0ba8f850d3a339dc5c6c477ae00cc970e3df4c1da1f48d9cbb43083cebaf8747

Sharing

Copy URL

Twitter E-mail

General

Target

ExSoftware.zip
Size

13.5MB
Sample

240812-hes7ystepc
MD5

ce815db6903796ebb075ff2545a7230a
SHA1

30e9677b7d66ac30aff441c9dde4b62213a8c8f0
SHA256

0ba8f850d3a339dc5c6c477ae00cc970e3df4c1da1f48d9cbb43083cebaf8747
SHA512

0cc6f7adb2e8c0e917d005340ded1bf3fa4bb0f8754d74b022c22995855fba2b5eab12b473f0e1eb708ea0a2354b286a60203e269a52c4bf115c30c34f3a35c8
SSDEEP

393216:6cgRVGjRJSR+hZ+wkJJR4PYCGMPDEGsMtn94aqHsr3xRC:64q+h8wUJRVCtw+tn9VBxRC

Score

3^/10

discovery

Malware Config

Targets

- Target
  
  ExSoftware/AcXtrnal.dll
- Size
  
  550KB
- MD5
  
  6e353c4c50e19aa7fa32750caaadfdc8
- SHA1
  
  f769957ef270dea7eebe3343681823d8bf39549e
- SHA256
  
  fcf336915cb31035f31318a82b528ac29b46286d149ac20af48106b127f281a9
- SHA512
  
  e10d918364c1c8108f0be51c523852c0ab270804071514406698dfadc733ff002c8e87d35116c48a8fdb02a619e7b84ccc7c81a5f1b6ce031d54a9aef9ae4a8a
- SSDEEP
  
  12288:1dLOyN8W4TnHLaVmrbSOkKc+Ae63Udfun:/LOS4TnHRWOkKcX13UdWn
Score

1^/10
behavioral1 behavioral2
- Target
  
  ExSoftware/Debug/IA2Marshal.dll
- Size
  
  70KB
- MD5
  
  c46ae8d509751485f5f10d77038eba8c
- SHA1
  
  cb3ec21c3e79d966f436fddeb37cc6475d851e46
- SHA256
  
  53e9e5fac599cedb19a3103db0a1a381f3e39644e15ff254b4aca7d4c821d311
- SHA512
  
  dd2162c88c91ef83d99c05f4d2a6afd02afe7de461cda1f0bcb4974c5533462bd669405b6e6d1d487cdb03fa4a3cb1f404e9b1aa6be6b5e126c832a5f7618496
- SSDEEP
  
  768:HVE8itx4Hzn4LkjO4/6uRzN4O1b/EVyWDGehi:HVEET4LkjOSqVyp
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ExSoftware/Debug/api-ms-win-core-localization-l1-2-0.dll
- Size
  
  20KB
- MD5
  
  23bd405a6cfd1e38c74c5150eec28d0a
- SHA1
  
  1d3be98e7dfe565e297e837a7085731ecd368c7b
- SHA256
  
  a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41
- SHA512
  
  c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21
- SSDEEP
  
  384:9OMw3zdp3bwjGjue9/0jCRrndb5W1hW54wm0GftpBjvTNvwm3SBMltZ2m:9OMwBprwjGjue9/0jCRrndboUFViZ2Vu
Score

3^/10

discovery
behavioral5
- Target
  
  ExSoftware/Debug/api-ms-win-core-processthreads-l1-1-1.dll
- Size
  
  18KB
- MD5
  
  95c5b49af7f2c7d3cd0bc14b1e9efacb
- SHA1
  
  c400205c81140e60dffa8811c1906ce87c58971e
- SHA256
  
  ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1
- SHA512
  
  f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3
- SSDEEP
  
  384:NS8DfIelW1hWu4wm0GftpBjBFm3SzlJrI:NSLecfFViRTs
Score

3^/10

discovery
behavioral6
- Target
  
  ExSoftware/Debug/api-ms-win-core-synch-l1-2-0.dll
- Size
  
  18KB
- MD5
  
  6e704280d632c2f8f2cadefcae25ad85
- SHA1
  
  699c5a1c553d64d7ff3cf4fe57da72bb151caede
- SHA256
  
  758a2f9ef6908b51745db50d89610fe1de921d93b2dbea919bfdba813d5d8893
- SHA512
  
  ade85a6cd05128536996705fd60c73f04bab808dafb5d8a93c45b2ee6237b6b4ddb087f1a009a9d289c868c98e61be49259157f5161feccf9f572fd306b460e6
- SSDEEP
  
