Overview

overview

6

Static

static

3

win-airplay.zip

windows11-21h2-x64

1

win-airpla...be.exe

windows11-21h2-x64

3

win-airpla...ay.exe

windows11-21h2-x64

3

win-airpla...ur.msi

windows11-21h2-x64

6

win-airpla...64.msi

windows11-21h2-x64

6

win-airplay/SDL2.dll

windows11-21h2-x64

3

win-airpla...ay.exe

windows11-21h2-x64

3

win-airpla...58.dll

windows11-21h2-x64

3

win-airpla...58.dll

windows11-21h2-x64

3

win-airpla...56.dll

windows11-21h2-x64

4

win-airplay/cairo.dll

windows11-21h2-x64

3

win-airpla...ig.dll

windows11-21h2-x64

3

win-airpla...pe.dll

windows11-21h2-x64

3

win-airpla...nv.dll

windows11-21h2-x64

3

win-airpla...st.dll

windows11-21h2-x64

3

win-airpla...l2.dll

windows11-21h2-x64

3

win-airpla...55.dll

windows11-21h2-x64

3

win-airpla...ld.ttf

windows11-21h2-x64

3

win-airpla...ht.ttf

windows11-21h2-x64

3

win-airpla...ar.ttf

windows11-21h2-x64

3

win-airpla...ld.ttf

windows11-21h2-x64

3

win-airpla...ht.ttf

windows11-21h2-x64

3

win-airpla...ld.ttf

windows11-21h2-x64

3

win-airpla...ht.ttf

windows11-21h2-x64

3

win-airpla...um.ttf

windows11-21h2-x64

3

win-airpla...ar.ttf

windows11-21h2-x64

3

win-airpla...ic.ttf

windows11-21h2-x64

3

win-airpla...-3.dll

windows11-21h2-x64

3

win-airpla...-5.dll

windows11-21h2-x64

3

win-airpla...��.url

windows11-21h2-x64

1

Resubmissions

03-08-2024 19:46

240803-yg8nestbqr 10

03-08-2024 19:44

240803-ygbcxsxhld 6

03-08-2024 19:41

240803-yd6pnaxgpa 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    win-airplay.zip

  • Size

    14.5MB

  • Sample

    240803-yd6pnaxgpa

  • MD5

    79907c402bfd25fa29f2fa1336b292af

  • SHA1

    0f914d4eec4c6d3005b80ff6500a14fec13a384d

  • SHA256

    8b9147aeca757bc36f30e98c7481ec302d2be6de1b893a6f2ad80864f1106fb3

  • SHA512

    f4f5b53ad78e89409e46179db2286842a6edb14c920c466c57ad160ef17cc95055fe610de9dc122ccb682ec0f1ea2bd7908e52eac8193c846a8da277d42a6bd6

  • SSDEEP

    393216:5CSO2to+1kmcVJ2HvYPE+cgLGYlaARy7nMvuC7O2XmA0:5CSO26+1kJLwD4RhmCq3

Score
6/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      win-airplay.zip

    • Size

      14.5MB

    • MD5

      79907c402bfd25fa29f2fa1336b292af

    • SHA1

      0f914d4eec4c6d3005b80ff6500a14fec13a384d

    • SHA256

      8b9147aeca757bc36f30e98c7481ec302d2be6de1b893a6f2ad80864f1106fb3

    • SHA512

      f4f5b53ad78e89409e46179db2286842a6edb14c920c466c57ad160ef17cc95055fe610de9dc122ccb682ec0f1ea2bd7908e52eac8193c846a8da277d42a6bd6

    • SSDEEP

      393216:5CSO2to+1kmcVJ2HvYPE+cgLGYlaARy7nMvuC7O2XmA0:5CSO26+1kJLwD4RhmCq3

    Score
    1/10
    behavioral1

    • Target

      win-airplay/Blueberry-Airplay-Youtube.exe

    • Size

      1.3MB

    • MD5

      7267c81e58270e30637a88364784d280

    • SHA1

      759cc54d57436818b1bb812855a49919b2998ea2

    • SHA256

      5b9f4b043b306c4577610d7980d42a38a4a1b8c611d0ff13ceae33e64334c224

    • SHA512

      e5e6133636ba07660f7f558a31a4d02a54d7af1498168b57234ff89b197a0401ae6afc08ab4fda6eb178bdd7717f48c6caf0c591a2647d7fa20a89a2611fba05

