a8e7d8d34a42541f03f8c29975be3a96e09bbf72d427eb7f10fd342b0f852e6f

Sharing

Copy URL Twitter E-mail

General

Target

a8e7d8d34a42541f03f8c29975be3a96e09bbf72d427eb7f10fd342b0f852e6f
Size

2.1MB
Sample

240808-hb53cazhrp
MD5

8a2d47ad5e1054b15ab5eebe6a3550a6
SHA1

3add95f68ab778782221709bab39f4633f335b13
SHA256

a8e7d8d34a42541f03f8c29975be3a96e09bbf72d427eb7f10fd342b0f852e6f
SHA512

8b200670a291f711c356150fd0af05b2c968fc65e2ae39b990c7e81809a4c827bd5ca749e7d14065fbf9d71f0e24adb57648f41488edd4f7dec388eaffa12f18
SSDEEP

49152:wQAF6WxE87vxpsrFpIv0fPHOMCBgs34WysQY2Nh/A3xr1cUt:wQAF6IPN+TIv0fvFUv3pyU6Ar3

Score

7^/10

Malware Config

Targets

- Target
  
  a8e7d8d34a42541f03f8c29975be3a96e09bbf72d427eb7f10fd342b0f852e6f
- Size
  
  2.1MB
- MD5
  
  8a2d47ad5e1054b15ab5eebe6a3550a6
- SHA1
  
  3add95f68ab778782221709bab39f4633f335b13
- SHA256
  
  a8e7d8d34a42541f03f8c29975be3a96e09bbf72d427eb7f10fd342b0f852e6f
- SHA512
  
  8b200670a291f711c356150fd0af05b2c968fc65e2ae39b990c7e81809a4c827bd5ca749e7d14065fbf9d71f0e24adb57648f41488edd4f7dec388eaffa12f18
- SSDEEP
  
  49152:wQAF6WxE87vxpsrFpIv0fPHOMCBgs34WysQY2Nh/A3xr1cUt:wQAF6IPN+TIv0fvFUv3pyU6Ar3
Score

7^/10

discovery persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/CommandLine.dll
- Size
  
  68KB
- MD5
  
  ccd5f62a1d87970d9fea6d26fd45983a
- SHA1
  
  867942b2a6929ccaae481c02649386a5008db997
- SHA256
  
  b6ab16dd1656c7a90c0b24bde5453d761d9eb557b128c73f6ee9345ae6822b2e
- SHA512
  
  5d4653e438d004090ec8871702ea46d743c79b61abd7864b447bf16f60482e2fc991b9b2b1bb071a0501d4dd4ae4fdb033075ec18c5a1b50b0df6fa0092c4f2d
- SSDEEP
  
  1536:nZj9JT17qpL/6ePMqBNzrstoJSkrjbgbwziQ3hwa7PK3h82:nx9JT17WPMqBNWAkbwzifaF2
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/DotNetZip.dll
- Size
  
  467KB
- MD5
  
  190e712f2e3b065ba3d5f63cb9b7725e
- SHA1
  
  75c1c8dd93c7c8a4b3719bb77c6e1d1a1620ae12
- SHA256
  
  6c512d9943a225d686b26fc832589e4c8bef7c4dd0a8bdfd557d5d27fe5bba0f
- SHA512
  
  2b4898d2d6982917612d04442807bd58c37739b2e4b302c94f41e03e685e24b9183b12de2057b3b303483698ad95e3a37795e6eb6d2d3b71e332b59deeca7d02
- SSDEEP
  
  6144:GuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/Wo0k:UQL32ikCaUS4csRBse6sfWNk
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  24KB
- MD5
  
  640bff73a5f8e37b202d911e4749b2e9
- SHA1
  
  9588dd7561ab7de3bca392b084bec91f3521c879
- SHA256
  
  c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
- SHA512
  
  39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a
- SSDEEP
  
  384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/Microsoft.Win32.TaskScheduler.dll
- Size
  
  124KB
- MD5
  
  529d605158a6fd888ea989d77785aa5f
- SHA1
  
  abf553c514b6ce60bb95b5b67d65f3a64d3ddf90
- SHA256
  
  f8bff4120506bb32b8c4a6a3e4fa31bc70b365b38cf2aa13b160985020b6d3d2
- SHA512
  
  f0d993ac7a173ff9e88c1993735e77c4d6db0bf4100bbca531a298c9e7953f6c9a53fe61f006d8ff276d707c24fb4856f9bb4a5ca6f534a1ca86b169c1fe3c88
- SSDEEP
  
  3072:uBCeNh/pcfnLq3wyXYsKRNRwxz+gT37teucRpH0dVrs:uB/w4xQWOcrs
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/Newtonsoft.Json.dll
- Size
  
  692KB
- MD5
  
  98cbb64f074dc600b23a2ee1a0f46448
- SHA1
  
  c5e5ec666eeb51ec15d69d27685fe50148893e34
- SHA256
  
  7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13
- SHA512
  
  eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147
- SSDEEP
  
  12288:p9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3SH:p8m657w6ZBLmkitKqBCjC0PDgM5CH
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/OWInstaller.exe
- Size
  
