50075722aa0970650d88d6c29e8c3f45e684c99be8d4865e8c4daf5ef937bd72

Sharing

Copy URL

Twitter E-mail

General

Target

Release.1.zip
Size

151.0MB
Sample

240811-z61jsashnh
MD5

d2110db73f1f7ef46f52ac242ffa3a53
SHA1

ce32ca3799d9bf7fb1d9c89a7d6a37aa2aebc74c
SHA256

50075722aa0970650d88d6c29e8c3f45e684c99be8d4865e8c4daf5ef937bd72
SHA512

88fe08c1d660562e978d43d35ddb56b9d8fcd981fd50681908c4645dfae6019d4813328e1a5e4a7687810a48e843bb9091ef3074aef494ce5f904864a06f6919
SSDEEP

3145728:pf8OFA+D60opS+Z62yoiphIOMh+GvVXyX/CLeDM/4Xo9LcY2TYM9:mOFA+D6bSy6MAlstXDyoQ3nYM9

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  CefSharp.BrowserSubprocess.Core.dll
- Size
  
  1.1MB
- MD5
  
  5b745ee879e65f7a47c56265881f16e7
- SHA1
  
  e6a90771b8f1bf53beeb7c9e4268756ff07a088d
- SHA256
  
  c8944a83938c39fbea72700485db8a61ab82e1c51d8e16d5dd48de4e36a6f264
- SHA512
  
  3b4bef98a1f751c3a747de0eb050828bf8474efa68aa7a26d0369f1c3b42829eaab221cb612c005a54ed5b84f19180700e51aab39adb84fe7246d9e91e6899c8
- SSDEEP
  
  24576:0u7vjXauHhY9GlRDLFZbJ/ogbZcECacHIDCRCSpb+ms0veXCJ2ZiVxhEDssQjPcd:0u7l41pKms0veXCJ2ZiVxhEDssQjPc8F
Score

1^/10
behavioral1
- Target
  
  CefSharp.BrowserSubprocess.exe
- Size
  
  6KB
- MD5
  
  bcd22b9511d5383e23d875e2cf3c339e
- SHA1
  
  0ef86afaef536cc4b046ea2866414bb193d60702
- SHA256
  
  95dd31f11ac1317559b6eee0479739930d503a4938283f5d831ac8add92ad792
- SHA512
  
  c4e6821858720895c0bfae797097e3307bb7ea8f03dde4fefc16cce03b2a50fecfe8ed5c3225136fcd9d74ee0ed8673f795b410cd14890d22df58c1f03b693c6
- SSDEEP
  
  96:v6ZxBI7kNmQBDvJGSkX6eFZJetmAhNt61OYcXe5U:UBIimQB9eX6eFZgsAYcXeS
Score

1^/10
behavioral2
- Target
  
  CefSharp.Core.Runtime.dll
- Size
  
  1.7MB
- MD5
  
  21719cf581f5cc98b21c748498f1cbfe
- SHA1
  
  aaada7a02fadcbd25b836c924e936ce7d7ee0c2a
- SHA256
  
  6fd2685e02ef7c92ba5080faadb44f22fee528713f5101e2841c1230cba691e6
- SHA512
  
  6394ddabc7ad03895ecddb9943371935e0a2320e933b380a563eaf03d1a039c7180aee763834170c85485416b1af38b55c1dafff7311b25513369b01dce22598
- SSDEEP
  
  49152:CcWYPM4G6kaHqcHCgrZi5C9xh0UsWLgiHesm2qCUD/yNWYxtYtUkjCKf462gQkAD:TP
Score

1^/10
behavioral3
- Target
  
  CefSharp.Core.dll
- Size
  
  897KB
- MD5
  
  16f8a4945f5bdd5c1c6c73541e1ebec3
- SHA1
  
  4342762c43f54c4caafaae40f933599a9bb93cb5
- SHA256
  
  636f8f865f23f2d47b73f3c16622e10b46437bbf7c89b0a2f70bae6129ab046a
- SHA512
  
  04115c425c3015ee4355cde2a6e5e28ec24745ea77761a40c0986b54dc14bc67cb142986988d79df87e75ea54d21ded9384842e01cf0714b84f7378e6a13400d
- SSDEEP
  
