45fba5ff230560743a08cb0e423cbaa25b5c191593a084b536d1baf7702d59ce

Sharing

Copy URL Twitter E-mail

General

Target

Ledger_Live.zip
Size

147.8MB
Sample

240708-m2qgssxhnb
MD5

7d39ac15434c6d5c6096add54cbd9b1c
SHA1

90af9747be6a3d3247edb5e8d497f56af58e947d
SHA256

45fba5ff230560743a08cb0e423cbaa25b5c191593a084b536d1baf7702d59ce
SHA512

45277903795eddeaa194ab13f4bedf25f068931a359ba3271f0b7dde2083c5630e6b38b104996f774f6f8c4bae5a91bd3a65951e4dccdef80e3e2659cd5729f7
SSDEEP

3145728:8qTTt830j6DyP2xVB9cI9SyV6zrj2Y5UDW5v2Kz+S+Eh:D/WlDyP+rYb0W5vwgh

Score

8^/10

Malware Config

Targets

- Target
  
  Ledger_Live.zip
- Size
  
  147.8MB
- MD5
  
  7d39ac15434c6d5c6096add54cbd9b1c
- SHA1
  
  90af9747be6a3d3247edb5e8d497f56af58e947d
- SHA256
  
  45fba5ff230560743a08cb0e423cbaa25b5c191593a084b536d1baf7702d59ce
- SHA512
  
  45277903795eddeaa194ab13f4bedf25f068931a359ba3271f0b7dde2083c5630e6b38b104996f774f6f8c4bae5a91bd3a65951e4dccdef80e3e2659cd5729f7
- SSDEEP
  
  3145728:8qTTt830j6DyP2xVB9cI9SyV6zrj2Y5UDW5v2Kz+S+Eh:D/WlDyP+rYb0W5vwgh
Score

1^/10
behavioral1 behavioral2
- Target
  
  Ledger_Live/Ledger/Ledger Live.exe
- Size
  
  78.5MB
- MD5
  
  772e4963c0da811e40eea5ea11359a9b
- SHA1
  
  8b60d0cfa6c5003d4e322036d82afa4117c94df0
- SHA256
  
  d132bef63db0c09f80155fe8c6634abab887821f638b1b5e5798bece8677b1c0
- SHA512
  
  a063c570bec56d6243b2abc0f555a92cc852b087eaa11dec8b1bc047b587c40f79f6aea14f10809705c4597c1c681f785713e81597c0e13637b8f9a33149f214
- SSDEEP
  
  786432:D927QqMoknvNpA+vIlo0FdGgCdb9+KvIFVOjXESWqE5SezWNtcy2SFsL:pMQqMrlpA+Ql4Jd7vIFVO8qQZZy4
Score

8^/10

upx defense_evasion execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral3 behavioral4
- Target
  
  Ledger_Live/Ledger/Uninstall Ledger.exe
- Size
  
  170KB
- MD5
  
  7c59bf6939fd11c83ed7969d164dd548
- SHA1
  
  e8a0836adaa4c8a780848bf1cbaed50b0ca5443b
- SHA256
  
  ca9332565efd821e52f4a2c674ec19286b82b616313119d8d31902efd50b5bff
- SHA512
  
  c2e1aa751dcaf8656c7d923e499c42023d59888cdf0e9b47b17c738e7781b0af3f955de871b1025c186d5841ddef9dc880a4656e7bc780168e90cb1743f34e84
- SSDEEP
  
  3072:kn77v00hEoDEtauHMQgf2X1FaP1zaHfMNUaq2tvhOEA1RJCir86SrSrvrRbOa3E:k740I4f2X1F8eSUaq2t0EyL+2iaU
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  Ledger_Live/Ledger/chrome_100_percent.pak
- Size
  
  132KB
- MD5
  
  443c58245eeb233d319abf7150b99c31
- SHA1
  
  f889ce6302bd8cfbb68ee9a6d8252e58b63e492d
- SHA256
  
  99ca6947d97df212e45782bbd5d97bfb42112872e1c42bab4209ceedf66dc760
- SHA512
  
  081f3ee4a5e40fdc8bb6f16f2cfd47edde2bd8f3b5349775526092a770b090c05308d4289ecdda3d541cf7f0579ac64b529930fd128edad9b0991dfa00b0e9bc
- SSDEEP
  
  3072:bKzwJCcIe4woKmWVlBL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:bKzwjIe41KmWVlNK18Gb0OV8ld0GecQu
Score

3^/10
behavioral7 behavioral8
- Target
  
  Ledger_Live/Ledger/chrome_200_percent.pak
- Size
  
  191KB
- MD5
  
  81b5b74fe16c7c81870f539d5c263397
- SHA1
  
  27526cc2b68a6d2b539bd75317a20c9c5e43c889
- SHA256
  
  cb4fd141a5c4d188a3ecb203e9d41a3afca648724160e212289adcac666fbff4
- SHA512
  
  b2670e2dfa495ccc7874c21d0413cfbebfd4a2f14fc0217e823ec6a16ac1181f8e06bfe7c2d32543167bc3a2e929c7f0af1a5f90182e95913ba2292fa7cadb80
- SSDEEP
  