  301KB
- MD5
  
  1333393fbfcea0642f3aec0499a44e9a
- SHA1
  
  7a1ccf2f5d311b7548938ff51ad85b05e03021fd
- SHA256
  
  c6864deca3c3b77500ad86dc3c847a7430efb0992228625f36ab767d1a8f90dc
- SHA512
  
  31a565555d0176f0c87248134b3c64ebfc11f92d6cffb8d7968e99a7d7d74004ac32b8dafd05eab8fc5d33750a12da0e1fd076eb10e3aa123c7769aeee977ef2
- SSDEEP
  
  6144:rczyBUDsrUODYRVxGxZ9bKFoSIm9u0Uqq2zCpl/ucG:roc4kYoSO0jA
Score

5^/10

discovery persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/OverWolf.Client.CommonUtils.dll
- Size
  
  648KB
- MD5
  
  5aed88b663a63e0d7d98f1481521e688
- SHA1
  
  2e2ff06bd3adfd3418610d49de9e30570bdc4140
- SHA256
  
  d18fca59c1d678df61964cccd09ca8594f859dc45668677c95616f3abaca9266
- SHA512
  
  e25c9083a19892dcd8ef53bbf915d5b8bf72509c780a79567752f76fb468c09bbac2b8a9acd6b03954820b09ef9a29f8dea183539f3af4665ef5a5497e38bd64
- SSDEEP
  
  12288:GIdIkrU4WLWY5smdHlAdHBcb1nB0LFixTl7RnAv3:KzlOVM1nBoFYl9Av3
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/SharpRaven.dll
- Size
  
  80KB
- MD5
  
  20422fc722b26cfbb8d68252ddc70fc9
- SHA1
  
  642792a565ce5cb9a3383cd6e6f96e88af0046b0
- SHA256
  
  83bccd15b4117050fbda0d6db992efede3cfaee7fdfbe167714b8d8c62a19380
- SHA512
  
  c2f8747164c303df05b77e5a03a87b23119617745403c0319b59a1d934f72b8d9c2c9d5ef7ba2a3a130cca46b2d0213b0a3b0e6aa9f8ff3df190976993a8e171
- SSDEEP
  
  1536:1a9qjviI1YjOrfRK9bvyyfpHbnzDwkk7PC3hi:1EuqI1lRKbvyyB7nlkn
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  7399323923e3946fe9140132ac388132
- SHA1
  
  728257d06c452449b1241769b459f091aabcffc5
- SHA256
  
  5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
- SHA512
  
  d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
- SSDEEP
  
  192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  9301577ff4d229347fe33259b43ef3b2
- SHA1
  
  5e39eb4f99920005a4b2303c8089d77f589c133d
- SHA256
  
  090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc
- SHA512
  
  77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/app/cmp.html
- Size
  
  5KB
- MD5
  
  d7b8b31b190e552677589cfd4cbb5d8e
- SHA1
  
  09ffb3c63991d5c932c819393de489268bd3ab88
- SHA256
  
  6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f
- SHA512
  
  32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310
- SSDEEP
  
  48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/app/index.html
- Size
  
  20KB
- MD5
  
  c7b752acf6d1e10f3aca2c67b1ccf4d3
- SHA1
  
  ab793cb43e0c2b5af0fdcbf90d0d29d5d3e164f7
- SHA256
  
  69b9f99f6611f953d94984ac35bdaf9e9817f689e1e3614976bebe3465c613fc
- SHA512
  
  120addd79b7ade4f35b426c02631c8167d81080fde30a01b989453113f7547784e525d53bede41ede0c9b3caca8513060753ba51f75bf6936d32ee597d642576
- SSDEEP
  
  192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8D:+WNaM8UnbjPk89+mppHL
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/app/js/app.js
- Size
  
  21KB
- MD5
  
  de88fce9253d26e0c61daa1783baa775
- SHA1
  
  07c5848354a247056baad369059aac9d3c940ecc
- SHA256
  
  993f140f9f4e5cdbdcc657a3c159328bf58b3483dbc27c451516a556763a79ba
- SHA512
  
  71ddd47ef7ed7c02fb31e8ffa2ea6d1b5178dbda2ab37bac208e088c8ba2127e0cf5eaa74ee7ad5809fa69e534853312c6c8775c68aeda63bf0e4a5caefa39b7
- SSDEEP
  
  384:4X+ycDQrcljKdZGb9plmt902wjI3A4nzwF52xxYRifG6wBEoR3FGHWdeLj8T:0+ycDQYlOdEbdmXH3A4nzIAnGifG11RL
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/app/js/block_inputs.js
- Size
  
  789B
- MD5
  
  b5b52c92b90f4283a761cb8a40860c75
- SHA1
  
  7212e7e566795017e179e7b9c9bf223b0cdb9ec2
- SHA256
  
  f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
- SHA512
  
  16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/app/js/libs/cmp.bundle.js
- Size
  
  346KB
- MD5
  
  931c0aea91b1daf5c4936edac6a4ca1a
- SHA1
  
  78c35061126c76a97a42df7b8ca0639ae52712a8
- SHA256
  
  630a2295e409485e27a06aac96a49f04d553f3ba299799e26a496776d3583325
- SHA512
  
  a237db9a0d973d5a07d36b98586d099b4a9277ff125f8cdda52f515bd5d1ce0fe82bc0ca8e3f9396a7eea625e8d8da0b5c39963b580320ca7a6eb5f461e017f4
- SSDEEP
  
  3072:vSDSLzJgixPFNRISHo2kDkNAJOQSPXwGtkLxrtQ8OaxPyf:bxgixP+28kNvwGtspi
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Checks computer location settings

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32