General

  • Target

    vlc-3.0.21-win64.exe

  • Size

    42.9MB

  • Sample

    240809-gysj4a1dpg

  • MD5

    a6f92affb6ce711f9f5048410cb4bc32

  • SHA1

    80d994fb95087efce34aeb4a98c8f4d7d2a035a6

  • SHA256

    9742689a50e96ddc04d80ceff046b28da2beefd617be18166f8c5e715ec60c59

  • SHA512

    1a8ff18e29514c48b29fab5ad419b506610c462c09891b4ba6dc0cee550d05eed03bed8d018b9bd61b3d81e1848da7845d53c1b01a508dd87381791541a44f2c

  • SSDEEP

    786432:7OvIHtds0udYsBQv3eva1Umww8RZLyP7QL5ojI54qcDhvcOm:2C3/sB0eyyxwXP7QL+jI5UDNcH

Malware Config

Targets

    • Target

      vlc-3.0.21-win64.exe

    • Size

      42.9MB

    • MD5

      a6f92affb6ce711f9f5048410cb4bc32

    • SHA1

      80d994fb95087efce34aeb4a98c8f4d7d2a035a6

    • SHA256

      9742689a50e96ddc04d80ceff046b28da2beefd617be18166f8c5e715ec60c59

    • SHA512

      1a8ff18e29514c48b29fab5ad419b506610c462c09891b4ba6dc0cee550d05eed03bed8d018b9bd61b3d81e1848da7845d53c1b01a508dd87381791541a44f2c

    • SSDEEP

      786432:7OvIHtds0udYsBQv3eva1Umww8RZLyP7QL5ojI54qcDhvcOm:2C3/sB0eyyxwXP7QL+jI5UDNcH

    Score
    4/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      8KB

    • MD5

      6a4ce8d10efd06369f368898462546e0

    • SHA1

      79b9c182afcfddb4687663f287327fb968731c1b

    • SHA256

      42c46cde21b03935314697ef444b01d85e319fc443519bde35fec90c8b21fc98

    • SHA512

      8a5f1d1bf6fef5ed5b51f41129715bdad0ebabb539c0260b080e567a101db7acdba722a9df5e55527ccdd2bf05a009bfee3c4a3745825c953f3348ef55e61918

    • SSDEEP

      96:e0nLo47eYkrGj23kBTPEa8ir2qUuRkNB/RMZCabEe/2/HdNfdpX2N:foZYkrGj20tEEeYkv/RaCw/2/9h2N

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      28KB

    • MD5

      4a82832a6209cdc3a2447ab2de137542

    • SHA1

      21f334bf90566e3a94a712b68f2cbc32746711d4

    • SHA256

      b07a12c5ced6a1ece5e7dc4103f8b3e15bf77f5edb70daef115b9a77bcf55885

    • SHA512

      6bceff4d3eba26a84029d09f6e403f3fc0c95a744f4d6bfde22accf480a724a0f38960d848a5255258a6a57d3ec9b384847acf167b485ff67f7161aac04300f0

    • SSDEEP

      384:AGEs6MVKQq0DwRiGUaLYuAXLaMoy4m973uwYkv56YPewyy1Eiu8IuFd/9:AGEQKZ2wRiGUcY8TBsdvkdwyyvIs

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      14KB

    • MD5

      8b11196dc49c4df98c6f97457c97e590

    • SHA1

      7ee6c21506ac68a1ecf36be5d632ee339311d51a

    • SHA256

      47a1976b7736371b9b2e073ef0dd49db3bdbe604ec9ee77e50621e5f19d9ae7b

    • SHA512

      4c77005b35f9c9c3cd64d5dba178f45ed250974848086e9da283d539add6aa70bb9ec44782f69f115ab87d1d1d723a63698f9b9db817710b52ab836a87e654b7

    • SSDEEP

      192:RlWWck581HwPRLG/CocFR1w5nEYkv/RGl5Boi6+6SZSM3CU:mdk5SoRLG/CocFR62Ykv8l5Boi9XyU

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      10KB

    • MD5

      d0ecb311ba0307fea7ef74699fd8dd2e

    • SHA1

      5ed7f5f4c9d29363b8aec070aec5b78b68311980

    • SHA256

      2790ae9ffc256e0c1b8f9570858920ffa5a224c15939c84ee01918102e1dfd0a

    • SHA512

      49177e9c9d110dc639cb15bdf7f154807da1898d9289ce82b753658f56641af03864dfa6727c2a67cd499af8858605de007f46f538ca7119e1e3f73994a23bd0

