c954ba4d9f8e230d8fd42b5fa0bd25bd978725b78b9473e23da4740cda0606c1

Sharing

Copy URL

Twitter E-mail

General

Target

FluffyPenguin-Setup-1.5.9.exe
Size

120.5MB
Sample

240613-dg5asasbpc
MD5

3c41fbcf23dea667c04b68cb9b0486e1
SHA1

17fcf5893324b704776c630393be95932fe37133
SHA256

c954ba4d9f8e230d8fd42b5fa0bd25bd978725b78b9473e23da4740cda0606c1
SHA512

dc0ff877ff5f1c6c5054c2bae42f42bd334ecfe28de1de38a8b8745b5478d7b33f5758fa323e32de577de8f731846fbc93e97f4a28e7714f71db651657bfe07d
SSDEEP

3145728:hnzB6iffRSR53WSlImQ5eCryMzBSDzNcfQnfcJso8oHyK4:L6iffA/3WrrS3N1nfKs/oHy/

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  FluffyPenguin-Setup-1.5.9.exe
- Size
  
  120.5MB
- MD5
  
  3c41fbcf23dea667c04b68cb9b0486e1
- SHA1
  
  17fcf5893324b704776c630393be95932fe37133
- SHA256
  
  c954ba4d9f8e230d8fd42b5fa0bd25bd978725b78b9473e23da4740cda0606c1
- SHA512
  
  dc0ff877ff5f1c6c5054c2bae42f42bd334ecfe28de1de38a8b8745b5478d7b33f5758fa323e32de577de8f731846fbc93e97f4a28e7714f71db651657bfe07d
- SSDEEP
  
  3145728:hnzB6iffRSR53WSlImQ5eCryMzBSDzNcfQnfcJso8oHyK4:L6iffA/3WrrS3N1nfKs/oHy/
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  FluffyPenguin.exe
- Size
  
  104.7MB
- MD5
  
  0ab466e97ea5e2384cce1f0edc48cc33
- SHA1
  
  b9296be11a32e157ac6f4bad2c6dbf3e063f2622
- SHA256
  
  ea6acec46bf0106d111cb0ca33a98150a651ebf4f762faf65b2ea40dd69e1f46
- SHA512
  
  f19e19118390cade67d52bf258f0b04c00435b894b8b7577ba8b6d47bf3a858561e2acc24996d3d4a2df3797c10a412115499e3c93fd56a736d415a530a8e3bb
- SSDEEP
  
  1572864:vKqxYPeXS8KTM9GUvTkbVn/HEuLyywaom8Wbw9vIqprmCOj6hXGX5WAtF4Kalz9d:iCnCREuLyywaoZ9EOrGpvT+r
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  LICENSES.chromium.html
- Size
  
  4.5MB
- MD5
  
  d4a79b5d46f0931b9eb7125fd40baff0
- SHA1
  
  3a38fb263dde2251b9fe157b5fddec7acb07c53e
- SHA256
  
  03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f
- SHA512
  
  17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339
- SSDEEP
  
  24576:thgBBmnLiLArZ62BrcrnKHq/kUkBAwi9QxruE:rYBmLAehN6KK+xV
Score

1^/10
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  3.5MB
- MD5
  
  2f2e363c9a9baa0a9626db374cc4e8a4
- SHA1
  
  17f405e81e5fce4c5a02ca049f7bd48b31674c8f
- SHA256
  
  2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df
- SHA512
  
  e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924
- SSDEEP
  
  49152:sXMoHAsisjBFjJMLhHELxJm8ZU8W/GBj5Z535TMpinAizxkl/cD11bqCG7jHbOkD:srZOb8W/G5hnAizxz7NZy9AG
Score

3^/10
behavioral15
- Target
  
  ffmpeg.dll
- Size
  
  2.5MB
- MD5
  
  54f1cb94776e46864f987eaf0593fbb6
- SHA1
  
  f3a9957e79ef290b31e600726b0eef771858b1bd
- SHA256
  
  81cab2e7ff56c8a06421419a2dac9481b87d5e50ef6f89a40e9de2d28d4998f2
- SHA512
  
  f5aacf89877ac29f4da3263cc7b37b5f25a3425762f96bad90a8389dc596ccef470292f548a1dfce891abd47f4df10d6f2a95fa2f1a4d3a59c2da2ed972c91cc
- SSDEEP
  
  49152:DHX9HL2Iv1LDjOzm8H92kpGaWJlAtksQcUfn:TX9HLjdL/OzboAHWb6kDfn
Score

1^/10
behavioral16 behavioral17
- Target
  
  libEGL.dll
- Size
  
  358KB
- MD5
  
  c83a0d55e9d4ba00a41c79a677c444f6
- SHA1
  
  798b64c0326459c99278eae214cfc6159f1ab16b
- SHA256
  
  9322a0e0d0c8a8be035d29e581de402284ffba4d980806596dedbec7be8a08ca
- SHA512
  
  121d20db79975098fdec00d4299aac57c61b3ce4bbcfa45aac79243a46052851e91b466c5f4697db039f59b02e1be7ac2f90cf6dcdc4365d8038a1387ebdeba9
- SSDEEP
  
  6144:ZesPGoRqGG68Zl1cCmYku/1haDuE4mbd2W8GgtSUIKrcO6+fBgCJNz/WuLF0hWA1:csPGoVfgEimbMTGgtD6+fBHKuLF0hh
Score

