4163bd79ef89a5aaeef30890b68854f09331e32c75db7f47544382b62aad185e | Triage

Sharing

General

Target

dmd-2.109.1.exe
Size

31.1MB
Sample

240726-c9affavcld
MD5

268731d15b935cb5c46973ea98b9e7d2
SHA1

39fccb3315636e90e97c76f3e9cb24e82f40d855
SHA256

4163bd79ef89a5aaeef30890b68854f09331e32c75db7f47544382b62aad185e
SHA512

a3b1c02b02a0b4c80b3f022aedeb80bc0c5670484dd7e9dc3d4fbb45079aa43c34e019bad56c3baf2769b16591dc6914d43231e68888e4b92489bd0cba5a3a1b
SSDEEP

786432:OquNsmFkLEva1eo7Gt5wJNZyGLtiOE3lMD/yb:teFfa1e/bgNZysvqq/g

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  dmd-2.109.1.exe
- Size
  
  31.1MB
- MD5
  
  268731d15b935cb5c46973ea98b9e7d2
- SHA1
  
  39fccb3315636e90e97c76f3e9cb24e82f40d855
- SHA256
  
  4163bd79ef89a5aaeef30890b68854f09331e32c75db7f47544382b62aad185e
- SHA512
  
  a3b1c02b02a0b4c80b3f022aedeb80bc0c5670484dd7e9dc3d4fbb45079aa43c34e019bad56c3baf2769b16591dc6914d43231e68888e4b92489bd0cba5a3a1b
- SSDEEP
  
  786432:OquNsmFkLEva1eo7Gt5wJNZyGLtiOE3lMD/yb:teFfa1e/bgNZysvqq/g
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  dmd2/samples/d/all.sh
- Size
  
  840B
- MD5
  
  49a17de22e7d2728149f099b5f5f8abc
- SHA1
  
  cd5733cb2cb82102a6a736bc972a71d8fc1c04c8
- SHA256
  
  b666d331ebb72b78906607cba1bdc93947a0c918b4b869aaa3b4fe5c0e55641d
- SHA512
  
  b4ae972d5b3e53dfe055769d8835f4c91482cfa09fa55f546d26d163ac458d3ac567a1a4f62b977aea0a61df8fbc01be20e9a4da23a466e13d6d32080e97f8f7
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  dmd2/samples/d/build.bat
- Size
  
  32B
- MD5
  
  411b37666703b8a3c2d71bc54e1a0edb
- SHA1
  
  cd2fcbba990173d5b09a5065c51f0a822956bb93
- SHA256
  
  027a2fc33b613b0b9d312c38e20246062a6f7796d6f9ec70e0f98bfd64efd65b
- SHA512
  
  3ae279e3ce23a9a7afd8bb4320d880e2a2791071c822d51bb99f6edb25a7fbe58d6f6ffea075029ca64fd1cbe5b10d478d50a203476718149c548cfbf51752a0
Score

1^/10
behavioral5 behavioral6
- Target
  
  dmd2/samples/d/clean.bat
- Size
  
  66B
- MD5
  
  48d490b17339ee919670d850d6875cc1
- SHA1
  
  37cd060888b9d2e4ac63ee2be2d4f82d297ced79
- SHA256
  
  c4d3741d6171d03eb29279f970dcfc5d99055637b84cb3c7801c15a681812a95
- SHA512
  
  cd229e5b85a99030c4553abdcffa166812606910df5274ce89de15f4ca4ea793c33f43a209d889aa10cfcaa0bf016448841920c95c1ab7e767db88e8361dd298
Score

1^/10
behavioral7 behavioral8
- Target
  
  dmd2/samples/d/listener.d
- Size
  
  3KB
- MD5
  
  48b719a4d5d9723de265f82eedbbb5d7
- SHA1
  
  ca134c3647a982ca46b40fbb98f612419ff0c14c
- SHA256
  
  25693c7fb982be5bfd44246fee7cdb4005e93304b5fa47881fb525ec41f72680
- SHA512
  
  b29cd5a5aadb80cdeb68dc3cb651456a17d3785b726e1a7368c2254e7831f48537463418e3c315db19abd5bcbcb6526ae6437702a865017b4e869d30b282dc24
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  dmd2/samples/d/mydll/build.bat
- Size
  
