8b9147aeca757bc36f30e98c7481ec302d2be6de1b893a6f2ad80864f1106fb3

Resubmissions

03-08-2024 19:46

240803-yg8nestbqr 10

03-08-2024 19:44

240803-ygbcxsxhld 6

03-08-2024 19:41

240803-yd6pnaxgpa 6

Sharing

Copy URL

Twitter E-mail

General

Target

win-airplay.zip
Size

14.5MB
Sample

240803-ygbcxsxhld
MD5

79907c402bfd25fa29f2fa1336b292af
SHA1

0f914d4eec4c6d3005b80ff6500a14fec13a384d
SHA256

8b9147aeca757bc36f30e98c7481ec302d2be6de1b893a6f2ad80864f1106fb3
SHA512

f4f5b53ad78e89409e46179db2286842a6edb14c920c466c57ad160ef17cc95055fe610de9dc122ccb682ec0f1ea2bd7908e52eac8193c846a8da277d42a6bd6
SSDEEP

393216:5CSO2to+1kmcVJ2HvYPE+cgLGYlaARy7nMvuC7O2XmA0:5CSO26+1kJLwD4RhmCq3

Score

6^/10

Malware Config

Targets

- Target
  
  win-airplay.zip
- Size
  
  14.5MB
- MD5
  
  79907c402bfd25fa29f2fa1336b292af
- SHA1
  
  0f914d4eec4c6d3005b80ff6500a14fec13a384d
- SHA256
  
  8b9147aeca757bc36f30e98c7481ec302d2be6de1b893a6f2ad80864f1106fb3
- SHA512
  
  f4f5b53ad78e89409e46179db2286842a6edb14c920c466c57ad160ef17cc95055fe610de9dc122ccb682ec0f1ea2bd7908e52eac8193c846a8da277d42a6bd6
- SSDEEP
  
  393216:5CSO2to+1kmcVJ2HvYPE+cgLGYlaARy7nMvuC7O2XmA0:5CSO26+1kJLwD4RhmCq3
Score

1^/10
behavioral1 behavioral2
- Target
  
  win-airplay/Blueberry-Airplay-Youtube.exe
- Size
  
  1.3MB
- MD5
  
  7267c81e58270e30637a88364784d280
- SHA1
  
  759cc54d57436818b1bb812855a49919b2998ea2
- SHA256
  
  5b9f4b043b306c4577610d7980d42a38a4a1b8c611d0ff13ceae33e64334c224
- SHA512
  
  e5e6133636ba07660f7f558a31a4d02a54d7af1498168b57234ff89b197a0401ae6afc08ab4fda6eb178bdd7717f48c6caf0c591a2647d7fa20a89a2611fba05
- SSDEEP
  
  24576:AzJ7tK6J6KOtvsSbuu7lNvMBeMtLfKzC05+iMo5wIVZ3UJchmJMnzYU8kaKRqvn1:F6JvOtLbRNXdC05ZMoxZ33hmKzKXKCn1
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  win-airplay/Blueberry-Airplay.exe
- Size
  
  463KB
- MD5
  
  d8b60b34a2ba716d06ccd41716e330e2
- SHA1
  
  2ee2007f61e93a81aada7e875e08c50c0b85c2e7
- SHA256
  
  02e38cf1932bab2cd485234b0b4442c413d6518203d806988f432856f979fc8a
- SHA512
  
  f903f78c287d45cef8bf2b2865d9265fc447a4ea2b1ad56b2dc2c59811ebdcc49bc64aa68049a61677fa35826d46da6337936dfb4b44b127e731532b440e5d33
- SSDEEP
  
  6144:i1z7j62HxsgYZhWR42gGn2So70wS9qaYTGAU+GL+3H:gfoGto70/gP3H
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  win-airplay/Bonjour.msi
- Size
  
  2.2MB
- MD5
  
  e14a6762e68472c648ea0eea0ebe01a0
- SHA1
  
  a854475b22a934ff977edc23e110ebba79a010fd
- SHA256
  
  34b0af1165f531847b509d3d47f22bb87f3eed93344521986105350bccc2cbed
- SHA512
  
  cfbf3dc4b6ee58dacd1e50cfdd73a202ef2b6d0526fe657a19c0b0a05a9e879b1a275368290c7da1a1f93971c4beead53765491dc0971886521b005247a22093
- SSDEEP
  
  49152:Oa3PPXjym3MYPiau9KXeixE2g58HcvGtXZXECrcxiO/pP/k/vY80as686oX/:VXemcYPiarP
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  win-airplay/Bonjour64.msi
- Size
  