  3072:A4DQYaE/N6gbrvy/+JPnKmWVlBafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+Hxf:A4DQYaSN6gnvyWnKmWVlSgx5GMRejnbA
Score

3^/10
behavioral10 behavioral9
- Target
  
  Ledger_Live/Ledger/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral11
- Target
  
  Ledger_Live/Ledger/ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  add3b8680a0f25ecb7c130a1456644e2
- SHA1
  
  35bba3989734e0ef4dc6308f6e974c93cfeedacd
- SHA256
  
  5b59ea0a14b7046a142dfb4d45870c609d6d7fb4bff0471221430e6aad07814c
- SHA512
  
  b0eb14c3dc726406fd339be6ebee8351f2147680b16b81ac3885e0a1255245be51d5535614301fc649f7367103bb6082e4a1e0f192761666ec91ae563d70a1d2
- SSDEEP
  
  49152:PAvA/y8/iOxDzztaebBrkNI/CvAA/hTUvtkRhlweQ/Okx8VpJ0UKN3lzl3hRcr3r:Eoa0eqCzQ/Okxa0Ufb
Score

1^/10
behavioral12 behavioral13
- Target
  
  Ledger_Live/Ledger/icudtl.dat
- Size
  
  10.1MB
- MD5
  
  2134e5dbc46fb1c46eac0fe1af710ec3
- SHA1
  
  dbecf2d193ae575aba4217194d4136bd9291d4db
- SHA256
  
  ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41
- SHA512
  
  b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb
- SSDEEP
  
  98304:GKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8j:GKPBhORjOhCliXUxiG9Ha93Whla6ZGr4
Score

3^/10
behavioral14 behavioral15
- Target
  
  Ledger_Live/Ledger/locales/af.pak
- Size
  
  381KB
- MD5
  
  b293cc5ea7db02649bd7d386b8fa0624
- SHA1
  
  32169b9d009b7a0fb7ecdaf650c989e956291772
- SHA256
  
  7bb75adef02d28819f1bd3b42fa46ed56d6dfbeae072341997b09b8c1f52d8dc
- SHA512
  
  496bc72e7b798d02e453eb96d20566b91405bab774521527ef882c1fcb58f25e2d0718013ddc0d23f7fad883f4cde93b57c6caaeba8cd18a09665c9f6245f557
- SSDEEP
  
  6144:qu8SyRtgbfbjR985DhdxQ+ICGSBsjA636Zi2Jynq4UtUKnpgmhqxox7sfxSC2C8l:Ry0zbjREda+ICTsjA636Zi2Jynq4UtBz
Score

3^/10
behavioral16 behavioral17
- Target
  
  Ledger_Live/Ledger/locales/am.pak
- Size
  
  619KB
- MD5
  
  d3f48b60620c5bbe519db9c0cfb634de
- SHA1
  
  7b54a0bf25b2ecfd78c2ad7dfb6f6a09bfd20abc
- SHA256
  
  1974de0984976556288a4612d5f38fe0ff21e868bdd877ba5d5fde3bb4c9e36d
- SHA512
  
  279a7c162e53b2d4e7a92a57de3ce3c919cd9a9700595af6a26ebc53f925773127656b2c817e91cdead87c2b1f5dc00bb0b134d6d51cb083149d85598a2d5b85
- SSDEEP
  
  12288:ihHb86uogj8xST1XF/gpwozVgd529+1VJ7uYyPJx30jH8+A:MbIj8xSXFopwozVgd529+1VJXyPt
Score

3^/10
behavioral18 behavioral19
- Target
  
  Ledger_Live/Ledger/locales/ar.pak
- Size
  
  680KB
- MD5
  
  0ff7a127ca01498e946394aad3648674
- SHA1
  
  a7ae6aaeced53b096a8f3005c666fef3f1138db0
- SHA256
  
  da3294b3c8cd12000a4fc6610618a96b82d1ca67a764fb6387c7edb388b6c6fc
- SHA512
  
  088e210bd15a63f32ed52bb844e25bb6f16565e92f45a6505ab8831919e70369069592840af84ddf6a6dfb816f944264a976824e49ce5643c817046418c4ed3c
- SSDEEP
  
  12288:FUrROt/9FlOX8vYU3X1YKk7Mm5MNi/+dTtq3zMgSENWI:HbwbF5F+8
Score

3^/10
behavioral20 behavioral21
- Target
  
  Ledger_Live/Ledger/locales/bg.pak
- Size
  
  706KB
- MD5
  
  5f629042a1c501b290eec5ea3fcc6779
- SHA1
  
  d6b304838630bbbb375c21a0e6de3e1ea600ead8
- SHA256
  
  571e87f9c62cfea2a2303674f93ba879d9b899afce4dd7e47ddf5e6781b7d4a6
- SHA512
  
  e30f92453bed2dd0cdd5a2a2f70d1e240e983b0a65f056a9623295ed01e9a87869706fc4acb40cb79ffe7c60f5121a95893662c1d0299c0a585b8ab75888c14b
- SSDEEP
  