    • SSDEEP

      24576:AzJ7tK6J6KOtvsSbuu7lNvMBeMtLfKzC05+iMo5wIVZ3UJchmJMnzYU8kaKRqvn1:F6JvOtLbRNXdC05ZMoxZ33hmKzKXKCn1

    Score
    3/10
    discovery
    behavioral2

    • Target

      win-airplay/Blueberry-Airplay.exe

    • Size

      463KB

    • MD5

      d8b60b34a2ba716d06ccd41716e330e2

    • SHA1

      2ee2007f61e93a81aada7e875e08c50c0b85c2e7

    • SHA256

      02e38cf1932bab2cd485234b0b4442c413d6518203d806988f432856f979fc8a

    • SHA512

      f903f78c287d45cef8bf2b2865d9265fc447a4ea2b1ad56b2dc2c59811ebdcc49bc64aa68049a61677fa35826d46da6337936dfb4b44b127e731532b440e5d33

    • SSDEEP

      6144:i1z7j62HxsgYZhWR42gGn2So70wS9qaYTGAU+GL+3H:gfoGto70/gP3H

    Score
    3/10
    discovery
    behavioral3

    • Target

      win-airplay/Bonjour.msi

    • Size

      2.2MB

    • MD5

      e14a6762e68472c648ea0eea0ebe01a0

    • SHA1

      a854475b22a934ff977edc23e110ebba79a010fd

    • SHA256

      34b0af1165f531847b509d3d47f22bb87f3eed93344521986105350bccc2cbed

    • SHA512

      cfbf3dc4b6ee58dacd1e50cfdd73a202ef2b6d0526fe657a19c0b0a05a9e879b1a275368290c7da1a1f93971c4beead53765491dc0971886521b005247a22093

    • SSDEEP

      49152:Oa3PPXjym3MYPiau9KXeixE2g58HcvGtXZXECrcxiO/pP/k/vY80as686oX/:VXemcYPiarP

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral4

    • Target

      win-airplay/Bonjour64.msi

    • Size

      2.6MB

    • MD5

      8dcf5c9eaacdaf4568220d103f393dea

    • SHA1

      27f68596398b68ba048f95752b4eeb4aa013c23f

    • SHA256

      53be81cc6e2dc95a1041e8f3d8f500fad4259ab20a1aac151b5fc7a64d354a93

    • SHA512

      10f8ffb6fa5e7163f0a83190ddf211479f12e16635389b49ac041eceafd7f04c040d830065adc89b1003f38d8381851c09150a5bc8edced6ecae8ee5ae801088

    • SSDEEP

      49152:aXMDiLYLW8Rv5GYCRL69MXeixEEgj8HyvftiZikCTcRi3/jP/N/v08Masv8Qo2/:wwPR8YCRLVm

    Score
    6/10
    persistenceprivilege_escalation

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5

    • Target

      win-airplay/SDL2.dll

    • Size

      1.1MB

    • MD5

      cfdcf1cff079dd87c92d6aa46f00135f

    • SHA1

      079fd89d25b343789610ae1421f1956a14bc737d

    • SHA256

      ffbf5aa7d13fed5d12ba68ba3af930a15aa5d0ff97cfb50a5965a498a941a6dd

    • SHA512

      9f48a1fba28bee8bc64479f5c6e8e5faad9e71da4ee0601630070bf69a847a580ffe8c34f53d5ae85a76cf2ea0740e520ac5bdb2f5d009b4bd9ca3ea8893845f

