ffd4aee6de78cd447ccf84f5a4e331c0955a98b50a9982073adb867f79fd94bb

Sharing

Copy URL

Twitter E-mail

General

Target

htground.exe
Size

70.5MB
Sample

240807-j7s84avgpj
MD5

1f88188ca3849f0f8973d4db7a30f35b
SHA1

d7c23432a3ca17fec5fef26d57234a3fd1ee20d0
SHA256

ffd4aee6de78cd447ccf84f5a4e331c0955a98b50a9982073adb867f79fd94bb
SHA512

ec7d46c6dc8bbbb49b7a174d5fdbbbe7aa9510d6323d41680fb4fb13675b50b520a8caf7e762b18e192828829b0d1229eb1c65e7086f22f9264142a124914c0c
SSDEEP

1572864:lzOCgp860WiSIf+BtTqYnlEN7PatTZg3iWZtYgd8AcfLJrn5H/vZYbA84Oap:ljgiiIf8jENk63TZtYgULLHlp

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  htground.exe
- Size
  
  70.5MB
- MD5
  
  1f88188ca3849f0f8973d4db7a30f35b
- SHA1
  
  d7c23432a3ca17fec5fef26d57234a3fd1ee20d0
- SHA256
  
  ffd4aee6de78cd447ccf84f5a4e331c0955a98b50a9982073adb867f79fd94bb
- SHA512
  
  ec7d46c6dc8bbbb49b7a174d5fdbbbe7aa9510d6323d41680fb4fb13675b50b520a8caf7e762b18e192828829b0d1229eb1c65e7086f22f9264142a124914c0c
- SSDEEP
  
  1572864:lzOCgp860WiSIf+BtTqYnlEN7PatTZg3iWZtYgd8AcfLJrn5H/vZYbA84Oap:ljgiiIf8jENk63TZtYgULLHlp
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  69.7MB
- MD5
  
  1f04f0f8dd966f8195a7f6e302f94cc5
- SHA1
  
  f38daed943ffdee10ad3d6bdb0abbfb0be8e25cc
- SHA256
  
  cd34496809ac891a775fb4b3489420a8ab4dab812708ed9b159ef360c947852c
- SHA512
  
  bbc126bfd1b47b36f5e52b20df9bac8b1d0b05e7108e1da753da677803584c2ca0c45ae520bb1f737629959a058ee6193aaf1c90f6bb579053fa44632b245e12
- SSDEEP
  
  1572864:iOCgp860WiSIf+BtTqYnlEN7PatTZg3iWZtYgd8AcfLJrn5H/vZYbA84Oaz:YgiiIf8jENk63TZtYgULLHlz
Score

3^/10
behavioral6
- Target
  
  locales/tr.pak
- Size
  
  465KB
- MD5
  
  0aedf5c2f6f4f49074a2adea454df4c9
- SHA1
  
  a48d9d8461e61170257897766dbd6906e754a0c3
- SHA256
  
  3f4658b3811b36f5cad794e48e6507335abfe78b0bfa0c80d1ef9c5d7bb410d0
- SHA512
  
  e359e446330fc154c16e34a7335174f372bce701faf85de8a5f4b432ce3e10c69f42c93b7182deac89bb4d29750d0dd525b6dcd74a5b7bd724f544d14ba44a79
- SSDEEP
  
  6144:FQ9HSLQl2q4qRv75az4lTxJXZvqcf4Sd9Ipksge7545/R+Ei1OCvdhAMTwiBK+66:F4SEl2q4qzaklVBhIpV545/g
Score

3^/10
behavioral7
- Target
  
  locales/uk.pak
- Size
  
  798KB
- MD5
  
  64aa9344abd9a32f10d6c05a58eda4eb
- SHA1
  
  3286ee43f36e2232677b4573e8b4a3303c7df048
- SHA256
  
  ca20af5982ae706f5029467901d7d66f90b261f03c7d240d0d1ab2fca2b50a7b
- SHA512
  
  dd768b314da50b8ba5a006a4e56d70044c1af79960834722894d930f5347194ae7f9f5697bc4cd0790a79341635cb1df8c74ff45f74d1736049161af5b163efb
- SSDEEP
  
  12288:LVaMf4WifCrn2RIxnaLIN0ZCViZIJ7I5SB3IjzAJmEIl5ujLNiXElqb1EfC:Ld1i6rxI95bE2
Score