  2.6MB
- MD5
  
  8dcf5c9eaacdaf4568220d103f393dea
- SHA1
  
  27f68596398b68ba048f95752b4eeb4aa013c23f
- SHA256
  
  53be81cc6e2dc95a1041e8f3d8f500fad4259ab20a1aac151b5fc7a64d354a93
- SHA512
  
  10f8ffb6fa5e7163f0a83190ddf211479f12e16635389b49ac041eceafd7f04c040d830065adc89b1003f38d8381851c09150a5bc8edced6ecae8ee5ae801088
- SSDEEP
  
  49152:aXMDiLYLW8Rv5GYCRL69MXeixEEgj8HyvftiZikCTcRi3/jP/N/v08Masv8Qo2/:wwPR8YCRLVm
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  win-airplay/SDL2.dll
- Size
  
  1.1MB
- MD5
  
  cfdcf1cff079dd87c92d6aa46f00135f
- SHA1
  
  079fd89d25b343789610ae1421f1956a14bc737d
- SHA256
  
  ffbf5aa7d13fed5d12ba68ba3af930a15aa5d0ff97cfb50a5965a498a941a6dd
- SHA512
  
  9f48a1fba28bee8bc64479f5c6e8e5faad9e71da4ee0601630070bf69a847a580ffe8c34f53d5ae85a76cf2ea0740e520ac5bdb2f5d009b4bd9ca3ea8893845f
- SSDEEP
  
  24576:G/stCXh0JoiOt+7fklSAhteb7LVUdC8J6CK/UlCrlefcwn0TSbW4Tv6ss9us0u33:wstVZaYuWNCRLa/r/fHc/d/xHq/z/Xw8
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  win-airplay/airplay
- Size
  
  1.2MB
- MD5
  
  3658b11fa1c41f50c08aa741f3c28948
- SHA1
  
  9340b1c7fc756dfc927287503c0e6e604928a72a
- SHA256
  
  89a37cb16c03eda82e5f6309c42358f4f8cea0e279386912a90739ee2b91bca4
- SHA512
  
  849274c2d7cbce54d3b57cb54c3f1a754f5017d1658901691a2f8bf2c3e3886d98e125f5134a2627a24e27e83ced8b180d1983f50aa66c279f5b8907363ef5c8
- SSDEEP
  
  24576:OUNm5R10DmudnZMu3T9e9SUhZADlBLLfKzCuGCytIAqNnZKuOCzmIMbz7M8Oak4+:u0DXdnZD8DhUiCuGJtIZZKKzmLzptbIV
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  win-airplay/avcodec-58.dll
- Size
  
  13.1MB
- MD5
  
  35241987061342637fc7a2ee0c38b88f
- SHA1
  
  adf94deec5412ec5a3a4f03d8889ae5e58aa0f40
- SHA256
  
  cb8e954fd76e363cb48f0afb9e87db8cfb2646edfb66a321cd446a2166dbbb23
- SHA512
  
  ce9218c2edb135971bb901feaeb57df81b651957e6c68228ef1f689277c65966ad103fffcfadf28bc79b1da4ea657284c0b7f145944993efac6e14b541579f08
- SSDEEP
  
  393216:yfhXF6cVhKLh2RJMDhydfoN32IV0PGhjLXHSpTy:yfhlZ+l2IV04ew
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  win-airplay/avformat-58.dll
- Size
  
  2.4MB
- MD5
  
  893482fc85d1b4eed7f437884edb0853
- SHA1
  
  42686213b4f5999c511d98ad0324207c5635145b
- SHA256
  
  d36d0718790e389aa3e222aeea10e430c810e994355ffb54f0f40456354d463a
- SHA512
  
  c5cbda2b33cdbbbc21c0fd50a93dfe8b8077b7b62eb470a2e8c9dbbc71cfe18adb22aedef1f97223996ec329cdd3effba3e0a1ed01d2a0eed0c16b29005639d9
- SSDEEP
  
  49152:BqS0QT+WUzhm2xpq4qhv2hSONY0wXZ8ps7o83Q5:BqgyWY4Ko4qV2hPNYVXZWF
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  win-airplay/avutil-56.dll
- Size
  
  632KB
- MD5
  
  77728494071d91965eafcb429f7f5079
- SHA1
  
  3ff9000c759e41fcc71cd05fad6162ce94b1e787
- SHA256
  
  1a2c893c4f3abd0f5f0536e49149d4ef410b307d9285d687bc5a25b15db88df1
- SHA512
  
  74b6c71c52b7f3e42684ac613aa8754ac7a185eda59bc33964d8d637f4bca4a15a0bc7f39791f56f3ac10079716956970d3a6b51f1da1aa427dbcd30ffe7199b
- SSDEEP
  
  12288:LJzDgD5bRZUMvyNrgKhC7obcuNqE+ZlixX:LJzU5bIMaN8Kk
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  win-airplay/cairo.dll
- Size
  
