b00d0a0f78fcce81c653972072faf8bcacba8967d5bfa97ad88bfc90d54d0eaf

Resubmissions

01-08-2024 21:24

240801-z9cxws1cjd 9

31-07-2024 11:45

240731-nwq2ta1enn 9

Sharing

Copy URL

Twitter E-mail

General

Target

node_manager.exe
Size

83.3MB
Sample

240731-nwq2ta1enn
MD5

c8649a472f93c776664366ef36ffba67
SHA1

e8b7c7196ff96d1b97fb7d71aed124c2a2eb1f5c
SHA256

b00d0a0f78fcce81c653972072faf8bcacba8967d5bfa97ad88bfc90d54d0eaf
SHA512

bf0ff3453dc17d9025eee2724cfe789bbb57282001e25b282e80dd604cb428670ddacd27d5d44650f3cd23d04090471cd3fa4a776303689b0be7f2b0386097b7
SSDEEP

1572864:w9eyHWNREH0/Mu4zF+gWkGfLHIm8MJu5RZDB1f+ptxbSJkBiOP+gfx2OIwy:wapf4zkXjzHIQu5XDB16BP2bwy

Score

9^/10

Malware Config

Targets

- Target
  
  node_manager.exe
- Size
  
  83.3MB
- MD5
  
  c8649a472f93c776664366ef36ffba67
- SHA1
  
  e8b7c7196ff96d1b97fb7d71aed124c2a2eb1f5c
- SHA256
  
  b00d0a0f78fcce81c653972072faf8bcacba8967d5bfa97ad88bfc90d54d0eaf
- SHA512
  
  bf0ff3453dc17d9025eee2724cfe789bbb57282001e25b282e80dd604cb428670ddacd27d5d44650f3cd23d04090471cd3fa4a776303689b0be7f2b0386097b7
- SSDEEP
  
  1572864:w9eyHWNREH0/Mu4zF+gWkGfLHIm8MJu5RZDB1f+ptxbSJkBiOP+gfx2OIwy:wapf4zkXjzHIQu5XDB16BP2bwy
Score

9^/10

discovery credential_access execution spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  LICENSES.chromium.html
- Size
  
  9.0MB
- MD5
  
  aaea51a605688fcb2f178fd60e4ca64c
- SHA1
  
  69d4791bf3cfedb68bc4d8f766878103578171cb
- SHA256
  
  96837a4a521a61bd3d34f2f660e29902d228aaec501eeb2a84403f1926c3df9d
- SHA512
  
  d328bf2f9ff7372a716a09e5882b9e3c0051b0135412b3258453085db1de2c7699c8aae24edfaca7798f468802db975977c9976e19fca84fffe884bf8594c33e
- SSDEEP
  
  24576:h+QQf6Ox6x5n1nZwReXe1GmfL6k6T6W6r656+eGj/dBIp+:oAZeGLp
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7b7470c347f84365ffe1b2072b4f95c
- SHA1
  
  57a96f6fb326ba65b7f7016242132b3f9464c7a3
- SHA256
  
  af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
- SHA512
  
  83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
- SSDEEP
  
  49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
Score

1^/10
behavioral9
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  bf71f43a11049f853e72c0b1552926bc
- SHA1
  
  75bcc1f3f5e515491b32202ac3fab2e2f4f40aa5
- SHA256
  
  1178ebc025d6309975aa35dc37e3d9b400b5ef0b17ee4ee70e8c7f0585dc5f62
- SHA512
  
  8ac6c94d49a33dac22edc0a73b95d09a5da18fe56301304acf43b600065775871621b80c7ccad9c1c0dc451b4fbb9adbdf46db7db1b054ab2ef80c29f0766223
- SSDEEP
  
  49152:r1nRu1gjn93AXtsX7I8g4AScbz6Ox+pen6yfmb+ST1PqRrY3:rJsf83Sn6Ox+tP53
Score

1^/10
behavioral10
- Target
  
  libEGL.dll
- Size
  
  470KB
- MD5
  
  5e461770b31bb938599f8786b1c885bb
- SHA1
  
  ec1428334166a3e569ef1d6b86392741bad0d427
- SHA256
  
  10caa1a1e84d9a068a807f39de6e502e6386261b07b37ffb8d382af1fa814023
- SHA512
  
  b9577d55a8c373db85f7b800ab2f616d3d0ffa6f532980b1f88d64b9e07356ceb2a9aae9550baa158a704045b7592c438daef80814c318eba9dde43fa061c0c4
- SSDEEP
  
  6144:Qmi12qlTgeUDsnkcM2nDl83BgENhYCqNLfY24M:Qmk2qxgeUDsNnDcgENhYRNLfU
Score

1^/10
behavioral11
- Target
  
  libGLESv2.dll
- Size
  
  7.7MB
- MD5
  
  ac8eacbc17fa238bec9cd53583829d4f
- SHA1
  
  aed3a4b73dd6caec9302fed52ef844ef1f210468
- SHA256
  
  d2b525e5b5ca3eef75cd5191d563f5f01008fd94b643189d4b0afa502f34963a
- SHA512
  
  5105179d62287f53c41f20806d13b2ffcc1c9b626c1295577f867adb247f5f93618621dc64cdb7eda2ded513eb3e666e5be26b109d8b34e38234665f3f4b5c90
- SSDEEP
  
