9f330b9235b7e96e57ffc3aebbb08573f2824e895889a96a650de9316a959f0d

Sharing

Copy URL

Twitter E-mail

General

Target

UgPhone_install_1.1.23.exe
Size

79.6MB
Sample

240627-gn7k9syamm
MD5

8fe50abc9f6a05586be2253d9814d564
SHA1

63ffb05f2d98403920e5a9b1846c47711a5583d3
SHA256

9f330b9235b7e96e57ffc3aebbb08573f2824e895889a96a650de9316a959f0d
SHA512

2027dd167a715c9b54163a8396ad8a2a882fb71b4d6cc4baa4ecc14d1c965edb9a2268c1f9dda61071230ff3b59e0f97cf5afe5f69a136446ad3a5180f56b441
SSDEEP

1572864:Liqs0X+0qrRboEWrLjZ+x2/9unv0JL0KZ8KVZ532yKdisTKuRuqAh:Liqs0XxqrRkE26k8v6feKV+yKAs2uXAh

Score

5^/10

Malware Config

Targets

- Target
  
  UgPhone_install_1.1.23.exe
- Size
  
  79.6MB
- MD5
  
  8fe50abc9f6a05586be2253d9814d564
- SHA1
  
  63ffb05f2d98403920e5a9b1846c47711a5583d3
- SHA256
  
  9f330b9235b7e96e57ffc3aebbb08573f2824e895889a96a650de9316a959f0d
- SHA512
  
  2027dd167a715c9b54163a8396ad8a2a882fb71b4d6cc4baa4ecc14d1c965edb9a2268c1f9dda61071230ff3b59e0f97cf5afe5f69a136446ad3a5180f56b441
- SSDEEP
  
  1572864:Liqs0X+0qrRboEWrLjZ+x2/9unv0JL0KZ8KVZ532yKdisTKuRuqAh:Liqs0XxqrRkE26k8v6feKV+yKAs2uXAh
Score

5^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  5.1MB
- MD5
  
  6b84319ee8a0a0af690273d3d2dcbaf4
- SHA1
  
  857ca353e0582d100dcbc6cb6761bb4430d0cb90
- SHA256
  
  fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585
- SHA512
  
  26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a
- SSDEEP
  
  24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS
Score

1^/10
behavioral11 behavioral12
- Target
  
  UgPhone.exe
- Size
  
  130.1MB
- MD5
  
  b15e411ff8e001a75f453262f8f7e6c0
- SHA1
  
  c4173c0c6e3490cc51249a0b31d16deb0dc60661
- SHA256
  
  81f178fef70e5a05bfaf70e3ca0cec93002b6d0ada112fd33c5454ea8237a59e
- SHA512
  
  4d734a55b1ab890265e135352ea8c2f7d7683388574bd5288af80c9c58a9bd8a893df0442c250b65c88717bb66ef79cd9f59f6ab8a13562ae4b33502f341806f
- SSDEEP
  
  1572864:hK/gNQW2SJeFf769vh9hwK9opP8rju/BRcjmmRm1WWn:E46WVJeFz690ujm7WWn
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
- SSDEEP
  
  49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score

1^/10
behavioral15
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  c42523771879bdd3f754fbcf2f5d787a
- SHA1
  
  55f9496131ba56a00526d92fce1c8b8d669b08c8
- SHA256
  
  ce52b08fffbaa142e6c7a376333991086ad5b37a5c1ed7cfcc8ff5c851b3d200
- SHA512
  
  ad980e459a86a8d7773cfd19b3b96ecc030a612463e534b2ba250cd15534ecbcea8af0038896dc65069fc66dfcd2b3a7df1471189f448267073a3bba2287116e
- SSDEEP
  
  49152:JhtCHenoHlV8WwIHEz/ld4Uh7vj8Dce7QcrAEbMnyKbZljBjcVEMGoNkslD+zIwb:bIHslVL8jUuNiw4
Score

1^/10
behavioral16 behavioral17
- Target
  
  libEGL.dll
- Size
  
  429KB
- MD5
  
  f3c8fea015b42bac6bdc0ddd3eb0b313
- SHA1
  
  176d3bfd15d22835e6bdecb7c39f13e4a29676a4
- SHA256
  
  b2d3d398331aee75646b12d94a1a1d383babce09c3c6a3303dd226944c8883d1
- SHA512
  
  30072eafd2c3f4a905c40d29cc755b6f50a9357d934f327c0479b15987736699bf443280fc0f6838ad147e2f23c1fbb123e2055756fce7402fdbd11b32a1f7bd
- SSDEEP
  
  6144:QjPq5z+jqphdrcjoIp7ERDK8Aq8R3wpnk2A6nyNPj60WfKd:Wq5z+qrcjV1EpKOM6yNPj60u
Score

