73ce1277ab8bd148f5c40e121c1fd7710acb1443e074c0f926b871c36f0f35bc

Sharing

Copy URL

Twitter E-mail

General

Target

doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe
Size

100.4MB
Sample

240806-wg1xgawajq
MD5

cd7120f0525e25a7f468ba659c2f09ec
SHA1

794dac92693ebdecb09aee22c92cc1022d6e089e
SHA256

73ce1277ab8bd148f5c40e121c1fd7710acb1443e074c0f926b871c36f0f35bc
SHA512

3d6e0eb2edc54697e9bae03ddde0b49393ae21ad358a01732d15d1057f65e50d6c1c08748c2a6e586df34613eb1a4db3605dc651c39792502b49252e4837aaed
SSDEEP

3145728:7jtmK+4P8V7Hfi+pu/NazL2AkrMJ/OBLaCq1b3/:AK+HV7/i+aa3NCe/

Score

8^/10

Malware Config

Targets

- Target
  
  doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe
- Size
  
  100.4MB
- MD5
  
  cd7120f0525e25a7f468ba659c2f09ec
- SHA1
  
  794dac92693ebdecb09aee22c92cc1022d6e089e
- SHA256
  
  73ce1277ab8bd148f5c40e121c1fd7710acb1443e074c0f926b871c36f0f35bc
- SHA512
  
  3d6e0eb2edc54697e9bae03ddde0b49393ae21ad358a01732d15d1057f65e50d6c1c08748c2a6e586df34613eb1a4db3605dc651c39792502b49252e4837aaed
- SSDEEP
  
  3145728:7jtmK+4P8V7Hfi+pu/NazL2AkrMJ/OBLaCq1b3/:AK+HV7/i+aa3NCe/
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/MicrosoftEdgeWebview2Setup.exe
- Size
  
  1.5MB
- MD5
  
  8b3b487e9dfd2852b5c8634b418e7c7e
- SHA1
  
  45ff4beb4125aed9fef91e88c03e93b8853ddeb8
- SHA256
  
  61ab4d9e17954ad9885736ccd19a9a7e809105074b59d12ab78f4eefbe5d9581
- SHA512
  
  2c041aeb5decf51134afbbf5583ed4a23d92ff5a7bcc35450a07f123b9950a57646522a5dcb34089e118ee353ecd1041e0eb020e55f9b9f8e67bb35cf519295d
- SSDEEP
  
  24576:3wy53G70SeiN9YqxCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzU:Ay53w24gQu3TPZ2psFkiSqwoz
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsProcessW.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/windowsdesktop-runtime-7.0.11-win-x86.exe
- Size
  
  50.6MB
- MD5
  
  7971543116eca5be24d8c68c87e578c6
- SHA1
  
  7494d16f34b5f7ed1388038818817732fa7b8204
- SHA256
  
  9e3802fa0578282a65d8df72ba0308660fe80a67dd023e02e94dc2d3c11834e5
- SHA512
  
  b7583409ea718d60ac81e8d28ab7511850d0b43e9bb9ea8488dd473b1ca904afe99d1ab298b1c5ab5271d8584baed65653196d3caf0ad9737e70f2eccbb9be4c
- SSDEEP
  
  1572864:X0O4UtPJkn3tgKnhGV/38V7Hf56BzAjpu/NlIu0TP:XjtmK+4P8V7Hfi+pu/NazL
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8