  6144:cJXlLt6r1zItQCtpf/Xg8HnJQvq6qea0zWEmjBZre7W0vnlYviqJ9/z8+irWGvgc:c5lLtg8/XIPrsNZ0Kiq8uhtt
Score

1^/10
behavioral4
- Target
  
  CefSharp.Wpf.dll
- Size
  
  114KB
- MD5
  
  36946182df277e84a313c3811adac855
- SHA1
  
  bcd21305861e22878271e37604b7b033ec347eb3
- SHA256
  
  8507a4662220eca49d7d511183be801cd394f13dc0e9898c55361020fe9a4720
- SHA512
  
  80b1e947b1940dccfe5be8a1ba1e8c1d9eacb122d73724a21233164f5b318fa57c249256f621f0f9c1e6a9e4c902eec58827bb899e20f2990f4ade1d685f1abd
- SSDEEP
  
  3072:tvd969S0dZqKLfGlAW9mLGKOiGfiVmVgGs0COe5w5tnR:tvb69SSZqKLfGlAW9iGliAVgGp3t
Score

1^/10
behavioral5
- Target
  
  CefSharp.dll
- Size
  
  272KB
- MD5
  
  715c534060757613f0286e1012e0c34a
- SHA1
  
  8bf44c4d87b24589c6f08846173015407170b75d
- SHA256
  
  f7ad2bbbeb43f166bbbf986bdb2b08c462603c240c605f1c6a7749c643dff3fe
- SHA512
  
  fcaec0c107a8703a8263ce5ccc64c2f5bfc01628756b2319fde21b0842652fbeee04c9f8f6d93f7200412d9bd9fad01494bc902501fb92e7d6b319f8d9db78d7
- SSDEEP
  
  3072:y79yn4VZ3fE1clgTTNmMnRGhH7gxNT5AL6GmAj9VB08OKNlUtrz+pyUU2Hu61:m3OKraRAEx7AL1mAjDB08jNlY+pmj6
Score

1^/10
behavioral6
- Target
  
  Celery.exe
- Size
  
  17.3MB
- MD5
  
  433bb23192adb1d78a2fd99ca652eab4
- SHA1
  
  40087ada7a5020046c30d8ffb9fd70949450151e
- SHA256
  
  06a7351cbbb9e794e8ee5793114cb74cda3b55f23eb634ea3b994adf851ddd3a
- SHA512
  
  d74a2156ea003640774a1139aa4c1b5b76f0f97ebbeec1dd3cebbf902eb667d369f7ea8e1d3c6aff140da6f75e5c64cee23cd1e2cb988873db95723ea9cca93e
- SSDEEP
  
  393216:xUa57DdNAuyvw4wK/gsrlVwgqI59D8exrbwANXg5yH4LVvIz:p1d2toVKrR5qI59woPXlOLmz
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
behavioral7
- Target
  
  Microsoft.Bcl.AsyncInterfaces.dll
- Size
  
  26KB
- MD5
  
  ff34978b62d5e0be84a895d9c30f99ae
- SHA1
  
  74dc07a8cccee0ca3bf5cf64320230ca1a37ad85
- SHA256
  
  80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc
- SHA512
  
  7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28
- SSDEEP
  
  384:cOJWqnwCBbNAP0VES2j0cX6dAl+NWpVzrdcoquWeP/WxR5kHRN7dDFcYR9zPrf8O:culwCBhdVv2wK5fdcUtFFn9zT8pY
Score