  116B
- MD5
  
  6604837c2ab2499076dbdd30c83a93a5
- SHA1
  
  b9765cc7c008bf714a8d105430b5b4b1b8171eb5
- SHA256
  
  be965e2ba7b6b863aaf1e69cf175302ebe8e486f6e45e1a6be216e99c43e1ec7
- SHA512
  
  4a1baa1c436e0bba5121d7b2cd09380139d2f0e7de9579beac271197d59b48e26058d765e0ed6ef6ad9496d92a0620c86ac32c2840033dfb0684991cc4206ce1
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  dmd2/samples/d/winsamp.d
- Size
  
  5KB
- MD5
  
  714299e2f69483303b98d4c5036a76f5
- SHA1
  
  76340aad9a71b13c4cbceec7b3efee0c83969027
- SHA256
  
  2d994a9101589296129323aa7e2c9c984e1483c1a6ce7098f214c01ba4181a48
- SHA512
  
  ba8c5e4f3cd741e4b7fc9ef2ced313ddbfe867292cb6704b5f24caab5738b8b7dd7bbcc4412764d4ef35c5dfedd6f71174b8781ec83ac412b0d0826a9134b378
- SSDEEP
  
  48:2YorosFRpjccsOjf+oA7yeNytyQ7bEdGSbzJyEDwOCwYbc/CQyGGmNNRkV:SjR5c2ApoIQ7oDf27wIcaYBZkV
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  dmd2/src/dmd/dmd/funcsem.d
- Size
  
  103KB
- MD5
  
  a5419c7f18db85bff2c4425ea416c1fe
- SHA1
  
  7521de1826cb79a3056b193837d455ecf9a6eaf5
- SHA256
  
  b00fec3f03c604b47cd0db108aa78aec076a7f6e729500924748953dd79cb63e
- SHA512
  
  9993ac2b780d352b25ff01b973a1bdb7816574e674497375d45e8a22f5cb5fbc15a4aad862c1e64a31928e83fa56c736c7b68d958873adea548fb2d0cab39b10
- SSDEEP
  
  768:IQGwsl/S4M1SewOTl+Cpupzpp91Y1hsCLef/PQtMFqalVQ/O+hSR5y5M8s4GdVuV:tSPFdOPuI/tMFqddDM8s4dV
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  dmd2/src/dmd/dmd/link.d
- Size
  
  66KB
- MD5
  
  d09c033c9c38b1468d789a45f1401dcb
- SHA1
  
  0c941dcbb12d3f8e3744231699265c58bf8b7fe7
- SHA256
  
  6e6bea62a738f5408a06833b0a48f9e14dabea43a57a34d15ca3f639bd4205b3
- SHA512
  
  3b4a9f81ab9dbf714ab1238581429d5c9a3df9cdf0fa702c47adf12d37f08e169cf0ee31ce0db8e5efbb8b26cfa7ba85a1c0bc49487cee53df09782b04e7c990
- SSDEEP
  
  1536:joCCkCJ7QoeCl/SkAoQIYoa3AqJLWYz6BcUdoOQZJ0Yw:0CCnJ7Qoe2/SklQIYo0AqNzXUdJU0d
Score

1^/10
behavioral17 behavioral18
- Target
  
  dmd2/src/druntime/import/core/thread/fiber.d
- Size
  
  69KB
- MD5
  
  e6c3d170aaf93622fd573d98ea805565
- SHA1
  
  cbc0cba72af2a1e990e27e02137ef529594df3b6
- SHA256
  
  c21f023330979da9dff3b9fefd579874ec708139c50ad4e566fd183606eb1e99
- SHA512
  
  c5573b47423cbd8298293ee66e6beca17f5ae3124df70e73131a5305e72cebdcc6420fedcefbb9e9fe7c13a65445c6958ef18a73030f2402b8700e5280bd241b
- SSDEEP
  
  768:hf47wIDIsHIbkhV0f2X+qpi9SStbgCNYTsmz/:hsMc/iO+wU3YwK/
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  dmd2/src/druntime/import/core/thread/osthread.d
- Size
  
  85KB
- MD5
  
  9f8f9bddde469faf5705f6d5fa538964
- SHA1
  
  ae5f9a4e3ffc6d36c34f4725166b5d42bd4deb91
- SHA256
  
  cd5dbcc77b5e482b9b4acf39c41dea9974c816c3116a21446146c22a4b030685
- SHA512
  
  30db4935ced965e3d5a4fd038880cfea6c56806ccd651ca82efe100f17040b54e91c8586171a8950147f5e92d6a3f3d8faf11a9a3323b458d0d0baa499a129b3
- SSDEEP
  