    • SSDEEP

      24576:G/stCXh0JoiOt+7fklSAhteb7LVUdC8J6CK/UlCrlefcwn0TSbW4Tv6ss9us0u33:wstVZaYuWNCRLa/r/fHc/d/xHq/z/Xw8

    Score
    3/10
    discovery
    behavioral6

    • Target

      win-airplay/airplay

    • Size

      1.2MB

    • MD5

      3658b11fa1c41f50c08aa741f3c28948

    • SHA1

      9340b1c7fc756dfc927287503c0e6e604928a72a

    • SHA256

      89a37cb16c03eda82e5f6309c42358f4f8cea0e279386912a90739ee2b91bca4

    • SHA512

      849274c2d7cbce54d3b57cb54c3f1a754f5017d1658901691a2f8bf2c3e3886d98e125f5134a2627a24e27e83ced8b180d1983f50aa66c279f5b8907363ef5c8

    • SSDEEP

      24576:OUNm5R10DmudnZMu3T9e9SUhZADlBLLfKzCuGCytIAqNnZKuOCzmIMbz7M8Oak4+:u0DXdnZD8DhUiCuGJtIZZKKzmLzptbIV

    Score
    3/10
    discovery
    behavioral7

    • Target

      win-airplay/avcodec-58.dll

    • Size

      13.1MB

    • MD5

      35241987061342637fc7a2ee0c38b88f

    • SHA1

      adf94deec5412ec5a3a4f03d8889ae5e58aa0f40

    • SHA256

      cb8e954fd76e363cb48f0afb9e87db8cfb2646edfb66a321cd446a2166dbbb23

    • SHA512

      ce9218c2edb135971bb901feaeb57df81b651957e6c68228ef1f689277c65966ad103fffcfadf28bc79b1da4ea657284c0b7f145944993efac6e14b541579f08

    • SSDEEP

      393216:yfhXF6cVhKLh2RJMDhydfoN32IV0PGhjLXHSpTy:yfhlZ+l2IV04ew

    Score
    3/10
    discovery
    behavioral8

    • Target

      win-airplay/avformat-58.dll

    • Size

      2.4MB

    • MD5

      893482fc85d1b4eed7f437884edb0853

    • SHA1

      42686213b4f5999c511d98ad0324207c5635145b

    • SHA256

      d36d0718790e389aa3e222aeea10e430c810e994355ffb54f0f40456354d463a

    • SHA512

      c5cbda2b33cdbbbc21c0fd50a93dfe8b8077b7b62eb470a2e8c9dbbc71cfe18adb22aedef1f97223996ec329cdd3effba3e0a1ed01d2a0eed0c16b29005639d9

    • SSDEEP

      49152:BqS0QT+WUzhm2xpq4qhv2hSONY0wXZ8ps7o83Q5:BqgyWY4Ko4qV2hPNYVXZWF

    Score
    3/10
    discovery
    behavioral9

    • Target

      win-airplay/avutil-56.dll

    • Size

      632KB

    • MD5

      77728494071d91965eafcb429f7f5079

    • SHA1

      3ff9000c759e41fcc71cd05fad6162ce94b1e787

    • SHA256

      1a2c893c4f3abd0f5f0536e49149d4ef410b307d9285d687bc5a25b15db88df1

    • SHA512

      74b6c71c52b7f3e42684ac613aa8754ac7a185eda59bc33964d8d637f4bca4a15a0bc7f39791f56f3ac10079716956970d3a6b51f1da1aa427dbcd30ffe7199b

    • SSDEEP

      12288:LJzDgD5bRZUMvyNrgKhC7obcuNqE+ZlixX:LJzU5bIMaN8Kk

    Score
    4/10
    discovery
    behavioral10

    • Target

      win-airplay/cairo.dll

    • Size

      1.9MB

    • MD5

      36ca0b374a02ca218857452df0463272

    • SHA1

      71ff37234ea5feb7449a35b86f03d2fd25a09bbf

    • SHA256

      f945c7bee316109182f2c18ef0aed91a8b684cee8c41149c3103e7d3360a7405

    • SHA512

      9f8d7f5d80aa627e362c3480b2593ceaa4d4854db3e8709a7ec151c027265bcf3e9d89cf623273051d796376b3c3671abd2b88e305fc462a4da41079496e0dbf