3^/10
behavioral8
- Target
  
  locales/ur.pak
- Size
  
  696KB
- MD5
  
  88eef2798dee8a361c3ea9bafaa02a35
- SHA1
  
  6f8d4ce422336ca5048ef35d6ece360a9b416d8a
- SHA256
  
  91318006c880e427417a2b2fff81fd451769a5536fa16d1dc185972137bc2d6a
- SHA512
  
  db36b58186f165ff3f746ac483f75b6fed596fad9b3f335e86b374b359e563407acf58ac7cded9420e4fcb91f31eebc8a91c7777ea59bafced8cff2f1c0e9a53
- SSDEEP
  
  12288:5xU+Nw5U8PoF8xxyWJM5T5BZPEFYWmumwQYrSwadcJKwUzu8co/9NjjFpvTg:5xP955DW3
Score

3^/10
behavioral9
- Target
  
  locales/vi.pak
- Size
  
  551KB
- MD5
  
  4c5c09cb7e6eb120c8019fe94e1ac716
- SHA1
  
  f018e7f095605e21db24944b828cc3580cba863f
- SHA256
  
  e7319ca18eba379772954132493bbabb448d4e97d755b85360ed337216b48800
- SHA512
  
  d171ee83cf02a8904290a74df1224556887e41333b8a01fbd95f0cacc88d230195fbfb6f99f9e02573d4864b3c95b570a77c2a0b1e19324d2599925e40684807
- SSDEEP
  
  12288:KwEm5WJNuE+ciwJFrAsUaBScxgsHlZ0JdHqRPzaM508ETCoFAi1PzisTm7oA:TAJoE+ciwJFgaTxgsHf0J4P508uCri1c
Score

3^/10
behavioral10
- Target
  
  locales/zh-CN.pak
- Size
  
  398KB
- MD5
  
  07b6c43d87dbf93ac8abe6837f3c2103
- SHA1
  
  79e033179b445609b3f1756c3f4184d5efacf1c2
- SHA256
  
  7f85b35938fadca91bfd8f92ca53613718e375ef010c340947dd27a4ff66594c
- SHA512
  
  38ef8f8a8a950b11c18eb7a40da721b888ef792a49e1371dc8c1eb22058a6791f95bf9b25df4ba190a7aa6cb62ce38b0bfaea83c71b62cde6980d12cf9da53f9
- SSDEEP
  
  6144:iDL1fUjJVNmz7+anG7a5DnyykkFS5C4TNpI3DaNllf:sGJV4zia/5Dny2S5jTNpI3DY
Score

3^/10
behavioral11
- Target
  
  locales/zh-TW.pak
- Size
  
  394KB
- MD5
  
  960e99a171c4ed4b6d787027ba88774d
- SHA1
  
  e3869aff0c52841c9df718133e7c4be2977de7fb
- SHA256
  
  e42640f5309add2ea7fd5a4db503b93e479ef14807710a06d7e53a0f261da8e6
- SHA512
  
  4e51d787aff8f425d101882bd70e71b88b253f2ca61ed54dd7ff77c7e3a1d6570b270f4eb91f2d03869ea4537d09e141f3e32ea3a27537295ec698bf26305cbf
- SSDEEP
  
  6144:SpyK3dSRMig8KJ392h2Du0AhVF5a5nzICFG0yn/9yYTo:k2dgpfAhVF5a5nzjqn/e
Score

3^/10
behavioral12
- Target
  
  resources.pak
- Size
  
  5.2MB
- MD5
  
  6e1fad905fa7f5f18dd5ce2fb95fb502
- SHA1
  
  215869f0ec522461305573d9656129c53c2373fd
- SHA256
  
  6f7b84f43e96c3e4681d998eb46e5adb5e04005d46d480400dc9314d4a253c43
- SHA512
  
  3cce71cdb801f06ae885fe65736f4c9424f4d5d527ca80d5149100f1815df0ea52bcae9e7ce06e5dd6cf67a5214b264ab806fbe770798ccefb2984ed2cba4235
- SSDEEP
  
  98304:KUxSthDqmWPV95jG1p60RCPNSIh1SUeCQ29GrwrJ9ctYXiQxSlzY7G/bh4sWrr:KUktJqdd95jghUV/hQUeCN8krJ9YY+UT
Score

3^/10
behavioral13
- Target
  
  resources/app-update.yml
- Size
  
  105B
- MD5
  
  1c59ded0a83f7ec553fd19ce55923bd8
- SHA1
  
  912f2f4e481ce01bf1182e0aeed3e30f96e19fbb
- SHA256
  
  6631c736b0f3cd01c5304d4e35673fcd18ffb888c91cedbbf6a388ce359a2384
- SHA512
  
  a755559090d35e8e004b892f46f60706ba43cbd735183cbc52d45fecfa4c8d12cfcbc335f1e3144c81e9ee469fa48833c7ab19a6afdbea459c166d0cd7e0f0ed
Score