    • SSDEEP

      192:nItx8GSBYnUMu3Oad973Ykv/RGwCzocJ4D4:Ix8GOYnBu3Oad973YkvMwCzocJ

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      38KB

    • MD5

      391f1b7c2ba6cc753cc300eb0b3c522f

    • SHA1

      0395ef1df4e1232ba4d7c1f65a042d84bd9b5a76

    • SHA256

      72d4ec8a496c7057f676bb6c0d3ae872f22fa88efe2aaced163ee1f429534dde

    • SHA512

      a8ece6215b85a4ba41723dcb3e5a6eecaa74b1b99508c2df47af2ce6d3c0c979012080b202829ac848a09a7687ef0572827e0a9042e2c567563ce6284e9ea29e

    • SSDEEP

      768:MbD+fcSYau3E6fCnOOOOOOOOOOOOraSr5YioFENAMxB5YioFENAMxx6:iD+f5uGnOOOOOOOOOOOOrp7oGxv7oGx4

    Score
    3/10
    • Target

      NEWS.txt

    • Size

      214KB

    • MD5

      d29d2c41db4100dc1e21c7a29f7bf0d8

    • SHA1

      9f08760a492163f20cdab64564553b824841caf3

    • SHA256

      310a9ccb2ff5dfc4f9bf7d5e971708b8d7af93d7c864fededfa104a4c97bbc31

    • SHA512

      2276d5c6c8751b42943778fedc3c7fca53b45ae44269c3064d3c76741ba2372e7c1f7d03ad7b8158f7685d8bc3c40e2fddfa84df5986163d400c267ddb26b7cc

    • SSDEEP

      3072:hGM5mcQklCuGhRfvXcm5G6f5jPUaXLHFNJhYV3:hrCj7D7maXLra3

    Score
    1/10
    • Target

      axvlc.dll

    • Size

      1.3MB

    • MD5

      76c37511ef2e97250cfb0142a114954f

    • SHA1

      23940be6359e9230bdf2121d13ed982a203c19e4

    • SHA256

      ee55b5ca4494dae67e5328128587829e1417e732d0f76858b473c834d5306419

    • SHA512

      f154ed9bfdc0a8a0cac5e3723c1978f5f21d0ffa1f734c5a64c3c6562c4b0a59722aa0a224cff5ea88bddbfd0789f7118b179f4a25b5badaaf0c78f17ce9a15e

    • SSDEEP

      24576:DomQVHuicQOmmdkikBQWUT0lRr1K11piNzz000U000s000G000aiYvgraBj:TeHuicQ5myrBQWUTIeKz5

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      libvlc.dll

    • Size

      189KB

    • MD5

      264a9e0194dbd3c0540d67b156ecaaba

    • SHA1

      4f1e7609e3ad169550e082fa35d08a7457a528a0

    • SHA256

      095d164633af53ac015dcd76540e8523744f57d506db111f19b3fdd9d6180833

    • SHA512

      2d1e8a98b8183b76f1b7fe4c8aedae69f903f29cb0e578f82399c5a1e817f479c5e45904f6f1e736b300a9e6d9d33c2caa4b60cb87b0cde3f03321f881c4945c

    • SSDEEP

      3072:MM6pRaubfTPeuD6spsr8VERyc8LQWJLyLMBs1sI:MMAHTTGWI0cyczgLyLR

    Score
    1/10
    • Target

      libvlccore.dll

    • Size

      2.7MB

    • MD5

      c62c3ef5753af6e0980f38eebc196b1c

    • SHA1

      fd1d62feaaacb7cad5f952b61a6f7bd60d6dc4e1

    • SHA256

      2ddb85b36650f85b5a09724c5b17428b1b1b76bd3e3dd85b643933659d5e333d

    • SHA512

      f2338d26b073d8a796a7a19ee290b87b63f30f6cfa62e74d147756d2362898a167784c860d9bc098b1ec1a080aaa0fad25ca8c611b7e8f42ea8195c2b14abdfc