    • SSDEEP

      24576:5ogEGYqkWmS3b3Ph6X8oGmOTT33H9jV01ozt8L7K0E1tyTDoNDPDc97ylMphlTMV:qgElsxoVOTZiK0WUWhahxM2Nj1zm

    Score
    3/10
    discovery
    behavioral11

    • Target

      win-airplay/fontconfig.dll

    • Size

      214KB

    • MD5

      8715791453500a9957c547a2c3e47121

    • SHA1

      67683d7fd8fde6d42444f4d3f5f579ba4034049e

    • SHA256

      ee897f9f2d145d6159dcfd921d28214a92f94bbacf5e876c4a0df676d9da7182

    • SHA512

      a9a78faea1f8d5d7baef17a059dcde84ffbb77565ca53157b1344ddeca19ebf8a363750e6344fdfa3ce488a49ac67a9ed395266c567d032e7c2938ff1ed81925

    • SSDEEP

      6144:RiBOc6FB4/habTmI5hfRlD8iU8NMtsHEGQnfj:RmowhabTmuRiiVStGQfj

    Score
    3/10
    discovery
    behavioral12

    • Target

      win-airplay/freetype.dll

    • Size

      652KB

    • MD5

      4316fbe5f79c07148784ad046d4713c8

    • SHA1

      602cdd2cc10524201713428a189d8853bd773e6c

    • SHA256

      0b8adf00d7cbaa8297ac350c30fd9c89c1d21afb4052492af5f5e242ca8420ba

    • SHA512

      c0c21d51f6764508aaa940ef60bebb3c701b41b81be3eb8595ece3679c2b4600d80250f3ff92c8e0387e1149d1bd925e2b03d2f6259a3331e7b153f7e390b1a4

    • SSDEEP

      6144:xrmuyK950g8e9Aov5CzpIAXetjjuI1t2MyhRG8GJlN0jozqFOeM1/qKWsEWmfDM:5p8eqo06tjj9t2HGHN0joOYeM1lfEWm

    Score
    3/10
    discovery
    behavioral13

    • Target

      win-airplay/libiconv.dll

    • Size

      1023KB

    • MD5

      f3c33d50e875c8f58a38ffa4876fd501

    • SHA1

      da9a9d1544ec9e454f357937a1868e6e1f58703a

    • SHA256

      f739136d5977a3c3f3bc6bc587faecce5a2a8d90f36985067183da5d93db3860

    • SHA512

      3d1d5be8a6f3a0740a8abf65de4d6d9e46c1c58a2af9b2a2eaef066ffa07ad985f2ce4333bd0ba683ffd92747ecd6eda03fa50615e584a922873d3f7047fdc13

    • SSDEEP

      24576:9VSViOykyuI/dBAUZLYzfobbTIfBlHimdGavkg3NyvJ:HkyuI/dBAUZLYLJfHZdGaX4J

    Score
    3/10
    discovery
    behavioral14

    • Target

      win-airplay/libplist.dll

    • Size

      69KB

    • MD5

      3884ca71f0a70645cb844c5baba40f40

    • SHA1

      c87b47d9049d486d68b9fc07357224b45aea1bf8

    • SHA256

      362b2f4a8d6e8e50dfee53c11cf633736198c1dbfb1267202b6ec29c8a8b1208

    • SHA512

      cf28442650e1673e34a6144fc2149b9fc493394adb7fedb7759a8e321ea956d2b18f228169cf2b3559737a583a8cae5996d32f4098f91ae69df8a2e6eeccc0a6

    • SSDEEP

      768:Uec8KDLi9V4HDjqpX/liWP7Oq8ElrMAulUX/W+1jqZmdIZz3c3v3ItDSJjm:oLQV4HDjqptKE2Aos/W+Fqph3kv3ECS

