1a82cb0d112d563a348197d54874540cfe505f0f32955aa90e80c24c31b2d79d

Sharing

Copy URL

Twitter E-mail

General

Target

IDM_PASS123.zip
Size

15.4MB
Sample

240803-gns3wavfpk
MD5

c66d6fd425d56be81653c314ab6430cf
SHA1

adc31f523de7232c0250c358c02a1f3e6c8d5e06
SHA256

1a82cb0d112d563a348197d54874540cfe505f0f32955aa90e80c24c31b2d79d
SHA512

36831059351d4a12bc3e5af9662a19be0969aef92668a62a839734cbabf5a2f647549bb8718712fc1fc816f75a511b771226411d3348f55a32cf02b58483ef34
SSDEEP

393216:UYPxxQ0iuwS0WtM5O1NHUVqt97390m6GJ9NFAALeKyF/b3fXHQ:UExk/5O1N0VIs6BzCh3Q

Score

9^/10

Malware Config

Targets

- Target
  
  DLL/msvcp140d.zip
- Size
  
  261KB
- MD5
  
  9c5c2a77a24fe399d7c7409a2b2eb063
- SHA1
  
  17c464e2e833e55efaa0e430b5b156193424c914
- SHA256
  
  5494ddf639f522f5706c0564301524ac79b6051da8d68c7cc956e0a70b093f2c
- SHA512
  
  cb2297c67d4f56bda7df230ee8f7d437559c33fec1387de5c6cb6f61e724bbdacb6a829468586e915214f96d57a2239cd8f0c8930fedba9f1fa233403b5488f3
- SSDEEP
  
  6144:dzo4zeYw3BpZ0BIHhnZdJRfj0DQW/YJWB2:m4zYp0KHpQLyW4
Score

4^/10

discovery
behavioral1
- Target
  
  msvcp140d.dll
- Size
  
  977KB
- MD5
  
  37dc8cc78ecbcd12f27e665b70baefa7
- SHA1
  
  46fb9910cc10c4c0c52b547700e1950ce233be89
- SHA256
  
  b53add5b7bd6bb11fecc7be159885d0b75736d02423c11edc6eeb6f4bea80f6c
- SHA512
  
  078b0b408510c07eac85518f03a9e3fac8e4c8e2e36ccb8cd26962498c7f5bedbd79f7034af3ebfef9984f85d81c9032446b1b5c156b2174a769657ea0ab60a1
- SSDEEP
  
  24576:NWJjEJM48ZDBXci9fHQEKZm+jWodEEw9N2:NWJjd48rJw
Score

1^/10
behavioral2
- Target
  
  DLL/try.exe
- Size
  
  3.2MB
- MD5
  
  72fb4d268a7dc2eb8152554d8bbc8fc8
- SHA1
  
  eb37533b8ba3222fab367e12655a100b1176861f
- SHA256
  
  a3ef1710401a745f77c2dd06b1e737f49fe513fa565aa3787f49451a915551a2
- SHA512
  
  e0f6bfe0036a5fac121357335b01b41affc0563bb87157876aa55e1588ea1b67ed9439f4a8679199dbbc40b6a86a1977ec533b901de5b1badaeef0fffc7da601
- SSDEEP
  
  49152:b9EDPnCegEtmBTs02Yhgqp3TihYzzxxg3wsIVe3pI0mmR7+A+mLO+iaFovVL3q:b9mtiTs0pcyvxxADR7+ILnFG
Score

9^/10

credential_access discovery spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3
- Target
  
  DLL/ucrtbased.zip
- Size
  
  546KB
- MD5
  
  143870dc046f8f863a56cc1a04189019
- SHA1
  
  34330f427bd5c99d3c55403e88b67ebe189c2613
- SHA256
  
  39892606665df03fa973446c6bddaa25b1b50bd1a76aee3f3025f2f3dc870932
- SHA512
  
  7aa23eba608e0382ba363286b133678f35a659916c11a4cba24dd5bec110f41b2942124e78a9b2673bb83acc70b9832ade94c4c258292d84aa0952e36edc198e
- SSDEEP
  
  12288:LX6MTvb8vRxPAksvJfglGLIgkdJ2SWht6TMV+y0+nIDA0s72uwu9:77svRxmxIA4LMHsNcI5s72uP9
Score

1^/10
behavioral4
- Target
  
  ucrtbased.dll
- Size
  
  1.7MB
- MD5
  
  c3130cfb00549a5a92da60e7f79f5fc9
- SHA1
  
  56c2e8fb1af609525b0f732bb67b806bddab3752
- SHA256
  
  eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8
- SHA512
  
  29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748
- SSDEEP
  
  24576:JUV0C8E3W4JoceLErS6P0qoc6uoPrT5PgVBHmaw+zrGOzli7Gi0m9ZRXyYk:i8/B90ozghlGJ7js
Score

