General
-
Target
TypeDuck-Windows-1.1.1-installer.exe
-
Size
6.5MB
-
Sample
240715-j6rc4szclc
-
MD5
d7f606815ecf8448a6458619a97441e4
-
SHA1
9ecd5976ba6cd8a795d1d05260700d50a3a821ad
-
SHA256
ee321479d2cb6af6df031ebf8efad9ae912919d736ea7144155ac3200d323722
-
SHA512
c8a315a2d86f009983a1010fa9885396cc0c5c6b34f5a8abb84ab004e16eca98e605c71178af04801600b9b5198c7e0cda1b91d32aadce932e2a209fe506137f
-
SSDEEP
98304:Anp1b8XIPQNDVP/op7fWJZQUwMffE2kX9NYPowbITgrwFM8wF+kjtBvtc4PmxXX:AnwXIPQkjWJCEfE2e9MITgka8DkjtBvq
Malware Config
Targets
-
-
Target
TypeDuck-Windows-1.1.1-installer.exe
-
Size
6.5MB
-
MD5
d7f606815ecf8448a6458619a97441e4
-
SHA1
9ecd5976ba6cd8a795d1d05260700d50a3a821ad
-
SHA256
ee321479d2cb6af6df031ebf8efad9ae912919d736ea7144155ac3200d323722
-
SHA512
c8a315a2d86f009983a1010fa9885396cc0c5c6b34f5a8abb84ab004e16eca98e605c71178af04801600b9b5198c7e0cda1b91d32aadce932e2a209fe506137f
-
SSDEEP
98304:Anp1b8XIPQNDVP/op7fWJZQUwMffE2kX9NYPowbITgrwFM8wF+kjtBvtc4PmxXX:AnwXIPQkjWJCEfE2e9MITgka8DkjtBvq
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
1d8f01a83ddd259bc339902c1d33c8f1
-
SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
-
SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
-
SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
-
SSDEEP
96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score3/10 -
-
-
Target
TypeDuckDeployer.exe
-
Size
1.2MB
-
MD5
6414597f12693e17aa8281bec71f3d93
-
SHA1
8162e2c1bb75ce29e7b0ad1bb271b471b25a6ac9
-
SHA256
5270ab309e3b9fd95e38ac0c28b710a2a973c92d02067f7956a4dc82883cce0d
-
SHA512
50b461be6432ea870668627693bbd2a44b97279ff8a655dbe32c9726cbde339d4df93d3dfc069b57b8cfe2b2890178a23ccc50f7aaabcb57b4578c5946725d81
-
SSDEEP
24576:ORbEcreYFm6fC7mBOc4naaA26SkQJBPDfUxlg+rVk:ORPreYY6fC7mBO1naz8BPDfUxlg+rVk
Score1/10 -
-
-
Target
TypeDuckServer.exe
-
Size
2.2MB
-
MD5
1168dc112a8b3f65c46e40b9d7b6362c
-
SHA1
58f9b94023661bc42961d98cad83c954f9a47d88
-
SHA256
5c7aa159755c819be1fd8f6b513bfc54321c5edadc7b06d68acb7f9eccbdf0a3
-
SHA512
4779455fd95d909cc00f4cd125695cd14b47e5bb56b7fe9393c4a4771e4de8f93831612604d877a017a0e9c574fdfd07f3fd401c6e26d1c9a5b7728d98b05537
-
SSDEEP
49152:Jo1Nx54uSLMspxUkmmjSyhF2Yif6B8VKW4Cur41:y1b54Mspxhifo8VKW
Score1/10 -
-
-
Target
TypeDuckSetup.exe
-
Size
517KB
-
MD5
00adac205afe83285af3aa8f86eda3c2
-
SHA1
07e1c2a6050c4ed6c7e61f899cc083814cf0c200
-
SHA256
04d7cd681381d613174e021bde0d4c9bc16c9d0474448dae2371e7d7b66242a9
-
SHA512
77d703feb9d6a96880d3e311eeffc4a45af3d4bb478c8342be9cc918c701af4078790b4441fff5afbb68d4f5b3e27a7087b3d842ddd3ada2fc1d28d2b5608986
-
SSDEEP
6144:uo6CgZ61nlOZbjAy6Ds/u78goNA5J+Fmi6Qj+L0P24ORBunsRCBv8iaA:uTZKkk78goSJ+FhDidBunsHA
