Overview

overview

7

Static

static

3

3225e0494b...30.exe

windows7-x64

7

3225e0494b...30.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

3

resources/elevate.exe

windows10-2004-x64

3

resources/...ck.exe

windows7-x64

1

resources/...ck.exe

windows10-2004-x64

7

resources/...xy.exe

windows7-x64

3

resources/...xy.exe

windows10-2004-x64

3

resources/...64.exe

windows7-x64

1

resources/...64.exe

windows10-2004-x64

1

resources/...ce.exe

windows7-x64

resources/...ce.exe

windows10-2004-x64

resources/...ce.exe

windows7-x64

1

resources/...ce.exe

windows10-2004-x64

1

resources/...ce.exe

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2485fcf6efb6e77d8a3c00e51e3b298e.bin

  • Size

    81.9MB

  • Sample

    240803-b346ssyfll

  • MD5

    99230f843dcee29aecb001ab8c20a6aa

  • SHA1

    72b39004e035feeee0022db1b8fc406e858c6151

  • SHA256

    a75fbdc9981ab2ca48390c38c8447c0245ff265b4a51a0dddbe2f563e6edf214

  • SHA512

    9783b362de9008761782953da06648e7a517f78d7eccab634c5ed4a42f184499df5214b6c5c844cb6b69aef472baeb24756a0a1b15c91c005c8bef04c2daf4f6

  • SSDEEP

    1572864:bUmUMfCeRXCVyqqKM762RktqKiqtTVfhMCW1ZScjXJg0NhZRooWXOdi:omUMfCeRSVnJM76uoDBBW1ZSoXJLIlX1

Score
7/10
discovery

Malware Config

Targets

    • Target

      3225e0494bede3a150a89583c9a10545a4b21c304dad620e9659708b5162b730.exe

    • Size

      81.9MB

    • MD5

      2485fcf6efb6e77d8a3c00e51e3b298e

    • SHA1

      5289121477e4de01c41fc82327b89a847922d3bf

    • SHA256

      3225e0494bede3a150a89583c9a10545a4b21c304dad620e9659708b5162b730

    • SHA512

      5d5b9c31c450ad61f5cfa956c7e9832ef687464658f913d19ee56718552963d38378546237469f95bdc94b17babc616fbb607a2acbfeb7c7d6626c08ddc0c20c

    • SSDEEP

      1572864:EixOgAsMItw6ePQKKGFa7wB0E0Hoy0b3DHjeONWw4RD3b2:EoOgAVT6SQK0wyE+oy0b3DRD4l2

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      LICENSES.chromium.html

    • Size

      5.3MB

    • MD5

      dfa12f4edccb902d7d3b07fae219f176

    • SHA1

      c2073440a5add265b4143de05e6864fed2c3b840

    • SHA256

      501f0b7ebf0be7ed8702d317332a0f8820af837c0a2a1d7645ba04352270e2b8

    • SHA512

      eee3a8e0eeae139ddd9369d0869c29c91007bf6c5b0d7982918d5a013214a9e80b9233e7c1ccb43124152f684f0b782831b0a6b3d126558261dd161230004e50

    • SSDEEP

      12288:FetnJnVncnJnknE9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX04nNWQFna:WbXZ5IoWSL9bcwVR8mf+/cHBBaRp1

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      d3dcompiler_47.dll

    • Size

      4.3MB

    • MD5

      7641e39b7da4077084d2afe7c31032e0

    • SHA1

      2256644f69435ff2fee76deb04d918083960d1eb

    • SHA256

      44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

    • SHA512

      8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

    • SSDEEP

      49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt

    Score
    1/10
    behavioral13

    • Target

      ffmpeg.dll

    • Size

      2.6MB

    • MD5

      6b7a55ba33677da910b905b54477e208

    • SHA1

      97dec80bff4749c95bfd1a4836cfbbbf59f85b9e

    • SHA256

      4abbed23bb74732b021b31ea3881efeb94af14d00d98a8c795359acf8d72b3ec

    • SHA512

      ce29287ddb792820725f113e128407bcf21703af5b4561078ab6a22330e902f24dcf30c8ebd1809148b984506f66702ff3fb4a3c68a6eff55b163c563b8fe46a

    • SSDEEP

      49152:lNuUdrIoEWcbNxPT5Y2o0zMMv4fJLt6qZ/xV06oSbpgKolqzl:agulo0z49pgKR

    Score
    1/10
    behavioral14behavioral15

    • Target

      libEGL.dll

    • Size

      437KB

    • MD5

      f9c78478b8d166faabc7e0fcb9d7058b

    • SHA1

      f44f4038d5dd3741cb650036dcb2d0c0eb2f4e5a

    • SHA256

      02206307397bb252efcdbe0792c85183fd04b225b1efa986d7636297fbef3205

    • SHA512

      25aa385d2d51de282e9a1c53222633546acbddc4cb85bf3792434cbd88867ff0d0722aff94948a8b6a63c7a29c3e56f7a85e734351d39de5b723eae0e75ad7e1

    • SSDEEP

      6144:OMgpxyZ5V8fTykwI08pCYixK53Ypm8I/yaNrm44InePe/FkUCd:O1pxy+TyRd80YYDIn4OQvU

    Score
    1/10
    behavioral16behavioral17

    • Target

      libGLESv2.dll

    • Size

      6.7MB

    • MD5

      c803659d06897fdead1048873590d8ec

    • SHA1

      6ec313dce8672a7f8851da6a3a460e08237c3f6d

    • SHA256

      d1cdb910bb1d7c59611eec613c1d12414dfc4b69013daeff6d9e0b9ac10f5f60

    • SHA512

      013ed30b6fda93d058b7844a41f4849679d869c73976f04bcc4fd3bec043610c98726d12e288a40fa30d7834bcf8e25dc621eaf0cf36453b0c6ae4360c307fd1

