40b6c1d8cb9259d944c737d9e3cdb483bf425335069fd2685cf13629334cc938

Sharing

Copy URL

Twitter E-mail

General

Target

MullvadVPN-2024.4.exe
Size

100.5MB
Sample

240727-gfsgdazflj
MD5

3b8998228cb282f77564c5682fb8b46e
SHA1

7d7ff6e36718aa2cefb4e973993d6bedd49458ba
SHA256

40b6c1d8cb9259d944c737d9e3cdb483bf425335069fd2685cf13629334cc938
SHA512

d6b3698958a9337e95a7c0cccbf24438ea428afb13591d42f4960b1f81b8efdb316dedc1faea05cbdfd7dcdd11cdca633ff01c66837a79ce6da0123bb1e890d9
SSDEEP

3145728:Mg+Tm4qzCsO+1xhHc6qUccZBNzvYzFO65S9RwDV/:KC4qzC01xh8p8ZK5WRwD1

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  MullvadVPN-2024.4.exe
- Size
  
  100.5MB
- MD5
  
  3b8998228cb282f77564c5682fb8b46e
- SHA1
  
  7d7ff6e36718aa2cefb4e973993d6bedd49458ba
- SHA256
  
  40b6c1d8cb9259d944c737d9e3cdb483bf425335069fd2685cf13629334cc938
- SHA512
  
  d6b3698958a9337e95a7c0cccbf24438ea428afb13591d42f4960b1f81b8efdb316dedc1faea05cbdfd7dcdd11cdca633ff01c66837a79ce6da0123bb1e890d9
- SSDEEP
  
  3145728:Mg+Tm4qzCsO+1xhHc6qUccZBNzvYzFO65S9RwDV/:KC4qzC01xh8p8ZK5WRwD1
Score

6^/10

discovery persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  resources/apisocks5.exe
- Size
  
  5.5MB
- MD5
  
  27a9a6a90e5b7d8b68c0016620fa9dcc
- SHA1
  
  2c530c0209cb34f895b5a176998b888af9eabb89
- SHA256
  
  652843785a9b9e1c312ab06411f4065e8fb07762de50cce4746af4bfc40e905c
- SHA512
  
  293dd765c358da1c99285d230069aba5c858086d5cc563ab3e14c03ec479fc0c0a00bc9a7ac2bf87a85a5c14bbb49ab08e50e74b2578a7a134e45270a38953cb
- SSDEEP
  
  49152:R7JWfiJcSjXRCp8RLK+lmU8mo/RbcCzVenIOpEq9dO5EO/7aPCQ+RiM23Z:aiJcbGRWUxCzgnTW1EOqCPBg
Score

1^/10
behavioral11 behavioral12
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  resources/mullvad-daemon.exe
- Size
  
  22.4MB
- MD5
  
  abbf6d05f1e7c6e5f6559823df40b8ab
- SHA1
  
  f70dd0327424a725dc3e65fe038c1d8bee9adfe7
- SHA256
  
  965a80571e554d5cde90a9c3d73491134cf9539503ab2ba31d9f89d1628a446f
- SHA512
  
  f2377c5ef6a8fe33d07f4f27c6ef963472b328688de17cb339792f21a96ac63858b6b60dee5c9bd2f3782d4501354d3dfececdaa1e02a272648b6d81d2f5bd68
- SSDEEP
  
  196608:ITyH4gY1O4sulT02ZxMhm+G2VesHZDkszN2:ITsYw202PpGe0ZDbN2
Score

5^/10
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  resources/mullvad-problem-report.exe
- Size
  
  6.3MB
- MD5
  
  5bbfdfc104f07a2cca0d7e8150f5bd99
- SHA1
  
  9f257c96b030f1b7d20fbeb578632e233e9e33af
- SHA256
  
  24aff1daa17e9abce655376ba3bb279fd83ec5bbc935081045577187072a8a7e
- SHA512
  
  fdd87de3f57a4aeb3c531dd0033d7d1c796079c2522f20e10ce36505e4ba162a7ca8dc8ed2108fb89aaad5236d05c791e7d4f67c242364077114075cbdb339a7
- SSDEEP
  
  98304:4l8QqcopwyyWmeqUA3PDgHmSwkjZXo+mVa5CLcM:lwyU3rPSwydorD
Score

1^/10
behavioral17 behavioral18
- Target
  
  resources/mullvad-split-tunnel.sys
- Size
  
  88KB
- MD5
  
  539e09941ba1eaa412dd48536874e9ae
- SHA1
  
  0d8fb56d4e62efe6135c4305eeb11a5f8e78a146
- SHA256
  
  08d14a289eb9a071194e30a82aff5a936dca7ef8827fc6986075eddf1a6cb8fa
- SHA512
  
  b6042c988d81497c3d187acc351cd84ca6ba0eb046d24f8221b25de3c94eaf56838ca626ba1a80aa786bf496c553cdf32e7c6f9828a4df0cb6adb8f95f00070c
- SSDEEP
  
  1536:vBxnGclQftxhZrZTd06udsshU6+ZlQag0yN36XidbqzLSC:vBxvlaVdKzvhV+ZlRStc15
Score

1^/10
behavioral19
- Target
  
  resources/mullvad-wireguard.dll
- Size
  
  784KB
- MD5
  
  cc6385b7b3cc95fa3b8820458599b9d4
- SHA1
  
  6000beb194c3584ab55b900214a69c27fbf04bd0
- SHA256
  
  222f42da46686ba2603337b2c5e90a3d68e46897e9dff79c3bf7cc9275cce298
- SHA512
  
  b73e419df32f807a35c048055de045aa913a4b9ddef9868f8b0f5bd0b23c2c12eb0032df8aef03680397da0c8f77bec6bdae0d668fb7312c9e15322ada99d928
- SSDEEP
  