  1536:0yb2bhziamT5sOwvel4RQAPBYbMUjIVHqW:0YT5sOwvel4RLUjIFqW
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  dmd2/src/druntime/import/etc/linux/memoryerror.d
- Size
  
  8KB
- MD5
  
  fc509e7382333d0096302293204e488d
- SHA1
  
  acf05834d1a12b714f9664cabf21efb181859fa9
- SHA256
  
  89469062c02c0f490325038806646b5840130f8e774f04a4cb2b54293770915e
- SHA512
  
  64f79c70db9b8127cabad0680ce3214f291734dbfe92ed6156d1448bb7f3bcc1f468cec4ed69e5bf43b5bdd07a6430f7a37305e766bc610e9bc2aead28672064
- SSDEEP
  
  192:mqT6O2dt6ObI7OfMPmf8y6M67QjLBEUV5Q+oYjrJZipK8BhNCw9Gy+CxPpX:p7OumbBRzJZioE+OPpX
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  dmd2/src/druntime/import/object.d
- Size
  
  132KB
- MD5
  
  a83cc12e107974235e524139b11e61b2
- SHA1
  
  c022d93749beb1217566d99d91c5c5f85170af54
- SHA256
  
  dc51f5b80e5f5dc74f789289d1c6959332d5ce453e7a260dcf6a70b5d69807e5
- SHA512
  
  0e1db3a7f093901490f3e3e318eb7948704b0cea1ba1b22d4d68bd2f994461c69230ccd2e2fb3aacf1352c6cb9f8b7dc8f233f59ce1916a9916dddbf96a05aa8
- SSDEEP
  
  1536:FJ+bLTIld4KQs4acK3j0V9fEL5yIzHrmmT/BzC84bbMXpFPJC:PY3Ild4bs38IzHrmmT/BzCopFPJC
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  dmd2/src/druntime/src/core/atomic.d
- Size
  
  41KB
- MD5
  
  3343dbb764b5d4cc64b1b2832873a3e9
- SHA1
  
  bbb63cc4a1c19db80f1312913833c691714ed6bb
- SHA256
  
  188461e68aab7dca1b97745d00f4aa518940c13517034a9ded21877af6c91b27
- SHA512
  
  5c304462ccc6989e24c2ed54660d7fb205b99934c4d2d71e58e371d016788788cc0df3ec4d3d24ee06c776ad7fdc130b50cfff35b9a7574e5cb92cb3d8cb9ec4
- SSDEEP
  
  768:ZP0qRJbXQ9Y+Rb1QHh2+JY0U8f+9H3QUU:hRBg5Ogp0UL9XtU
Score

1^/10
behavioral27 behavioral28
- Target
  
  dmd2/src/druntime/src/core/bitop.d
- Size
  
  23KB
- MD5
  
  15099942f92270ac83376b6d7d88eb38
- SHA1
  
  b09f7f700732843b63d3cc5aab52142173f35ae6
- SHA256
  
  40c9c78118a84a606ca0cb90fdb5f7c1a79f9eca48f95c5e56cccab2c8a57f1d
- SHA512
  
  cd08471ad0cf258b112c829e33bd1bd76f8e1ed1a06f79cee2a6c748260275b50a5d29e9199b1d53625508a21072dc19eb39f695fda1fa02b85016962e5620d8
- SSDEEP
  
  384:eLWkdaqYQllFh0Y3zdqsCKhf0jx9Nn+nzvs7xB0:eL/83Q/Z3ZqsCKhf0jxnez07x2
Score

1^/10
behavioral29 behavioral30
- Target
  
  dmd2/src/druntime/src/core/exception.d
- Size
  
  27KB
- MD5
  
  dcb5c85801d75cebfa8bdb83cf41dd37
- SHA1
  
  91752aef9310ec0f62b2f04a62505aabc01597a7
- SHA256
  
  fa8ca3b47873cf5e007dfc65f0d9edea3c0d605827625c585de6adba8eab6e3e
- SHA512
  
  2dc14ebb39059bc2344566973e2a6d03b8285dc621faead160c8529536a588c63bf9d1d963862db008f6a0243453aaac3bab89db1469a69ac37e980b7afeeb7f
- SSDEEP
  
  384:9DnCoA3upe/ahL+sftSlzvtr8ZRd1o1/xe:9D34yEr8ZRd1UI
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32