  98304:zjY0cdUNfie4BN5SLnSy9/I+0Tv1XC3rbo:zjY2KeVtIhtmrM
Score

1^/10
behavioral12
- Target
  
  node_manager-ns.exe.exe
- Size
  
  172.1MB
- MD5
  
  5e7f3dcababac06d45edcf9be7390f5d
- SHA1
  
  f4de2d65b2944e19685b1b11efa13f6a6cfdb535
- SHA256
  
  039a72b85d6fa3f5cf6d9295637ad7b7d2c0c466544379e2852a58bc9cdf2c78
- SHA512
  
  86100b0ebac55d68728a8cdee240a32a0d27eb1a8c79b424aafded95c51f3c60298b4bcb8b8067ce4a9b98230e99c7102a2e2427c981dddd86e7515b3f4b98b2
- SSDEEP
  
  1572864:OOzoFp1uzWYCKLT08vzzFN3hK7hYOWFZdL3m4aazO3+v591RxmLVhe:uub7xmL
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral13
- Target
  
  node_modules/koffi/build/koffi/freebsd_arm64/koffi.node
- Size
  
  4.8MB
- MD5
  
  5d7511ff90244bc0cb665d5097707cbe
- SHA1
  
  e7cd18818ec22fbf1ca90eae39f7637b99f7fcab
- SHA256
  
  02811d7bc898112582a5bab60ab9ff45b96536caf016e60c9aad8273095908bf
- SHA512
  
  1c0c191db8d63b8d98022c49f7c7656357a0b057872d22c083785bec6c9f9684e10facaf2bc5418605e7a7d2342862f04560f78aa1edd5add4c247158bb30e17
- SSDEEP
  
  24576:tRggLf9Dy69StE+wzOD5opu5x4qaqQqiPRpzlgkYtjaCqlh2eSf9:vgcfUNtEbpckTmq8
Score

1^/10
behavioral14 behavioral15 behavioral16 behavioral17
- Target
  
  node_modules/koffi/build/koffi/freebsd_ia32/koffi.node
- Size
  
  4.0MB
- MD5
  
  e65a8a0209b356f7909a9a963491663d
- SHA1
  
  d72521b132523adf331acec6ec5baae155d0a7cf
- SHA256
  
  fc5a0779f0a6cdd4dc122032fae7802dbaa83c3f4193abccc7896d61204251cc
- SHA512
  
  c9613075c9469b5bcfc918244acf3e734855c063aa1bb3439d4180e2f770d00d46c9bbe1fdcde5a2546ab6787089bb4685f44c612de637a2f9cbce28bede3a7e
- SSDEEP
  
  24576:/lQlcSZB9sZ3rbiyC5/FE9W1ihWLpJyP4UFzN9QME9:uYiyIvihX8
Score

1^/10
behavioral18
- Target
  
  node_modules/koffi/build/koffi/freebsd_x64/koffi.node
- Size
  
  5.2MB
- MD5
  
  f65219783b15eb910b3ae0a958c0a03d
- SHA1
  
  e09ed43a396cf0f3a044302f4cb1b3419453168e
- SHA256
  
  b8e64d356ddb6402f2a2da70f53751c75e935b826c1b0a77896f3e6f2b13925c
- SHA512
  
  a9ce37b546d62dc46105842c91a2b7a409724f6fc43c5dd94351645b47d03af82acffa3895014e0e8892b21bc45a4129a10023cc3a6889c052470fb3346b6f44
- SSDEEP
  
  49152:69MS4wP0OmQJ159NNHD+QbcS8S3lmpJPc+1gcvTU:69p4tIJcIViycvI
Score

1^/10
behavioral19
- Target
  
  node_modules/koffi/build/koffi/linux_arm64/koffi.node
- Size
  
  4.6MB
- MD5
  
  7d28c4ef947b15c7585f4cc5d71d6f3a
- SHA1
  
  f8234b55a1850aef79cbb91d2ac6b32312dc5df1
- SHA256
  
  21eca0e6f2c13cc129a475032ae8b30d43967458e4f7634a1ca72e379f8d9cce
- SHA512
  
  ceb9515678c38c3745bc188868797cf119e102c2a7b4cb315ccf02abe7dc2ed1b4508bd458df0dfccace95d3a44768038ea2d9479bf9e0669425c2d2ace4d9e7
- SSDEEP
  
  24576:heYAt+/I+JP1JvVNamSdRhETj7X9v5yiXKDGpiJX4za5:hemX1Jv7vz9v5haDGJza5
Score

1^/10
behavioral20 behavioral21 behavioral22 behavioral23
- Target
  
  node_modules/koffi/build/koffi/linux_armhf/koffi.node
- Size
  
  3.5MB
- MD5
  
  1e2fdc196588926ec3dff772a30507fb
- SHA1
  
  c827f3be82f8912dc14768a2dd8ae64f72764bed
- SHA256
  
  86fb843a2adcf82c733a6aa7094a8a129be7358aab7e4a4cf3d810a0f9daa69f
- SHA512
  
  3b580a3daef4422f701116929b4f2d69ac4585921ddd527b39c5fa86772fcf44447bd733a90a1658b7207561c406d22d5baebc5331325b99a615b792a08e2db7
- SSDEEP
  
