windows7-x64
1General
-
Target
TotalAV.exe
-
Size
68.3MB
-
Sample
240609-yhwp9aec51
-
MD5
574b058eecb6cb4039778cab4d49f764
-
SHA1
e15136b4eead530705178f1892f517aeb35700b4
-
SHA256
1d152cb544822ef4e0facc7622d8726c812cd27b05d2483aa009ce6410ec5a7f
-
SHA512
17e60d50c91ccbb65155e80a095c865a4469852580f48006af43ef21b9a6277d611fb8c42318bb74cb2feae433c442de67808b5512d4d3c0a2c181e508ec89a2
-
SSDEEP
1572864:IKuAjYvOsFibt6h9DbJcJz6KIKr0KFCW2KCzmozd:IKu+YvEbt6hBbEIXKgbJzd
Behavioral task
behavioral1
Sample
TotalAV.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TotalAV.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SysRestore.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SysRestore.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
API.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
API.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Accessibility.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
Accessibility.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
AntivirusLibrary.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
AntivirusLibrary.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
Brand.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Brand.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
CacApp.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
CacApp.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
CacApp.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
CacApp.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
D3DCompiler_47_cor3.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
DirectWriteForwarder.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
DirectWriteForwarder.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
DotNetZip.dll
Resource
win7-20240508-en
Behavioral task
behavioral27
Sample
DotNetZip.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral28
Sample
EndpointProtectionClient.Net.dll
Resource
win7-20240508-en
Behavioral task
behavioral29
Sample
EndpointProtectionClient.Net.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral30
Sample
EndpointProtectionInterfaces.dll
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
EndpointProtectionInterfaces.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral32
Sample
EntityFramework.SqlServer.dll
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
TotalAV.exe
-
Size
68.3MB
-
MD5
574b058eecb6cb4039778cab4d49f764
-
SHA1
e15136b4eead530705178f1892f517aeb35700b4
-
SHA256
1d152cb544822ef4e0facc7622d8726c812cd27b05d2483aa009ce6410ec5a7f
-
SHA512
17e60d50c91ccbb65155e80a095c865a4469852580f48006af43ef21b9a6277d611fb8c42318bb74cb2feae433c442de67808b5512d4d3c0a2c181e508ec89a2
-
SSDEEP
1572864:IKuAjYvOsFibt6h9DbJcJz6KIKr0KFCW2KCzmozd:IKu+YvEbt6hBbEIXKgbJzd
Score1/10 -
-
-
Target
$PLUGINSDIR/SysRestore.dll
-
Size
5KB
-
MD5
da046184a8d7269a0e138b0b0b9b2eb5
-
SHA1
d9bc5ea397857e17a86f80df1e50615eb6859044
-
SHA256
c5e335bd19fa798f120287fe3ed920296f899223942fd6b987585a765f0adec2
-
SHA512
9ee6965ac931839a5d61b4ed64bb3bbf434dfd10ff086c38a998ec6714018b5491da7e5c29e4f7dd7fd4a93b2f285869b20f88b4b0194c9ba7824ff7c9f03c80
-
SSDEEP
