ed2821277a0521f51a0c8b983641f2d77980e1e316c9e455f7ed03c2d697839b

Sharing

Copy URL Twitter E-mail

General

Target

SSTap-beta-setup-1.0.9.7.exe.7z
Size

6.6MB
Sample

240802-wzw18szcjd
MD5

3646c2c26271518e5ccc8c67c1cd9c6b
SHA1

c8008d1357e9e4b3149f0bbd1380a7d8c2017c4a
SHA256

ed2821277a0521f51a0c8b983641f2d77980e1e316c9e455f7ed03c2d697839b
SHA512

ca67343e3af7c40ebdd60c4a5fe662c0c20de22bae756ccba07fe6d0f181973d8434f7450af60976f3c6caaf62d456393a11723e5259352c6afdfcba21e75789
SSDEEP

196608:gXTf7NoPYbfpesLtTNGfNMKnU++DUzyiXkPXI:gTRoPYtesLx2VL+QmiXsY

Score

7^/10

Malware Config

Targets

- Target
  
  SSTap-beta-setup-1.0.9.7.exe
- Size
  
  6.8MB
- MD5
  
  d1311ccd62041691922bec9efd5ce16e
- SHA1
  
  bf6360a0cdeba4b72d9bfebec3f242808bc0b1d6
- SHA256
  
  84852993d1dc0bd68deb560ae171df5caf3eee3dbb9977a931408fc08e8ab0e6
- SHA512
  
  bcdeb35631c76a6272e86a46c565537cd33451059011f19325fa6beb3d1e4270ec4580f4b810c6747e7179b01721773fcae209e0d7ce94da350bb5fceb7800a5
- SSDEEP
  
  196608:agQ9/unnUqSneNErDmG46lr3CGu1egLFrLPSb:xQ9WnnUreNEf9RhugQFrLW
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  b06dfd343c2a80f584ec8968b942a839
- SHA1
  
  223b308f92cc53890993f6ac8caab49e0816ec90
- SHA256
  
  e546bcfa8d4adf45cc0828f32c0607385688994e19b41e11e5ce9badf923c0c6
- SHA512
  
  98686a228f816056ee56e4598b8b48c7beba835cff59c21b3fe9645a916fca4eac0e68728c460706c36a0a90423eef0809085e292390d14459d2e08d82724715
- SSDEEP
  
  384:EJC43tPegZ3eBaRwCPOYY7nNYXCN/Yosa:EgTgZ3eBTCmrnNAP
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  30b091668111ab1d6c19f16586a9eee5
- SHA1
  
  aea49d81cf9972eaf1604793c04d13ddffe2c475
- SHA256
  
  331ca4b3a311324b463167ec43851146e57a2d90500ac3fd57a7683f6b777ffb
- SHA512
  
  6dd592af085b2e28c54d7f525916112dbf5cfe134393b0b97f8f1f64739cf90962273c51f02e8ce2c623cf6aa8355eacda5db0b0256d8f05a77ccf0f99d11648
- SSDEEP
  
  48:S46+/PTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mF2ofjLl:zVuPbOBtWZBV8jAWiAJCdv2CmFdL
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  99KB
- MD5
  
  7abf66bab64e83da7a4da626bc34493a
- SHA1
  
  c3adab85d079b75b0c46f6b25fd2a736687624c5
- SHA256
  
  cbe5843990076d7cda9fe83aa305d66d3a0ffdcca932ef23114d1b3a491924f9
- SHA512
  
  f1beeb7df3e24daa72bdb093ea655d236c601e55f039322676f80c8aace0d39af6fab78be6b6b63e9486473f78dae42a762022f776b55d118c7a20948990dd5e
- SSDEEP
  
  1536:Cyy+tHEzQ+FWrw5DXWceSl5c4DBHllBYm:Jy+tv+ocdmceS9dT
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  9625d5b1754bc4ff29281d415d27a0fd
- SHA1
  