1^/10
behavioral8
- Target
  
  Microsoft.Expression.Interactions.dll
- Size
  
  89KB
- MD5
  
  6a3b9e46c41e42e7b8e1479468d892af
- SHA1
  
  e31c05ae685e51d07808b1dd24ceced9d299ed81
- SHA256
  
  f3b14defbd05493b8573016b08b86e5b5d53b486b0457fd75f67bf8bff04be38
- SHA512
  
  d6416204875ce732edac51e36f267c9cca52f60ba79cd981b388988e435bd1cce87f972a9e90be4fd9a7fd25cb316293f938f45fb645f25a4f62b980a37236b7
- SSDEEP
  
  1536:Srf5GttgxHXEuRmG5rtkGY4CEmWAxXSSYhhS98ca2Wvsd65FJDlGWwkEy:a5GttWHXEUx5r65LxXshk8JDIWP
Score

1^/10
behavioral9
- Target
  
  Microsoft.Extensions.DependencyInjection.Abstractions.dll
- Size
  
  62KB
- MD5
  
  00053ff3b5744853b9ebf90af4fdd816
- SHA1
  
  13c0a343f38b1bb21a3d90146ed92736a8166fe6
- SHA256
  
  c5a119ec89471194b505140fba13001fa05f81c4b4725b80bb63ccb4e1408c1e
- SHA512
  
  c99fcda5165f8dc7984fb97ce45d00f8b00ca9813b8c591ad86691bd65104bbb86c36b49bb6c638f3b1e9b2642ec9ac830003e894df338acfca2d11296ff9da4
- SSDEEP
  
  768:4r85ZhSBuU1OURH7MV5594phn9Uad5J6Sx+I9W6wjMwRLSEnlHctC63/iOn9zT8c:cH7Mz8DiIW6Pw9SEnl8txviO9zTH
Score

1^/10
behavioral10
- Target
  
  Microsoft.Extensions.DependencyInjection.dll
- Size
  
  94KB
- MD5
  
  3452007cab829c2ba196f72b261f7dec
- SHA1
  
  c5e7cfd490839f2b34252bd26020d7f8961b221b
- SHA256
  
  18b39777ee45220217459641991ab700bc9253acaf0940cf6e017e9392b43698
- SHA512
  
  a8b83a8582dfee144925a821d09c40f5730f6337b29446c3bce8b225659bdc57a48778081fa866c092d59b4108c1d992e33f9543ae2b4c7554b8ff27b5332cdf
- SSDEEP
  
  1536:g/F7GzTFh4u/Nf172OPHxZXD2wdOwaOwGuldE4lCyBBiM+z9f:oF7i4u/FYg3XrMnOwGuld5dBMZf
Score

1^/10
behavioral11
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral12
- Target
  
  System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  16KB
- MD5
  
  da04a75ddc22118ed24e0b53e474805a
- SHA1
  
  2d68c648a6a6371b6046e6c3af09128230e0ad32
- SHA256
  
  66409f670315afe8610f17a4d3a1ee52d72b6a46c544cec97544e8385f90ad74
- SHA512
  
  26af01ca25e921465f477a0e1499edc9e0ac26c23908e5e9b97d3afd60f3308bfbf2c8ca89ea21878454cd88a1cddd2f2f0172a6e1e87ef33c56cd7a8d16e9c8
- SSDEEP
  
  192:LGLxTyHvc4ROgcxAdWXYWJeaPtWsI9A9GaHnhWgN7aJeWw0fnCsqnajt:LgGLROZAdWXYW8aPcyHRN7WEqn1lx
Score