3^/10
behavioral14
- Target
  
  resources/app.asar
- Size
  
  5.8MB
- MD5
  
  70f2ccfb9c72ae274555be0f928ed46f
- SHA1
  
  763bf08aa42aef44b634da79ebddeea6d7e09e4d
- SHA256
  
  d5942fece260b113e89105404888fa6c042e987317ac89af451a616497004026
- SHA512
  
  027ae1bf8d205873a06f9c08f29b1ceacd579522fe25036b66b409d6b022f441bdfec8eed3647c4ba650f710ba3f67b0ee7f04fa30bf409b782dbe2dbbdc38b9
- SSDEEP
  
  49152:iPz+elol8uWChA11deQ6PBsjWa9zalChCw9O2UE7fumdYF8C5KJj8Q:iPl18BVqfMQ
Score

3^/10

execution
behavioral15
- Target
  
  resources/assets/assets.d.ts
- Size
  
  623B
- MD5
  
  b9d1467e2b8b9e67630f784255b565dd
- SHA1
  
  67f2a748753e51c6b782c2a257a9e3b088cffacd
- SHA256
  
  d1688c0a786e3d9c4dd1a71178fcd06230eb5eba9cd64421015b98c170cdeec6
- SHA512
  
  f29bd26c1f3e7c685c9e85acd62b78e0880bd58b00094e01088beaaf141ae8ad5b74589e164b7f4a2882de40f98158443c9dfe6b90ad2a7ba8a957d4202bcb10
Score

1^/10
behavioral16
- Target
  
  resources/assets/entitlements.mac.plist
- Size
  
  333B
- MD5
  
  9920b60c89256ceca825062dc9c53c53
- SHA1
  
  0f1d847ef4067022c69fd82c135f3dfd2e4d352d
- SHA256
  
  f4b2891dc2b1239191cecf7cd5b9a36ea4edaec33c1cc091e09380d669e8fb63
- SHA512
  
  93ef0a66d6aa8091af3ab8af4b1ced502ded11f658aa77b6a5fe9e3d36bd5d01231060a0a656ea627c0fa32313b7a3438c75e1eb96f4f07692ee4d0f53ce9a90
Score

3^/10

discovery
behavioral17
- Target
  
  resources/assets/icon.icns
- Size
  
  109KB
- MD5
  
  e5345089314cddb283d824fe016fb77d
- SHA1
  
  bdca4f17e7496029f1ae92dfcb8f85c5c8f757b8
- SHA256
  
  6db2814c193690d44e7b7aa1c8e0949534315e2a7cba55f830c31f97a417de59
- SHA512
  
  c952166fe3460d9d6a5d1568dbcd08d1bbf0042dc2ff88147a2d6a9bb4b38d3ebbc1adf5d5fb25a20e97508dc7addc28ad8636b1df267fd140d842baa6b0883d
- SSDEEP
  
  1536:VCnTZdwaTsN4AQTJZ79I/CFoiK3aVDdMGJ8Ln/B3vaxGa12gEWZY+4SBWduW:VeG+r6qeiK3aVZMGJMNixGa1FuSQQW
Score

3^/10
behavioral18
- Target
  
  resources/assets/icon.ico
- Size
  
  264KB
- MD5
  
  3bb9ba85219d0e80c6447db203c04b92
- SHA1
  
  9882cf738a945afda44d1c191b9934e73da76a10
- SHA256
  
  efdf87970200a357152ca8ac6dfde889b15dd2f38b82c0d232519fa8762379f0
- SHA512
  
  1893f79b891419b8b541f6f570748fb395f1e99825591894b1f116a44b487d194f7d4f7bd5aa0b2a88cd558b5b71610c0de62d9989de3c89f462d8ea96a8cee3
- SSDEEP
  
  768:Uvhu6mWf1bEHa/5ahcQL+3P6V94yc+wScceOeViANRXivobPGZdhus+z6sF2ghLR:B9f
Score

3^/10
behavioral19
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral20
- Target
  
  snapshot_blob.bin
- Size
  
  262KB
- MD5
  
  40a3c2200e4126e8c47a7802532c9236
- SHA1
  
  212a4686dea5a467b7b6fa54397e42122b235f1e
- SHA256
  
  94aa518fc892ee9a0f1eb5fe35b60123ee61a5f848864b00519b96d8d5d9786d
- SHA512
  
  fa1a943822abe3737587d520654078117cae86c58fefe6dd6a09f4a08c09293e9547a0ad79c52f8638dfbb1c496df3d0e828ce414176c8fbb77113be41212866
- SSDEEP
  