  80e85afc5cccd4c0a3775edbb90595a1a59f5ce0
- SHA256
  
  c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
- SHA512
  
  dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b
- SSDEEP
  
  192:eX24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlqSlS:D8QIl972eXqlWBFSt273YOlqz
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/killer.dll
- Size
  
  6KB
- MD5
  
  90d4a02442dbf8cbe8acdd751c090e3a
- SHA1
  
  e45d21b5ccb7aa6014124c649caa29bf6cd0a0bd
- SHA256
  
  c38671ab01efc0e0242fb7e7c0336c2cdd0403182070a1b2075f04a8f6616a3a
- SHA512
  
  8df6423f857f974f3405ca0e21aba79f94b8dace39c9c1e78fa420de87fab5a149de484165f5fc8e1c0a2fdb80444d1887bdce63c23418c6a7a372c2d0d6cf95
- SSDEEP
  
  48:CRNoO/u/Lx2KT6YiTVV6niNrvM0Aoy3TYzyixX9jQpTGBbgyDg0b5pcTe4RuqSCc:mNz292oJIVViYPWTwlGoczxVCF
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  35200be9cf105f3defe2ae0ee44cea12
- SHA1
  
  3f4a09eeb477d3f048cdfb848b95aa39b20d89dc
- SHA256
  
  0096ae873c75f4e4d802dc97eec9893acc0749a7346e63f25a8d52ba8e11c527
- SHA512
  
  f8f7d8a844d588c6e2d6dc54e0d4bcbb1c4229a6e8f4d110a5e3d47eb0b8b5e0860ff5d31762229a731e08d7b232468b2a78c29778a9f0c62a7381db89175833
- SSDEEP
  
  96:EjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNwS3m+s:lbogRtJzTlNR8qD85uGgmkNM
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/w7tbp.dll
- Size
  
  2KB
- MD5
  
  9a3031cc4cef0dba236a28eecdf0afb5
- SHA1
  
  708a76aa56f77f1b0ebc62b023163c2e0426f3ac
- SHA256
  
  53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00
- SHA512
  
  8fddde526e7d10d77e247ea80b273beae9dde1d4112806f1f5c3e6a409247d54d8a4445ab5bdd77025a434c3d1dcfdf480dac21abbdb13a308d5eb74517fab53
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  LibPrivoxy.dll
- Size
  
  1.1MB
- MD5
  
  db6bbc603d26258ca897403583521847
- SHA1
  
  97910c1d4ad846f52c66bce070b37bab965fe87e
- SHA256
  
  ca2d555e476a0c74296f509a39643442f5c29c0485b3ec597b8da2be5862baf4
- SHA512
  
  7934c35ecb10f1ed8a76fc6a5fa7da68ef44edf52c4321cdf59206ed69061e3ba3d9a38c4409b0a733a3ec8bd10a649582cab05562a939abf7606ed5c9c7d0af
- SSDEEP
  
  24576:k9YNy6qUDsUPSnF8u7lB+XCfPPpNEX/4ODJtqrNmrM4F16:k9YN9PqT+XCfPPpNEX/4ODJtqrNm44FM
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  LiveUpdate.dll
- Size
  
  414KB
- MD5
  
  1b0843a89ac1eb4744b8797d36af4fb2
- SHA1
  
  154e0ba14b44c3cd2b742b42690ed8d6af20902e
- SHA256
  
  80e3e09754375ecb706450fc5a7c24f1ef4b33b2f0ab68dbe9c528303a7eb4be
- SHA512
  
  bc697b2110559d47bd48f1aec36ba1f719c7cdb2751471816fe8c456ef2667b96c19f79b0477f1667e8950e8dd4e82b5a8acaa10a26ccaae1ed3d1f53676a814
- SSDEEP
  
  12288:SVLjTpCNbhOdUH2CMd1AcqRMH+uZ23yn1:SH2hJU1AcqS+uk
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  SSTap.exe
- Size
  