1^/10
behavioral13
- Target
  
  System.Threading.Tasks.Extensions.dll
- Size
  
  25KB
- MD5
  
  e1e9d7d46e5cd9525c5927dc98d9ecc7
- SHA1
  
  2242627282f9e07e37b274ea36fac2d3cd9c9110
- SHA256
  
  4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
- SHA512
  
  da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11
- SSDEEP
  
  384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha
Score

1^/10
behavioral14
- Target
  
  System.Windows.Interactivity.dll
- Size
  
  39KB
- MD5
  
  3ab57a33a6e3a1476695d5a6e856c06a
- SHA1
  
  dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
- SHA256
  
  4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
- SHA512
  
  58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
- SSDEEP
  
  768:6MazwAgR8/XJ665bKZdxuB8DCuL5enM7JxKjuMlZCZN+R0E7E:63wBccZdxuB8mQen6JxKjrlMZgR0Eo
Score

1^/10
behavioral15
- Target
  
  chrome_elf.dll
- Size
  
  1.3MB
- MD5
  
  5b3802f150c42ad6d24674ae78f9d3e8
- SHA1
  
  428139f0a862128e55e5231798f7c8e2df34a92a
- SHA256
  
  9f455612e32e5da431c7636773e34bd08dae79403cc8cf5b782b0ea4f1955799
- SHA512
  
  07afbd49e17d67957c65929ca7bdfe03b33b299c66c48aa738262da480ed945712d891be83d35bd42833d5465ef60e09c7a5956df0a369ec92d3bc2d25a09007
- SSDEEP
  
  24576:LcTZORTcbxjPziCdLI3ovs8t8+oaOzjY:LcTZYTOxjPzJdEoNa+2fY
Score

1^/10
behavioral16
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral17
- Target
  
  dxcompiler.dll
- Size
  
  20.8MB
- MD5
  
  141f621285ed586f9423844a83e8a03f
- SHA1
  
  9c58feee992c3d42383bde55f0ff7688bc3bd579
- SHA256
  
  5592056f52768ba41aad10785d21c1b18baf850a7e6a9e35526f43a55e6ada6d
- SHA512
  
  951a55bbe86a7ebecfc946bf1c9a8c629f0e09510089a79a352cd6d89b7c42e0e23fd4f26232b0e73bd6d4ec158b86728cda2ab25745abcabfafadd964b55896
- SSDEEP
  
  393216:5NfWHkWI4F8p4q8ZyfV+mq7q5oIB1p4bWpso:cTW4bWpso
Score

1^/10
behavioral18
- Target
  
  dxil.dll
- Size
  
  1.4MB
- MD5
  
  cb72bef6ce55aa7c9e3a09bd105dca33
- SHA1
  
  d48336e1c8215ccf71a758f2ff7e5913342ea229
- SHA256
  
  47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893
- SHA512
  
  c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0
- SSDEEP
  
  24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r
Score

1^/10
behavioral19
- Target
  
  libEGL.dll
- Size
  
  459KB
- MD5
  
  ce2c45983f63a6cf0cddce68778124e9
- SHA1
  
  6553dc5b4bc68dcb1e9628a718be9c5b481a6677
- SHA256
  
  9ca8840bbb5f587848e66d08d36cb5eb30c1c448ef49ce504961ff4ac810c605
- SHA512
  
  df81a3356168e78d9810f5e87ca86eb4f56e5f0cb6afdb13408b50778a2d8b18c70b02c6348cd7ba59609ab2956d28eed324706eb65d04bce1159a2d8f1e0e8f
- SSDEEP
  
  3072:OJr6bcnn5+k93dw1IkCUEWZpWr1H7gd51Dzwr7fkN7yt6S0/t6BDE96FX9Dk2K0I:IcpoGEfmMJHKDzm7fku10/tTYd6jb1D
Score

1^/10
behavioral20
- Target
  
  libGLESv2.dll
- Size
  
  7.3MB
- MD5
  
  c9b090ed25f61aa311a6d03fd8839433
- SHA1
  
  f1567aa2fb1fcad3cde1e181a62f5e2bccadaf68
- SHA256
  
  c7a7a59cf3c26d6c8b2505996065d49f339764f5718e6f53a9ecec8686c489db
- SHA512
  
  21cd4618b6ad011afa78abe8fbc42ecafbb992322912c4a77e5f193a04aeb97a5655dedfc513e1a7667db55b92a322e3d9a6dfe7e845af25f37a6666a1798470
- SSDEEP
  