48:S5SjUZmikqTB1By5B6UBQzcszn3x3YlE41tq9/Iye:ASOz5ns4UeI2B3Z41tqlc
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
1c8b2b40c642e8b5a5b3ff102796fb37
-
SHA1
3245f55afac50f775eb53fd6d14abb7fe523393d
-
SHA256
8780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c
-
SHA512
4ff2dc83f640933162ec8818bb1bf3b3be1183264750946a3d949d2e7068ee606277b6c840193ef2b4663952387f07f6ab12c84c4a11cae9a8de7bd4e7971c57
-
SSDEEP
96:o2DlD3cd51V1zL7xqEscxM2DjDf3GEst+Nt+jvcx4T8qndYv0PLE:o2p34z/x3sREskpx4dO0PLE
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
09c2e27c626d6f33018b8a34d3d98cb6
-
SHA1
8d6bf50218c8f201f06ecf98ca73b74752a2e453
-
SHA256
114c6941a8b489416c84563e94fd266ea5cad2b518db45cd977f1f9761e00cb1
-
SHA512
883454bef7b6de86d53af790755ae624f756b48b23970f865558ba03a5aecfa8d15f14700e92b3c51546e738c93e53dc50b8a45f79ef3f00aa84382853440954
-
SSDEEP
96:pBNUBGfVwhcAlhPRJAixx+3eDEsgcBbcB/NFyVOHd0+uisX4:qBGfV5AlJJfFgcBbcB/N8Ved0P
Score3/10 -
-
-
Target
API.dll
-
Size
110KB
-
MD5
05e27a8fc8b96dab20d1d71e392eb3d7
-
SHA1
45b212f2edbcede264830db6d70ac1c98d084641
-
SHA256
d01324ef55e130943c61449945a6d875acc5c2cee4aaa881fa47da5c7cc6d2bb
-
SHA512
52563458e5d5d13a861efd1b947dfa72d0689e5a170707ad4f92e981f737f1f222f2aa715cd90bd93a25538bb723e98140f6f0dfd3e26a2035b4eb37663341a7
-
SSDEEP
1536:LN7Fn+20xWr6kETGGl2cAUzIc5qRV38aM+nqqtQQuV5APaVDbGgjHa:Ljn+SGjcBUziRV3//nyQu0PaVBj6
Score1/10 -
-
-
Target
Accessibility.dll
-
Size
20KB
-
MD5
fe700f5c9b5e587d7a16d01f9432ff88
-
SHA1
cac556ea54b1e7491ac67e68ba903c6df02c5874
-
SHA256
3385ebc06a29fd5a87b9113571bc7181149dd7a83d48126414f7829da9b0f9a4
-
SHA512
79140d201e71c73b819e6d231ee06cceb256f1a2c3b05d4a9e5a9d556a9e34e7445e7f8f8bed805450015078b8d5ce55a5f2b62600694f3729259bbe8015e591
-
SSDEEP
384:kBmy0h6gSGRbOcHiUW2g/W5iAA5kHRN7wWmRVwR9zsvOI97:5SsOcHqAisv9zkR
Score1/10 -
-
-
Target
AntivirusLibrary.dll
-
Size
143KB
-
MD5
ea0bb1476532a5f3d22b762107e627a1
-
SHA1
abe0ec7043a684816f8621a7686b507d8fd263e0
-
SHA256
169ba85715ce10a3baf06f97dd1ba585184846277da412b097fb387c6d299262
-
SHA512
c5f156b235b57e7a3f706cbe8ff28fa9b18cb7a255b146a07c7384796e8c9312ec3008b0a40d2b5300a5c646c69d4355e06b6b6dac49b6c84c7bf1f00e93792f
-
SSDEEP
3072:kyvbcX8d5mkwSbCAc2kBNp6+inHeuKr4VL4VRj2:k4bcX8dpGXplnr4aVY
Score1/10 -
-
-
Target
Brand.dll
-
Size
25KB
-
MD5
f1dce37a61c5309af7cabfb368551e74
-
SHA1
c20fa88230176ab9c83b09ab01a6a4c44fef37b4
-
SHA256
b3b42ef65e9c9c3497b4dd740bcd1fb0b60aa217ac33b9a431fc9d004c746a7e
-
SHA512
2e210f5a192a005b78a3472265e18b65ebc7ec2d1b11dd8fd715ed17e2313e8247aea2c89579e17db688be9d7df3128d818ffdb64042b738f2eed76d67293823
-
SSDEEP
384:OKQpsoTzAkyXZ3ZorL+wsOmQMYYCswwWhq6ki2PaR7lwiG29MfHDH/n/RJGBkShO:nQniZmvswwiF2CDbGOMfHDHf/ckizDe
Score1/10 -
-
-
Target
CacApp.dll
-
Size
18KB
-
MD5
ba69c4527c6d1085552c55a04004638d
-
SHA1
5a0d550ea61433c58fd2f3d9df70ef3737b6a804
-
SHA256
2599d324954c3fe9f14a044e3a6b334ec285c58a220eea81a9ee4cca9d15b69f
-
SHA512
de1129ac0ed8cdcc62658fa439e59d34cbe60438415d01a2e52c2303d8d11b762ef45eecc807cd34e3ea2076f0f6838b1dc29436bdbc09f44bad054d8883e203
-
SSDEEP
384:Epvn1fyCUyhq6ki2PaR7lwiGqRzIJHDH/n/RJGBkSPJ2:Uvn17UGF2CDbGUIJHDHf/ckU8
Score1/10 -
-
-
Target
CacApp.exe
-
Size
227KB
-
MD5