  384:DtZ3UW1hWxDzDm0GftpBjEILkm3ScrlPpU9:n0ViIQxi
Score

3^/10

discovery
behavioral7
- Target
  
  ExSoftware/Debug/api-ms-win-core-timezone-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  c9a55de62e53d747c5a7fddedef874f9
- SHA1
  
  c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad
- SHA256
  
  b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b
- SHA512
  
  adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb
- SSDEEP
  
  384:rWW1hWv4wm0GftpBjgpm3SSP9lndaYhpwe/:ReFVi02vZ
Score

3^/10

discovery
behavioral8
- Target
  
  ExSoftware/Debug/api-ms-win-crt-conio-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  a668c5ee307457729203ae00edebb6b3
- SHA1
  
  2114d84cf3ec576785ebbe6b2184b0d634b86d71
- SHA256
  
  a95b1af74623d6d5d892760166b9bfac8926929571301921f1e62458e6d1a503
- SHA512
  
  73dc1a1c2ceb98ca6d9ddc7611fc44753184be00cfba07c4947d675f0b154a09e6013e1ef54ac7576e661fc51b4bc54fdd96a0c046ab4ee58282e711b1854730
- SSDEEP
  
  384:tW1hWv4wm0GftpBjp+m3S1ZXlndaYhpt1:k+FVib+ZvN
Score

3^/10

discovery
behavioral9
- Target
  
  ExSoftware/Debug/api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  9ddea3cc96e0fdd3443cc60d649931b3
- SHA1
  
  af3cb7036318a8427f20b8561079e279119dca0e
- SHA256
  
  b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5
- SHA512
  
  1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162
- SSDEEP
  
  384:FuyhW1hWF4wm0GftpBjErIm3StlndaYhpFeD:4cFViUIbi
Score

3^/10

discovery
behavioral10
- Target
  
  ExSoftware/Debug/api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  39325e5f023eb564c87d30f7e06dff23
- SHA1
  
  03dd79a7fbe3de1a29359b94ba2d554776bdd3fe
- SHA256
  
  56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a
- SHA512
  
  087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085
- SSDEEP
  
  192:4rW1hWiSu7jCjdks/nGfe4pBjSYC69poCxW5RKTt3E2sVWQ4GWmEsSC9qnajuZDW:AW1hW6am0GftpBjtBQm3SzSKlUKTT
Score

3^/10

discovery
behavioral11
- Target
  
  ExSoftware/Debug/api-ms-win-crt-filesystem-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  228c6bbe1bce84315e4927392a3baee5
- SHA1
  
  ba274aa567ad1ec663a2f9284af2e3cb232698fb
- SHA256
  
  ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065
- SHA512
  
  37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab
- SSDEEP
  
  384:Cq6nWm5CZW1hW9YBm0GftpBjVem3SuPvlg+0Pd:T6nWm5CIhViDeKPmd
Score

3^/10

discovery
behavioral12
- Target
  
  ExSoftware/Debug/api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  1776a2b85378b27825cf5e5a3a132d9a
- SHA1
  
  626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df
- SHA256
  
  675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee
- SHA512
  
  541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348
- SSDEEP
  
  384:XY3eBW1hWqvm0GftpBjtzsxm3SKulndaYhp6s:zQzViATv
Score

3^/10

discovery
behavioral13
- Target
  
  ExSoftware/Debug/api-ms-win-crt-locale-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  034379bcea45eb99db8cdfeacbc5e281
- SHA1
  
  bbf93d82e7e306e827efeb9612e8eab2b760e2b7
- SHA256
  
  8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65
- SHA512
  
  7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256
- SSDEEP
  
  192:lW1hWi6+49Cjdks/nGfe4pBjSY38yMsW5RKTt3E2sVWQ4GWbGBfqnajE49dRX3tK:lW1hWa4wm0GftpBjlWm3S7dlPptZA
Score

3^/10

discovery
behavioral14
- Target
  
  ExSoftware/Debug/api-ms-win-crt-math-l1-1-0.dll
- Size
  
  28KB
- MD5
  
  8da414c3524a869e5679c0678d1640c1
- SHA1
  
  60cf28792c68e9894878c31b323e68feb4676865
- SHA256
  
  39723e61c98703034b264b97ee0fe12e696c6560483d799020f9847d8a952672
- SHA512
  
  6ef3f81206e7d4dca5b3c1fafc9aa2328b717e61ee0acce30dfb15ad0fe3cb59b2bd61f92bf6046c0aae01445896dcb1485ad8be86629d22c3301a1b5f4f2cfa
- SSDEEP
  
  384:jOTEmbM4Oe5grykfIgTmLmW1hWSsngm0GftpBjGm3SAlD16hX:lEMq5grxfIndCngVis5
Score

3^/10

discovery
behavioral15
- Target
  
  ExSoftware/Debug/api-ms-win-crt-multibyte-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  19d7f2d6424c98c45702489a375d9e17
- SHA1
  
  310bc4ed49492383e7c669ac9145bda2956c7564
- SHA256
  
  a6b83b764555d517216e0e34c4945f7a7501c1b7a25308d8f85551fe353f9c15
- SHA512
  
  01c09edef90c60c9e6cdabff918f15afc9b728d6671947898ce8848e3d102f300f3fb4246af0ac9c6f57b3b85b24832d7b40452358636125b61eb89567d3b17e
- SSDEEP
  
  384:2y+Kr6aLPmIHJI6/CpG3t2G3t4odXLNW1hWOXRm0GftpBjVm3SKlDCEIy:2ZKrZPmIHJI6abVi/Q1Iy
Score

3^/10

discovery
behavioral16
- Target
  
  ExSoftware/Debug/api-ms-win-crt-private-l1-1-0.dll
- Size
  
  71KB
- MD5
  
  3d139f57ed79d2c788e422ca26950446
- SHA1
  
  788e4fb5d1f46b0f1802761d0ae3addb8611c238
- SHA256
  
  dc25a882ac454a0071e4815b0e939dc161ba73b5c207b84afd96203c343b99c7
- SHA512
  
  12ed9216f44aa5f245c707fe39aed08dc18ea675f5a707098f1a1da42b348a649846bc919fd318de7954ea9097c01f22be76a5d85d664ef030381e7759840765
- SSDEEP
  
  1536:g0DjXDe5c4bFE2Jy2cvxXWpD9d3334BkZnVPL9VG:XjDe5c4bFE2Jy2cvxXWpD9d3334BkZnI
Score

3^/10

discovery
behavioral17
- Target
  
  ExSoftware/Debug/api-ms-win-crt-process-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  9d3d6f938c8672a12aea03f85d5330de
- SHA1
  
  6a7d6e84527eaf54d6f78dd1a5f20503e766a66c
- SHA256
  
  707c9a384440d0b2d067fc0335273f8851b02c3114842e17df9c54127910d7fb
- SHA512
  
  0e1681b16cd9af116bcc5c6b4284c1203b33febb197d1d4ab8a649962c0e807af9258bde91c86727910624196948e976741411843dd841616337ea93a27de7cb
- SSDEEP
  
  192:hRQqjd7hW1hWif+49Cjdks/nGfe4pBjSYr+c24QLW5RKTt3E2sVWQ4GWw899qnaP:hKwW1hWZ4wm0GftpBjh24Jm3SwlUKTw2
Score

3^/10

discovery
behavioral18
- Target
  
  ExSoftware/Debug/api-ms-win-crt-runtime-l1-1-0.dll
- Size
  
  22KB
- MD5
  
  fb0ca6cbfff46be87ad729a1c4fde138
- SHA1
  
  2c302d1c535d5c40f31c3a75393118b40e1b2af9
- SHA256
  
  1ee8e99190cc31b104fb75e66928b8c73138902fefedbcfb54c409df50a364df
- SHA512
  
  99144c67c33e89b8283c5b39b8bf68d55638daa6acc2715a2ac8c5dba4170dd12299d3a2dffb39ae38ef0872c2c68a64d7cdc6ceba5e660a53942761cb9eca83
- SSDEEP
  
  384:Lb7hrKkW1hW54wm0GftpBjGOm3SdWlmTwhctW:LbNrKn8FVinhZW
Score

3^/10

discovery
behavioral19
- Target
  
  ExSoftware/Debug/api-ms-win-crt-stdio-l1-1-0.dll
- Size
  
  23KB
- MD5
  
  d5166ab3034f0e1aa679bfa1907e5844
- SHA1
  
  851dd640cb34177c43b5f47b218a686c09fa6b4c
- SHA256
  
  7bcab4ca00fb1f85fea29dd3375f709317b984a6f3b9ba12b8cf1952f97beee5
- SHA512
  
  8f2d7442191de22457c1b8402faad594af2fe0c38280aaafc876c797ca79f7f4b6860e557e37c3dbe084fe7262a85c358e3eeaf91e16855a91b7535cb0ac832e
- SSDEEP
  
  384:/ZpFVhHW1hWxgYBm0GftpBjMm3SNlndaYhpn3p:boEVi6DBp
Score

3^/10

discovery
behavioral20
- Target
  
  ExSoftware/Debug/api-ms-win-crt-string-l1-1-0.dll
- Size
  
  23KB
- MD5
  
  ad99c2362f64cde7756b16f9a016a60f
- SHA1
  
  07c9a78ee658bfa81db61dab039cffc9145cc6cb
- SHA256
  
  73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa
- SHA512
  
  9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7
- SSDEEP
  
  384:jiFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlbW1hWS4wm0GftpBjwwO5m3S9lJrm:j6S5yguNvZ5VQgx3SbwA71IkFhbFViWs
Score

3^/10

discovery
behavioral21
- Target
  
  ExSoftware/Debug/api-ms-win-crt-time-l1-1-0.dll
- Size
  
  20KB
- MD5
  
  9b79fda359a269c63dcac69b2c81caa4
- SHA1
  
  a38c81b7a2ec158dfcfeb72cb7c04b3eb3ccc0fb
- SHA256
  
  4d0f0ea6e8478132892f9e674e27e2bc346622fc8989c704e5b2299a18c1d138
- SHA512
  
  e69d275c5ec5eae5c95b0596f0cc681b7d287b3e2f9c78a9b5e658949e6244f754f96ad7d40214d22ed28d64e4e8bd507363cdf99999fea93cfe319078c1f541
- SSDEEP
  
  384:iUW1hWQ4wm0GftpBjddQxm3SLDlD16h1S:eRFViexn1
Score

3^/10

discovery
behavioral22
- Target
  
  ExSoftware/Debug/api-ms-win-crt-utility-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  70e9104e743069b573ca12a3cd87ec33
- SHA1
  
  4290755b6a49212b2e969200e7a088d1713b84a2
- SHA256
  
  7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95
- SHA512
  
  e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9
- SSDEEP
  
  192:UfHQdurW1hWiSuDz7eCjdks/nGfe4pBjSYp2VZGW5RKTt3E2sVWQ4GWO3uDVqna9:UfVW1hWKDzDm0GftpBjYLm3Sy5lD16hC
Score

3^/10

discovery
behavioral23
- Target
  
  ExSoftware/Debug/breakpadinjector.dll
- Size
  
  122KB
- MD5
  
  6716effbb25300b5219617b8a18f23d0
- SHA1
  
  b713484772a363d04246fa1c87d6eb5a008bafdd
- SHA256
  
  a2e682ab2b5b32eae62228627e751b2588743638f90e3339b97b7ef618e0c460
- SHA512
  
  ca4a2dd9d45e384eea8a586e28eca04c75a765c3b54ddc092d176830d8584d38b0f8c18f3a426450294c7e225317355de6663706cfda51816741c0cc61071473
- SSDEEP
  
  3072:eegoYzDRBYFlbiKKgRjKu8YZlLh9ml7FTHsVfJ:xYnwzib0jXZh90stJ
Score

3^/10

discovery
behavioral24 behavioral25
- Target
  
  ExSoftware/Debug/d3dcompiler_47.dll
- Size
  
  3.5MB
- MD5
  
  587a415cd5ac2069813adef5f7685021
- SHA1
  
  ca0e2fe1922b3cdc9e96e636a73e5c85a838e863
- SHA256
  
  2ad0d4987fc4624566b190e747c9d95038443956ed816abfd1e2d389b5ec0851
- SHA512
  
  0fa0e89ea1c1cb27ac7f621feb484438e378a8f5675eca7a91f24e0569174bd848d470d6b3e237fe6ab27ca1eb1ecc09b5f044e53a6d98bf908e77ac511183e2
- SSDEEP
  
  49152:zjmJAksRXmBNgC9ITPPE8WHmy0HRZ+kyOzDJn5c5v5H3pqC23u6q+25omPEyXzjS:zy2Ckrj+kyOv2MJ+6q8kbqS/AF
Score

3^/10

discovery
behavioral26
- Target
  
  ExSoftware/Debug/freebl3.dll
- Size
  
  668KB
- MD5
  
  15b61e4a910c172b25fb7d8ccb92f754
- SHA1
  
  5d9e319c7d47eb6d31aaed27707fe27a1665031c
- SHA256
  
  b2ae93d30c8beb0b26f03d4a8325ac89b92a299e8f853e5caa51bb32575b06c6
- SHA512
  
  7c1c982a2b597b665f45024a42e343a0a07a6167f77ee428a203f23be94b5f225e22a270d1a41b655f3173369f27991770722d765774627229b6b1bbe2a6dc3f
- SSDEEP
  
  12288:0oUg2twzqWC4kBNv1pMByWk6TYnhCevOEH07OqHM65BaFBuY3NUNeCLIV/Rqnhab:0oUg2tJWC44WUuY3mMCLA/R+hw
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  ExSoftware/Debug/ipcclientcerts.dll
- Size
  
  184KB
- MD5
  
  09fbcc65bc9ea19ad51aff161900a97f
- SHA1
  
  7951dfe9b7226509c54adb98bf64869c2a164027
- SHA256
  
  d050654b9fd3d655b7b9d9c0a0a3ec43a2213bd71762a56aafbcb184b591ce32
- SHA512
  
  58ffd5741c887f6bb0602e847019bc4c51e80c2dd16ce68bef91ab648bf967b4f65cc84cc4c5d921635145b456edf85886f7685f0685f331a227e006ed2cf70c
- SSDEEP
  
  3072:ZbyyGbu6wHdyZcOMf5SZ53pKT4hd4YyOMVew2yivJvFFnlvWRCJEGBnz2Otp1ziC:ZbZAu6UdyZcOMm3wT4oKyWFnlsCJEGFh
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  ExSoftware/Debug/lgpllibs.dll
- Size
  
  33KB
- MD5
  
  fb2938024d0f1c7eb05de4ca09fc2e31
- SHA1
  
  e16ee867bd8ff486ffc93ace34faa2246d21f5f1
- SHA256
  
  b3c7aafde3481587b38a895656f09b63152f89657e4918c39f48464cb7b0b7cf
- SHA512
  
  7836e70bcaf7e9b0c2b493704b2328e8c0917471c688bba8e48d3ef611591a3c49f01c7298d653b049f5fadc8f82ba6d8dcee25e88163cef219d103cf524dd18
- SSDEEP
  
  384:jtOsN08tJ9LbvrpV9ZrsgpIe/3MyC/Nw0oENyS/unn6COyngMtP3D4svDG/Ghn6:UsltfrpV9ck3lbEoH6aNZ8iDGeh6
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32