  98304:UqV269WX/0dlldzRv/DaVhHTEeXm3w584:UqVtpdlTkVVrCw584
Score

1^/10
behavioral21
- Target
  
  libcef.dll
- Size
  
  204.4MB
- MD5
  
  3f1e12a06149b68ec7ea58486413aac5
- SHA1
  
  b5ee4bfb76e53cb50cf0ca9da43659cc67454b12
- SHA256
  
  e2f3d912e2fa54b2d29330202bfb98394a3086aaff800417e382f772a6b07922
- SHA512
  
  23d45229285bbbdf538fa03e050bd2b6815e446c602c86603b13b0dbb6811d5fe40711f46fd34bca9efbb17af3ab38d466161903b65798400d3ffc24b8945062
- SSDEEP
  
  1572864:h90gHOgkN8SpQTT/PG4iRa592G7eZy1aQ3+PcToCptZjUicMTyDBlT5vOIZaJ/Cd:XgNEJ5Ajoq
Score

1^/10
behavioral22
- Target
  
  locales/en-US.pak
- Size
  
  455KB
- MD5
  
  a8d060aa17ed42b6b2c4a9fcbab8a7e1
- SHA1
  
  16e4e544eca024f8b5a70b4f3ca339a7a0a51ebf
- SHA256
  
  55e4ae861aa1cacb09db070a4be0e9dd9a24d2d45e4168824364307120a906b2
- SHA512
  
  8f3820e3c5aca560344a253d068936bdb797d07eb22711020d287a949c97d7a98879ff9ff5a4fb2f3fe804bf502300b6f4c92918d973bef351d587483bc43723
- SSDEEP
  
  6144:K4xBLGwjACVzeooSr837tMP9eJqDLfaY0baAP52vSZng5H/9xZwp:Kq0CVz1HctMqqD+d56S2Zwp
Score

3^/10

execution
behavioral23
- Target
  
  vk_swiftshader.dll
- Size
  
  4.9MB
- MD5
  
  3262e23f3fef8b021b93c801f5649c92
- SHA1
  
  de49b94cfc981a0af5a4e134854f69620e7ba566
- SHA256
  
  1c9098e8a6f21462864a91e74555f299ebc41d3bc79d6ee1b9c577c929957285
- SHA512
  
  54b0b26b95f6fc799b3e24863a65ef3896786811be3cc9fffa2a06e95e98daf32b16f0ede6b8a87acc319ea17650cdd089c56798236476b894054195738e1797
- SSDEEP
  
  49152:gF448X7wFiEjApLVO1m6ok46FFQNeoX/lbR7lZI5cWp3PDr70yDIubUQ6ot70FXf:l/X7i+xLLIJmZdT
Score

1^/10
behavioral24
- Target
  
  vulkan-1.dll
- Size
  
  924KB
- MD5
  
  38d2b059a99f2c4b6f863c18c6f1d25a
- SHA1
  
  8b027a7704b795df1f74b994b0dc55ca4e53c479
- SHA256
  
  a72bd8d3d24ff0e2c56a2b64c05b324f0b7f56ab486f507a256a9c3fef7bc902
- SHA512
  
  4689aae5bf7f81a7d216a570e36322ab61ffb33428316f301be20f1f65111b6eb696b75325b008dff6f963a135148ccc1c600ed1bf71fcc813765918daa14102
- SSDEEP
  
  24576:YXd+yURo9zpJSRoOl6Z5W1DYsHq6g3P0zAk7C3:wdwGdrStl6Z5W1DYsHq6g3P0zAk7C
Score

1^/10
behavioral25

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Network Service Discovery

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

We care about your privacy.