397ff48f9ae2034c72bb9428427fbf6eca8df5b215723ba31094cf323f32df5e

Sharing

Copy URL

Twitter E-mail

General

Target

57113e6cabcb9b9683243e402ab09710N.exe
Size

8.4MB
Sample

240713-gpjktsycrn
MD5

57113e6cabcb9b9683243e402ab09710
SHA1

fce100b45b4700974c481a3e7487545851bc6661
SHA256

397ff48f9ae2034c72bb9428427fbf6eca8df5b215723ba31094cf323f32df5e
SHA512

da3042489a758f3b785bc28a303260a140ec7e730e10f14715acacd9804bff132c1f2be439fd2597a11e14aafb2e2cfaa25b5ef283c5770c216d55e9e7981c2f
SSDEEP

196608:KuqYM3svK25H5gABbvqlFl2J1GJySPHnlN5NRq9PeLra6ykCShF:KuPMKK25HvhvqlFJySHnlJIuaPQ

Score

7^/10

Malware Config

Targets

- Target
  
  57113e6cabcb9b9683243e402ab09710N.exe
- Size
  
  8.4MB
- MD5
  
  57113e6cabcb9b9683243e402ab09710
- SHA1
  
  fce100b45b4700974c481a3e7487545851bc6661
- SHA256
  
  397ff48f9ae2034c72bb9428427fbf6eca8df5b215723ba31094cf323f32df5e
- SHA512
  
  da3042489a758f3b785bc28a303260a140ec7e730e10f14715acacd9804bff132c1f2be439fd2597a11e14aafb2e2cfaa25b5ef283c5770c216d55e9e7981c2f
- SSDEEP
  
  196608:KuqYM3svK25H5gABbvqlFl2J1GJySPHnlN5NRq9PeLra6ykCShF:KuPMKK25HvhvqlFJySHnlJIuaPQ
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $APPDATA/Hotspot Shield/report/af_proxy.dll
- Size
  
  934KB
- MD5
  
  3388d55bc7d9eb92982d342299910494
- SHA1
  
  1aa8fb72c4fc2f2d7e9e3824a11092701662efb9
- SHA256
  
  ac0c99a3ae9be803993d7ec8e346d62477425f591eb7c4854d4a0a3c0a1c2a45
- SHA512
  
  51742f95f3b710229e13e429fd737a114e8f10ca7c73ad6307059dd6ade58da7a7e470274467f91ba63654c738fd87eb255573f9bc851a8df4b034297df04f7f
- SSDEEP
  
  24576:BbCNa0PsR7NPEHnWP+OUnAi24X1+u8vvW:W6uHnWP4AwX8lvO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/Hotspot Shield/report/af_proxy_cmd_rep.exe
- Size
  
  339KB
- MD5
  
  4b4cf64895d2fca31952a2b8b89080dd
- SHA1
  
  ca69c2779ef12d405e0de134b071a2db63c01a89
- SHA256
  
  2f5ca87b9a847dcebb52fe61249fe98cb400d4ab33250cecb4d414a35e40da1d
- SHA512
  
  4b705df027f1f46fb043156fca7d66d882fddc5805029f6c55459ccd65a38fadb7777c2becbfe3d2f6d9014109936aaa0996160773342e277df704cf5cdf420f
- SSDEEP
  
  6144:YOOhIZfT4Zo07B5HC29jsi27NEXbRS3WRqqDLuU4OU/:nXZT4xvHC2tsicEXY3WsqnudJ/
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/Hotspot Shield/report/zlib1.dll
- Size
  
  73KB
- MD5
  
  c7d4d685a0af2a09cbc21cb474358595
- SHA1
  
  b784599c82bb90d5267fd70aaa42acc0c614b5d2
- SHA256
  
  e96b397b499d9eaa3f52eaf496ca8941e80c0ad1544879ccadf02bf2c6a1ecfc
- SHA512
  
  fed2c126a499fae6215e0ef7d76aeec45b60417ed11c7732379d1e92c87e27355fe8753efed86af4f58d52ea695494ef674538192fac1e8a2a114467061a108b
- SSDEEP
  
  1536:+4nToIf2W/nkQRZHaamLQHoIOah7Vryh7IO4cZlIXw6Epb:bTBfHdRZH9mLQHuaBVGn4FXw6E1
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  9KB
- MD5
  