Score1/10 -
-
-
Target
WinSparkle.dll
-
Size
1.8MB
-
MD5
1e1f8765992bfc5b7326a03fbe7ee9ad
-
SHA1
af44a147f18ddf073414d22a550379f5233e414b
-
SHA256
14d9ada9fd17ad089d7dea3a4b6e7117f132b23cd150323c60df5ffda5c72b6f
-
SHA512
4ecadc62edc1525b4d3f4183b14b79cc7959e4b6134da8e359686003f963ea1a0b993c24a944f2e703ba1db8e73c366b0351e0f3953b0d82131237953eff7cba
-
SSDEEP
49152:IYemLtvBeY7YU4zamHqEWgNHHPh8hak9e:IYem5BKU4zamHq0A
Score1/10 -
-
-
Target
rime.dll
-
Size
2.2MB
-
MD5
eecc6dfd5854202b5cbafe1cccbe159e
-
SHA1
91532f490c820225a05472d49540ff55bf093ffc
-
SHA256
13823d8f1a58fcb32c5228d4de8f72d89fac3d7ed6851d5d06f5ea4c458be40c
-
SHA512
7c023e4f141cf66df8bb110a17e4efe1b99eba8e4a9644c933871ace89273f7f7dc10791992c0540227cbad4a4031da2746de606c38b263159d924808b3a05c1
-
SSDEEP
49152:bOzAfD9qsNvuxFuzFd/qXGF76wxTARX9hLO7Kahz:4AfDwiJ/q2F76GTARNhLO
Score3/10 -
-
-
Target
typeduck.dll
-
Size
1.1MB
-
MD5
731a1738ccc447f2e83d2faffe114b70
-
SHA1
12608e35e68c4b30a6588c70c153fad7443ed2dc
-
SHA256
794df5476af1611b4fa930cda33d9134b90d9d2d64d5f36a73dcc2f08ec3184b
-
SHA512
ac6286a781640091c57e613b9eb8622a907a6a547b49697c3ee6d6237fc450c61288696b56c682cdab72a3eef3e4e6cf814e6905d171cda2905733189b1e4ae0
-
SSDEEP
24576:eSD1fKaDZlSGS0NjDgaUAhCcFDQpra5jW:8wbNjDgaUAhCcFcFwjW
Score1/10 -
-
-
Target
typeduck.ime
-
Size
493KB
-
MD5
63e3c729a4dd9eef068012154a82097b
-
SHA1
00c7a0375e9fcf29a9896f125d50de97dab84217
-
SHA256
08ab788cd65c882492eba266ee315a180ac67c58358b82315d9f43e12272b4c3
-
SHA512
ea68a17ad8f9eca3a60822bdb1d9ba22d946c0de7abf2a04c10afd5268a6422f544d6c9c5643fc5820fbea3fd6cffd0f782227ad2895b227cadce0224720901e
-
SSDEEP
12288:y5oUSElplWneDi1BCjdSrZtFm9udX6L/ing2x7L/Y5epwlEptn/DW:2ohiSTF+udX6L/ingI3aepCEptn/
Score3/10 -
-
-
Target
typeduckt.dll
-
Size
1.1MB
-
MD5
6b8ad195d5f2f19dce8d09d2775f4586
-
SHA1
fbb4f51a463bc7a9aa3323c72f4718999c4c1180
-
SHA256
99ffa22bf42d0cd436a6bae5c9f775719796dbbfeca73751f3cc08a33e278e87
-
SHA512
a656a3db6ef20177f8514d2783067db8910eff230cc87864ef25138adb4e897c3d57f2b3bbacca28bb43fcb472667e1525fc74dfbb0ad5d7b58aa9c924fa7785
-
SSDEEP
12288:qQn6TmePOvTp1uxIYeb7g1KJ3SCWPSjAFWBqVSeDAgL1ch8Y4OOXq3zaDksuWVxI:8Tme2vTp1uYSPo34Ujnyy4RMcPpra5j
Score1/10 -
-
-
Target
typeduckt.ime
-
Size
493KB
-
MD5
6599300b743eb30dc48f9d3b3a262287
-
SHA1
ca69ef0b6a0bb3430e55c2effd6784a61c40708f
-
SHA256
8a8102e54ed63065dd795cbaaf1402ad31b76930bd6bfc809221dc9a8a96a8e1
-
SHA512
b2badc0891d87830cdc7044f6e1ffc38f272ff136093ba7b53743382db023d2bfb6e10cfb7da42db7b36783d6648c8234849e04ecaf6e44db1c3acf94baa9c59
-
SSDEEP
12288:B5oUSElplWneDi1BCjdSrZtFm9udX6L/ing2x7L/Y5epwlEpHfbAW:LohiSTF+udX6L/ingI3aepCEpHfb