9d4e7895bfed79b5841ed80cf180149d
-
SHA1
92d141bbc1f790e09bcaefc03e888c23347233fd
-
SHA256
73eb55b5c265feda4c91629634a671d4c450c6d1fe387606d91a05531c32be1d
-
SHA512
84a7dc79633656a16b4bd0940682016d24ced9a837ba9689b78024e6cef1df5548118d264afa4fa9ace65a74e4f25e5f8fdfb0ed7f5e63a9fbcd69c07c7baeab
-
SSDEEP
6144:p5lv0STyMoJ/vUkXVXXCXXzXXXAXXXUXXXPXXHXXXHXXX3XXXXXXXTXXXIXXXXn3:pAb/IQ
Score1/10 -
-
-
Target
D3DCompiler_47_cor3.dll
-
Size
3.9MB
-
MD5
d935c9f57aa56b90ae4da0a0bb280e0f
-
SHA1
d6364fb5e50ac93e37db5f49b85d28823ed89191
-
SHA256
f8c35b65524c60aa1765b13dc96a92a16d5570827b7fe6ccabfa9859d2a6ad60
-
SHA512
1bd535ecfe5611c2b43a9556efb41f0bff1ed64e480b069c30ab2fcf30c1a364542703fada877d91e626fd36e37b2fc4d8c053a2fca78a94d0b21ea66ea8b4c8
-
SSDEEP
49152:LS7iQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeADf6FqxLfeIgSNwLTzHiU2Iz:L4ihqqFVUsLQV6FqVCLTzHxJIPO
Score3/10 -
-
-
Target
DirectWriteForwarder.dll
-
Size
498KB
-
MD5
a4fbb20df26708545a2d5457c9390c6f
-
SHA1
255daed711ef0811dd29f1f54cebd0a03dcc8b5f
-
SHA256
6d14d8aa8dc7539ef0ad275a436e37cb0b67f6b2406638fece93eee419bcfdc1
-
SHA512
3de61d39ac4dc1e048d9fe6dcc553139541043d37dbd44c0b2073ac59a919e6e11fa535ae1f4d51692a36ed99d7f5af028ddcdd01e9782db037268bdd2f7a791
-
SSDEEP
6144:HtsL4Mi515WAQKe+xg3S0p67Vc646hSpvEoxIVfRvbaQj0gkjaCIBl+ygpZ+hElr:HtsL0NCf3BUjauoZFw9JTumHgoq2
Score1/10 -
-
-
Target
DotNetZip.dll
-
Size
247KB
-
MD5
319226c18dbc02d2ac4c0dd9dc116d53
-
SHA1
4ef827ec4c51cf2845e3a50fc23700177a4930f8
-
SHA256
eb9b84a3df6ae51759544ba04224a4f91454b8a81d54b37c846a4216bc72c15e
-
SHA512
dcb2b6e9e1f820472e96cd3e649cc696948d02545c141c483234aab98706c0d19051fcafafc14a928b6b2937125c61db3c49cdc45181e809d73df73f7db3cfbc
-
SSDEEP
6144:L5V1a8gCaIAaLPaiUoQhdTC015tRuAKObQ:rsmaIrPaikhvftA9OE
Score1/10 -
-
-
Target
EndpointProtectionClient.Net.dll
-
Size
85KB
-
MD5
5060a0203b9d8520d13d06a910c604a6
-
SHA1
0030cc497fa6c1a38ada39c56c3bda4690b4ac86
-
SHA256
62d753fcf16bb4bf88e76ebba4a2b5674321ef43ef517adf01c8b25f4baf4469
-
SHA512
ab2a66489f201b03e99209d24835f84523591b08c0d67da7dac106d1a7ef412ef78070b64803e1ebc189bf726777987a8992bf7e23ee6355a0d0564c037c2326
-
SSDEEP
1536:o5CmISoiajwbxVTVu20qZrw8txDGFGUYElQcTAOQ7PBHTiyDNXquGcAs8nXz+NCW:o5CmISoiajwbxVTVu20qZrw8txDUGUY/
Score1/10 -
-
-
Target
EndpointProtectionInterfaces.dll
-
Size
99KB
-
MD5
0b38f7978abb735bdde15df7eb438e50
-
SHA1
53316e9513b8ecaa0adc9378514e5873014e33af
-
SHA256
0475e512410eb06caa4484aeea4fb21ae8f5c495e0cf222bd64ab0bef78f3d2c
-
SHA512
ad618162f2a08e8a0b372d006579640c65d3db454af283e0dd7e1fd82174e54601bbffd7f7d67e46f1f8b26a8f6c9ef58c6b784e6792f456cf931407c380473c
-
SSDEEP
1536:daP58XGEq/ZZSrutfG/QX6ZtGIqX2ZYWtyUPVKR9HxY:08gv+/QX6mNX2TyUj
Score1/10 -
-
-
Target
EntityFramework.SqlServer.dll
-
Size
577KB
-
MD5
949a71c816089308551d32bc4bffea26
-
SHA1
d53c2ba8ed7571bf5f60759d67cc7cae1ecbca00
-
SHA256
be2bcdc9c0ff4a2865c8e5296f6a3c87c22411ff268e5eff30fdcf5f8b2561e2
-
SHA512
9fad72a10898ae253cc8ec5f708b0856b649528b9cdd0f6851930264ba7246e41c0e13ddc72a1a4550823e3030e15c9d320412df80b3a968d1056db0065ad6c3
-
SSDEEP
6144:CTiRnMqz14Oc9CxCTROMKahag9QQB6FHK13z6kuyPQG2puGeqVmjaVmnS4bfu65V:RnMqz14OcksHuAu65V
Score1/10 -