8b9147aeca757bc36f30e98c7481ec302d2be6de1b893a6f2ad80864f1106fb3

Resubmissions

03-08-2024 19:46

240803-yg8nestbqr 10

03-08-2024 19:44

240803-ygbcxsxhld 6

03-08-2024 19:41

240803-yd6pnaxgpa 6

Sharing

Copy URL

Twitter E-mail

General

Target

win-airplay.zip
Size

14.5MB
Sample

240803-yg8nestbqr
MD5

79907c402bfd25fa29f2fa1336b292af
SHA1

0f914d4eec4c6d3005b80ff6500a14fec13a384d
SHA256

8b9147aeca757bc36f30e98c7481ec302d2be6de1b893a6f2ad80864f1106fb3
SHA512

f4f5b53ad78e89409e46179db2286842a6edb14c920c466c57ad160ef17cc95055fe610de9dc122ccb682ec0f1ea2bd7908e52eac8193c846a8da277d42a6bd6
SSDEEP

393216:5CSO2to+1kmcVJ2HvYPE+cgLGYlaARy7nMvuC7O2XmA0:5CSO26+1kJLwD4RhmCq3

Score

10^/10

Malware Config

Targets

- Target
  
  win-airplay.zip
- Size
  
  14.5MB
- MD5
  
  79907c402bfd25fa29f2fa1336b292af
- SHA1
  
  0f914d4eec4c6d3005b80ff6500a14fec13a384d
- SHA256
  
  8b9147aeca757bc36f30e98c7481ec302d2be6de1b893a6f2ad80864f1106fb3
- SHA512
  
  f4f5b53ad78e89409e46179db2286842a6edb14c920c466c57ad160ef17cc95055fe610de9dc122ccb682ec0f1ea2bd7908e52eac8193c846a8da277d42a6bd6
- SSDEEP
  
  393216:5CSO2to+1kmcVJ2HvYPE+cgLGYlaARy7nMvuC7O2XmA0:5CSO26+1kJLwD4RhmCq3
Score

10^/10

defense_evasion discovery evasion persistence privilege_escalation
- Modifies firewall policy service
  evasion
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  win-airplay/Blueberry-Airplay-Youtube.exe
- Size
  
  1.3MB
- MD5
  
  7267c81e58270e30637a88364784d280
- SHA1
  
  759cc54d57436818b1bb812855a49919b2998ea2
- SHA256
  
  5b9f4b043b306c4577610d7980d42a38a4a1b8c611d0ff13ceae33e64334c224
- SHA512
  
  e5e6133636ba07660f7f558a31a4d02a54d7af1498168b57234ff89b197a0401ae6afc08ab4fda6eb178bdd7717f48c6caf0c591a2647d7fa20a89a2611fba05
- SSDEEP
  
  24576:AzJ7tK6J6KOtvsSbuu7lNvMBeMtLfKzC05+iMo5wIVZ3UJchmJMnzYU8kaKRqvn1:F6JvOtLbRNXdC05ZMoxZ33hmKzKXKCn1
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  win-airplay/Blueberry-Airplay.exe
- Size
  
  463KB
- MD5
  
  d8b60b34a2ba716d06ccd41716e330e2
- SHA1
  
  2ee2007f61e93a81aada7e875e08c50c0b85c2e7
- SHA256
  
  02e38cf1932bab2cd485234b0b4442c413d6518203d806988f432856f979fc8a
- SHA512
  
  f903f78c287d45cef8bf2b2865d9265fc447a4ea2b1ad56b2dc2c59811ebdcc49bc64aa68049a61677fa35826d46da6337936dfb4b44b127e731532b440e5d33
- SSDEEP
  
  6144:i1z7j62HxsgYZhWR42gGn2So70wS9qaYTGAU+GL+3H:gfoGto70/gP3H
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  win-airplay/Bonjour.msi
- Size
  
  2.2MB
- MD5
  
  e14a6762e68472c648ea0eea0ebe01a0
- SHA1
  
  a854475b22a934ff977edc23e110ebba79a010fd
- SHA256
  
  34b0af1165f531847b509d3d47f22bb87f3eed93344521986105350bccc2cbed
- SHA512
  
  cfbf3dc4b6ee58dacd1e50cfdd73a202ef2b6d0526fe657a19c0b0a05a9e879b1a275368290c7da1a1f93971c4beead53765491dc0971886521b005247a22093
- SSDEEP
  
  49152:Oa3PPXjym3MYPiau9KXeixE2g58HcvGtXZXECrcxiO/pP/k/vY80as686oX/:VXemcYPiarP
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  win-airplay/Bonjour64.msi
- Size
  
