d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478

Sharing

Copy URL

Twitter E-mail

General

Target

Minecraft.Note.Block.Studio.exe
Size

42.9MB
Sample

240818-sal8ys1hlp
MD5

cad7ed3f0e24ed9d0c642a8db5711b6a
SHA1

526f38aeb0aac98e8dc834af594cba5210555407
SHA256

d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478
SHA512

21d07a10d13cc95ddaadbb7ed3045030c33cff6759af0f091e9058ae1c1b40dabf5ed1add13f62471feb19f3e1b52bd93246cd1b01ff9059aa32d1abd1e2597b
SSDEEP

786432:SeCSW3HLvaImZhgT3s6T/STneTZxcmpMmQO9KWNMurqQVbw+Dw3X6cM:eSC/mz8sEsMemWm/EW6u9bwnU

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  Minecraft.Note.Block.Studio.exe
- Size
  
  42.9MB
- MD5
  
  cad7ed3f0e24ed9d0c642a8db5711b6a
- SHA1
  
  526f38aeb0aac98e8dc834af594cba5210555407
- SHA256
  
  d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478
- SHA512
  
  21d07a10d13cc95ddaadbb7ed3045030c33cff6759af0f091e9058ae1c1b40dabf5ed1add13f62471feb19f3e1b52bd93246cd1b01ff9059aa32d1abd1e2597b
- SSDEEP
  
  786432:SeCSW3HLvaImZhgT3s6T/STneTZxcmpMmQO9KWNMurqQVbw+Dw3X6cM:eSC/mz8sEsMemWm/EW6u9bwnU
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  ea00e2678e4679ba28b0f560baec9776
- SHA1
  
  f9b647b1ab50cc2de981757ac914a5787bccd95a
- SHA256
  
  60d4a86f65e141d4b6b778e5f448a0c818bd2fa28db7b9dabc1395d354b19cc5
- SHA512
  
  2ee7a4a0af955ba376c66d13e626ca135b2afd13277a006f523eb2fdc1133a12ea35b065a8c119843fbe82f89190cdb2b769329af14e4313a2419b739b27337a
- SSDEEP
  
  192:UA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:MR7SrtTv53tdtTgwF4SQbGPX36g9Mw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  940e349c4d672436816e31d816ccdfbd
- SHA1
  
  ac25298f9fe271f59a0bd0cc6ec4640097d5e9ad
- SHA256
  
  edf47cfe918669f95b3aade7335ef8b33ae9d36eaf2be2f364d0d94637117d10
- SHA512
  
  5711fc585cc36138891d02c466c09ada345003e910d89a34fa0b54b67432bec4b6fec549ad8d2a9c4a17bf3723f1a60219a424a237bc24a0912c6bec886f14d7
- SSDEEP
  
  192:ziBR4nH+8Q7PMgido3lTyfsXUeTf+NeaxuFmdoyaZe5OdKqk:ziv4eF7UHuxyi+N/uFmdoBe8oqk
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/dxwebsetup.exe
- Size
  
  285KB
- MD5
  
  bcbb7c0cd9696068988953990ec5bd11
- SHA1
  
  3c8243734cf43dd7bb2332ba05b58ccacfa4377c
- SHA256
  
  34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4
- SHA512
  
  551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786
- SSDEEP
  
  6144:3WK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQ43:mcvgLARDI1KIOzOR3
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  7za.exe
- Size
  
  722KB
- MD5
  
  43141e85e7c36e31b52b22ab94d5e574
- SHA1
  
  cfd7079a9b268d84b856dc668edbb9ab9ef35312
- SHA256
  
  ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d
- SHA512
  
  9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc
- SSDEEP
  
  12288:AwAxBpwU5gU+2/9dB5XlH1YAEa5OLW0TjLWG3rn0Yf5ogmn9X9Rf6TIALr22DIVM:AhY2gUfVH5XlVYzagW4/3rn0Y5zmzRfq
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  ClassLibrary1.dll
- Size
  
