Overview

overview

7

Static

static

3

SvgFileTyp...up.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...fo.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

SvgFileTyp...ll.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

SvgFileType.dll

windows11-21h2-x64

1

resvg_Arm64.dll

windows11-21h2-x64

1

resvg_x64.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SvgFileTypePlugin_setup.exe

  • Size

    2.0MB

  • Sample

    240708-bzs95aydjg

  • MD5

    0b93097116941989e41b64db738e2cef

  • SHA1

    557ee101a1f71e62e21ae974eb41b9e9006b9f58

  • SHA256

    ab461b97c31c0c1ad6a28ba9472c42800561740e3b94406b3ba6e54b61991824

  • SHA512

    4d9593043a0110e7cb9515fabb1f95c85c4a5380cf9831c93883fb8d861ec4040efb16382c816557ff62a1f318062ab8614113b07e67c5215269fa0871fbe8e4

  • SSDEEP

    49152:Cmx8zCwPBMKcUFAPCmIMfC6WsOb7N2444//KwKL:CmxQVBdKCzPsO7ol4/Cwa

Score
7/10

Malware Config

Targets

    • Target

      SvgFileTypePlugin_setup.exe

    • Size

      2.0MB

    • MD5

      0b93097116941989e41b64db738e2cef

    • SHA1

      557ee101a1f71e62e21ae974eb41b9e9006b9f58

    • SHA256

      ab461b97c31c0c1ad6a28ba9472c42800561740e3b94406b3ba6e54b61991824

    • SHA512

      4d9593043a0110e7cb9515fabb1f95c85c4a5380cf9831c93883fb8d861ec4040efb16382c816557ff62a1f318062ab8614113b07e67c5215269fa0871fbe8e4

    • SSDEEP

      49152:Cmx8zCwPBMKcUFAPCmIMfC6WsOb7N2444//KwKL:CmxQVBdKCzPsO7ol4/Cwa

    Score
    7/10

    • Loads dropped DLL

    behavioral1

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      2f69afa9d17a5245ec9b5bb03d56f63c

    • SHA1

      e0a133222136b3d4783e965513a690c23826aec9

    • SHA256

      e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

    • SHA512

      bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    behavioral5

    • Target

      SvgFileType.Uninstall.exe

    • Size

      58KB

    • MD5

      b9239046307f0750370f8295e54144b2

    • SHA1

      72a17ed09010b54ccf96ce3d0236af7b0dc9dfed

    • SHA256

      6d74509ec3ce17550d5c7eac6f7f9cc307057026fe2115b30201adb2f8f6cba5

    • SHA512

      0ff371d913ccf556da806aa1119b6ee5ed263593cc70b18521e37b9dbd2a322a45eeed7e9915673f648f5f5ba1790fec86b78771bcca675b9a350a7df1afb184

    • SSDEEP

      1536:isuNLvSFVVeozLpPudZX92JR2QQv7di82M0MZ:i1NjcVVnLpPudeGB2Fk

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral7

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    behavioral8

    • Target

      SvgFileType.dll

    • Size

      1.3MB

    • MD5

      d93a5fcf6b6c5e5d40394efdc47ca1d0

    • SHA1

      11f4e413f83f88c47aa135128207867ac1ff42dc

    • SHA256

      8bdea34bec62c04db54aa9a6a05e08c740673000e3e1c40b4399e54fc189fcd0

    • SHA512

      b1c695bf917fe1cfc45a96456c09b4fe1331d4e19057c02229817b2380cbd995a4cdbc1a040622b14d9e4fbb7f5150cd8858cdb626ae96a453fac4e9904a5870

    • SSDEEP

      24576:XxSV7HSdYA+V1jnQxZdlCG3pFb6KtXX2nrfSNT6v2q6wKB87m2vXw:drEv

    Score
    1/10
    behavioral9

    • Target

      resvg_Arm64.dll

    • Size

      2.2MB

    • MD5

      2967e749c499b6ba13d9a487324ace61

    • SHA1

      2ad2e76f523788eed7347146d19ace57ff3a9b3d

    • SHA256

      647ba3356b6ea1e2837feb4361ec99814b9475b95656a32c0e321636a04de34f

    • SHA512

      2b1673562ef734d02448baad4203c2328729ae5fac58761ad479564a88f41cd29b28c760fc84e49ef39199d4671c9785d7a4d817b554eed659483ddfb196d264

    • SSDEEP

      49152:KKQie5f5dSauTJgHeyHjPRbnn2yZnpwFqIWh:KKQie5f5dSXFgHBL

    Score
    1/10
    behavioral10

    • Target

      resvg_x64.dll

    • Size

      2.5MB

    • MD5

      931cb5395502b053b2809bffd02b25fc

    • SHA1

      12388ac8c0c608e1f936e316689362a9e87e6a48

    • SHA256

      8f0a5998ef7ddbb98b7775575adc08379dd5fdc0e22423698f662e9cd71b5dfd

    • SHA512

      098348c18868e942f143ceba48433b9366b586db1495487b37f8336cf6266ec5cc50f6f67720a7a06bd8c5a03ff45c22e8a0b2376c306f26b86ffb7ae824db31

    • SSDEEP

      49152:ulOfrW0ixRKlSZQbnO91thSzxVEhlWOy2NAXovUhoGNSJnByvEXIiiOPSxkwj4t:onKUJnhAGlWOy2NAXoshoGNyncv7o

    Score
    1/10
    behavioral11

MITRE ATT&CK Enterprise v15

Tasks