f6dea9e303e32a64e1d30893cf904f1017c1742e436e41f118fd8c09cd6730d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6dea9e303e32a64e1d30893cf904f1017c1742e436e41f118fd8c09cd6730d2
Size

1.2MB
Sample

240705-fhsz9ashkk
MD5

37bfbdc59bf8d8228410866b1e8b7221
SHA1

33e543f255ed6bf70e9739f751baf1c1e4c34a00
SHA256

f6dea9e303e32a64e1d30893cf904f1017c1742e436e41f118fd8c09cd6730d2
SHA512

c23161ac77982e58dcc0f95947f06b12934d41183e3130e93d81fd101495bc157d14988ad0a4ccdb45a46866b3cebfa1117a6e01662d8fde15c54f11b4f1f28e
SSDEEP

24576:4jakjfsKRSQ35Lv0qfYlQXHmZAGNYAZrBW:4ujQpQRleHqXZrBW

Score

7^/10

execution upx

Malware Config

Targets

- Target
  
  f6dea9e303e32a64e1d30893cf904f1017c1742e436e41f118fd8c09cd6730d2
- Size
  
  1.2MB
- MD5
  
  37bfbdc59bf8d8228410866b1e8b7221
- SHA1
  
  33e543f255ed6bf70e9739f751baf1c1e4c34a00
- SHA256
  
  f6dea9e303e32a64e1d30893cf904f1017c1742e436e41f118fd8c09cd6730d2
- SHA512
  
  c23161ac77982e58dcc0f95947f06b12934d41183e3130e93d81fd101495bc157d14988ad0a4ccdb45a46866b3cebfa1117a6e01662d8fde15c54f11b4f1f28e
- SSDEEP
  
  24576:4jakjfsKRSQ35Lv0qfYlQXHmZAGNYAZrBW:4ujQpQRleHqXZrBW
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BI.exe
- Size
  
  83KB
- MD5
  
  0c5a26a60bda315abe34b46d79a34cb5
- SHA1
  
  fc1188b5f136fab9909eee42d4528ae3e6357916
- SHA256
  
  70143201f13ce305ae958ada21aa6a03ba58035e1b6eead330c70f716f938663
- SHA512
  
  15f3b932375244d2bf61128ebbb47439a9c25bc1d7b0dc52acfe7e128064e7de641a47535d4a90724f8fc321b122d526c4d36b9602782a41d0a15041a6dafd13
- SSDEEP
  
  1536:HGarUa6LowvuhdNYh2Gf9rg6hzGPnZ91SQ5hlbIn+s980xyjT8PZZC:d5BuYAVrgUCPnZt5Q+sKjkZZC
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/DownloadACC.exe
- Size
  
  173KB
- MD5
  
  5b8ce50b86087b55003e5caeffcc32fb
- SHA1
  
  e344aacaa4f4d00e1ed019ddfa9a7f7996af6065
- SHA256
  
  14ef81c0125d8d2c4580194544ee9313e9100f47317a82b04efe2c26c1cd690e
- SHA512
  
  daa066ff3fb9add817b4bc17a9b72ee7ecc0b1869ab4b8f7d70895ec39ba1f63976a06ceaee2c2bc1c4b117d80b8456a92263e75e86b4d67cfb1a6ac25b12c21
- SSDEEP
  
  3072:DPC23aJFC0bPnjP4TXqzCiNtFoYLMcbqAe3IQlAGjn/h6GOpJkPJ:iC0bET6zvHzMUUBAG7h6GOvEJ
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/FirefoxHandler.dll
- Size
  
  36KB
- MD5
  
  297f686666aab3309cabc430199dfd10
- SHA1
  
  0e57ded3db82a5c6de284a6fa93cc38bb8834ac9
- SHA256
  
  6eef17cfaa4e4420f41a5e80c2fc49f4c1b8e44c8b648982c5cf5311fbd91dca
- SHA512
  
  39ba6a6523df27c9e4e5d764a6ddde8129bbf80800b4b660354307d2601e84ed0783a6c035c5c1411a12177f95617db43d7ae2f3b0a2f5389d4d2681276196ac
- SSDEEP
  
  768:J92TwvrKHG8lvQdxk/+IX19elUSrMQLisawIUqoULdAOfK+2+ZI:X2kvkyxkWIF9elU1+ALWOfZZ
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/OCSetupHlp.dll
- Size
  