  7KB
- MD5
  
  b0d15029f723c97e016ab382ff026efd
- SHA1
  
  a02e4e7deab0f44ffab1a7f1bd41007aa09d5a1e
- SHA256
  
  80e8cb8e2296644f976e8950162983b41d177ce70ab172311694be656ce95af3
- SHA512
  
  3e87810af9eda7ea26ce0096ae42507b456bbc20b2452ae204256e1e89df4166c6003bdcc35824ef3503c10101f1deedff63b3daf16b3e569692099d666009d7
- SSDEEP
  
  96:pPSr//BoAKKKKLZetZy9HdEVvNx5WKo+nwsFnxbsX5ZUtbPYM3XII:pa/OFry9+VvNx5KEnFspWH/
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Data/Python/Lib/site-packages/numpy/.libs/libopenblas.D6ALFJ4QQDWP6YNOQJNPYL27LRE6SILT.gfortran-win32.dll
- Size
  
  26.7MB
- MD5
  
  7b5adf80692830fe86e6da0b11173a35
- SHA1
  
  472bfbf128c6edc1ff1be8f3510ec33c80854c57
- SHA256
  
  82c5d92ca1c1f112b8fa65d8e115bd0ce6d0441c672a3b73c1375eac61c3c070
- SHA512
  
  b5b606a82e967f264d8f2518cca050a9553d070d1a4eff3223307e7ae0996003a8b5f83b29e73f6ebb70fd3199abf1564984c02d91a6739f69b57648c7f3a421
- SSDEEP
  
  196608:CcALKqNa4hFNNto9+7yUkdAIPLxIuKmBYyaHkebITB4RV50zAuCzqOwocHg8E:CcgOuyDpIujnebcAhq5ocHg5
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Data/Python/Lib/site-packages/numpy/__config__.pyc
- Size
  
  4KB
- MD5
  
  f437364d2613a2ec94f3e9fa1a25b3c2
- SHA1
  
  387b36e4aad36c2cdfe43544b92569c76ce40e27
- SHA256
  
  1988d54288fe56542cb27a229a5ea17a9f6544bff06021ddac78fdc8e08cbb88
- SHA512
  
  91a13dd37908b70640c299d668caad905baaf18d291fe0d13ae595839caf31d6b5f5f6b7e96b707c121469d88d5c9ddd2c3108f9abb445e323573002bbe7c882
- SSDEEP
  
  96:d+7IOympDjc4i18dzYpPKK08BBsIy5kezTTafH122eCayrZrpavQ00oqq7+d:vOjuAcPK3rgLnaCZIQ05qq7+d
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Data/Python/Lib/site-packages/numpy/__init__.pyc
- Size
  
  10KB
- MD5
  
  e7c9d9c8faebe57d65599ba6c3327de8
- SHA1
  
  44c889bc9423ab042b7db6432b149f69d95d937d
- SHA256
  
  6f73c04ef1c554dcfa288db5c88075e25447add7c222d2214762333706932503
- SHA512
  
  422f947dedc9c581d6fe2a247ba2e645fddeec2d0f619e94ae620cef374d9dee939317f6323557affeae2a6b72fb7875422301ba43c0a4fe99b1ed811a291bab
- SSDEEP
  
  192:EEzcUbNGpwVNg8WcOO6WQJql1oaFodOqhCqM9Vh2y6L+j:Eo4pwzH1QJaHFbqO9V0y6aj
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Data/Python/Lib/site-packages/numpy/_distributor_init.pyc
- Size
  
  904B
- MD5
  
  531f3b4391bad0f82c820fb4b106d6cd
- SHA1
  
  e2d4937ae802f9fbf85854779fe810bd2f7316ae
- SHA256
  
  4b7315cec0e801d0049a365f0ca35d0bc7e878a7419967a239aa7245ef66f5fe
- SHA512
  
  45f68de6bad2c59907e7c22129c3a453bcdcb880a13b3da8e8ac8c9376895ab4a639861676ea4995897c6b6dd9a97da0b31c70ab62f99a37a1f2abedc111206e
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Data/Python/Lib/site-packages/numpy/_globals.pyc
- Size
  