Score3/10 -
-
-
Target
typeducktx64.dll
-
Size
1.3MB
-
MD5
87be49a72b6c8fa0cbbc1d6c04de7f63
-
SHA1
a0d418be2853a33ed8d38bed686db498b35ab4bd
-
SHA256
f00d8f4658795853ce7c4762281ef67b49f63e24ce0712ddafc100b8dca6f120
-
SHA512
52d6e4a3c3ff56543840adcee5edc55ac6ae76630d163e9094b861697d082727202c5e50b5ba2e120a6e68b8be3fba8b18b2c5ec4ea3250252316fed4874d0ec
-
SSDEEP
24576:qObKUiPH5Y5wXTUucGDyai/Rmd4atR6TA+Hra5:nWU+Z+5oAmuatSbw
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
typeducktx64.ime
-
Size
628KB
-
MD5
3623e0e3539cb93637534610f444435c
-
SHA1
e04dc1fccaae04909e4c23cd592639d669cc9b03
-
SHA256
5f39a5ba606447a83fc188663170e8782d4c0a2b0dd420ffdf6699c64794ec35
-
SHA512
f00bd76d609a20bfb37a1dad06c949d9b19de5b79aab9696a45f4c30813d43808552267ab24465d3bae7f58cff19c31c26b9e65a94651536ccc54d6fa02a9010
-
SSDEEP
12288:lIdMRbKCIdiNrzwArK+OlOyAyZoh9OVhT8257YdVsTKaQOtlU:GgKSfxyZoh9YtYdVM8klU
Score1/10 -
-
-
Target
typeduckx64.dll
-
Size
1.3MB
-
MD5
eb31fddcc36432201635a0865187b809
-
SHA1
70f8a43a1d803e5be408f96e8f1289d2a0940ad3
-
SHA256
cf2c5819c580cd980d8730361f5defde109c7f11d2777b00544c692f0e532f4d
-
SHA512
78b2d38d43125c48ac01153f429364dc591a947358e36928be525eb952b1e023beefc80eae220e5ceaac4b4df743d9c027e2a531ff6f8eb3e56023be6f7afd1d
-
SSDEEP
24576:mObKUiPH5Y5wXTUucGDyai/Rmd4atA6Tl+Hra5:7WU+Z+5oAmuathkw
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
typeduckx64.ime
-
Size
628KB
-
MD5
decbcdbf43cf008ede2438953d28a623
-
SHA1
13783a4fb07a52f250e71aaaf03a92676737e640
-
SHA256
3979a31d726278876f09ba76c78e9a98dba1a4a21db642413a6c49dd9f54bb9f
-
SHA512
47e7f8bdef3ce33da5dc5ce5b585c93b311c07304f410bb3fdbb2526e7d2a8555a0d034720e2d25c1717ac22646b86893b82e0f9227f2018d3653278cacdfd0f
-
SSDEEP
12288:AIdMRbKCIdiNrzwArK+OlOyAyZoh9OVhT8257YdVsTKaQOVlU:pgKSfxyZoh9YtYdVM8clU
Score1/10 -
-
-
Target
uninstall.exe
-
Size
190KB
-
MD5
56cdcbcaa6ff477cbb55fb2d798c17f7
-
SHA1
1793505948f85550c58896797309d2a856248549
-
SHA256
76f0d71d8a0a0db0f595cff3c916ae000059182f69f27a4e1c8c7c62d45da224
-
SHA512
0eb181947f10deae25d7cf537be2a4e25a7e5e06c6a796086348b96a2a2e63550fd4abe5a03a9242b1195cd116faec2e2cf8116d458f94c938cc828a34595378
-
SSDEEP
3072:onPdzuK8Jdw4TMJw3upqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqZ:onPdudwDGMeYQBr1la3
Score7/10-
Executes dropped EXE
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
1d8f01a83ddd259bc339902c1d33c8f1
-
SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
-
SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
-
SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
-
SSDEEP
96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1