cba9bc966cc7e0c2f3547ab833acb2c6118fa294e822036543a97dcdd023caa0

Sharing

Copy URL Twitter E-mail

General

Target

cba9bc966cc7e0c2f3547ab833acb2c6118fa294e822036543a97dcdd023caa0
Size

2.0MB
Sample

240719-246n5ayckh
MD5

3005b5e05d1812afbb09cadf99372271
SHA1

f3a768231ab9d2197cd9f749df68387c4d4d7909
SHA256

cba9bc966cc7e0c2f3547ab833acb2c6118fa294e822036543a97dcdd023caa0
SHA512

528f241a18c2d86f2ac09bf6d3b3b62a8e571dc5151a7484869e435303b4f204f6b3c6310d9d98fc09874d5e7b94f1f144fad7bf6c33f9891a21f7bc63c7233b
SSDEEP

49152:qNxE87vxpsrFpIv1t1fCufN6s3hQVLsGYfN0+3Q1caz:qfPN+TIvX1auV53hQVLyWy6R

Score

7^/10

Malware Config

Targets

- Target
  
  cba9bc966cc7e0c2f3547ab833acb2c6118fa294e822036543a97dcdd023caa0
- Size
  
  2.0MB
- MD5
  
  3005b5e05d1812afbb09cadf99372271
- SHA1
  
  f3a768231ab9d2197cd9f749df68387c4d4d7909
- SHA256
  
  cba9bc966cc7e0c2f3547ab833acb2c6118fa294e822036543a97dcdd023caa0
- SHA512
  
  528f241a18c2d86f2ac09bf6d3b3b62a8e571dc5151a7484869e435303b4f204f6b3c6310d9d98fc09874d5e7b94f1f144fad7bf6c33f9891a21f7bc63c7233b
- SSDEEP
  
  49152:qNxE87vxpsrFpIv1t1fCufN6s3hQVLsGYfN0+3Q1caz:qfPN+TIvX1auV53hQVLyWy6R
Score

7^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/CommandLine.dll
- Size
  
  68KB
- MD5
  
  7949107875d0a5332ff10d8e24db65e4
- SHA1
  
  8f6b5a291f21a55c4d40f788349334a8fc4a6be1
- SHA256
  
  b69f8e16a39271ae247897cbe816ee1950f9f460e2e2b70a3a7538a8c0f31196
- SHA512
  
  a965ed74014bcb1a9d2f2564e80b4ef708868ffc8bc45c7873b93a1e9c88e664d7640a2349c672b52e31677c4ff681e1bc50e749c29c3b3a8a40baa9f11d1cd0
- SSDEEP
  
  1536:MZj9JT17qpL/6ePMqBNzrstoJSkrjbgbwzis3hwb7P53h0q:Mx9JT17WPMqBNWAkbwzi7b4q
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/DotNetZip.dll
- Size
  
  467KB
- MD5
  
  190e712f2e3b065ba3d5f63cb9b7725e
- SHA1
  
  75c1c8dd93c7c8a4b3719bb77c6e1d1a1620ae12
- SHA256
  
  6c512d9943a225d686b26fc832589e4c8bef7c4dd0a8bdfd557d5d27fe5bba0f
- SHA512
  
  2b4898d2d6982917612d04442807bd58c37739b2e4b302c94f41e03e685e24b9183b12de2057b3b303483698ad95e3a37795e6eb6d2d3b71e332b59deeca7d02
- SSDEEP
  
  6144:GuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/Wo0k:UQL32ikCaUS4csRBse6sfWNk
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  24KB
- MD5
  
  640bff73a5f8e37b202d911e4749b2e9
- SHA1
  
  9588dd7561ab7de3bca392b084bec91f3521c879
- SHA256
  
  c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
- SHA512
  
  39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a
- SSDEEP
  
  384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/Microsoft.Win32.TaskScheduler.dll
- Size
  
  124KB
- MD5
  
  126f0356e94a6dd29f509dc6e60416c3
- SHA1
  
  0d3357537b6a506669211439025ef63adb61d2d7
- SHA256
  
  55465f7d43cf61ef722377393755ebc9f85f1c2e8fa96899fbfefe1659d0065d
- SHA512
  
  4b649364861739c17e855ab28853f70a68d494c17efa873062ee8cbd4b91fe4dbf72c584c4561d76717f694a7e2d6ec94350ee6ca90b2d98cdbcb825cd7f6c11
- SSDEEP
  
  3072:DBCeNh/pcfnLq3wyXYsKRNRwxz+gT37teucRpH00n:DB/w4xQWO5
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/Newtonsoft.Json.dll
- Size
  
  692KB
- MD5
  
  98cbb64f074dc600b23a2ee1a0f46448
- SHA1
  
  c5e5ec666eeb51ec15d69d27685fe50148893e34
- SHA256
  
  7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13
- SHA512
  
  eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147
- SSDEEP
  
  12288:p9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3SH:p8m657w6ZBLmkitKqBCjC0PDgM5CH
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/OWInstaller.exe
- Size
  
  298KB
- MD5
  
  bb7efb489861f452fbf9af03e97fedf0
- SHA1
  
  932411b6c265c02c672c14b6a2427d9c6b4ed0e6
- SHA256
  
  5703d91bd803be3331ff71761acc61250ef030f2bb878676c1ed296b7ea81851
- SHA512
  
  3891d7136773d8433df7439eba87223440ad57a31d5e03303bdb2d56e0b14979825f996a84cff972b035f8f3facca48a1c609bd5691dc497c03137a406cbdfb4
- SSDEEP
  