  2.6MB
- MD5
  
  8dcf5c9eaacdaf4568220d103f393dea
- SHA1
  
  27f68596398b68ba048f95752b4eeb4aa013c23f
- SHA256
  
  53be81cc6e2dc95a1041e8f3d8f500fad4259ab20a1aac151b5fc7a64d354a93
- SHA512
  
  10f8ffb6fa5e7163f0a83190ddf211479f12e16635389b49ac041eceafd7f04c040d830065adc89b1003f38d8381851c09150a5bc8edced6ecae8ee5ae801088
- SSDEEP
  
  49152:aXMDiLYLW8Rv5GYCRL69MXeixEEgj8HyvftiZikCTcRi3/jP/N/v08Masv8Qo2/:wwPR8YCRLVm
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  win-airplay/SDL2.dll
- Size
  
  1.1MB
- MD5
  
  cfdcf1cff079dd87c92d6aa46f00135f
- SHA1
  
  079fd89d25b343789610ae1421f1956a14bc737d
- SHA256
  
  ffbf5aa7d13fed5d12ba68ba3af930a15aa5d0ff97cfb50a5965a498a941a6dd
- SHA512
  
  9f48a1fba28bee8bc64479f5c6e8e5faad9e71da4ee0601630070bf69a847a580ffe8c34f53d5ae85a76cf2ea0740e520ac5bdb2f5d009b4bd9ca3ea8893845f
- SSDEEP
  
  24576:G/stCXh0JoiOt+7fklSAhteb7LVUdC8J6CK/UlCrlefcwn0TSbW4Tv6ss9us0u33:wstVZaYuWNCRLa/r/fHc/d/xHq/z/Xw8
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  win-airplay/airplay
- Size
  
  1.2MB
- MD5
  
  3658b11fa1c41f50c08aa741f3c28948
- SHA1
  
  9340b1c7fc756dfc927287503c0e6e604928a72a
- SHA256
  
  89a37cb16c03eda82e5f6309c42358f4f8cea0e279386912a90739ee2b91bca4
- SHA512
  
  849274c2d7cbce54d3b57cb54c3f1a754f5017d1658901691a2f8bf2c3e3886d98e125f5134a2627a24e27e83ced8b180d1983f50aa66c279f5b8907363ef5c8
- SSDEEP
  
  24576:OUNm5R10DmudnZMu3T9e9SUhZADlBLLfKzCuGCytIAqNnZKuOCzmIMbz7M8Oak4+:u0DXdnZD8DhUiCuGJtIZZKKzmLzptbIV
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  win-airplay/avcodec-58.dll
- Size
  
  13.1MB
- MD5
  
  35241987061342637fc7a2ee0c38b88f
- SHA1
  
  adf94deec5412ec5a3a4f03d8889ae5e58aa0f40
- SHA256
  
  cb8e954fd76e363cb48f0afb9e87db8cfb2646edfb66a321cd446a2166dbbb23
- SHA512
  
  ce9218c2edb135971bb901feaeb57df81b651957e6c68228ef1f689277c65966ad103fffcfadf28bc79b1da4ea657284c0b7f145944993efac6e14b541579f08
- SSDEEP
  
  393216:yfhXF6cVhKLh2RJMDhydfoN32IV0PGhjLXHSpTy:yfhlZ+l2IV04ew
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  win-airplay/avformat-58.dll
- Size
  
  2.4MB
- MD5
  
  893482fc85d1b4eed7f437884edb0853
- SHA1
  
  42686213b4f5999c511d98ad0324207c5635145b
- SHA256
  
  d36d0718790e389aa3e222aeea10e430c810e994355ffb54f0f40456354d463a
- SHA512
  
  c5cbda2b33cdbbbc21c0fd50a93dfe8b8077b7b62eb470a2e8c9dbbc71cfe18adb22aedef1f97223996ec329cdd3effba3e0a1ed01d2a0eed0c16b29005639d9
- SSDEEP
  
  49152:BqS0QT+WUzhm2xpq4qhv2hSONY0wXZ8ps7o83Q5:BqgyWY4Ko4qV2hPNYVXZWF
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  win-airplay/avutil-56.dll
- Size
  
  632KB
- MD5
  
  77728494071d91965eafcb429f7f5079
- SHA1
  
  3ff9000c759e41fcc71cd05fad6162ce94b1e787
- SHA256
  
  1a2c893c4f3abd0f5f0536e49149d4ef410b307d9285d687bc5a25b15db88df1
- SHA512
  
  74b6c71c52b7f3e42684ac613aa8754ac7a185eda59bc33964d8d637f4bca4a15a0bc7f39791f56f3ac10079716956970d3a6b51f1da1aa427dbcd30ffe7199b
- SSDEEP
  
  12288:LJzDgD5bRZUMvyNrgKhC7obcuNqE+ZlixX:LJzU5bIMaN8Kk
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  win-airplay/cairo.dll
- Size
  
