General

  • Target

    MathType-win-en-7.8.0.0.exe

  • Size

    43.4MB

  • Sample

    240726-nd85nsybjg

  • MD5

    0984ae82d2f00151fd3e891b601619ea

  • SHA1

    475291c51140d2107b341e9671b5f2807c06bfe6

  • SHA256

    24b2c6ce45d27bfdb14cd4e352180bf7bd866ce9f9565b79b475eba07a72c752

  • SHA512

    7a0f50caf5d98ee5e4820738141a8c82bf5b70d231c440085947bd2443c159e95ca7e7b7272b320f0d2d217c33762b9122e63064c825dea379844597c52d876a

  • SSDEEP

    786432:ometqlZRTGuNDuDVia6JnBep7serZMBqYb/ByCS1ZwqAZafqNKntXamJTsASlLr3:oMlnGXVUA7sB/sCW+B8faKtXamxsAOLD

Malware Config

Targets

    • Target

      MathType-win-en-7.8.0.0.exe

    • Size

      43.4MB

    • MD5

      0984ae82d2f00151fd3e891b601619ea

    • SHA1

      475291c51140d2107b341e9671b5f2807c06bfe6

    • SHA256

      24b2c6ce45d27bfdb14cd4e352180bf7bd866ce9f9565b79b475eba07a72c752

    • SHA512

      7a0f50caf5d98ee5e4820738141a8c82bf5b70d231c440085947bd2443c159e95ca7e7b7272b320f0d2d217c33762b9122e63064c825dea379844597c52d876a

    • SSDEEP

      786432:ometqlZRTGuNDuDVia6JnBep7serZMBqYb/ByCS1ZwqAZafqNKntXamJTsASlLr3:oMlnGXVUA7sB/sCW+B8faKtXamxsAOLD

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/j2pcsc.dll

    • Size

      10KB

    • MD5

      082fcf36dbcdc2ae39b7a05fa50c8221

    • SHA1

      214044ccbb0c4eacf6f68a9361aa21d7530faaa4

    • SHA256

      84598ba5d55715f7ae169f168d1f1c6d4f82385822cd6b17706b19add0118795

    • SHA512

      0ba186c7a4e0bf4d8aecb30bbdda5e460acea8c5aad7b9035ad7d5b62858702a9b4b04cd144121ae05efb67cadd39b6f1cfc6a02464e9c887747d638d1b1995d

    • SSDEEP

      192:pN+oJRa3faYQu4H7nhTZw3SSunY3X3PVR6y8jzqpYOyb:pN+oJkChdw3SvnonPV58y+Oyb

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/j2pkcs11.dll

    • Size

      44KB

    • MD5

      33125cdb04f05e8bdb359dbd60eeb029

    • SHA1

      c5d306daaa32ab37c0a712dd4cda939fd6903069

    • SHA256

      5e774118444fd02e45549ddd3956452befd32b0fad38994ae6a8bec6ad98b390

    • SHA512

      6abf42ae8bcc36026d870bd6d50e81d7c8b6c9bdaa8e3f07aa2b4923cf5bb1151dbb824c57f3e246b04c7f9224e57a166bb82c33796a8eea3b0feca65f6b027b

    • SSDEEP

      768:gOzcUy3d4wuIoMnB3w/2hQkHc6lFUWGMmvriCCf5C3R1qo2hHOGLxYRrZT9ixHDW:PcFNTVrhQv6lFUWGMmvrAE32LFYRrZT1

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jaas_nt.dll

    • Size

      13KB

    • MD5

      68248d57321b27fd8aa522eec32839bd

    • SHA1

      53226d1a011758b67830d8270f8cfa475a2f485d

    • SHA256

      6e920446aee74b00e7c375a95d4251a373e28a43d4e43b37d626eced9a7058b8

    • SHA512

      17a84876bd82787a3358b67a814ac0b31f6e0e161a2bf4f92f20f1420ab2d23bf26f33bdd7c0ecbfcc84695997290596280046f359bd65022e337b88dd6001f9

    • SSDEEP

      192:K6qjc62qVmPbms77KsR4aChOA3a3X4WAO0PVlA6OlHnCgI1wG:ZqjkKQKsRshOcWIE0PVlClHXS

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jabswitch.exe

    • Size

      24KB

    • MD5

      3d169bb4acbb4f3db2925ee846f68b66

    • SHA1

      2c8cf55e351cfeb6ea160bb8376f8a65294c8a7c

    • SHA256

      e77fad4dbcfecf30669a219cfad141350a3e2ce2f2af070eb0d80b43a74a86ae

    • SHA512

      bdc5e28d4fafac6a0c03e36044dcb69bc621e209bf4cc46939862f82ed7e3c6dc6fc26255daca8c1bffd47328f2a3e4f61cacafe7afcae84524320dfebe9477e