    Score
    3/10
    discovery
    behavioral15

    • Target

      win-airplay/libxml2.dll

    • Size

      2.2MB

    • MD5

      81e84051c52f747549d6e9348c6151ad

    • SHA1

      21ab3d966a663e5857cbd5f212cda7c1add4c48a

    • SHA256

      44263c4220ff60de1087a50c91572f746d1ba262af1f0d84b995a828ee59cf96

    • SHA512

      ca336f01c869157179594a6ffd0cf9adf024940157b70b7a50e355f6b96ed6504b4c032fe949fc254dd3d2527e4371040eef615e2268ee5bfd65e0721b65b013

    • SSDEEP

      49152:wh/FNPNDKFe+cwIHRtQW0kIBktov0Wq9408tdekm7MZ5SZ3e3fgqTwu+jrBAUZLu:wh/FNPNDKFeLwIHRtQW3ov0Wq9408td0

    Score
    3/10
    discovery
    behavioral16

    • Target

      win-airplay/postproc-55.dll

    • Size

      122KB

    • MD5

      3500ed20ea1648fee4b7f393999f3128

    • SHA1

      bc058eb0cac6a511c8b858bfcf95435f60c0fc48

    • SHA256

      c370280f618a1e6dd7300519f3f4506ffced0245a116f9e52f4e2382c5713c79

    • SHA512

      8dd090994f5ccb3eff970955fab100f8a347d7efbe1455caf62a608a3de2a46bd1def8d54be8a24baffc22721c285dfd3530c41a3246646f8c4ad48d32ea4af3

    • SSDEEP

      3072:gZqttNttNNQ6xMR5gjHaeskOSNMBML3cPoDEVGavfSiI:gAttNttNNQ6xMTgjVCucgDE3vfS

    Score
    3/10
    discovery
    behavioral17

    • Target

      win-airplay/resources/OpenSans-Bold.ttf

    • Size

      219KB

    • MD5

      50145685042b4df07a1fd19957275b81

    • SHA1

      c1691e8168b2596af8a00162bac60dbe605e9e36

    • SHA256

      5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323

    • SHA512

      9c995725aade5f126c727faf1c4453344e37b590a14152d31d44dca3c9328a54207bbc7c840695cb55bc1b559097b457888655e11199192cd5197c85aab8b1b6

    • SSDEEP

      6144:JmT6w+rgw9JcJmHeJvjzauutgCNktQFvmnoxXTS4uvpt:M+/9JcJlYqCNktA+SXfGpt

    Score
    3/10
    behavioral18

    • Target

      win-airplay/resources/OpenSans-Light.ttf

    • Size

      217KB

    • MD5

      1bf71be111189e76987a4bb9b3115cb7

    • SHA1

      40442c189568184b6e6c27a25d69f14d91b65039

    • SHA256

      cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424

    • SHA512

      cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

    • SSDEEP

      6144:b4kgACfHoUGMxLutgCNktQFvmnoxXTS4uUJt:z2fHowSqCNktA+SXfvJt

    Score
    3/10
    behavioral19

    • Target

      win-airplay/resources/OpenSans-Regular.ttf

    • Size

      212KB

    • MD5

      629a55a7e793da068dc580d184cc0e31

    • SHA1

      3564ed0b5363df5cf277c16e0c6bedc5a682217f

    • SHA256

      e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

    • SHA512

      6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

    • SSDEEP

      6144:Y6pzdD/rIJXiQTutgCNktQFvmnoxXTS4ubCl:n9FrIJJaqCNktA+SXfUCl

    Score
    3/10
    behavioral20

    • Target

      win-airplay/resources/OpenSans-SemiBold.ttf

    • Size

      98KB

    • MD5

      ba5cde21eeea0d57ab7efefc99596cce

    • SHA1

      e256f8391718ef61f253dfb4e95bbeb3c5857afc

    • SHA256

      5e8d9e1a89083cd1b0849993fe2f3acc9aa33b7f439f7e8616872f6897f30684

    • SHA512

      e04e5b59d9d60dd8312c5e770e458a064af9930e03f9711957c542e5823516ef4b7aba10b3b79337371bf84e18bee758705cc7f9e3240106c84f1399d01064ba

