9742689a50e96ddc04d80ceff046b28da2beefd617be18166f8c5e715ec60c59

Sharing

Copy URL

Twitter E-mail

General

Target

vlc-3.0.21-win64.exe
Size

42.9MB
Sample

240809-gysj4a1dpg
MD5

a6f92affb6ce711f9f5048410cb4bc32
SHA1

80d994fb95087efce34aeb4a98c8f4d7d2a035a6
SHA256

9742689a50e96ddc04d80ceff046b28da2beefd617be18166f8c5e715ec60c59
SHA512

1a8ff18e29514c48b29fab5ad419b506610c462c09891b4ba6dc0cee550d05eed03bed8d018b9bd61b3d81e1848da7845d53c1b01a508dd87381791541a44f2c
SSDEEP

786432:7OvIHtds0udYsBQv3eva1Umww8RZLyP7QL5ojI54qcDhvcOm:2C3/sB0eyyxwXP7QL+jI5UDNcH

Score

5^/10

Malware Config

Targets

- Target
  
  vlc-3.0.21-win64.exe
- Size
  
  42.9MB
- MD5
  
  a6f92affb6ce711f9f5048410cb4bc32
- SHA1
  
  80d994fb95087efce34aeb4a98c8f4d7d2a035a6
- SHA256
  
  9742689a50e96ddc04d80ceff046b28da2beefd617be18166f8c5e715ec60c59
- SHA512
  
  1a8ff18e29514c48b29fab5ad419b506610c462c09891b4ba6dc0cee550d05eed03bed8d018b9bd61b3d81e1848da7845d53c1b01a508dd87381791541a44f2c
- SSDEEP
  
  786432:7OvIHtds0udYsBQv3eva1Umww8RZLyP7QL5ojI54qcDhvcOm:2C3/sB0eyyxwXP7QL+jI5UDNcH
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  8KB
- MD5
  
  6a4ce8d10efd06369f368898462546e0
- SHA1
  
  79b9c182afcfddb4687663f287327fb968731c1b
- SHA256
  
  42c46cde21b03935314697ef444b01d85e319fc443519bde35fec90c8b21fc98
- SHA512
  
  8a5f1d1bf6fef5ed5b51f41129715bdad0ebabb539c0260b080e567a101db7acdba722a9df5e55527ccdd2bf05a009bfee3c4a3745825c953f3348ef55e61918
- SSDEEP
  
  96:e0nLo47eYkrGj23kBTPEa8ir2qUuRkNB/RMZCabEe/2/HdNfdpX2N:foZYkrGj20tEEeYkv/RaCw/2/9h2N
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  28KB
- MD5
  
  4a82832a6209cdc3a2447ab2de137542
- SHA1
  
  21f334bf90566e3a94a712b68f2cbc32746711d4
- SHA256
  
  b07a12c5ced6a1ece5e7dc4103f8b3e15bf77f5edb70daef115b9a77bcf55885
- SHA512
  
  6bceff4d3eba26a84029d09f6e403f3fc0c95a744f4d6bfde22accf480a724a0f38960d848a5255258a6a57d3ec9b384847acf167b485ff67f7161aac04300f0
- SSDEEP
  
  384:AGEs6MVKQq0DwRiGUaLYuAXLaMoy4m973uwYkv56YPewyy1Eiu8IuFd/9:AGEQKZ2wRiGUcY8TBsdvkdwyyvIs
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  14KB
- MD5
  
  8b11196dc49c4df98c6f97457c97e590
- SHA1
  
  7ee6c21506ac68a1ecf36be5d632ee339311d51a
- SHA256
  
  47a1976b7736371b9b2e073ef0dd49db3bdbe604ec9ee77e50621e5f19d9ae7b
- SHA512
  
  4c77005b35f9c9c3cd64d5dba178f45ed250974848086e9da283d539add6aa70bb9ec44782f69f115ab87d1d1d723a63698f9b9db817710b52ab836a87e654b7
- SSDEEP
  