    • SSDEEP

      384:6wxehfW7RGV/QrnqX3hhwUjqrLP7dn3pm15Kq7vPngUaKV+na7SHuEVtcaPb+S15:6HhfWinvwUurL5n3cTIU1+naSOuthSM5

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jaccess.jar

    • Size

      43KB

    • MD5

      502dc106bdb231797d00d2b667db8704

    • SHA1

      931d59147a644040f52d6c28ab14ad77a0fb79db

    • SHA256

      829968a16ba58ea3d382885e2b3eda159de670aa5be296f7677da5995e2fd10c

    • SHA512

      2a4c75446d034a4203eeeec6dd14a0e345e77d964770fc7e368e6ae54b4f921543c28fc57fd6fdafe1b462ce8700b1a418ddb205bba45a8e5ae700c3ed15467c

    • SSDEEP

      768:oYV6UjqfgKbWnXuZIQvfnbJrpMItkZQnWn1094qoCjE4ij:oK6UjWgfnXudfbfMTQnWn10yqH34

    Score
    1/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/java.dll

    • Size

      86KB

    • MD5

      6bca9b3769af6b52e8f4b584eae2f7f3

    • SHA1

      d2da5a296f8c679be8cd43e7eefecd2757a176a0

    • SHA256

      1313b10a9ae5927a059b99664bf998f210692c4b8a0b8d1ff0a0f5c73d5b160a

    • SHA512

      d9a91d04cecd2de26bfc3ad84b3e8cc353d94d2d228f15f8bbbc3e7caf2e8812ce33759e8734a54eb109d5a2f994f5bb163d4a83fecd551733ae987b249dd157

    • SSDEEP

      1536:xDsj2zDjTTfXPtD9IgcaKm3o/FkTDMtFxg6Vr6OUGZdPnDOFm4pIC5GzQ/bo0TK:xDsj2zDjTTfXPJLcU7MtFW6Vr6WdPnDF

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jawt.dll

    • Size

      7KB

    • MD5

      8594a8405606e3299e1bc2f98c638957

    • SHA1

      a50cc2b7c40f3eff292e5d9a43397030dc5e0899

    • SHA256

      50bb9ac4bf275d9d7ba6414eb340837cf46982715a196a1d7ee3e56f5a19a048

    • SHA512

      5053adff48d4f0dd5fa147243ceba528166c04d55cbd6d0d89599369096c000be45b0804b3ffa78ea477f1d49199c684efeae2eb99bfc7b3e1b566f12756e51a

    • SSDEEP

      96:Wn4VZiVl1A1+vB0qYz7KP3XLPVAAD61k+:Wn4VZ6nb5Y43XLPVlD61L

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jce.jar

    • Size

      113KB

    • MD5

      70eb04d21d1639b5d92165cd9d3940ba

    • SHA1

      d958adac5f1edefa22045a1409ccdeff154779c1

    • SHA256

      15c40db7ab18423a7b653b64033d4639a8ba5f201c20232c6f5dce0102887231

    • SHA512

      2124ad54b1b10cbaf9e06bcc63cf8b2b8479b9787be5ca94f425b0a506c3722a11c68a073718b9f57b6ac9b84ca87ba2838e843c0536fb0769ba64f2a2bd4b58

    • SSDEEP

      3072:v47Ovr7VDo5Zd5UVokTTNeMAgGHuyCTCK:A0DqZdWBo7DH7CX

    Score
    1/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jpeg.dll

    • Size

      137KB

    • MD5

      e2e5e5ba2db67ab0760535c9e855579c

    • SHA1

      04bedf3946cf0b592716d7e3c49d5c600790f371

    • SHA256

      475d1179b5216ac58520ef7cbdad57288fb0ceeca3e24d6d4d6d3b43ec49578c

    • SHA512

      bf2aa7454df277c9fe69c84ee46c5c3ef6f9a62a7ec08ce3231dd7bc53644ef3dc83f9287cbccfab8c12444d79c7a9bbfbf80f6ce13ab7aa2f0aa606f4b6dfe1

    • SSDEEP

      3072:hIJaZEJrhNWWL7PSk1IDDmcFS5VYi0ANaSMEbM2rXV4A:hI15WE7PS6IDzFyFNaSMEbM6V4

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jsound.dll

    • Size

      24KB

    • MD5

      44fe5afa90e02eda806ba83c45b2621f

    • SHA1

      dff62d19ba9750f945a5ad595ee439b20e96cd12

    • SHA256

      da69efada5bc891aed24cd5e5af4a245537bf000967a6dd16e6b09361d1046e1

    • SHA512

      118d29af8a0532775153451ebea61ab3e8d5ebe103c2d5ff485bcc27d7be3abb816b963c3f99c4667f90110b86e946e1c6c6e85aceff809bb3905a5a80535c4c