    • SSDEEP

      49152:0F0rn/mnSnjfazU2TGlMo1PBAUZLY6sEZGaXBuQQ9eI:0F07L60PBAUZL3W

    Score
    1/10
    • Target

      lua/http/custom.lua

    • Size

      474B

    • MD5

      3327d64fdf86ddcff03c16d22171d834

    • SHA1

      a2607d17d684d4b63b967d128172f861d1254b97

    • SHA256

      a6623694797e67dc0f22e4f64570825e489d2730676e02db9d6911a04d2cb1ca

    • SHA512

      72d32c7b15937f425f7f16d20295d9b4ee9faa76fb96b633b3ee54c3df94566f4eef38fd43e1890cf5e619dd2eb9bf8628c32e50838cdac93ef50b138c2c5fc0

    Score
    3/10
    • Target

      lua/http/dialogs/batch_window.html

    • Size

      889B

    • MD5

      f32ae14ca9d7673ebb23fc827d78076f

    • SHA1

      ff5bff0318296a910740411201cb8a4ca206b608

    • SHA256

      5189cdb57f5b2e8c3add7e6c4487f5cf8a018508c612f35c8e1305512f2176e8

    • SHA512

      f5e1994188c34753cdc0dc5143dcdf66a86e56b3a040c1f4b67f01fe5d443fa52f05abfdb8717e051284e5697d4a0ac5f46d2ae36b2c518c0d5a96358f5b0f67

    Score
    3/10
    • Target

      lua/http/dialogs/browse_window.html

    • Size

      1KB

    • MD5

      78f476640b27adfdcfe6e26edf4cc7e6

    • SHA1

      414d54995cc46fcf5a12b826df9b8f6f2be21100

    • SHA256

      d93c774a7aeb4594f56b37e81838ba03b6855c2bbd91eb8cb803dbd413c5e571

    • SHA512

      daeddd3974908fa314d072b37accaf3dc0f3ab694fcd8acde02a77176d54710fc9115c2ab915b3b063fe3ea89308cee9e3fd67da1641735027af74fc6bb8080f

    Score
    3/10
    • Target

      lua/http/dialogs/create_stream.html

    • Size

      14KB

    • MD5

      c38a93ae302612a55ccf7f11bdb79c37

    • SHA1

      f6064e146909323276c6c43410f314666e35b5a4

    • SHA256

      fdfc3417223b88d2e8f0421ced4711760ab11a3c18a50dc05b805a0f4f1a5134

    • SHA512

      9c38a52c10455ffa179f0bad0d09d50defddad25d850248a4a15ebf5aefbe0165e12ee7eace516ced181362062b7651c9f246c4a1c77a6da867bc8ad978d56be

    • SSDEEP

      192:jvlSM2AtdS0E2jSC+J3kuC6qSSSKyf+yO3zy6CGuGek+3LbnAilKyc7aSCWM2kco:jvlIATE2jJAhuDqx3J0vHEF

    Score
    3/10
    • Target

      lua/http/dialogs/equalizer_window.html

    • Size

      1KB

    • MD5

      06ac4c0cd41f6d82fbf3ac0053567295

    • SHA1

      5ddbf4e9f947a42819e00c3b5801ede0839ecf4b

    • SHA256

      62cac570011b9b07e0f421612571a1ce663e49dd3b90a16cf31d8855f1adddac

    • SHA512

      32ddf815ff7de04562ed71a0f2484770bc03a4730662a35cd93c42f0771742d0ddce1292cc96bea06251c97380291a54e9b89563cf078b36b684b58dcbf7ea72

    Score
    3/10
    • Target

      lua/http/dialogs/error_window.html

    • Size

      501B

    • MD5

      ad9769b13838d62653857ff47718c6c0

    • SHA1

      a4683573d5b43aca9e256d4a45dc5ac46db927ed

    • SHA256

      75d1a1ab807cd97801bc37ed547b26c7b357497e82d01221ac064497c9480304

    • SHA512

      58a7d9ce56936da79a8f46f0f5c1e465d63ee1b8f68701627ffa00e1c43267899a64a3dfe601bf660bfee66b5ea365a27ba8d68f7d598ab6e3a917b52d6e9fc0

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
4/10

behavioral2

discovery
Score
4/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

persistenceprivilege_escalation
Score
5/10

behavioral16

persistenceprivilege_escalation
Score
5/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10