  12288:M7luZKZvLSFoio6ARFmNOX03FGcN7kWV1:+pLo56OOwN7Vv
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/mullvad.exe
- Size
  
  9.7MB
- MD5
  
  014f96e1cbd42f769b535c1a53cf770a
- SHA1
  
  b67ca528a373eb7972245f4b5a30d946f6b94a2a
- SHA256
  
  59cbf0e8fde1b60e6104dbc3933b2f84fd087ad7181a6fb238806823830d8112
- SHA512
  
  a99938d6e4469ce0cd5982e9413cc44bd818cafced55bdd12709ddd7f0dca16a872e1308bf5f1d9e7ac8252f12a471c245b5562b3da726e25f6955144bf89a71
- SSDEEP
  
  49152:dZfwQ5RlMPlVNSAzFoM8khrq3xVZY/VvJu3N22lb3iKOJ6tqEyhN0P0G+eJIE2mt:47hNCnJI32XCtU01/f2zisaoexkOEj17
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/openvpn.exe
- Size
  
  6.1MB
- MD5
  
  9bceb45398b01ab3b6ea5c7b3a78c8f9
- SHA1
  
  49164c54de9ba0682e39ac1e393ad624be62a120
- SHA256
  
  bc4028a7165ddab4562cb16e9f0a51e86728873a7d897d43b1a304a0a76e1002
- SHA512
  
  ae5c2ac20670fabe28a790fc6db1e73bf0b76cc011b9507e15a205a13cede6c5e92b0f514cf9a9c1480d3dda89dbd1bf90d1cd17fc457884b1402895cec1742b
- SSDEEP
  
  98304:gI0FyysoCfIqlpFXwy/J9ZKkw010ErU8/wT+MN7h1+e+kKAom3tINLeroBs1S5uB:gQpw01UT/ILS5odv13uFnCPw+9OcvwP3
Score

1^/10
behavioral24 behavioral25
- Target
  
  resources/talpid_openvpn_plugin.dll
- Size
  
  4.2MB
- MD5
  
  c11241a5e555794a62b98c69a703bb22
- SHA1
  
  961e46e7254704c332ba7c52d915c2bd889544f8
- SHA256
  
  509370806fc6137620fee1d195f67efdecc358e35f2f16f5d58ab5e56c821c11
- SHA512
  
  2fdc40ea206de0d92560052597373aca103dcd9e427f4529303040d9fa2810836989e62d5365895ecf3891fa9cae4b4ce010239492ee35b639adbdb1bf365763
- SSDEEP
  
  49152:USVVmVjjKv8QyABY+PvJUiSWfEFjZVZpBQsL8FE0F7FeQoxg+4rg3iolzI5mKM/b:hIVvQy9rFvq/Vrg3i75lM/vPb
Score

1^/10
behavioral26 behavioral27
- Target
  
  resources/winfw.dll
- Size
  
  464KB
- MD5
  
  3b1b56a8463354e57ff877d895dd4631
- SHA1
  
  d6caacd7862a6065684bb96b2ca67aa7d351fcc9
- SHA256
  
  aff2babeb4a1635197daf57520b95a24b09841553c5b2d7272932443cd014041
- SHA512
  
  5eb6a539245f319fea426aee192d5b407b39a13a772b107923542775fb11eb18b756460e3e8b7ee36b3535cf86966b1fc4938d97cc68d7d1e863a733781cb4f5
- SSDEEP
  
  6144:vcrcpwvEIwS+z92XlW1Qvn2616L6nJQmfV7vpZqrYcXOu40zUx2:UeNzsXlWuvn2616GOmhpZqr3Tq4
Score

1^/10
behavioral28 behavioral29
- Target
  
  resources/wintun.dll
- Size
  
  417KB
- MD5
  
  e861eb5789c50997d9476a6172d1c269
- SHA1
  
  647eb6588b149efe2477fd192c8cab74d018d8ef
- SHA256
  
  e5da8447dc2c320edc0fc52fa01885c103de8c118481f683643cacc3220dafce
- SHA512
  
  d8b49a6834c1ea5d73fee6979c59def18900c86d598ea900ab741ce71eefdaaadb4862afefa14e6cc093007eae5d4325857633549f1ade555baa0344b18e6112
- SSDEEP
  
  6144:uNsLgQtz9nDZL4tFDjiaOE1DfsnyDQhWmnPIt:iggQh9nD2tFviW4/Qt
Score

1^/10
behavioral30 behavioral31
- Target
  
  vk_swiftshader.dll
- Size
  
  5.1MB
- MD5
  
  12a05f670f2751f47606f16b2a6b9d22
- SHA1
  
  b31d8165fc1d59075cfcf6169b3037feee386f03
- SHA256
  
  56d829854d3873ea3410274b6dc10d9c45dc857975fa9abadda8c4523ee67b69
- SHA512
  
  be2bf5cd08d1c92d22f7498a9da0e37e17723abed6d443d9d27c09b878c642be18f06cc8e87cf8c94a18571d4b41d0c782c162224142233a66a87b4083dde8c5
- SSDEEP
  
  49152:LoaTaX1+4J7dN1uB/t4ABL5V1v+3+mFcpZBqtpM5KZwFlox0ikAiJb1XQGBliYDq:ReX1+qULMSx17nb24
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Boot or Logon Autostart Execution: Active Setup

Enumerates connected drives

Drops file in System32 directory

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32