  1b6f8e5a5aaaefbb8780cb245c3771c4
- SHA1
  
  134d11153e9f998ba2dcd52de7a432d6aaf14352
- SHA256
  
  3a934717fbadbc907d0650cd4095474380603fcfb403a02ca7d3dd5ade277d57
- SHA512
  
  949e7110f844dc2f6a921b6db7e0d98eca21b629468dd44afa040dc2ce09345673b00f7541ba295731da3518e71dc0cd24e9948b2642cb71fd8ea2c312170311
- SSDEEP
  
  192:D6qzi1q9XeLULsVGijl6nAFN4uEXJoe5+7lnSpj6/1sF:D609X4h6AFNZEXJnI7lSS
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b9f430f71c7144d8ff4ab94be2785aa6
- SHA1
  
  c5c1e153caff7ad1d221a9acc8bbb831f05ccb05
- SHA256
  
  b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655
- SHA512
  
  c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099
- SSDEEP
  
  192:hClej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yOG:hCm2HgN4GbeWmbI4Eybogia7yO
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  351b802508ee5462cbf7f35454a9dca6
- SHA1
  
  7b9a1bc758e10af02124143680f636853b421da1
- SHA256
  
  39275ee1767aac3ae0929a3e67a84a921610b45d5cfff3db1641893504d5c78d
- SHA512
  
  6b0a4a500597fefaceb5eab79737d4f8dd253bb6bf8c263699314deda417763857b4407457d877b28f7a9c1f40a241d378ccae80c68541ff3f102eac8a6ff8d2
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  7823fc560926dcd8741de6f0b900083f
- SHA1
  
  93dc0a704bc0b8f90668548e36daf459be0ae10a
- SHA256
  
  ca869d6c6752aa4a8a6c874a694b543442992d7e854d0c48a1b60bca01a8c8c6
- SHA512
  
  c79509cd306638ea9badec64ed9f7d0690e46fcab7ac77f25134065b628e76d2812f2d874ea2cc4283685c567b613a39d27b9fc4a6de2d4b9d30131f3161c4e9
- SSDEEP
  
  192:SzQhZDqlJcKISw99ioU3MSfwLF/+nhHUVsdz:SzoZDGKYw9goWyFGBU4z
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  6KB
- MD5
  
  783f9ced5ffcb3dc0972f9eb2d4cfba8
- SHA1
  
  999523b7f11e4ba08a6f23cb9a40e5323c4a6a25
- SHA256
  
  a99c45c1c9522f99955618cbe4212091b2018e5b1bd4231687970589a2ea015e
- SHA512
  
  1cb88a698aad36af30a2ae3e07167eddcafda7f31bb1e90fd8dd8f419efa72b356a6e9a2d53d850c211a2a5a974b8503ceb1c794eea3218e008f6d2e3213b40f
- SSDEEP
  
  96:ziTu1lnMIoLc/6OXnd4uKYJO89PA8AuA86f/6Cu27RyCtxwR2:ziT+16Ot48JHtAuAL/6sFg2
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsisos.dll
- Size
  
  5KB
- MD5
  
  b1e1f665d57874de41df72dda21bc6a9
- SHA1
  
  4898d7b41b48ef6350b0b6730805f201e52e4cb4
- SHA256
  
  0619ec35b9632b28d84e39343b6dbc5ef9732c85f1ca97c05aee744d22b7e930
- SHA512
  
  9f3a5fcab235d15d2f477ec335d08a490c889842c227aed49179dab4fc909221c66d9d6110b465da8a4a4b07cac07192e22b1fd62d96e2494baf510858ea004a
- SSDEEP
  
  48:StaC3KocZctyk+T69J+dFk6wO1mvu1A8ZkcG64wlfCSCAD7:ly3cZeyk+T6J+dFaVuA8ZQ6L5CtAD
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/HssInstaller.exe
- Size
  
  357KB
- MD5
  
  548c9b52b6c3e070779a64938057bdce
- SHA1
  
  d6023754d0f3296dfeced8443c3e1111b5d4907b
- SHA256
  
  a6560bc5d0039539bb156c404ba6723732f77ac0bd67f5ff2ec4cf11226298ba
- SHA512
  
  f8a157b177a813164e416640d4bcf14adb3cc961d2e928eeea70b76994c01cdecc7b3bf5bc4914afe16a10372561cbc6f9aa6cfa8bda87726dca02ce2c294cf4
- SSDEEP
  