  1.9MB
- MD5
  
  36ca0b374a02ca218857452df0463272
- SHA1
  
  71ff37234ea5feb7449a35b86f03d2fd25a09bbf
- SHA256
  
  f945c7bee316109182f2c18ef0aed91a8b684cee8c41149c3103e7d3360a7405
- SHA512
  
  9f8d7f5d80aa627e362c3480b2593ceaa4d4854db3e8709a7ec151c027265bcf3e9d89cf623273051d796376b3c3671abd2b88e305fc462a4da41079496e0dbf
- SSDEEP
  
  24576:5ogEGYqkWmS3b3Ph6X8oGmOTT33H9jV01ozt8L7K0E1tyTDoNDPDc97ylMphlTMV:qgElsxoVOTZiK0WUWhahxM2Nj1zm
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  win-airplay/fontconfig.dll
- Size
  
  214KB
- MD5
  
  8715791453500a9957c547a2c3e47121
- SHA1
  
  67683d7fd8fde6d42444f4d3f5f579ba4034049e
- SHA256
  
  ee897f9f2d145d6159dcfd921d28214a92f94bbacf5e876c4a0df676d9da7182
- SHA512
  
  a9a78faea1f8d5d7baef17a059dcde84ffbb77565ca53157b1344ddeca19ebf8a363750e6344fdfa3ce488a49ac67a9ed395266c567d032e7c2938ff1ed81925
- SSDEEP
  
  6144:RiBOc6FB4/habTmI5hfRlD8iU8NMtsHEGQnfj:RmowhabTmuRiiVStGQfj
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  win-airplay/freetype.dll
- Size
  
  652KB
- MD5
  
  4316fbe5f79c07148784ad046d4713c8
- SHA1
  
  602cdd2cc10524201713428a189d8853bd773e6c
- SHA256
  
  0b8adf00d7cbaa8297ac350c30fd9c89c1d21afb4052492af5f5e242ca8420ba
- SHA512
  
  c0c21d51f6764508aaa940ef60bebb3c701b41b81be3eb8595ece3679c2b4600d80250f3ff92c8e0387e1149d1bd925e2b03d2f6259a3331e7b153f7e390b1a4
- SSDEEP
  
  6144:xrmuyK950g8e9Aov5CzpIAXetjjuI1t2MyhRG8GJlN0jozqFOeM1/qKWsEWmfDM:5p8eqo06tjj9t2HGHN0joOYeM1lfEWm
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  win-airplay/libiconv.dll
- Size
  
  1023KB
- MD5
  
  f3c33d50e875c8f58a38ffa4876fd501
- SHA1
  
  da9a9d1544ec9e454f357937a1868e6e1f58703a
- SHA256
  
  f739136d5977a3c3f3bc6bc587faecce5a2a8d90f36985067183da5d93db3860
- SHA512
  
  3d1d5be8a6f3a0740a8abf65de4d6d9e46c1c58a2af9b2a2eaef066ffa07ad985f2ce4333bd0ba683ffd92747ecd6eda03fa50615e584a922873d3f7047fdc13
- SSDEEP
  
  24576:9VSViOykyuI/dBAUZLYzfobbTIfBlHimdGavkg3NyvJ:HkyuI/dBAUZLYLJfHZdGaX4J
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  win-airplay/libplist.dll
- Size
  
  69KB
- MD5
  
  3884ca71f0a70645cb844c5baba40f40
- SHA1
  
  c87b47d9049d486d68b9fc07357224b45aea1bf8
- SHA256
  
  362b2f4a8d6e8e50dfee53c11cf633736198c1dbfb1267202b6ec29c8a8b1208
- SHA512
  
  cf28442650e1673e34a6144fc2149b9fc493394adb7fedb7759a8e321ea956d2b18f228169cf2b3559737a583a8cae5996d32f4098f91ae69df8a2e6eeccc0a6
- SSDEEP
  
  768:Uec8KDLi9V4HDjqpX/liWP7Oq8ElrMAulUX/W+1jqZmdIZz3c3v3ItDSJjm:oLQV4HDjqptKE2Aos/W+Fqph3kv3ECS
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  win-airplay/libxml2.dll
- Size
  
  2.2MB
- MD5
  
  81e84051c52f747549d6e9348c6151ad
- SHA1
  
  21ab3d966a663e5857cbd5f212cda7c1add4c48a
- SHA256
  
  44263c4220ff60de1087a50c91572f746d1ba262af1f0d84b995a828ee59cf96
- SHA512
  
  ca336f01c869157179594a6ffd0cf9adf024940157b70b7a50e355f6b96ed6504b4c032fe949fc254dd3d2527e4371040eef615e2268ee5bfd65e0721b65b013
- SSDEEP
  
  49152:wh/FNPNDKFe+cwIHRtQW0kIBktov0Wq9408tdekm7MZ5SZ3e3fgqTwu+jrBAUZLu:wh/FNPNDKFeLwIHRtQW3ov0Wq9408td0
Score

3^/10

discovery
behavioral31 behavioral32