a51ebb0e9ab90c479f2139b0b274c4afd5f2bf24bb9a0936eb2a131f11ab19ba

Sharing

Copy URL

Twitter E-mail

General

Target

Tsurugi_Remake.zip
Size

75.0MB
Sample

240615-qvzcxasdpb
MD5

483d474ff6c7ddf0def0e84c5d71bb80
SHA1

c367ce0959e8332e3f4fbc7ac7bd5a6246ba3ee1
SHA256

a51ebb0e9ab90c479f2139b0b274c4afd5f2bf24bb9a0936eb2a131f11ab19ba
SHA512

0b9fca4a4273d57060e21f4984ab364c97cfe2fccf47df4ecbc9a0dffa60abb8dcba950e0e802eb98cf3f852406b424fc81329db5846d817118cc5d6d93f4a2b
SSDEEP

1572864:CEE7ufzX+vV9gmAwjlUbJTUj8Gb+rwbCB0HNvW/bWvfAwAe//Tdx8D:XE+zXRmACQ68G8KZDnAwt/L+

Score

7^/10

Malware Config

Targets

- Target
  
  AutoHotkey_2.0.17_setup.exe
- Size
  
  2.9MB
- MD5
  
  e9c5288be2196c6efa98dd25c4a4026b
- SHA1
  
  81a8d5d8e77eac5e1025992d9553c01a8fd494ca
- SHA256
  
  69b21d5a3d2bcc2b2b075d275a38f551997c45f28c9504995ede406aa101bead
- SHA512
  
  20a6f4547fabf04a32e890f7aef5c43297c1d9f3e4d87c0f279685f68ced86a063086a3b8befcb746b549cbbe000d8bace8ada072a217bd520d5f0c88f311b44
- SSDEEP
  
  49152:COx7g6TN4OsDrnds2DlziGqBCRRJNPWV2b32Xq9OVi23ml5y3JdQD/AH3J:fJ5nsds2AKRJd73AFg5q/QDIH3
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Tsurugi Loader.exe
- Size
  
  72.2MB
- MD5
  
  3de06dfa8eec454f95a6067a537e623a
- SHA1
  
  f806393728060ef8dc64f02534046c6fc99803b6
- SHA256
  
  f77c82e3942affdb16aa6d8e7f4c171a1b13c3849e8251d9ce77939834865ad6
- SHA512
  
  76fa89306c09d65cea7738872452ae46665911868bccb416ae1fd7d92069abe37e610052252ca837f4e7eded0bc1c12514fc102366a23c900540525c0c83a558
- SSDEEP
  
  1572864:UQEzy1VcNa4ukneNnsxhf4nogX4dwLkJKFb7Qxro/BAO82FaRNF27:FEqVnknMc6ogasfZ5AOHat27
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  LICENSES.chromium.html
- Size
  
  6.4MB
- MD5
  
  c3528648bedbde1223a2faab1a3f9af3
- SHA1
  
  934d3c8f184258338ff380964ed89053ce69ac5b
- SHA256
  
  57b8e5a3f2cd62805001aefca035c7348b4d1abac157e6df3d798bb31f2ec3d2
- SHA512
  
  3e3cc0fd7a55f67ee0afff9696beef33bdc9524375bbe9d8e8f7660fd408c756c1156ca0b02ecccdc22799c7b8e74dbde012732ad6b3ebe0a3cfc54ff5132b35
- SSDEEP
  
  24576:d7t05kvWS99LVoFIUmf2p6y6E6c666r8HHdE/pG6:RI8j
Score

1^/10
behavioral10 behavioral9
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  cb9807f6cf55ad799e920b7e0f97df99
- SHA1
  
  bb76012ded5acd103adad49436612d073d159b29
- SHA256
  
  5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
- SHA512
  
  f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62
- SSDEEP
  
  49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI
Score

1^/10
behavioral11
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  6418dfc9980cc0416a327961dacd41df
- SHA1
  
  2e32ab8ea0059606dfe66e978c271e0852406215
- SHA256
  
  04bd8ee92194f076686eab2a94a119629b6d61e554782a0d4520359f1ceb24a9
- SHA512
  
  d3e98fe91bfa4f7b9363d8fbb6997f20f76a638bcb5345d9280f919a4bf13dfa02d190534d1965eccd95f2300f6b4d29b6eaec5d544e5428377d1e26daf501a1
- SSDEEP
  
  49152:PmDNlF2B3JHEM5tPtnOK5RQAvChpC6ethyVS6NO8pyJegiUWmhbvvWSqgN3lzl3a:PuyHlvRQASPHUWmBvvWvKa
Score

1^/10
behavioral12 behavioral13
- Target
  
  libEGL.dll
- Size
  
  468KB
- MD5
  
  13318cb90b385fb918ba6e07f1fd8d83
- SHA1
  
  899985a7608268893c7fc1c9810568bdd8294b81
- SHA256
  
  53a2d4c5ae582f15aad481e75e516ddabce9b756e553bed33720a66d2c5f736d
- SHA512
  
  b5418f6bd2ab883dc1ef4d9f2c0a976296d06fe1309c6db7331a3470f198505561cabd41ecd05e675b90076196b4f82e8a9ef0574cfe96869bfb24d07cc82450
- SSDEEP
  
  12288:cu0LAjbIkyVVR8O9v/6TiT5eU3axzvVwo:cub49/6TiQzvVX
Score

1^/10
behavioral14 behavioral15
- Target
  
  libGLESv2.dll
- Size
  
  7.2MB
- MD5
  
  ad3edee84b49923e4847119eb4d6c6b7
- SHA1
  
  8649be26571d3fa645c416f36c1bdc0b27f1d478
- SHA256
  
  51c9f2e9aecf5745ad343185cd39a05f581c2062d644bedcb25a5ef4b9624591
- SHA512
  
  e504996b8371f294fa8a5173da48256e9070156249bdd7431e3adeacbd99f7cf39dc3c0876c4aa11da8d1932147cfaff91764c517a70d69d8c8e4876abbeea56
- SSDEEP
  
  98304:X5zAgO5fjnoTdA8gtJru3xChd2FgJCnwgsOMZ:XJMoT8rDhdQfsb
Score

1^/10
behavioral16 behavioral17
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral18 behavioral19
- Target
  
  runtimebroker.exe
- Size
  
  154.7MB
- MD5
  
  75990ee1ed0dd57459df924c28b46700
- SHA1
  
  be7d7c518a44b3d73230364fd2064f9e2918f733
- SHA256
  
  43ebd800204d360a8ea88eb0d2ed10df9553a910741cd5646ed7d276fd0723a5
- SHA512
  
  f1337181f33e6724939859dc5d9fff45242870b36021fb45c737a261f82ed56e594370a24afe87f94a4376e92c0391604714fa2ff80ec000709fc66bc48341e2
- SSDEEP
  
  1572864:WQLTsMunuCM2/w9Asn6xzIEhw3JvqzPd24cwT3tIDvvEO/TZidNoyiMhOab0XLHE:WA8g5vu
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral20 behavioral21
- Target
  
  vk_swiftshader.dll
- Size
  
  5.0MB
- MD5
  
  30d193f1976035cebec2c2d8f071c556
- SHA1
  
  97b1d811743f03e888c22d975c9eb77ba92142b9
- SHA256
  
  600e158b7d7fb95eb63552da1ae8159a6eb9bb04ff6341d11db2d10bd6c30c8e
- SHA512
  
  4eb6ec91fb060f67ea126c9c7dd7f672161d86302db41c7d999f33239a7c18062cc020c06ab9571f8023c846d22bd0fa5c020fb4c710bf6a21472002dccb6226
- SSDEEP
  
  49152:qe8XShSf/LIIKZIpvUIZHsQbZ+TN/Ld7dMZga4USoMqJKBwqJ5h0gKInLh1vuiP/:/8XSMfkcsLbJT7GMwZgKI9oiPL
Score

1^/10
behavioral22 behavioral23
- Target
  
  vulkan-1.dll
- Size
  
  899KB
- MD5
  
  7fdd1bec727e2b389c8ca84c407446c6
- SHA1
  
  a91343d9f52883325f52f28c5dd142f4ae07b3ef
- SHA256
  
  d04035c59f49444bd3cafd71296afd70bad5daa6e28bf5d7de3ffd0e36a85938
- SHA512
  
  2fdd95185507be9bcbf6cfe1f05ba47e71203b1dc3ce4cc1553e5fcfb576ab89bf018a8927fc5e6e451b00f56f7abb5f2efd504e1a674b42dbe80deeb13d669a
- SSDEEP
  
  24576:/R9nl1crwjLAQw6Z5WUDYsH56g3P0zAk7:/R1l1culw6Z5WUDYsH56g3P0zAk7
Score

1^/10
behavioral24 behavioral25
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral26 behavioral27

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

An obfuscated cmd.exe command-line is typically used to evade detection.

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27