    • SSDEEP

      384:CzSht78T0OgjjaFr0OPfcOM7AdJwePHRiPCeHlLYuG8RPGHbHkoLny:CzSht78n0OPtdJFHUCeFLLR+7Ju

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jsoundds.dll

    • Size

      20KB

    • MD5

      143dd074fab2fea89f017f97263c17ab

    • SHA1

      79e9e82075b9a36d251877923638ec141b737fa7

    • SHA256

      5970ea183e9603352c324db4288bf2feeb807ec3bd1962f81e0311fc0a9f0555

    • SHA512

      646f0127af4f0c8e641c1d66385932d49686d80a8a5354d1a392340db0b2217e63e6231f885d203fe6061cbe5c812c517d77bb69661a3e591ec074f38eb53859

    • SSDEEP

      384:yeWeFz9EZu22rM0Z6U9HB+O2R3WreX06OMi423nDIN5sgvYWWac44Sl0KnKHqdx+:xWeFz9Yu22rM0Z6uHB72ZWreX06OMi4C

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jsse.jar

    • Size

      633KB

    • MD5

      985dc5f21f8c011178da93519d55cc1d

    • SHA1

      1bf97b1255bbbda1706a9764a378d1c06e07a1a2

    • SHA256

      3ef2ff87c650a9bd29e41e67bcf3e44d6f0a297ceb375a37c630055466307478

    • SHA512

      319e786d640e9a55796a1a210ec5efec920cf40ca24fdc5a648053cfc8bfe9dd1b20e8c5d3a714bbbd195fcce3de153033896e787d74e319dc7a1b3373155ec3

    • SSDEEP

      6144:0kks3HSMUsMhBSafEtTcNexU/agYMXf//FsBaKGS3fwslT3y:0kJ3uJjNeGigYyaaKny

    Score
    1/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/jvm.dll

    • Size

      13KB

    • MD5

      16632d231f59d27b1e6f0b6d9394238e

    • SHA1

      bb54d29fa50ad4fc26d1e149a8094caa3fc3a1ae

    • SHA256

      e0448890487659db16a4b2b25c3182e22a05c807c4659da5b8b263b951b11f84

    • SHA512

      af77fbd5daccc1fbdf2e5009b19ab40ad6b196321deb6bdd724967ffabb45f2400cb444f17f603c69089da6f53fa0026fced5de61cec36a6be22b11361c928d1

    • SSDEEP

      192:0FKp/SNdJPFZZFnV4Ea5YPQ6UojILWLKB4tOO4VzzqmP4Dftq5tB3X03IPVR6bUG:Rpw/nR0XqmQDftq5t9E3IPVmUZc2

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/kcms.dll

    • Size

      168KB

    • MD5

      272a76d35fb21af255560e4645a14ee2

    • SHA1

      292913cae4c905d495930d25a8fcc251df36b40b

    • SHA256

      afba8f254fd34066f7adec95147e52ba31baeed165e0869522240d1222d0c5b1

    • SHA512

      55f260aa99a642ea22e8891bd6778266c48027972fb712ddfd89098ed825ab65aa9cfdc1a82a509b286ab4ce50e709031b9b8e5b7864a05dd97da5b37929abc8

    • SSDEEP

      3072:U3O0ARym4uKtpdhEnG4e/Ny9bfBLvrNtk3laCg0k3FnDO956t:qUzetpdhEnjrBj/kVm3Zl

    Score
    3/10
    • Target

      $LOCALAPPDATA/Temp/mathtype.tmp/lcms.dll

    • Size

      175KB

    • MD5

      7bd7c8844f0e8241ebe59d664a0ce2b5

    • SHA1

      1f39239cb3eea48da87b9e77d9c0ffeba1954fd3

    • SHA256

      b4b3590ef4f5fb482609df35ba4a6b4eef0483586e92f0cef45629da7d0466eb

    • SHA512

      4f17aeb99b04c02e166a55c5523fe4a36681994215e717ee0b8da36e90bf53c7cfcd66b500b737ce0e91e8b293f2982f66bd90dc6e68f2e6d06087a3a65e7d64

    • SSDEEP

      3072:AKl4IOMl74MHKt6VGEJK2Pp27Hs2AJ8zmf49GCxwCUGFm/eny5iNxuONIu:16IO4q8K2iMbJ8z7JFvy0N

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

macromacro_on_action
Score
8/10

behavioral1

discoverymacromacro_on_action
Score
8/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10