  24576:8S4fh4OKPwXauJNHwKl96W0g7JAdnGQYYzInyelANnscSPytysVYyP8:Cf2qHwKlQW0g7JAdnGQSjc9tykP8
Score

1^/10
behavioral24
- Target
  
  node_modules/koffi/build/koffi/linux_ia32/koffi.node
- Size
  
  3.9MB
- MD5
  
  5ee031ccfd91cb608d8938c9d0b8d864
- SHA1
  
  0d9c10d16cc4ee2d1dd3100567c1ec7c62f11305
- SHA256
  
  828545994ab61867f29919ad897220bc2439b5d4a04bd601798814f9903e67cd
- SHA512
  
  9ae0100765307b4259f0a4d1980b63f34edd97629f0ca9e121bd79e34cc66ea86b451f3e5ae25a5fdc54ebc47ff66d6c7db36c7302e444b3229cac320b3a0cf7
- SSDEEP
  
  49152:7PowX2doXxylkpTRVSMp68h4HsNRm5eeMYYPx:DHxXtdbBs831yYPx
Score

1^/10
behavioral25
- Target
  
  node_modules/koffi/build/koffi/linux_riscv64d/koffi.node
- Size
  
  3.3MB
- MD5
  
  225716bef12d79ed690d902e2ab1af68
- SHA1
  
  c3b27a409ba71386c748d2f4c3ff013485a8747b
- SHA256
  
  ed226ba0cf384700183eaff432f772224f6df265ca27163738e1babb04211639
- SHA512
  
  26ad9fac424470a859f3a34f5994b0fe75373dcffbb1366426b71ad38b0b21fd4a411cab2386365bb826cbe9339e49732b36408910ad9868f1063357fca2f951
- SSDEEP
  
  49152:ujl4c4KEeeeeCCCCCLhV9J5523wRy4ixdsmONN:u2c4K123wRixSmONN
Score

1^/10
behavioral26 behavioral27 behavioral28 behavioral29
- Target
  
  node_modules/koffi/build/koffi/linux_x64/koffi.node
- Size
  
  5.1MB
- MD5
  
  417492f0773fb13a40b92b38f1903ac8
- SHA1
  
  099cf0edb29d751e86356db9704b24630c3de109
- SHA256
  
  472926a9e519093ab94b43602e7856e41b04cb17b5a8c80a714636634e1f8bb8
- SHA512
  
  eb57e6d5b85fa0ba721b32ab9573d6a2b27142f7e082bf9a3d054d3bc3e4b1440107f96350bcb0b984e6d4c0eb9b984c40a4e4c5b8ad21e4c16929bcce2bfa07
- SSDEEP
  
  24576:LBYK88TJAowz3NnAnVm0ENvNXDWlPwOaYvJswGa000000000000000000000000y:1MoE3NnAVm0ENvNXDnOas7ugcBiOKI
Score

1^/10
behavioral30
- Target
  
  node_modules/koffi/build/koffi/openbsd_ia32/koffi.node
- Size
  
  4.0MB
- MD5
  
  5f85c836b43db943bf557a218955ab98
- SHA1
  
  5647df0f8f4fb9d4eb964760952d11a7d328ff4e
- SHA256
  
  4dd4d4a79f410acef3d42361232dbf09a7c63c2a1b8b8d20beab0d2e423ff916
- SHA512
  
  f45a33ea16106e772394fba3dee4ef943fd3562116d5490e0a581547a6e548a9d460b47183b51f3c170d438e9b879bd7ba46d456c8a2675427a081597a3abfd9
- SSDEEP
  
  24576:mNYJDVZavhtJq7Hy404TEHZBgyEZuXb3sYtC9ifeKK58fg2sSCFb8HpIl/IC3Y4M:hyg7SihywuXb3sDAfeKTbo//Y4M
Score

1^/10
behavioral31
- Target
  
  node_modules/koffi/build/koffi/openbsd_x64/koffi.node
- Size
  
  5.2MB
- MD5
  
  57015591824271debeaf37dab567b3db
- SHA1
  
  a0b1d1c8fb6d8943a25c2e7f024e088a5331cd80
- SHA256
  
  c822f6a7282b705ee75baff7188dad067f9edffa9146cf375bd9b7234ad46360
- SHA512
  
  f60ef978675670c6da894c87d1ed86d6882d8a193e104cc98b550c5f6c722c2e906108ab1834d43bc7ca34a567154c8997f8bd4124bf356e30b0e25e6f47114a
- SSDEEP
  
  24576:YW1NLEJxYmFCOJ/xeCZad7u9r43paDG6iLIQLoJ/HH3iS0bJgf:YWTnexe8Oar43pyG6oIQLoJfH3r0uf
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Credentials from Password Stores: Credentials from Web Browsers

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Enumerates processes with tasklist

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32