  1.9MB
- MD5
  
  36ca0b374a02ca218857452df0463272
- SHA1
  
  71ff37234ea5feb7449a35b86f03d2fd25a09bbf
- SHA256
  
  f945c7bee316109182f2c18ef0aed91a8b684cee8c41149c3103e7d3360a7405
- SHA512
  
  9f8d7f5d80aa627e362c3480b2593ceaa4d4854db3e8709a7ec151c027265bcf3e9d89cf623273051d796376b3c3671abd2b88e305fc462a4da41079496e0dbf
- SSDEEP
  
  24576:5ogEGYqkWmS3b3Ph6X8oGmOTT33H9jV01ozt8L7K0E1tyTDoNDPDc97ylMphlTMV:qgElsxoVOTZiK0WUWhahxM2Nj1zm
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  win-airplay/fontconfig.dll
- Size
  
  214KB
- MD5
  
  8715791453500a9957c547a2c3e47121
- SHA1
  
  67683d7fd8fde6d42444f4d3f5f579ba4034049e
- SHA256
  
  ee897f9f2d145d6159dcfd921d28214a92f94bbacf5e876c4a0df676d9da7182
- SHA512
  
  a9a78faea1f8d5d7baef17a059dcde84ffbb77565ca53157b1344ddeca19ebf8a363750e6344fdfa3ce488a49ac67a9ed395266c567d032e7c2938ff1ed81925
- SSDEEP
  
  6144:RiBOc6FB4/habTmI5hfRlD8iU8NMtsHEGQnfj:RmowhabTmuRiiVStGQfj
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  win-airplay/freetype.dll
- Size
  
  652KB
- MD5
  
  4316fbe5f79c07148784ad046d4713c8
- SHA1
  
  602cdd2cc10524201713428a189d8853bd773e6c
- SHA256
  
  0b8adf00d7cbaa8297ac350c30fd9c89c1d21afb4052492af5f5e242ca8420ba
- SHA512
  
  c0c21d51f6764508aaa940ef60bebb3c701b41b81be3eb8595ece3679c2b4600d80250f3ff92c8e0387e1149d1bd925e2b03d2f6259a3331e7b153f7e390b1a4
- SSDEEP
  
  6144:xrmuyK950g8e9Aov5CzpIAXetjjuI1t2MyhRG8GJlN0jozqFOeM1/qKWsEWmfDM:5p8eqo06tjj9t2HGHN0joOYeM1lfEWm
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  win-airplay/libiconv.dll
- Size
  
  1023KB
- MD5
  
  f3c33d50e875c8f58a38ffa4876fd501
- SHA1
  
  da9a9d1544ec9e454f357937a1868e6e1f58703a
- SHA256
  
  f739136d5977a3c3f3bc6bc587faecce5a2a8d90f36985067183da5d93db3860
- SHA512
  
  3d1d5be8a6f3a0740a8abf65de4d6d9e46c1c58a2af9b2a2eaef066ffa07ad985f2ce4333bd0ba683ffd92747ecd6eda03fa50615e584a922873d3f7047fdc13
- SSDEEP
  
  24576:9VSViOykyuI/dBAUZLYzfobbTIfBlHimdGavkg3NyvJ:HkyuI/dBAUZLYLJfHZdGaX4J
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  win-airplay/libplist.dll
- Size
  
  69KB
- MD5
  
  3884ca71f0a70645cb844c5baba40f40
- SHA1
  
  c87b47d9049d486d68b9fc07357224b45aea1bf8
- SHA256
  
  362b2f4a8d6e8e50dfee53c11cf633736198c1dbfb1267202b6ec29c8a8b1208
- SHA512
  
  cf28442650e1673e34a6144fc2149b9fc493394adb7fedb7759a8e321ea956d2b18f228169cf2b3559737a583a8cae5996d32f4098f91ae69df8a2e6eeccc0a6
- SSDEEP
  
  768:Uec8KDLi9V4HDjqpX/liWP7Oq8ElrMAulUX/W+1jqZmdIZz3c3v3ItDSJjm:oLQV4HDjqptKE2Aos/W+Fqph3kv3ECS
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  win-airplay/libxml2.dll
- Size
  
  2.2MB
- MD5
  
  81e84051c52f747549d6e9348c6151ad
- SHA1
  
  21ab3d966a663e5857cbd5f212cda7c1add4c48a
- SHA256
  
  44263c4220ff60de1087a50c91572f746d1ba262af1f0d84b995a828ee59cf96
- SHA512
  
  ca336f01c869157179594a6ffd0cf9adf024940157b70b7a50e355f6b96ed6504b4c032fe949fc254dd3d2527e4371040eef615e2268ee5bfd65e0721b65b013
- SSDEEP
  
  49152:wh/FNPNDKFe+cwIHRtQW0kIBktov0Wq9408tdekm7MZ5SZ3e3fgqTwu+jrBAUZLu:wh/FNPNDKFeLwIHRtQW3ov0Wq9408td0
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32