    • SSDEEP

      49152:+AJyCli8IIXp8bYyytKFnf6wmQBvYYjbPC9BUYu8P+qtQg+5Et5z25AoCAF/wOqb:39yytKFnfqu+1nNhhIoqKxOm/2dB6m

    Score
    1/10
    behavioral18behavioral19

    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    3/10
    discovery
    behavioral20behavioral21

    • Target

      resources/static/files/win/common/EnableLoopback.exe

    • Size

      73KB

    • MD5

      ec50c94623ebe0f146a7b64814534eaf

    • SHA1

      e473507942810e34b7e23d6fc52293c62ff5ca99

    • SHA256

      3eeb10d58eb1d42a3933b5d5ce66301789761c0e88769e7691d4a4564610a844

    • SHA512

      537053a867de4b2c5c5ec2e02f27c44e20be67321b212a0437839cd25bec5012e2eabd7901965f95f381e3995bf3590e14bce8967cf840b7f1f605b3ab7256fc

    • SSDEEP

      768:Vjjh9E1MVgq3ZtuPvCqnZRELfUjnlIu8ASav6TZRqbHJCqnZPwvM3f:ztjwZWLfoOLASaWZobMwZPwvMP

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral22behavioral23

    • Target

      resources/static/files/win/common/sysproxy.exe

    • Size

      102KB

    • MD5

      37ddcca40070900cd870f5e1d42f267b

    • SHA1

      150e649f1011a985c55be9eb585642c9daf03c6f

    • SHA256

      ec334e443a3362a84b5915a266bec60e63f604fdb77b09c993898ec7a438294b

    • SHA512

      e10c460e271fb53d84ad779e4df596f1be0d80e2b846a3f68020584b5febb3e134432c67996a2f5a98df2c9d54196c01d836fc50e0d849e5eff0f924075bbc32

    • SSDEEP

      3072:6UccSSBl93nexS+37SJywSrL/iJ2FJiJ2:WcP7xe5VrL9mJ2

    Score
    3/10
    discovery
    behavioral24behavioral25

    • Target

      resources/static/files/win/x64/clash-win64.exe

    • Size

      14.7MB

    • MD5

      eb18aec5944b675e830e6703dcf68a93

    • SHA1

      b80d2182ed6dc32eba28f9820e78f65c5ff2d926

    • SHA256

      9f99832c74df2db543144e691f608c4519bb24282573a039300030dd6acf237f

    • SHA512

      63c775dc682a8487025dec60bb268c54b5f890fe2bdf905493f6aabec7bde49c9a2f8b726e21ab23327f1ebcea55c602f03f664b36f1759c4d8519cf440f199f

    • SSDEEP

      98304:VENDsOdDk06ZJzEuHEivTpJyhD+ginZ8+Hk4Wg3EOibUNsvAw:VA9KJKmTpJqDsZmg0V1

    Score
    1/10
    behavioral26behavioral27

    • Target

      resources/static/files/win/x64/service/._clash-core-service.exe

    • Size

      4KB

    • MD5

      7bdd69caeebc57b2e722af9790192b40

    • SHA1

      e91b9d5a327707d08e0bf9e1791cad10016a3278

    • SHA256

      277a04c7fb056c2ef2be1c559a9c034129fbc6c5889a9df3281b7f54dcc41b81

    • SHA512

      da0fdbe205fd591e3af8592326f10bef6a20054a02352ca4c821c63117349d5a1e6027c01277bd1adba96ca2423d8852f00e2f16209e1b9ddbc853a560a184fc

    Score
    1/10
    behavioral28behavioral29

    • Target

      resources/static/files/win/x64/service/clash-core-service.exe

    • Size

      5.2MB

    • MD5

      7a22039da2136f246ec387852e6d2593

    • SHA1

      dc1970501ad2a5e5e08fa5d9d528a9356db418e7

    • SHA256

      7805424834cc204c9a2881156220e82cfa616f3954b810cbfbb381d4f2a5d9b4

    • SHA512

      55eb0866313f040762e00b03a1a93650b3b14c8ac18e173761a4a038852b2c71414610d3e162214ad6e8c4296aa76d7536adff7ad33565aba02642d53a31b0fb

    • SSDEEP

      49152:lxEHV6c3ihNgYrb/TovO90dL3BmAFd4A64nsfJEDnK7wy+vq7YIBGoo7qBCDSWcb:Pc3iUHbew/Lgta+EB9T54h

    Score
    1/10
    behavioral30behavioral31

    • Target

      resources/static/files/win/x64/service/service.exe

    • Size

      667KB

    • MD5

      dfac85571d69882cbe7e106fb658a941

    • SHA1

      83561bdb596dc7b8624f42ca812525c826e118ea

    • SHA256

      2c93d1c50400410f019ca0ebb56b2c5229c710a84d2c5d97235088d173839a24

    • SHA512

      7393c6dc3b6911b12cc152d0d1feecb67bba5844eb267bd61023b192a814d4ec3bafb60ce28a3831aca6b0dbbeaf97b619dc9f6a54de070a3ea1abd827656034

    • SSDEEP

      6144:eP1QeixLdx4whZP0FTqm1QejJqzrEinqE7qu2t1SVhPBL1mICLiwI39x/G48hF:Heibx1LPUTqmCKCRVvL4IC9f

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
1/10

behavioral23

Score
7/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.