1^/10
behavioral18 behavioral19
- Target
  
  libGLESv2.dll
- Size
  
  6.3MB
- MD5
  
  ecabe9e35db94666c73b78408aaacc33
- SHA1
  
  29368f59ad5854d775f81f10987c5813248db413
- SHA256
  
  8b9571808714bcd01c3156c7cd254fad104797cbe1ff6c823677b713dcc352b2
- SHA512
  
  1a39cd4fb3fdca40117f62031804e48da2f7ec63fe1e6377902b5a8d5c76b3d40b155d028481801ec4338332a486c7999ee685115d5fb4546c2ddd47b0693971
- SSDEEP
  
  98304:qY2sSNCHdB7mvvXarXEOE/HxyPX2+et5/1+wu2Ed0:NON2+ar05/Rzrv18
Score

3^/10
behavioral20 behavioral21
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/plugins/pepflashplayer.dll
- Size
  
  17.5MB
- MD5
  
  40e7af1aebc09cdbd259ddd792cb84af
- SHA1
  
  bfb36a7cc93b6ea30ac9ade6d906fdc968f73155
- SHA256
  
  47e01f34945dabb0fa67578f058cb6a048414ecdb2145f601a40dc8d535b59b9
- SHA512
  
  d9714609cbf719162d7e5aa2a8c86eeaa09ba2d76e10c7c617840382d1d5ed09bf66063a670a7e03cd309ac0ad231bd53473c4645c0ad9f7a04f7057804df9a1
- SSDEEP
  
  393216:x3ZYjInsYogYIYmIDm99hQnG0+GkswYGioYLIm:x3qxYjYnB+2G6wzBm
Score

1^/10
behavioral24 behavioral25
- Target
  
  swiftshader/libEGL.dll
- Size
  
  379KB
- MD5
  
  2b35e2670411b0e46569c702723bf455
- SHA1
  
  23059a9001e1bc5d4ecd2a2995a80bce01dfc217
- SHA256
  
  74f934004b27fa48154876bba8710e301c75aa3d9125e6180c4486b139159801
- SHA512
  
  822821a14f48d85a6c265530fa93c46fc781149e050576f031a6f27d0288f24f7f9b341fd7fe9179b1b32627f91b7db44301aefb73e51dfdf778b10a9d1242f7
- SSDEEP
  
  6144:cayLoJ01tUL3Q3LjSPu5FUuJiHMPyfV2Wf5gqIhCTQVBGXaZDseVMgfu1aNwqNxP:f01tSInGV26iPCTQVCaLfu1aNwGp
Score

1^/10
behavioral26 behavioral27
- Target
  
  swiftshader/libGLESv2.dll
- Size
  
  2.7MB
- MD5
  
  6a5704a246535ee666b1cf87e10eb53c
- SHA1
  
  c9d74edd160314b780a76b5ebfda3c0cfe2e5606
- SHA256
  
  f3ed98d9c3e915b6c55bcb9a17e162134ce9897c5246110bc2955cac5851fe2a
- SHA512
  
  e8b2a39bb50a6117738fc593cdb07f8b4a87bc6465fd61de82cd33156ebdf5d714d389b2e74f0d284801e0ac09704a21b46a005ded8ab8ad9b9291bbbb5a43be
- SSDEEP
  
  49152:rvRd9FO9MwdFA/w1s+Glqa/KxB2CgfFK1GokWFBB4PD6xABXGfSqnVjxSEhnR3qq:jRd/CcMxgUrXr1j12eJQo
Score

1^/10
behavioral28 behavioral29
- Target
  
  vk_swiftshader.dll
- Size
  
  3.7MB
- MD5
  
  8cafc6a2d708c9f4d3009d7e135a641c
- SHA1
  
  e2a4aaf005ffce737246a2cdac38322664ae6088
- SHA256
  
  e481daf4a92f3b1e73ba4cd85546d561a21c214ef74bfedf9c8f87319857a83e
- SHA512
  
  1c9f365eb5ae2b78dec93f567c32c420e9a5706b82d51b1129cd899959404a53ca34c1fb70cc041ebd191e5ca5479b21e1505b70dbe6fc203c79fa8b930a4a0d
- SSDEEP
  
  49152:NkCQYIV3ZtjgctGIW0yPC5X/23J2/8JrtVkjY0eGrtiOjhfwqeAztw3GjaWBeRnt:bBrPaOBtB+rtiOjhtMWjaWkRKNdh2
Score

3^/10
behavioral30 behavioral31
- Target
  
  vulkan-1.dll
- Size
  
  624KB
- MD5
  
  7949e1e84aea85b9e34b68b607a9467e
- SHA1
  
  b4dbc6a149c3482b98f246b625917e68b21a7a21
- SHA256
  
  3e04a5ad696827a41891bb61befd845004a0d0816832a69f070716c16e621803
- SHA512
  
  2c573f47ce99a2bb7396ca954aa066bd641f879c0aa6a78f700b17acdfad6c6e5fddcd50371fdd76571fc47683600e6a7f29559df59b21af831706d1a8369bcf
- SSDEEP
  
  12288:KbHuIeVEXjDNOWx4ooMWRE72YcXVgnvVW+2c+xUpmuHrwYuulnRG9:8HuIIcc9RvAdW+D+up5u
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32