  4KB
- MD5
  
  7bd375b963acab9bf7a322b9320bf8d3
- SHA1
  
  6d4e454aea7427ed583cd5a7eb07d1a0821967d4
- SHA256
  
  af2aeaf4cfa615c4d01f058e2dfb3cb90f3de212280eca677b04a76de96baac4
- SHA512
  
  01761765919ebd0a7fd2b5698ff879c80e007bcc782126a3c8229330835b01c5759756e96bd29e4c68f3501653617c2a91809fc852d3010151314ea4160152e2
- SSDEEP
  
  96:BPVbQ09/1eSlYZL1jt9B2qHXjKJ6VGfViEV84HH12waQi:/E09/DlYv8qHTKJ66VP8oVZq
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Data/Python/Lib/site-packages/numpy/_pyinstaller/__init__.pyc
- Size
  
  145B
- MD5
  
  5d8ced4ad0b2868dfd4cdc632ebfbcc5
- SHA1
  
  3fd7363940034131548b090c40ce5c1bf91ea78a
- SHA256
  
  c45fd010aa421f25ba6c2e8908f291f44a9c959e34de44d34451c43cdd9cccb5
- SHA512
  
  436c03934c39f518d5db8d15224aa59d607fa7c430a07b4993265f8f7a88dd533523851b23c21a1e29d8abbda74ce066a0c3caa8fe68021cb46b411cd9e60044
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Data/Python/Lib/site-packages/numpy/_pyinstaller/hook-numpy.pyc
- Size
  
  883B
- MD5
  
  8928a6af39780e3c2a221cb35f405280
- SHA1
  
  cc9cfa3782007aaa5eeb9264959b55fd9aa6fb15
- SHA256
  
  0a8ae68bb6304c12ae7d1b428d1d08c6ec82cd60a3efd939ec43de757fc9662e
- SHA512
  
  2d38ea5df93746c661c7e52ee2104781dd5a243b4694db8eb7f71f9776e5c6e127637ca7d319fce9f3d3d4cb892e67e77291a391e875c984ee8d950a40e0a396
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Data/Python/Lib/site-packages/numpy/_pyinstaller/pyinstaller-smoke.pyc
- Size
  
  1KB
- MD5
  
  e922c86170b32c6e267804681b6ac5fa
- SHA1
  
  4ff45f5332ef375375a783a8c785fd05a062f0d4
- SHA256
  
  b2a72ac8a8b92695fc434829d06af302bfdc07d00546aef6b1c71f267fd2d474
- SHA512
  
  ef8e998afe13b9f3259d3bf37b529ec4cd388221a0c22f633ccfd9353864527abc5e244346e41afc3480635c5bd2c75de8dfe882598255de5be68348d4031783
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Data/Python/Lib/site-packages/numpy/_pyinstaller/test_pyinstaller.pyc
- Size
  
  1KB
- MD5
  
  b811b8dd8d8f4dd3194f56d1043c013e
- SHA1
  
  e7f871c3e1b79c7d7b3b208191ccd8883c649784
- SHA256
  
  476a9d4b7134beb555fe7a60a0b3942c7f4d41862523b04924a0a208e796e1bf
- SHA512
  
  48820d56812a4710d93505f900c9ddb5e6709fb35e5493d409cc7d818fb77dddc953aba77704dce7c5f6360a7d23a4b8ef26fa947e54df68c56b4d5a74f79b09
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Data/Python/Lib/site-packages/numpy/_pytesttester.pyc
- Size
  
  5KB
- MD5
  
  1fdb721e8a2282afb484f637b837987f
- SHA1
  
  5ad314e882352554035a656d973c6234dbca5f70
- SHA256
  
  46bdc33394ff093540b8953797e4b2ed821ffb94629b7f5d37013a0cb59303a1
- SHA512
  
  6614d85a47b08345935fe3741ad381a6db5029f26c23ccadc65402c213ed697b245cee246163ad79da4cefe6573c42e8089640d6f36933cad24bf0c92a12ba8b
- SSDEEP
  
  96:KLpk7eARmEAIYeEPXWp7naRfgr/DYU5A14JL+M+iKup3MrqMtdFCT:KLp+HFAnepnaRf6DTA2JCRiKupQqr
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32