  6144:4pntLzy7dLKc/6XFGau09bFyoSIm900Tkq2dSxplWJchT:4pntyL6X81FoSU0+SNZ
Score

5^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/OverWolf.Client.CommonUtils.dll
- Size
  
  646KB
- MD5
  
  c0da114ea41689686ed47d9aa14966ba
- SHA1
  
  8d24eedb617c09648c1d54bbd7968df5d1709964
- SHA256
  
  27859b8295c6bad6603457188b4a52a48d538bac0fc737971eb8a79ff92b06dd
- SHA512
  
  25aadb491c66281109ca28a392b54ae5384dff55fc38c9cc879c3157e363f8cc6a3503c77f2c46e16aaa42d58f5ac2414d2881717404118cdac68333bc3ad9a0
- SSDEEP
  
  12288:JIYt/qyA5cbXNSDAoIL5QFm6eLa/TFE5NI4:nCcDTtQFm63FYI4
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/SharpRaven.dll
- Size
  
  80KB
- MD5
  
  c05cb33fbeea0399c1cf3202f7bd8249
- SHA1
  
  74bf0d88450e25173ed8d792b5a0e020e5eeb3f0
- SHA256
  
  6f95c71497dfc3d9b3bf22fa68917fe645b22bed8f0d3e1d55c969b538cc9208
- SHA512
  
  0e336a718f8a57f91b6f2fcc86b38fcc809917f690753eafa6ca6f0a95d05b0e1319555245e8d8459dfbdff1e7a34c9f335e0473f623ad5ad955421cf65062e8
- SSDEEP
  
  1536:oa9qjviI1YjOrfRK9bvyyfpHbnzDwkN7Pv3hIC:oEuqI1lRKbvyyB7nlNSC
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  7399323923e3946fe9140132ac388132
- SHA1
  
  728257d06c452449b1241769b459f091aabcffc5
- SHA256
  
  5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
- SHA512
  
  d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
- SSDEEP
  
  192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  9301577ff4d229347fe33259b43ef3b2
- SHA1
  
  5e39eb4f99920005a4b2303c8089d77f589c133d
- SHA256
  
  090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc
- SHA512
  
  77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/app/cmp.html
- Size
  
  5KB
- MD5
  
  d7b8b31b190e552677589cfd4cbb5d8e
- SHA1
  
  09ffb3c63991d5c932c819393de489268bd3ab88
- SHA256
  
  6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f
- SHA512
  
  32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310
- SSDEEP
  
  48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG
Score

1^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/app/index.html
- Size
  
  20KB
- MD5
  
  c7b752acf6d1e10f3aca2c67b1ccf4d3
- SHA1
  
  ab793cb43e0c2b5af0fdcbf90d0d29d5d3e164f7
- SHA256
  
  69b9f99f6611f953d94984ac35bdaf9e9817f689e1e3614976bebe3465c613fc
- SHA512
  
  120addd79b7ade4f35b426c02631c8167d81080fde30a01b989453113f7547784e525d53bede41ede0c9b3caca8513060753ba51f75bf6936d32ee597d642576
- SSDEEP
  
  192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8D:+WNaM8UnbjPk89+mppHL
Score

1^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/app/js/app.js
- Size
  
  21KB
- MD5
  
  f718bd3f18dd499612623852cd2a2135
- SHA1
  
  9432b7898f655fbbd8132f4b3f8822959ae3ff97
- SHA256
  
  a14fcaf11a16ad7d904960538ca35d5b05e1c1b6a916f228db6b319c6195acbb
- SHA512
  
  90a697f93f239e8210ad47b6f012d3b40ea9c23a92ab909434d0e2d71bc3d9663d1aa73c64646e3dbf417f9636d1190b3d0cf20d349456dee6b6b8d5536d0338
- SSDEEP
  
  384:4X+acDQrcljKdZGb9plmt902wjI3A4nzwF52xxYRifG6wBEoR3FGHWdeLj8T:0+acDQYlOdEbdmXH3A4nzIAnGifG11RL
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/app/js/block_inputs.js
- Size
  
  789B
- MD5
  
  b5b52c92b90f4283a761cb8a40860c75
- SHA1
  
  7212e7e566795017e179e7b9c9bf223b0cdb9ec2
- SHA256
  
  f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
- SHA512
  
  16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/app/js/libs/cmp.bundle.js
- Size
  
  345KB
- MD5
  
  0ebda2a1fd9d91e0aea085bbed473b98
- SHA1
  
  eb496b3e8d8c8c872b07a71649045a2c46065031
- SHA256
  
  72c175869741f5c0a8efab49cb07690188934c7399bd1495e5b7a6f2555ca7f5
- SHA512
  
  444a2f0d331e576b907a3e59d918357468b6adcfad110b756a471e68911f4a5a392e12ce20d1eef13bcbbbca5776ce461b845679135ac1cf5f510cfe62fb3459
- SSDEEP
  
  3072:vSDSLzJgAxPFNRfMHT2kDkNAJOQSPXwGtkLxrtQ8OaxPyf:bxgAxPG28kNvwGtspi
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Checks computer location settings

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32