  842KB
- MD5
  
  5b8d0d2cd9d60412262f166e15357961
- SHA1
  
  cab78c31f513d1f2bf43205af88a3bbfab11b1ca
- SHA256
  
  2c028b33da28063270a7c4f7f8affafdea63a766627178cb166253f14f3a4c4e
- SHA512
  
  e4a05b5479c1b9edc49d36356e1a7e212cc100f11d600bae8d6303a6c1e1ed329c10eaa1d5228860d3a7999147bc8c920c07f3acaf197f1b8df955a583c7230f
- SSDEEP
  
  12288:b+wnK6z+X9XgFnDgQlOpmtZkYZYiWRREaQDEK/8MoSTLyrQCT30:iTdwZDgQ4p2ZkCYHtQIK/8M7TLyrQe0
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/ProxyInstaller.exe
- Size
  
  85KB
- MD5
  
  4cf4271a1f2595b94e220d3f8fc1a5d9
- SHA1
  
  1e78d6351aecce6a6c7984b4e69126e20445d2f5
- SHA256
  
  6603d6ee8dd5fd5145bffd8a639a219b59b91ed93d100732e020da6245dddb52
- SHA512
  
  8f032aa89ae8084dd89eb2945da62e83fe294098c3cc0f9e3bda0d5db093cb56d7384bc1290cbd4980183b39e00ef7e72be6ed1aad8476cb0ca7de0073373d8c
- SSDEEP
  
  1536:4ErPZ3IBZcbTfu1HlrJFCPcbPncO3oLxO7sPBiJQRsCoH7hfJuiW:HPC23aJFC0bPnVY5BiJQyC276iW
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  17KB
- MD5
  
  a4f38d1c7a480f5da1bb8097b8b939db
- SHA1
  
  b3129c2a0e61881381463f5e0cbbffa573daa845
- SHA256
  
  e1180e1e3344c7536150275e33de53dc1dd1a3ca03be66c4d4875fe5bcd4e436
- SHA512
  
  fed89f7ee9364fc2f4b9f82c4563713497043947e98dbb03e7d755681adf3ae661aba80d08e59988a23695fc64481b69d9842b7ec7d2b572cc872c4c9957febc
- SSDEEP
  
  192:WN2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/KxKb+nYe+PjPArJUxVy:tJoiO8V2upW7vQjS/0nYPLWUHWteMy8v
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/WebApp/Css/PIE.htc
- Size
  
  39KB
- MD5
  
  a219e20e2678b66b24b9067a2e228a8d
- SHA1
  
  a942a10f546102c2e93919992619c28a17d140d6
- SHA256
  
  172eaf95ae8ee7073d7d2d20a11b13eaaf0a355d426f0c839a06296c534db344
- SHA512
  
  e43b5a432994b2508434520630282718cf6d2c83dce16f53f24279a199c5588b57216150f33c9ea16309fdb58b54b71562695583ee058ce76946cde244237ba9
- SSDEEP
  
  768:SjRVYqD2v6Bgpcb5J9Ohl9ohgQoieFViNLCZac9Z0A5v:SjRVcyu+b5Dmog1ieFRZp9ZJv
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/WebApp/Failed.htm
- Size
  
  5KB
- MD5
  
  1312c82b6bd4d4d0e9fcbdf6273259e3
- SHA1
  
  24c8e177b6e92c8647e5df69c33743ec87005552
- SHA256
  
  ac864b3a3b4cbe67d91fb7c646649a810b8960992a5ea6487bafad208530faf5
- SHA512
  
  4a7e3f77e103e932e3ec3e7f23c2aff3b74535be896832403d0dfaf496035af2bef78005c4dbc8845ecbb2a95c54456d2745534623416c69220d348224c46694
- SSDEEP
  
  48:QrA4QWWrR3XcJ3EHn7Q5xBxw7z7ysEfpyyxgQvdvHlbFsGhLh48gpPPeBX4yHu:amQ3EMXyQfpyyxgsHJh48gpyHu
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/WebApp/Js/API.js
- Size
  
  9KB
- MD5
  
  0c1797a7fe8c65cf36ca5bc35aad0ff7
- SHA1
  
  b2754700c45211e641a59c1ddf55f47d55d43bdc
- SHA256
  
  85ec98a0fc8ff6c202e0a01142814a5a5438a71636a4025a2a8506cc7b22edba
- SHA512
  
  76e5eefc894f815099e8360d89253505b8f29974b71d63e0a5e0636e6db9f8793bf11e992140b89d478a856402741222ad0bf2acff72f95d13fb60b370b13231
- SSDEEP
  