  4.6MB
- MD5
  
  13cbd58ed7d92c22fa64cd69e7f2bcca
- SHA1
  
  c496ef61d911a7703211902a89e2ace8b85142a4
- SHA256
  
  6f2a9e471376cbe2581c1690f8f3e3f0b5bb1bae3924aa28312afb41a4bc520f
- SHA512
  
  833e83634f748faaff2010f417575081b865e82e36dced77143af15098db26f686f913edf05eb43f054f2fe42aa6e6e1aa2fb1abc2c9ccbaf0e842901cb54f74
- SSDEEP
  
  98304:fAIxubT/26R8SXSM9ORP6AYKh8UEEpIzW28vX04G5gixQydboKZYxM6:fp8bT+e8P3mU3LhG5giGyZGxM6
Score

7^/10

discovery persistence privilege_escalation
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral21 behavioral22
- Target
  
  TAP.exe
- Size
  
  1.7MB
- MD5
  
  ad00b220f78a83eab2cc4cefaf4b42a4
- SHA1
  
  784853573adc9d1540fb65180dce332a0b59a169
- SHA256
  
  74c182c390d8ac8b7fa360c1e13f4d96579c1353208390f3adb503977bbf28e7
- SHA512
  
  f1956f20de66f014843fb80a41b5f9ee16d5384f64de108d96ff22e9d3294a473bb95cb33fd255cfe3a5bdef276214f67b964ac340931466e76e0d2ebd2e65fc
- SSDEEP
  
  49152:NY0GRkvdxY1uCIdwTrTR3go1qvYJ5EJKtcFbEG5JIkF7y1oi:xpHY1uCIdiTR3p1qvYJ5EJKtG5dF7y1
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Uninstall.exe
- Size
  
  596KB
- MD5
  
  bac8517a4363c14b5204460ee808df1a
- SHA1
  
  47158b23e79d734e750b8a0df3b0f2cb461f3509
- SHA256
  
  1e09a8a5510320ef78f4f45629129d8f64b71f53bc646640a44871b04d581ca1
- SHA512
  
  516c014eace3a02560862a9ba5fddafb53c93b5b78faa7a5cc39796b94942e05e1ea2e797b388cfd0b5892f51d3dd6190b835484cd6b418cca069e8f57ec63f6
- SSDEEP
  
  12288:fUaKUaQqbWQrPBFSHvkJO1tmPY+Qk3CTIk7qIa/k:XpEWQ7zmvFYQ/IAI/k
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  30b091668111ab1d6c19f16586a9eee5
- SHA1
  
  aea49d81cf9972eaf1604793c04d13ddffe2c475
- SHA256
  
  331ca4b3a311324b463167ec43851146e57a2d90500ac3fd57a7683f6b777ffb
- SHA512
  
  6dd592af085b2e28c54d7f525916112dbf5cfe134393b0b97f8f1f64739cf90962273c51f02e8ce2c623cf6aa8355eacda5db0b0256d8f05a77ccf0f99d11648
- SSDEEP
  
  48:S46+/PTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mF2ofjLl:zVuPbOBtWZBV8jAWiAJCdv2CmFdL
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  99KB
- MD5
  
  7abf66bab64e83da7a4da626bc34493a
- SHA1
  
  c3adab85d079b75b0c46f6b25fd2a736687624c5
- SHA256
  
  cbe5843990076d7cda9fe83aa305d66d3a0ffdcca932ef23114d1b3a491924f9
- SHA512
  
  f1beeb7df3e24daa72bdb093ea655d236c601e55f039322676f80c8aace0d39af6fab78be6b6b63e9486473f78dae42a762022f776b55d118c7a20948990dd5e
- SSDEEP
  
  1536:Cyy+tHEzQ+FWrw5DXWceSl5c4DBHllBYm:Jy+tv+ocdmceS9dT
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  9625d5b1754bc4ff29281d415d27a0fd
- SHA1
  
  80e85afc5cccd4c0a3775edbb90595a1a59f5ce0
- SHA256
  
  c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
- SHA512
  
  dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b
- SSDEEP
  
  192:eX24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlqSlS:D8QIl972eXqlWBFSt273YOlqz
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Unexpected DNS network traffic destination

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32