  12288:ADqWwQkDdLlYMdAs1aQUtjtaVVnFH2mFxadnra35rKN3yoSiVD1BbCeSKn/xJfuk:ADq/DBlYMdAs1aQUVGCa35rKsoSiVDDv
Score

3^/10
behavioral22 behavioral23
- Target
  
  Ledger_Live/Ledger/locales/bn.pak
- Size
  
  911KB
- MD5
  
  35f1083544e86bb85fe5860b36b743e2
- SHA1
  
  27ad8b23fc03f9b26eb5125e886d18ee3798765b
- SHA256
  
  28e1441c4950a90717ebd0641b1f0b4a087cbddeac39edb2618b7d24fbf5a58d
- SHA512
  
  69fd40b1d1ffab122c244a7111972fa8b2d6b38c595acee8c6b650a595eb756c35f0cd774d8a7b79656258ee1dca9b6fe0a72e6bc38901804e62ffcf9976ae1c
- SSDEEP
  
  3072:MtVVy6YHuQ4qxkVxCp2tUkbBb5OMDK5T0Xl+IP:GVVMH5ECAt5Bb5i5clR
Score

3^/10
behavioral24 behavioral25
- Target
  
  Ledger_Live/Ledger/locales/ca.pak
- Size
  
  430KB
- MD5
  
  a69946c79799dde4ead4ee6f27d7fbc4
- SHA1
  
  f304240b57df781eb38eb3968b8110db24f18de3
- SHA256
  
  6cf25816859b95a5ba7b50578c14630105aa5c078338a4d67f15df0aab58233f
- SHA512
  
  169a676cdc1efa5700f8f472a9c0f784dcc7d6215c4ce348a0fc91f3c0dee6c512aea02967051e4daa880ace00cbf2fb9def032590f416ba9f6129fe30df3957
- SSDEEP
  
  12288:q86RFXnMh7nyRhIs3cSlFEYLCJBqB3nbhjJOtJuwlwSGMwFdLbpuQ16BtryBtwIU:r6c0RpTHpEMNJ82kLI256xte
Score

3^/10
behavioral26 behavioral27
- Target
  
  Ledger_Live/Ledger/locales/cs.pak
- Size
  
  441KB
- MD5
  
  f311807c2f5db6fbdd8f513f660be938
- SHA1
  
  f5ec379b83e530e67ab44964e75aed409984dc03
- SHA256
  
  60cad724b1fd9820fa6ed7278b61e65a410255abb0335eec2e5195147e827939
- SHA512
  
  8dfabea5b46d550877bdaebebbd0891b72d47805396de827b10c30ce13545ea260d6b22eb653e13b215d9581e3da8ea20e52b5dbde2f0767bd75e1974606aaaf
- SSDEEP
  
  6144:YqAKv3LGLBP38QC70wXaNA2MXQC5t8VNDKNDZs1X8Qb:bTYsQa0wqUXQC5t8VNGNDab
Score

3^/10
behavioral28 behavioral29
- Target
  
  Ledger_Live/Ledger/locales/da.pak
- Size
  
  400KB
- MD5
  
  4bfee234ac9e04fe60d97f67f881ebb1
- SHA1
  
  bf2b676c6268580b179fd9716d54cd7fbca36334
- SHA256
  
  d4d8ce557a333310ff0f59d6225c41cbde396fccf0872605252425a917230894
- SHA512
  
  af91c4c890625011ddf93048f84ce11f267b72239b6eabba8be3673585ad8e595338ce7b91962c18b81f9f6b91e2c4c9c0fd2136894022cfdec47536b58ec2c8
- SSDEEP
  
  6144:+/O3LZ82jZAsngwlFkuJwZjoEbUSovDHv50Sr+zOUPOd40TWwr:Jm2tA28otR5DrJTD
Score

3^/10
behavioral30 behavioral31
- Target
  
  Ledger_Live/Ledger/locales/de.pak
- Size
  
  427KB
- MD5
  
  169d036fc78554a8011c72644d7c8129
- SHA1
  
  5bf6df20d0f4383c1162e787d019e822cea6a87e
- SHA256
  
  5883c8b60f43c5e12437eefa5d74dacf9c16e6187526df74a53f2eca9e6f3d62
- SHA512
  
  e9bb8eafc47986063892070ae57d6da5a996d68b2c2460f1672abe4e047628b50410cdf72d627d38e15abea7647c686bd30bd7f80648f1058f9a9f3b7a10309c
- SSDEEP
  
  6144:uHtYAzLSELPighAa598U/xCP3T7X2mAyRc5rRRN1OI8CLM:uNeELaguaQn7X295T98CLM
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Hide Artifacts: Hidden Files and Directories

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32