  6144:0GR+MVCvNQA2S44kPdP7Zse6IZySOCdZZGZpXnNLq/MFeA5KpqqDLu9Wfk7ya0Kt:0GR+M+y1ljeVStPYpXnY/MFlDqnu98m
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/tapinstall.exe
- Size
  
  85KB
- MD5
  
  f5060363ca10cc2504afc1989f6c1b25
- SHA1
  
  3d34fd12b5138760d153992ff1cf95e8020ceada
- SHA256
  
  909962c449d9ab07a7461d958adee256f218de48c0b88a5bc27f7f180b8f6418
- SHA512
  
  4dafda48f4231e16cf1cd719023b188a7a0a61b9d6415c18bbc7d094e7a82879902e21afc6e929de18b377a115cfa8b8e3d2eb4121735f10135a4939e8a0404b
- SSDEEP
  
  1536:peAlzBufRv3YPKlm52Qe2NhtUnN1ssF4O7WFuo:LlWva8Q2oNXUNeSRWP
Score

1^/10
behavioral23 behavioral24
- Target
  
  HssWPR/HssInstaller.exe
- Size
  
  357KB
- MD5
  
  548c9b52b6c3e070779a64938057bdce
- SHA1
  
  d6023754d0f3296dfeced8443c3e1111b5d4907b
- SHA256
  
  a6560bc5d0039539bb156c404ba6723732f77ac0bd67f5ff2ec4cf11226298ba
- SHA512
  
  f8a157b177a813164e416640d4bcf14adb3cc961d2e928eeea70b76994c01cdecc7b3bf5bc4914afe16a10372561cbc6f9aa6cfa8bda87726dca02ce2c294cf4
- SSDEEP
  
  6144:0GR+MVCvNQA2S44kPdP7Zse6IZySOCdZZGZpXnNLq/MFeA5KpqqDLu9Wfk7ya0Kt:0GR+M+y1ljeVStPYpXnY/MFlDqnu98m
Score

1^/10
behavioral25 behavioral26
- Target
  
  bin/HssInstaller.exe
- Size
  
  357KB
- MD5
  
  548c9b52b6c3e070779a64938057bdce
- SHA1
  
  d6023754d0f3296dfeced8443c3e1111b5d4907b
- SHA256
  
  a6560bc5d0039539bb156c404ba6723732f77ac0bd67f5ff2ec4cf11226298ba
- SHA512
  
  f8a157b177a813164e416640d4bcf14adb3cc961d2e928eeea70b76994c01cdecc7b3bf5bc4914afe16a10372561cbc6f9aa6cfa8bda87726dca02ce2c294cf4
- SSDEEP
  
  6144:0GR+MVCvNQA2S44kPdP7Zse6IZySOCdZZGZpXnNLq/MFeA5KpqqDLu9Wfk7ya0Kt:0GR+M+y1ljeVStPYpXnY/MFlDqnu98m
Score

1^/10
behavioral27 behavioral28
- Target
  
  bin/af_proxy.dll
- Size
  
  934KB
- MD5
  
  3388d55bc7d9eb92982d342299910494
- SHA1
  
  1aa8fb72c4fc2f2d7e9e3824a11092701662efb9
- SHA256
  
  ac0c99a3ae9be803993d7ec8e346d62477425f591eb7c4854d4a0a3c0a1c2a45
- SHA512
  
  51742f95f3b710229e13e429fd737a114e8f10ca7c73ad6307059dd6ade58da7a7e470274467f91ba63654c738fd87eb255573f9bc851a8df4b034297df04f7f
- SSDEEP
  
  24576:BbCNa0PsR7NPEHnWP+OUnAi24X1+u8vvW:W6uHnWP4AwX8lvO
Score

3^/10
behavioral29 behavioral30
- Target
  
  bin/af_proxy_cmd.exe
- Size
  
  339KB
- MD5
  
  4b4cf64895d2fca31952a2b8b89080dd
- SHA1
  
  ca69c2779ef12d405e0de134b071a2db63c01a89
- SHA256
  
  2f5ca87b9a847dcebb52fe61249fe98cb400d4ab33250cecb4d414a35e40da1d
- SHA512
  
  4b705df027f1f46fb043156fca7d66d882fddc5805029f6c55459ccd65a38fadb7777c2becbfe3d2f6d9014109936aaa0996160773342e277df704cf5cdf420f
- SSDEEP
  
  6144:YOOhIZfT4Zo07B5HC29jsi27NEXbRS3WRqqDLuU4OU/:nXZT4xvHC2tsicEXY3WsqnudJ/
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32