    • SSDEEP

      1536:RTm08+XZVRkQ4sO6InBZG9s/0ug7udLXd6IzwZ0ztpX:RTjFfeVnC9GUALXd6N+pX

    Score
    3/10
    behavioral21

    • Target

      win-airplay/resources/OpenSansCondensed-Light.ttf

    • Size

      97KB

    • MD5

      3589bddbe338e444d408f4dbc545ca1e

    • SHA1

      ff94aff6ae5feb5c9042ccdd44e9e1c5e04645f9

    • SHA256

      3d5e344a0c983dc41d10243cd6b71874ee8edb85edbfc6ce0c881908bc89cb67

    • SHA512

      38d91f1c19b565d70371c2fa2a28b2d9dff74fbfb4e680748889c559a8047fea89bc2cd2ee9d568aff4d5d21db17b197a28e150372593f7075be8e2c94e4d66a

    • SSDEEP

      1536:Fga/vdNqeqbBhUvBmUENSpjtrTkeNHegQxJ27L6OjlPAP1:FguFAe4hUvkMpjtqxxi2oM1

    Score
    3/10
    behavioral22

    • Target

      win-airplay/resources/Roboto-Bold.ttf

    • Size

      132KB

    • MD5

      afa7a91dadd77b23634a0fdf18c148f3

    • SHA1

      6cbb57ba2355cf442e06899898ff5af55867103e

    • SHA256

      9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70

    • SHA512

      84d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115

    • SSDEEP

      3072:N+peczeYnL1aPZroinhTPaM+1ogRte9vd1RNmVLOF:eecd+hXX0a

    Score
    3/10
    behavioral23

    • Target

      win-airplay/resources/Roboto-Light.ttf

    • Size

      136KB

    • MD5

      e22062b3188c8199283ef2aa835d4653

    • SHA1

      191dda7a5142990cd980727d43b27e4802f0b321

    • SHA256

      b17667ce7e13581db105777f986e141168231e88a8ef16d13e581c7c1525f14b

    • SHA512

      c07cd18549a83e82f0d7aade010fae4c74ddc70780123cc311ee2f757ef4c9c5bfdbb62dd2086fedac08a186332b49352e9d9fc4caf37757672bfa208099a032

    • SSDEEP

      3072:ae+oh3khKjCT8aeZYVvoPezvd7ORhbdZFro/sGlenNsz1GKPtbVR:R+Qoz8ad5zOjAenCxG+tbH

    Score
    3/10
    behavioral24

    • Target

      win-airplay/resources/Roboto-Medium.ttf

    • Size

      167KB

    • MD5

      58aef543c97bbaf6a9896e8484456d98

    • SHA1

      f6783010d5def128c4a1539333324f75701d9bab

    • SHA256

      e35252aa3dc2e84e9d7211586fee9aede2a426d3230c8b131881d985f16ff836

    • SHA512

      024519d895d9b0296513523250a6044779567f44e9e384926472417c4a1e2d4a5e9b8296f97f5bd1b6a6242f7781bbcf9a41da66e6e82f66de69936190e1b865

    • SSDEEP

      3072:cqmtn5wkex8r6Qym7KCkygAKuXylCC9ptSUXl8j/6afWKzCyhASD/JwXI:L25wklN7T3QtSUXzs2STyXI