1^/10
behavioral5
- Target
  
  DLL/vcruntime140_1d.zip
- Size
  
  25KB
- MD5
  
  6fc68cd6704568c139efa475514b70cd
- SHA1
  
  d76a01067a0c1f721452a47389a9a306f9ebce51
- SHA256
  
  df48b866049d1f54206881f7a792b9125431fa6a5a1f2d6ef8aa840b8898ac84
- SHA512
  
  045e16c5856e7c91b1c269221679bc9e424e1298562db4c365d3a5b588d68a6638a3b1a36aa31ebb03ac630b64d62e7e884e373feda92aaa639f04e55a241c66
- SSDEEP
  
  768:5fJMv3Nz937LegZzVEvQaM0OPmL2P3Qa81d+QZN:5ha7l/NjPAoy1dfN
Score

1^/10
behavioral6
- Target
  
  vcruntime140_1d.dll
- Size
  
  58KB
- MD5
  
  868fd5f1ab2d50204c6b046fe172d4b8
- SHA1
  
  f2b43652ef62cba5f6f04f32f16b6b89819bc978
- SHA256
  
  104e5817ece4831e9989d8937c8dfe55d581db6b5bc8e22a1b492ca872eda70e
- SHA512
  
  402a0402b318539f26eac2fcd890700d2103f8eabd4b5289b64e2cdb5c30f4bb2b18f342c8a1ecc2cafb3f1d4258387a5300f9a86056f27b176b3fe995f9fc9d
- SSDEEP
  
  768:BoKFGMoBcNmO1Um5Y/tHvzvlurMiqWJ8XAG:+KcM3m05IHT+nyl
Score

1^/10
behavioral7
- Target
  
  DLL/vcruntime140d.zip
- Size
  
  54KB
- MD5
  
  e2a0a637ecdffd1a06422bc5a9fa6f94
- SHA1
  
  05235382348cf1749b6eb271ab31aa0326da8fcc
- SHA256
  
  8b09a09dc5c2a44fe61fa6c0bfa16e3869161161befb5b7752921d373f4ea37a
- SHA512
  
  85c894be3484c5b4f5cbed61eb18308617db4f1c60c6d7cba290e6a1ce91ac56b901d8a9a1f9296a8f869465dff2f9b055dd861135bb2e6fb2ade0c2f4fca0dd
- SSDEEP
  
  1536:czX9B9fbWfKU12YR3Pjy85lPctaZxqTiHrzqvJafns:cztB9fbWiU1H3W0Utk3nqME
Score

1^/10
behavioral8
- Target
  
  vcruntime140d.dll
- Size
  
  128KB
- MD5
  
  f57fb935a9a76e151229f547c2204bba
- SHA1
  
  4021b804469816c3136b40c4ceb44c8d60ed15f5
- SHA256
  
  a77277af540d411ae33d371cc6f54d7b0a1937e0c14db7666d32c22fc5dca9c0
- SHA512
  
  cd9fc3fc460eba6a1b9f984b794940d28705ecb738df8595c2341abe4347141db14a9ff637c9f902e8742f5c48bbb61da7d5e231cc5b2bad2e8746c5a3e3e6ed
- SSDEEP
  
  1536:QB6NlnzaWMj6FBknM+eHLEQE9gHAWdwfP5sd4Sohg7vMHvqZecb399R0BqZEBFP:QBYl5MOcM1HAb1wM0ecb39/0BqZEjP
Score

1^/10
behavioral9
- Target
  
  Setup.exe
- Size
  
  1.6MB
- MD5
  
  f3ec92776e756b393a09b1af72f697c8
- SHA1
  
  edc146728bc006b76094dd1d21a8217e612bef0f
- SHA256
  
  fb240f8a4aa481c107c8dc11f1831558f109838f7e887247383fca779f562607
- SHA512
  
  32ca2c0d48427d5890e3e0af419f554528d9c29b143f4fa19369298a05d05be393914cb602e9069735f8c24793ae2687c773e11954246313f427d0f3135a065d
- SSDEEP
  
  49152:C85F9jLrmRlBprqFOFtTEO+iaFsvVjrB:C81jPsl32FOrEnF
Score

9^/10

credential_access discovery spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral10
- Target
  
  idman642build17.exe
- Size
  
  11.6MB
- MD5
  
  1101cdcc8cae6e79f117cd26e25bcd39
- SHA1
  
  1fd046eb58d09caaafb128ee2596690a14763283
- SHA256
  
  6fb3984acc4c678d8b6c1b3c4826dff677f4ca48f1ce1b799432e613d90a9731
- SHA512
  
  17fc4c0ad587c1c6e20092a9d57449f1935a83fc28dc58601bc5b28e538c9c17988e879a111497459207e32f4b7988208fe50f0e334bb67476984bbef2cfc222
- SSDEEP
  
  196608:En5pmdpmRFqnCsnyHkUCRMUWZNvOgrGUKoqUQ2rwJfbNxNDZ4VePWD2peZAqv4F:K2sRF0CkyEU62uJknw3xpZeKpeXv2
Score

8^/10

adware discovery persistence privilege_escalation spyware stealer
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral11