661d3f465880ba56d3af8d6fc5d18b807921f1b4f4c4a48a5781ba4ccea2e049

Sharing

Copy URL

Twitter E-mail

General

Target

SignalSetup.exe
Size

126.8MB
Sample

240818-dqr2tascpb
MD5

d4c4dc8d6bdb82b74b41bd0ec780e6da
SHA1

3a0190846c03b01577b013a12183026d34ba5ade
SHA256

661d3f465880ba56d3af8d6fc5d18b807921f1b4f4c4a48a5781ba4ccea2e049
SHA512

1da40d344b6077698be0f029c1d2a3065acc83c807925437a2d6eca74a10b6bb3204b32680eb504df1ada7effd83785d3cd6cd917789a413ad3bc4ba78f75b5d
SSDEEP

3145728:fk/RG+GsrJNSj3U2smgLNiTKItEE6TxZLileHxMQ4:ANGMnSj33sjNimnECxZmlOOV

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  SignalSetup.exe
- Size
  
  126.8MB
- MD5
  
  d4c4dc8d6bdb82b74b41bd0ec780e6da
- SHA1
  
  3a0190846c03b01577b013a12183026d34ba5ade
- SHA256
  
  661d3f465880ba56d3af8d6fc5d18b807921f1b4f4c4a48a5781ba4ccea2e049
- SHA512
  
  1da40d344b6077698be0f029c1d2a3065acc83c807925437a2d6eca74a10b6bb3204b32680eb504df1ada7effd83785d3cd6cd917789a413ad3bc4ba78f75b5d
- SSDEEP
  
  3145728:fk/RG+GsrJNSj3U2smgLNiTKItEE6TxZLileHxMQ4:ANGMnSj33sjNimnECxZmlOOV
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  9.0MB
- MD5
  
  aaea51a605688fcb2f178fd60e4ca64c
- SHA1
  
  69d4791bf3cfedb68bc4d8f766878103578171cb
- SHA256
  
  96837a4a521a61bd3d34f2f660e29902d228aaec501eeb2a84403f1926c3df9d
- SHA512
  
  d328bf2f9ff7372a716a09e5882b9e3c0051b0135412b3258453085db1de2c7699c8aae24edfaca7798f468802db975977c9976e19fca84fffe884bf8594c33e
- SSDEEP
  
  24576:h+QQf6Ox6x5n1nZwReXe1GmfL6k6T6W6r656+eGj/dBIp+:oAZeGLp
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Signal.exe
- Size
  
  172.4MB
- MD5
  
  5b27507cc4534fa7056ea446d2c41ab0
- SHA1
  
  8e9937c140aad75a397136bff4b13b5a11ade021
- SHA256
  
  247f158b00c753297d2b4425ce775b50e01bd0c5b1f23c28ae1502fd51172e48
- SHA512
  
  666f6124868d339a309a665f704f7929477e172c02ddcd6adeb5fa6e62236e93885697cd928e30e7bd0398a3a54fcbc8d641fe8d20a7f1e192b918f0d95a696e
- SSDEEP
  
  1572864:7VzcyEjO1TyBvzfZHwlBuauSfmDFfEP/U9Je4Lhb9mMFVYQSkxbD7O:8z6fgxbDS
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  d18bbe2018d6b8abe918689b9a93399d
- SHA1
  
  d2d20d71a5f7b365b90f20b96ef06c453489b701
- SHA256
  
  ef041a89ad50ad8ef3d2b388338f9a60dea0e42b47234c7bd584117fc1d28234
- SHA512
  
  46ffeda1fc95ae81aab68da99b267d7bad9829b325b7c374c07883537e7f8b25976b80f94c810723fd3f4af24f3c28711c388b4f06e8f40a8081c045ca4fb066
- SSDEEP
  
  49152:sCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRNe:7G2QCwmHjnog/pzHAo/AyH
Score

1^/10
behavioral14
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  c489b878d69f1ce9940b52ed26e4003e
- SHA1
  
  c04cb17af79eefe09e290d32ce9063f79938dd6a
- SHA256
  
  7d66b69aefdee25cb0cb8e80c08f5801e15f84a0083f195b4553661e19d4c98f
- SHA512
  
  bb92bbe6a075506b15d366474d598db2c397502c65e2573b2fc373c64e45cd1ecbe9e56a93225f2a218a51575b2da7ee464052aee7509ae97a18a6b468ff3559
- SSDEEP
  
  49152:71nRu1gjn93AXtsX7I8g4AScbz6Ox+pen6yfmb+ST1PqRrYg0:7Jsf83Sn6Ox+tP5g0
Score

1^/10
behavioral15
- Target
  
  libEGL.dll
- Size
  
  482KB
- MD5
  
  77e66a24caeaf12d7926cea5eae7627f
- SHA1
  
  893310e29bd80fbf02b4386a08759e3575143435
- SHA256
  
  680767d71af1037f2fc0adcdfe5c0262fa77779ee55ba9767e1316f74603b8da
- SHA512
  
  a6290b82212ca2487772b44af185ba1a72cb11eb512874b45ef176901a5c7c4681f4e3dd817dc40e2008e5fdfb2fc6c9ef0fb286b1bdc9bd5fdbf4a76a3f2d53
- SSDEEP
  
  6144:jmi12qlTgeUDsnkcM2nDl83BgENhYCqNvfY24MER:jmk2qxgeUDsNnDcgENhYRNvfUtR
Score

1^/10
behavioral16
- Target
  
  libGLESv2.dll
- Size
  
  7.7MB
- MD5
  
  60522549e34dcb25f28ff23562541784
- SHA1
  
  c8f02603d458c6c7d6938c54d1cc6e97f2949ac0
- SHA256
  
  39965f5f39a19e2e40c23c1f044c73326730e7ebf489f8c8679eb6813fc17208
- SHA512
  
  c446b6ed9a5a19cb40bc1d2cbc0c2c5e6b4b1c4e3ebd4c7ba827027b3a03c6649000d24ab8ac16aabe2408fa578b64efdc32a18fac62cef1383ff2865e4b2e9d
- SSDEEP
  
  98304:rjY0cdUNfie4BN5SLnSy9/I+0Tv1XC3rbX8:rjY2KeVtIhtmrD8
Score

1^/10
behavioral17
- Target
  
  resources/app.asar.unpacked/node_modules/@nodert-win10-rs4/windows.data.xml.dom/build/Release/binding.node
- Size
  
  528KB
- MD5
  
  6ab002caf0c20a49e2b2e965923c7874
- SHA1
  
  2c05697d5f80f6e6c804177b5fd08ab1b9608d51
- SHA256
  
  348621e2298b9fcc0107a5f8b71138ed44a7b62b39314d293f2616db8a070342
- SHA512
  
  ffb13bf5ae30f7e8de617b142ff411a92d6eb4277e09807d63d61939786d0979f82f51c09ac510f05d715c1c16251cd7c29d14f655bd4051a067e17d0c97a90b
- SSDEEP
  
  6144:utGoR8IRP+jk2ZY0JWn/MERWHPtepJB6S/hcwMCqt1ls6/x3zbUeWdqQfVX:PXW0qf7/TMtn+ID6xfVX
Score

1^/10
behavioral18 behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/@nodert-win10-rs4/windows.ui.notifications/build/Release/binding.node
- Size
  
  681KB
- MD5
  
  2bae5068f219216491d77adc1e2fbe33
- SHA1
  
  889daca4d1c61555f2b09ab3ed573049905f66e7
- SHA256
  
  5e18c0218e042ffa19385c450808681b2c8e8619f65986b2edef3a848da53223
- SHA512
  
  b5bdd3963bed1783bab9607473f001716f14855162a52f48a7d698bbb820c310a3f66291845863c61aabbaa1586e0df966a17e304e77b339abc4ee514d58af82
- SSDEEP
  
  6144:XVWd0ehH0hz9Gw6bFMe16G+eBBLDwOO1Azh/pjff7XjWzUAO5fxFejCgNAMY9toe:XVWCeK2GETuc/1ZkRFG6nRFyVN
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/@signalapp/better-sqlite3/build/Release/better_sqlite3.node
- Size
  
  4.5MB
- MD5
  
  a6b0369b5700704196082e7ca8609025
- SHA1
  
  3c1e7e1d1f95a5e4f8191bb5cda3de10005eb335
- SHA256
  
  7cd4a2125e531c6d5285adead784b0151398d1a45e584d09d09e7add72825c5d
- SHA512
  
  c3685fa3f7b5d9e169ae45c0229c7332805a13d16d91ce47d59e3a89c2c2dd01cd6af66b32af2bb80b5e8ba9c0bbadd952ef479fdac93929f2d77f47c8d047b8
- SSDEEP
  
  98304:tH+BndXkPr72i63dRtyKSQ+rtBrvitdVenGnyX:tEFldQtBrvKXeIyX
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/app.asar.unpacked/node_modules/@signalapp/libsignal-client/prebuilds/win32-x64/@signalapp+libsignal-client.node
- Size
  
  14.0MB
- MD5
  
  824db6890493b893fd84754ecf2dd667
- SHA1
  
  7861c9ba70dd335fd9c2f7637dcf02bf7cc544d8
- SHA256
  
  5f49d7af5a7f70a1b06499f8d70bb9359da9c8a98fc487c02b6dc63abe01d14c
- SHA512
  
  269ba040418d81e6f7aca3a9030c6ae91488b5fb5f27223a693e1b8bfe5f2068a15ad2d2b2bd01d56cf1f2dd3dafbb60fa4eca4205126ff4cb9497b20b8774a1
- SSDEEP
  
  98304:SWA9zicAG+lovYEHD+yw+w1JnMShCgIX9GxjLhmV1X+T7wNsW0B2aS:x6iUX9QhmnXC7caS
Score

1^/10
behavioral24 behavioral25
- Target
  
  resources/app.asar.unpacked/node_modules/@signalapp/ringrtc/build/win32/libringrtc-x64.node
- Size
  
  11.5MB
- MD5
  
  caa6e4326d193988a944c8361a5bc386
- SHA1
  
  3e8a3236dcad6d2e63a356e34173cfa239e44c30
- SHA256
  
  79e12291058b4e122d0a537e40bac8f060bb9249661514281fa4c09e12dae23c
- SHA512
  
  bbad339f97bc741ff9fb9638a94e3a18c03c3a1c8bb3f6b42e63e6f5675af65b18231990db992f69e963cef142d5f8a377ad583e237b1db5a1b26a86d713b34b
- SSDEEP
  
  196608:BB0rHPpEBiQF/Uy7Es+la6HkJmLQynzIHKQ6sz99ATY:BB0rHhAiQ+y7Es+la6HkJmLQynzIHKQV
Score

1^/10
behavioral26 behavioral27
- Target
  
  resources/app.asar.unpacked/node_modules/@signalapp/windows-dummy-keystroke/build/Release/NativeExtension.node
- Size
  
  108KB
- MD5
  
  a3a53f07ff092b4284902a793e212018
- SHA1
  
  ac1d6244f995305b12438aea03466305fb8cdf14
- SHA256
  
  82fddbdf0e325d6d56461bdeb074f76f2e8da1b5715777afed8214dcbc74640f
- SHA512
  
  57927c2f729910e95b99cc2a86d674acf92d0cfc9c668e1f6141df7c46604fff805a866b87e788fb56e1936eb3e86320eb01e3e3fc46a69ed25f1355258d0658
- SSDEEP
  
  3072:c/AVvRPPSN65LOBuPf8TZw4zkAMoKxpEucKp:fJnSwJOsPETt4ZySp
Score

1^/10
behavioral28 behavioral29
- Target
  
  resources/elevate.exe
- Size
  
  117KB
- MD5
  
  879c36dea0f95360d5795641e945bfae
- SHA1
  
  c981736265b4ef5494074517f6a83a1c9256b308
- SHA256
  
  fdd48b73515faa87ac219bb7ca76ad2f10459f096ca17c2e26ed6383118e8675
- SHA512
  
  a9c1ea4eb157d4f6b53c801edaef86884870bf1bcd390b7ed3c6718353f3c93457722089ced9be5e4e3ad3bb7f851d5da196fee0aad532bbc1c2c47275bbf818
- SSDEEP
  
  3072:FtbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlqKH1:fPrwRhte1XsE1lzV
Score

3^/10

discovery
behavioral30 behavioral31
- Target
  
  vk_swiftshader.dll
- Size
  
  5.2MB
- MD5
  
  b7986fdbeed708ab2db1f75704b96df0
- SHA1
  
  ad79eb4cb94106a79c3e392373ccfbe4cc51dcc7
- SHA256
  
  6bac419d71f870d465363a3e09b66209d6e15715d298703e311e33ef25f7f88d
- SHA512
  
  3e2b00d487aae0b15800b3a5064fb2f0c94539a87da3c9f80fab53951d7712aae3314b4e2efd446b0a85a074f5d773005ffa8825be49b10af10b679768548d5c
- SSDEEP
  
  49152:fgQpJ5yZBtfCp00oSO8hCsDsbJQk/tJ4q0nLhII1ytiT45z+WEjNHsRLf7OFJOMT:Fn5yZBXLxkf5FJIayGn
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Checks computer location settings

Enumerates processes with tasklist

Adds Run key to start application

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32