1^/10
behavioral18 behavioral19
- Target
  
  libGLESv2.dll
- Size
  
  7.6MB
- MD5
  
  7969ee5f940eb49840749fbbd4358c44
- SHA1
  
  12d827c416ad82f5f622e67683f2f7df65e809e4
- SHA256
  
  d8e62dd81dab676139e9e8d7a3ec32bfb07fd5ea66a3ac510c70b5d5d98033b4
- SHA512
  
  e0a398d7c7aa44fb01fe39ced317e4706806d3b45fbfa127491e27843efa0093870ea9d82874aec3a9896a6400ce8f40902376069cfa1ee9b130e74d90124395
- SSDEEP
  
  49152:fiqa6zZvw6L6t1bXSwx8hNrbFjlyEvGX+TnvheqNf+1bYUGhwPnAFRVTQt8wZjKz:4M9TZLf+7UwMsUr/cJyCVaB1xMwD6L
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/electron-chromedriver/bin/LICENSES.chromium.html
- Size
  
  6.2MB
- MD5
  
  53ef875136b19bef138829d5846208b0
- SHA1
  
  edfcf34901b7fc6a3e578d637266686673a30299
- SHA256
  
  d3bf6dd8892c6d77555e0b55efe98bfd18f08987ea39668bc5d0c419877aef1f
- SHA512
  
  b6f0e50ac1a2a2144d718eca60dd8a26ca48045fff9c05327e4e0e09a4d12ba69952f9feb9481497f9b1b1378a5c1d55845bee551f84e7a47f98f7a222c302ab
- SSDEEP
  
  24576:nP9t5W7WSLzrj41T4mfn6y6O6E6Q6yNSHpCohpG:g3e
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/app.asar.unpacked/node_modules/electron-chromedriver/bin/chromedriver.exe
- Size
  
  12.7MB
- MD5
  
  fa2a138fbeb69bc95e903d3ca4e214ae
- SHA1
  
  3777a7e207430fec6d2f3e3f6ea317cd8adeb45d
- SHA256
  
  9bc7c16592d0c969b9e4b56db0282114f190c0a4b4a5a0049ad91a8646fdb270
- SHA512
  
  6f81158b947ec31c3e265402469715b5105dc9330ded6da04ba9bdf6ec64635b246220e5f50f3d7f9603c8cdedc495cc063663fe66a58d7d582cec12bc401db4
- SSDEEP
  
  196608:cpZ/K0tTuObJWAehr1qSeQpyhA03jSsvxv7q:cpZ/K0tTuQJer/eQo3jSkq
Score

1^/10
behavioral24 behavioral25
- Target
  
  resources/app.asar.unpacked/node_modules/electron-chromedriver/bin/ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  57aedd9fae17830b307db7300c0045f8
- SHA1
  
  80956f24d3284e11d8c32eae12d6a4e0ff02b991
- SHA256
  
  d1ce4ad591e6dc885cab8713ec846370e473a04e30f7db900a694dc6f52c030d
- SHA512
  
  18f3adc5c4d1c965d219de29deb46747c7b6924950c68863eb9a88eff99da80d79c45595521a5fc99e291471f84b79948092bc4a2666434f65e042185f8afe03
- SSDEEP
  
  49152:f/Jw3ILgHXJzzLh0mzAOJ6e+uOsyoSJ+5mqWyAYPpDyT+QVDU58kJI6VyVRJt:XJgWmza3uOsye3PxyT+QVDU58kJqVd
Score

1^/10
behavioral26 behavioral27
- Target
  
  resources/app.asar.unpacked/node_modules/electron-chromedriver/chromedriver.js
- Size
  
  746B
- MD5
  
  a96c382b832ef4371c3bd6abc6a62d2b
- SHA1
  
  78d65e8f9009ea3fa438087b7f6b706f5d24cb1c
- SHA256
  
  62e2fc5a2ba34b0ab95f9f639908fc736cd0646b1c41ebd28fb5884ff5b26514
- SHA512
  
  e28a3ab31f170053ee32188dec07a9714f4c15d742ea7350fb27d18c47d6af6c24523fb4dd3a2adbfde51d4d947ebc19e3032e0e9c6d03006b2a5822df36d8a3
Score

4^/10

antivm
behavioral28 behavioral29 behavioral30 behavioral31
- Target
  
  resources/app.asar.unpacked/node_modules/electron-chromedriver/download-chromedriver.js
- Size
  
  1KB
- MD5
  
  018b7cfc894373046659b85dc974dc14
- SHA1
  
  3e0a06bd462edf923b35ccf2d84e15a85cf3ef38
- SHA256
  
  ed5bd5dac4713e7b81362b088836f18938497f44a95ceef11fdd2a1954053174
- SHA512
  
  7aff234d7a2bb524bfc770ffd522116a1fafdf3715d2e3cc383f7e428b0d696ee6a88d090fb3d3f5dc935a9a9ad4ac8b53096c720feb7495b980060689e4abbb
Score

3^/10

execution
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32