  3072:rbr3R2ER50fFjzgZ911bECxLyuUR27gLz3jzOXSO2xQJjKbCP:rP3R2E0fFCFbECxe527gvk
Score

3^/10
behavioral21
- Target
  
  v8_context_snapshot.bin
- Size
  
  581KB
- MD5
  
  264e3b574e4f86b1fc47b2427402e779
- SHA1
  
  4a4f9e7c3da262713e4cf7af6ac51822c56b5ef3
- SHA256
  
  ed559c6e81b6003b2057e5c1b0bdb5b28ca094b895ca86c69fe11c5c9e014f06
- SHA512
  
  144365d0fb83576aaa02ea6ecea51d7ba2cacb044eea568a08f65b98a83d3e7d7e693738e065e22f94bfd1165d0ea93a749dd1325d829257a9bb6607a9a927db
- SSDEEP
  
  6144:6TY0P3R2EpdCFbECxUg8zifcarDJI2GZaGKtQPd9ZVetBRkPjBgnYAz7E:m5itRHtQfVEP7E
Score

3^/10
behavioral22
- Target
  
  vk_swiftshader.dll
- Size
  
  4.9MB
- MD5
  
  32e09c64943e115c05868a451ceebea6
- SHA1
  
  496d79a5d9d6ab52c93a1c6747a96c18652ed5c9
- SHA256
  
  fac0fb613864b5fcad21b5dabb7162fd3c11fd761c4ddb80ef57d94237342aeb
- SHA512
  
  ab82dcbd3bfa4aaee4a9fb9eaee210b221b6fdf96db4a259bac964638a4f8964a927c43d9215d5fe8f0d09f7343efb771eaab5fc36bfdcdec9629b00d231f10b
- SSDEEP
  
  49152:Q6PkZFjKeDTIEvAvlo6coVQxa8sVr0yN1J+MuXy557nDOPNt7wpr30sN+05uQKYP:QNZFjAgpOz2VeCCAkEvkCvGZN9z
Score

1^/10
behavioral23
- Target
  
  vk_swiftshader_icd.json
- Size
  
  106B
- MD5
  
  8642dd3a87e2de6e991fae08458e302b
- SHA1
  
  9c06735c31cec00600fd763a92f8112d085bd12a
- SHA256
  
  32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
- SHA512
  
  f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
Score

3^/10
behavioral24
- Target
  
  vulkan-1.dll
- Size
  
  917KB
- MD5
  
  291cf47b098075135ced306a22041027
- SHA1
  
  903efee96043861f55817df1a02e6edb1361d67a
- SHA256
  
  af0534b4288dd27f458cfe997200094a121acf4e4320e1c317761c762b9127a0
- SHA512
  
  6b9e5cccaf3582eee87a21806fd6b3c5718acb30558f5855dc47ad8469dec43c33f664c681bc329a2ba06c06fe1276df307aedfb3dc99f05bc813228b1c015bf
- SSDEEP
  
  24576:NV9nIy2kwpHHPDnCo3A1XpQ66Z5WoDYsHs6g3P0zAk78G3:Bt2zNLnxA1+66Z5WoDYsHs6g3P0zAk7/
Score

1^/10
behavioral25
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral26
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral27
- Target
  
  $R0/Uninstall People Playground.exe
- Size
  
  386KB
- MD5
  
  2f813c96942db3f038a2dd99afc793eb
- SHA1
  
  7b326b0f587bc2c7bb934b9e8bb716a2f99eb295
- SHA256
  
  8570d34cc120e43f8c2cf64fb06c54c30d4557035dcfeb49abb5cae874ea3122
- SHA512
  
  32b7a3446bfb8d7530728cd0ce1a1992e3bd9af3d5e9269c9a06bc7fcb206e6f9cb0a35d8bb8dcc45f0c61596e03352149bebb42e3187911eae279b67ccc0150
- SSDEEP
  
  3072:qn77v00hEoDEtauc1uHH78UKHE2SaH2tvhOEA1RJCir86SrSrv6Ia30:q740IM1A+xSs2t0EyL+yak
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral28
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral29
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral30
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral31
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates processes with tasklist

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32