  192:ukS/WVXrXxcuci15hDdAiMQEFp8BOFYR6j:ukSscNi1jdx28BNRu
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/WebApp/Js/ExternalParams.js
- Size
  
  170B
- MD5
  
  9bb9bbd6f5283938a2d39dc98ef9c788
- SHA1
  
  e64df5bbe2a82fba4f5b6574325699c2a9f06791
- SHA256
  
  7caa0ac51df1796f4cc081616124cbf227bf7d8d83379c39b693fb3701a45a65
- SHA512
  
  eb5f19f33939062a441259ef8424ec116026d7b042496228dbc5b8311e196b7824f2b15f0847975aae9a617890f47d81c9274f102aaf964f877a531524c3ae9b
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/WebApp/Js/PIE.htc
- Size
  
  39KB
- MD5
  
  a219e20e2678b66b24b9067a2e228a8d
- SHA1
  
  a942a10f546102c2e93919992619c28a17d140d6
- SHA256
  
  172eaf95ae8ee7073d7d2d20a11b13eaaf0a355d426f0c839a06296c534db344
- SHA512
  
  e43b5a432994b2508434520630282718cf6d2c83dce16f53f24279a199c5588b57216150f33c9ea16309fdb58b54b71562695583ee058ce76946cde244237ba9
- SSDEEP
  
  768:SjRVYqD2v6Bgpcb5J9Ohl9ohgQoieFViNLCZac9Z0A5v:SjRVcyu+b5Dmog1ieFRZp9ZJv
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/WebApp/Js/ProgressBar.js
- Size
  
  3KB
- MD5
  
  44c16c5226c1593c195f514057061fb7
- SHA1
  
  bb4bd98314ac68c40031b66d0f035762a1b6666b
- SHA256
  
  4e57a7a100fa635c7bb1a451633eb6b628edaba4b78c625c828450ad819478c9
- SHA512
  
  5bce64414d49a6fc9b2094d6214c3e767c12cebb262957693661c7c4e440bfe233ee23e6226b73536d848f53d25399de711cb302c824e106dabc361ce7e1d99f
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/WebApp/Js/Store.js
- Size
  
  5KB
- MD5
  
  2a9c08cfa638e2df0a2eb2670a42bd2d
- SHA1
  
  0ef46601f45f8ddf374606d8bfce726ad454420c
- SHA256
  
  ff6e4c551b8ddaf524442408be57c0ca17befd6aad9570897d7ed3f96a240394
- SHA512
  
  d8d6407f9f020f6e8a623e87ff36c3f528de9765706418c27d776838fc20a771837e146590e8acb1b6e9f017d8db4176d5c53c81777b89fc6ef60bc68e31bc63
- SSDEEP
  
  96:5xz3uYpl3U6bgcp1RSlDlKsDQxhlBHCk2HLksdP2QkHQZES+9sl/Ou5tpmIl0ZYC:L9QtDUCkGkb/U+9sf9aZ3Zb
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/WebApp/Js/jquery-ui-1.8.16.custom.min.js
- Size
  
  9KB
- MD5
  
  e89fc840e15cb20c7b1e22f86380465d
- SHA1
  
  84b3bfcd03a5072e68be92b64e34635d6486fcdd
- SHA256
  
  70807ec00aa70f6d3a654465c8b697ed039a8e3c1beb5419ad5b5e2516075b90
- SHA512
  
  51deb88b88b2ba9aa623563102b603eaa3f40ff5e42989f1367d734b36c12a9d0518dc1d6355f3345838296d7da1a8fcf16220ebdf0ba2aaab108b70ea59d619
- SSDEEP
  
  192:TUJs4PzMe5rvf/594ey2LdVop37bNrbj45EDxVja:TU+4PQe5rvf/L4eyKwnF4CDxZa
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/WebApp/Js/json2.js
- Size
  
  3KB
- MD5
  
  9b8cf1c97726c080629c98ddec68bebd
- SHA1
  
  5d764a5bc2e5cbb5f2569336e4c0c5f472d07f35
- SHA256
  
  1b6c626d6a600be68b11133c7bcd32fbcc8015951037bb36beaa067914367715
- SHA512
  
  67c590d216e73d0dd58974567dc248e0adb363c59e318efe1e715960a38220c1cfb98328cdb69941888f9e039d60980fd1fcf11084498fcb46f80c135cb60d24
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32