  192:RlWWck581HwPRLG/CocFR1w5nEYkv/RGl5Boi6+6SZSM3CU:mdk5SoRLG/CocFR62Ykv8l5Boi9XyU
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  10KB
- MD5
  
  d0ecb311ba0307fea7ef74699fd8dd2e
- SHA1
  
  5ed7f5f4c9d29363b8aec070aec5b78b68311980
- SHA256
  
  2790ae9ffc256e0c1b8f9570858920ffa5a224c15939c84ee01918102e1dfd0a
- SHA512
  
  49177e9c9d110dc639cb15bdf7f154807da1898d9289ce82b753658f56641af03864dfa6727c2a67cd499af8858605de007f46f538ca7119e1e3f73994a23bd0
- SSDEEP
  
  192:nItx8GSBYnUMu3Oad973Ykv/RGwCzocJ4D4:Ix8GOYnBu3Oad973YkvMwCzocJ
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  38KB
- MD5
  
  391f1b7c2ba6cc753cc300eb0b3c522f
- SHA1
  
  0395ef1df4e1232ba4d7c1f65a042d84bd9b5a76
- SHA256
  
  72d4ec8a496c7057f676bb6c0d3ae872f22fa88efe2aaced163ee1f429534dde
- SHA512
  
  a8ece6215b85a4ba41723dcb3e5a6eecaa74b1b99508c2df47af2ce6d3c0c979012080b202829ac848a09a7687ef0572827e0a9042e2c567563ce6284e9ea29e
- SSDEEP
  
  768:MbD+fcSYau3E6fCnOOOOOOOOOOOOraSr5YioFENAMxB5YioFENAMxx6:iD+f5uGnOOOOOOOOOOOOrp7oGxv7oGx4
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  NEWS.txt
- Size
  
  214KB
- MD5
  
  d29d2c41db4100dc1e21c7a29f7bf0d8
- SHA1
  
  9f08760a492163f20cdab64564553b824841caf3
- SHA256
  
  310a9ccb2ff5dfc4f9bf7d5e971708b8d7af93d7c864fededfa104a4c97bbc31
- SHA512
  
  2276d5c6c8751b42943778fedc3c7fca53b45ae44269c3064d3c76741ba2372e7c1f7d03ad7b8158f7685d8bc3c40e2fddfa84df5986163d400c267ddb26b7cc
- SSDEEP
  
  3072:hGM5mcQklCuGhRfvXcm5G6f5jPUaXLHFNJhYV3:hrCj7D7maXLra3
Score

1^/10
behavioral13 behavioral14
- Target
  
  axvlc.dll
- Size
  
  1.3MB
- MD5
  
  76c37511ef2e97250cfb0142a114954f
- SHA1
  
  23940be6359e9230bdf2121d13ed982a203c19e4
- SHA256
  
  ee55b5ca4494dae67e5328128587829e1417e732d0f76858b473c834d5306419
- SHA512
  
  f154ed9bfdc0a8a0cac5e3723c1978f5f21d0ffa1f734c5a64c3c6562c4b0a59722aa0a224cff5ea88bddbfd0789f7118b179f4a25b5badaaf0c78f17ce9a15e
- SSDEEP
  
  24576:DomQVHuicQOmmdkikBQWUT0lRr1K11piNzz000U000s000G000aiYvgraBj:TeHuicQ5myrBQWUTIeKz5
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral15 behavioral16
- Target
  
  libvlc.dll
- Size
  
  189KB
- MD5
  
  264a9e0194dbd3c0540d67b156ecaaba
- SHA1
  
  4f1e7609e3ad169550e082fa35d08a7457a528a0
- SHA256
  
  095d164633af53ac015dcd76540e8523744f57d506db111f19b3fdd9d6180833
- SHA512
  
  2d1e8a98b8183b76f1b7fe4c8aedae69f903f29cb0e578f82399c5a1e817f479c5e45904f6f1e736b300a9e6d9d33c2caa4b60cb87b0cde3f03321f881c4945c
- SSDEEP
  
  3072:MM6pRaubfTPeuD6spsr8VERyc8LQWJLyLMBs1sI:MMAHTTGWI0cyczgLyLR
Score

1^/10
behavioral17 behavioral18
- Target
  
  libvlccore.dll
- Size
  
  2.7MB
- MD5
  
  c62c3ef5753af6e0980f38eebc196b1c
- SHA1
  
  fd1d62feaaacb7cad5f952b61a6f7bd60d6dc4e1
- SHA256
  
  2ddb85b36650f85b5a09724c5b17428b1b1b76bd3e3dd85b643933659d5e333d
- SHA512
  
  f2338d26b073d8a796a7a19ee290b87b63f30f6cfa62e74d147756d2362898a167784c860d9bc098b1ec1a080aaa0fad25ca8c611b7e8f42ea8195c2b14abdfc
- SSDEEP
  
