b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1

Sharing

Copy URL

Twitter E-mail

General

Target

npcap-1.72.exe
Size

1.1MB
Sample

240805-xjwafavenm
MD5

cab256acf99dc6e0685c0567ea6ee658
SHA1

08aefa7d9a941ffe7d5c29d6b65d115109b5e2b7
SHA256

b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1
SHA512

7f2147cd7d2e0e044e4e46c26df015decc4ae4c51d8500e91f1155cfe91e58c38d5f9a10710e6c70ba7ab590a4828e344ac32f28ecefaf9557429caac626af9b
SSDEEP

24576:uZHcNHqqSX6AQzHlPnK7N1F7nJRFoK7EjvEYwa2MVZcXxZzHN9zqn4:aTUHlPK7rFj3qK7a2MV43O

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  npcap-1.72.exe
- Size
  
  1.1MB
- MD5
  
  cab256acf99dc6e0685c0567ea6ee658
- SHA1
  
  08aefa7d9a941ffe7d5c29d6b65d115109b5e2b7
- SHA256
  
  b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1
- SHA512
  
  7f2147cd7d2e0e044e4e46c26df015decc4ae4c51d8500e91f1155cfe91e58c38d5f9a10710e6c70ba7ab590a4828e344ac32f28ecefaf9557429caac626af9b
- SSDEEP
  
  24576:uZHcNHqqSX6AQzHlPnK7N1F7nJRFoK7EjvEYwa2MVZcXxZzHN9zqn4:aTUHlPK7rFj3qK7a2MV43O
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  22KB
- MD5
  
  170c17ac80215d0a377b42557252ae10
- SHA1
  
  4cbab6cc189d02170dd3ba7c25aa492031679411
- SHA256
  
  61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d
- SHA512
  
  0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f
- SSDEEP
  
  384:E0C43tPegZ3eBaRwCPOYY7nNYXCA/YosaWqZmZsHLA+KhHgt:EBTgZ3eBTCmrnNAEQ1hKhHgt
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NPFInstall.exe
- Size
  
  252KB
- MD5
  
  2400a7e797e848b767848a1d1abdce9a
- SHA1
  
  48c5b4818bf1a349046f2066f2ace922ba7f73a8
- SHA256
  
  dd72fbc54a219d3a157001ff0cb55016296062f0505801529c243feecdebb879
- SHA512
  
  980c431685d89161fd6f8f6c459dd2f41ee79ecbb0ea48e5c29aea9763154d5685b51f9d041b2482b9636891bc1c6d6a1afffedb92364b6b09212d31a190d45d
- SSDEEP
  
  3072:beAvCRFO25maSEPJJ1SxLtfJ5OGydgzwpXzcbU0ZFoecBkB3K9GyNyOLbTOa1sfG:bTCe+bM3MEU0Tjcb9rNyh/NGv
Score

4^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/SysRestore.dll
- Size
  
  12KB
- MD5
  
  d1a3f71186e20741b2bb0cc33ca79609
- SHA1
  
  b04761c0b7bc46e864a776514e4476eb372ef73c
- SHA256
  
  49b0450567c281494620193d0f3598bad8a474ae9910fedb161855f09a8ec1f0
- SHA512
  
  7eb904e4d2a6d87bccbe3e3f6562e53940195303a8024d2b0dad142a7a546b7a7a9287966e6d696246349008966349b6b56a3ce47978dedf49205bcfeb962b16
- SSDEEP
  
  192:Qa8pU6GVdndRqSzNJw7YUXmZscF8Bd1LAeVBZHlA6u/:upZGVdndRqSzNqZmZsHLAOhk
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  19KB
- MD5
  
  f020a8d9ede1fb2af3651ad6e0ac9cb1
- SHA1
  
  341f9345d669432b2a51d107cbd101e8b82e37b1
- SHA256
  
  7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0
- SHA512
  
  408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4
- SSDEEP
  
  384:u8+Qlt70Fj/lQRY/9VjjgLmqZmZsHLAMThHdjnG:uSqFjm6YLP17ThHdC
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  14KB
- MD5
  
  f9e61a25016dcb49867477c1e71a704e
- SHA1
  
  c01dc1fa7475e4812d158d6c00533410c597b5d9
- SHA256
  
  274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d
- SHA512
  
  b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8
- SSDEEP
  
  192:JDkDr/HA5v6G2IElFernNQZGdHskJw7YUXmZscF8Bd1LOtNBZHld3Mu:aDrvAxnJGernNQZGdHVqZmZsHLOtLhHH
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  NPFInstall.exe
- Size
  
  252KB
- MD5
  
  2400a7e797e848b767848a1d1abdce9a
- SHA1
  
  48c5b4818bf1a349046f2066f2ace922ba7f73a8
- SHA256
  
  dd72fbc54a219d3a157001ff0cb55016296062f0505801529c243feecdebb879
- SHA512
  
  980c431685d89161fd6f8f6c459dd2f41ee79ecbb0ea48e5c29aea9763154d5685b51f9d041b2482b9636891bc1c6d6a1afffedb92364b6b09212d31a190d45d
- SSDEEP
  
  3072:beAvCRFO25maSEPJJ1SxLtfJ5OGydgzwpXzcbU0ZFoecBkB3K9GyNyOLbTOa1sfG:bTCe+bM3MEU0Tjcb9rNyh/NGv
Score

4^/10

discovery
behavioral13 behavioral14
- Target
  
  x64/NPFInstall.exe
- Size
  
  301KB
- MD5
  
  69a2863281739e40702e40fde07ef72d
- SHA1
  
  8cf737fb5845a45445483cb1fae533c5a61da028
- SHA256
  
  5c2e569db9c5a978004b8fbf04ed372071ad998d759a12e5aaba470df158889e
- SHA512
  
  2315a4aa52f579a3633bd9c61c293b9fa78725d8331deee6ca24db70fb2565f431fc0f7f1ee84881b2e34b778ffc91c45e1b694ae517cdd266b0875e7089f178
- SSDEEP
  
  6144:kXsjhljsl2TL5ifT7SywFXe7Awk3VMQvOju:xjLs8H5ifHSBFO7ANF7R
Score

4^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Drops file in Drivers directory

Manipulates Digital Signatures

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16