    Score
    3/10
    behavioral25

    • Target

      win-airplay/resources/Roboto-Regular.ttf

    • Size

      141KB

    • MD5

      54a91b0619ccf9373d525109268219dc

    • SHA1

      1d1d41fcadc571decb6444211b7993b99ce926e2

    • SHA256

      b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f

    • SHA512

      7f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887

    • SSDEEP

      3072:ENAluNu8V5ZftwYlLzEeNgHS2pOpdO4WqLpMaSZFKVet:ENAH8XZuadpZuFw+

    Score
    3/10
    behavioral26

    • Target

      win-airplay/resources/elements_basic.ttf

    • Size

      21KB

    • MD5

      b97d4d51fa962932af47b9e6a2dcd7ee

    • SHA1

      b94303e41f7873458f5331159e4bfa4ebd0f4a7a

    • SHA256

      31f068fc03bcbdf434837e8211922403cf0262a1935669891aba37dc3595ebc8

    • SHA512

      10bea37eab43bca83ed7555829555bfaa48307a19a32b688c6f8468b88cc6a71c0458dd496639f87624e71de4cf1e447e9258e8db2cc8212ba35f58744037201

    • SSDEEP

      384:1E6IHCi5LRYeiY81YOk5+GeaB7tOpVTK0S9vd6lsgzPN4897Y5Se6LZJU71vayxQ:nqWbRPaI89vd6fzPN4897Y5SbLZJU7xQ

    Score
    3/10
    behavioral27

    • Target

      win-airplay/swresample-3.dll

    • Size

      148KB

    • MD5

      0c0168df4e83206e7d38c5c713bf5c52

    • SHA1

      bc1685960f044e2429ef8e46630e145a77a3a1a5

    • SHA256

      5480da08f5f01f7d9c286241fb7eb0f9b4493c1a6b717e9985ecacc15ee89f85

    • SHA512

      878c2f4390b257451c554629b23ed12cf448b4ee417dc8b9b41705e085974dd8e0e3467d709a0e596e186f485f5027f4ca78b43c8d09e5d8376feafd0b6475f7

    • SSDEEP

      1536:vg6AVS5Jk9sBWl2gzZIndNh3NAPW7UlysyFuOivehkZPaT8jOaisbSb92jgsmd+1:vg6AVS5Jk9sIl2gzmnb4qFfkZPaTHu1

    Score
    3/10
    discovery
    behavioral28

    • Target

      win-airplay/swscale-5.dll

    • Size

      574KB

    • MD5

      dffd7236f54a5155d24b8b3488a1993e

    • SHA1

      01759bc02a52a531af4a88e09170f58be1168bbe

    • SHA256

      4556cc878bacc94fb8aa3ef1d7f50eba85737783cddf7af7226fcf73ec75cdad

    • SHA512

      8b399cb3b86473a207cde96c5169a1c4fa1135d4e93e347eaa8ac896ac3cb8ac44a1a8d382e21a3364b1ef554970db514ae4ff2534483ca7d9b69137bae23032

    • SSDEEP

      12288:9yMI7XVpyNFz90Pwj0izmi/ZBnoTTAg0zg/8J0InE6ylIyfXZTGXpatW/:YMI7XVKzQ

    Score
    3/10
    discovery
    behavioral29

    • Target

      win-airplay/蓝莓投屏 官网.url

    • Size

      44B

    • MD5

      e0405971398016b8b9ee4b80508faf2f

    • SHA1

      412e94c01b8e8198328f84453dbad158824f1ef0

    • SHA256

      2222d3c4a90eb93c55f13f91e1b8975d399f90f20bca4736f3c69bb8ceb0b8fe

    • SHA512

      36c9123888f521ef98ce5827cc2cdfa615962886c959ff1a3dc45738ffc6530272f779bbe0bfdbfd324b584e78360d4732edd66608983191bc312ac0ea23f2a1

    Score
    1/10
    behavioral30

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

2
T1546

Installer Packages

2
T1546.016

Privilege Escalation

Event Triggered Execution

2
T1546

Installer Packages

2
T1546.016

Defense Evasion

System Binary Proxy Execution

2
T1218

Msiexec

2
T1218.007

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

15
T1082

System Location Discovery

17
T1614

System Language Discovery

17
T1614.001

Peripheral Device Discovery

2
T1120

Browser Information Discovery

1
T1217

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discoverypersistenceprivilege_escalation
Score
6/10

behavioral5

persistenceprivilege_escalation
Score
6/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
4/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

Score
1/10