  49152:0F0rn/mnSnjfazU2TGlMo1PBAUZLY6sEZGaXBuQQ9eI:0F07L60PBAUZL3W
Score

1^/10
behavioral19 behavioral20
- Target
  
  lua/http/custom.lua
- Size
  
  474B
- MD5
  
  3327d64fdf86ddcff03c16d22171d834
- SHA1
  
  a2607d17d684d4b63b967d128172f861d1254b97
- SHA256
  
  a6623694797e67dc0f22e4f64570825e489d2730676e02db9d6911a04d2cb1ca
- SHA512
  
  72d32c7b15937f425f7f16d20295d9b4ee9faa76fb96b633b3ee54c3df94566f4eef38fd43e1890cf5e619dd2eb9bf8628c32e50838cdac93ef50b138c2c5fc0
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  lua/http/dialogs/batch_window.html
- Size
  
  889B
- MD5
  
  f32ae14ca9d7673ebb23fc827d78076f
- SHA1
  
  ff5bff0318296a910740411201cb8a4ca206b608
- SHA256
  
  5189cdb57f5b2e8c3add7e6c4487f5cf8a018508c612f35c8e1305512f2176e8
- SHA512
  
  f5e1994188c34753cdc0dc5143dcdf66a86e56b3a040c1f4b67f01fe5d443fa52f05abfdb8717e051284e5697d4a0ac5f46d2ae36b2c518c0d5a96358f5b0f67
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  lua/http/dialogs/browse_window.html
- Size
  
  1KB
- MD5
  
  78f476640b27adfdcfe6e26edf4cc7e6
- SHA1
  
  414d54995cc46fcf5a12b826df9b8f6f2be21100
- SHA256
  
  d93c774a7aeb4594f56b37e81838ba03b6855c2bbd91eb8cb803dbd413c5e571
- SHA512
  
  daeddd3974908fa314d072b37accaf3dc0f3ab694fcd8acde02a77176d54710fc9115c2ab915b3b063fe3ea89308cee9e3fd67da1641735027af74fc6bb8080f
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  lua/http/dialogs/create_stream.html
- Size
  
  14KB
- MD5
  
  c38a93ae302612a55ccf7f11bdb79c37
- SHA1
  
  f6064e146909323276c6c43410f314666e35b5a4
- SHA256
  
  fdfc3417223b88d2e8f0421ced4711760ab11a3c18a50dc05b805a0f4f1a5134
- SHA512
  
  9c38a52c10455ffa179f0bad0d09d50defddad25d850248a4a15ebf5aefbe0165e12ee7eace516ced181362062b7651c9f246c4a1c77a6da867bc8ad978d56be
- SSDEEP
  
  192:jvlSM2AtdS0E2jSC+J3kuC6qSSSKyf+yO3zy6CGuGek+3LbnAilKyc7aSCWM2kco:jvlIATE2jJAhuDqx3J0vHEF
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  lua/http/dialogs/equalizer_window.html
- Size
  
  1KB
- MD5
  
  06ac4c0cd41f6d82fbf3ac0053567295
- SHA1
  
  5ddbf4e9f947a42819e00c3b5801ede0839ecf4b
- SHA256
  
  62cac570011b9b07e0f421612571a1ce663e49dd3b90a16cf31d8855f1adddac
- SHA512
  
  32ddf815ff7de04562ed71a0f2484770bc03a4730662a35cd93c42f0771742d0ddce1292cc96bea06251c97380291a54e9b89563cf078b36b684b58dcbf7ea72
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  lua/http/dialogs/error_window.html
- Size
  
  501B
- MD5
  
  ad9769b13838d62653857ff47718c6c0
- SHA1
  
  a4683573d5b43aca9e256d4a45dc5ac46db927ed
- SHA256
  
  75d1a1ab807cd97801bc37ed547b26c7b357497e82d01221ac064497c9480304
- SHA512
  
  58a7d9ce56936da79a8f46f0f5c1e465d63ee1b8f68701627ffa00e1c43267899a64a3dfe601bf660bfee66b5ea365a27ba8d68f7d598ab6e3a917b52d6e9fc0
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32