73cb3d7601ea224b083d2348a3c1e69de9d9105e85ac501565108a88bd663ecd

Sharing

Copy URL Twitter E-mail

General

Target

73cb3d7601ea224b083d2348a3c1e69de9d9105e85ac501565108a88bd663ecd.exe
Size

57.9MB
Sample

240819-b18q7sxbrd
MD5

e1da744506c344e11ef8790899aeb60a
SHA1

f136d37cf9d7d75da4cb343f2b341d3b09fdf919
SHA256

73cb3d7601ea224b083d2348a3c1e69de9d9105e85ac501565108a88bd663ecd
SHA512

67ea7b45395508bfcee71a57c77c05ac7cc8bb69ea1f6772566a8e4901d4155ae25de553d5d3a363ae6230a41ea4be3af3b58317630194d88e9c8218be1c3421
SSDEEP

1572864:29+wxbHlmC264rwt8DDNn+2sSIunWsAIUHxjDav:29Rv8E2/N0SIiFGxjmv

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  73cb3d7601ea224b083d2348a3c1e69de9d9105e85ac501565108a88bd663ecd.exe
- Size
  
  57.9MB
- MD5
  
  e1da744506c344e11ef8790899aeb60a
- SHA1
  
  f136d37cf9d7d75da4cb343f2b341d3b09fdf919
- SHA256
  
  73cb3d7601ea224b083d2348a3c1e69de9d9105e85ac501565108a88bd663ecd
- SHA512
  
  67ea7b45395508bfcee71a57c77c05ac7cc8bb69ea1f6772566a8e4901d4155ae25de553d5d3a363ae6230a41ea4be3af3b58317630194d88e9c8218be1c3421
- SSDEEP
  
  1572864:29+wxbHlmC264rwt8DDNn+2sSIunWsAIUHxjDav:29Rv8E2/N0SIiFGxjmv
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  WeBuff.exe
- Size
  
  142.1MB
- MD5
  
  8565a8a9de8c300a4a7b0f8eb196565e
- SHA1
  
  51cc2e86ccf55460f6f70e17414eda71846f343e
- SHA256
  
  88c4955b3f1ec5dd74160b77fa1e318352d6abe78516c6e36828085bfe6ff343
- SHA512
  
  92f9c84c66aa72f8eb2ec1d9f8c6420ac38ae06a29c8bfbe968b1ce815b898e02fc9b4003937f7f084d26fa8bef8a4054945d17d197f7f2e352f009e90d0350b
- SSDEEP
  
  1572864:OWngZjY37M7WblAypLUB3zuUJGVmAooiYQbmf+L:OIzwWbAJOqmY
Score

7^/10

discovery execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral10 behavioral9
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  49327125d50d00c0897aa17d33645fb1
- SHA1
  
  12c543f34accf36993ba0df62ea6778d35e95901
- SHA256
  
  54af230c35a29655192c077b0b203a35355a18292dab41733433d26397918271
- SHA512
  
  0ea66bb78f2ed2b5eb27d124f4fddcd09c26757c809e5ce5bb12a572b08b7240c6b9f97f6af66f2e9c2090ff43606613005e461aa6ed4da37856af03af0a9ac8
- SSDEEP
  
  49152:x8qdAmBRsEsA2lydpsV2+ulbCVCbBdRXLvPznKF76ayToQVNU52kJ8dj02bfUCfq:zdZB6ssV2vWCbB7K7ryToQVNU52kJ0Up
Score

1^/10
behavioral11 behavioral12
- Target
  
  libEGL.dll
- Size
  
  460KB
- MD5
  
  94d5658eac38abc9f1d57263a68579c0
- SHA1
  
  9d6cfe38b2c2af016a8fd25d7e69baf51aea175d
- SHA256
  
  9e077cfcc099e7f01cd9b7eff2758c09e1bead7638ef34f33f25d10ab9531c35
- SHA512
  
  cc5c2a86a5ca0f74936bd123888f78e093571675c408c993227c95f05277ae6201005bb0543377c3b5415e94b709bed4280898fa3a0dddafd4c06d89ff81b963
- SSDEEP
  
  6144:rKEcTs/jvtGCIvT/BIy/71C6h7i6DPgwlXwuxkC8wmdj8hLeC:rKEcTs/jvtGCIb/BI/CLPzxk7wmdj0
Score

1^/10
behavioral13 behavioral14
- Target
  
  libGLESv2.dll
- Size
  
  6.8MB
- MD5
  
  b2062aa70b5177884199ef4ad7875f2f
- SHA1
  
  22cae34f6329c5e2bb3abcbb67257b009c703a9a
- SHA256
  
  b2b6f06a9db1f359309c42e9a7620e7ee8277ed375dc7f77672661a11335023f
- SHA512
  
  3ed8d31efd1f22f628b55c5782daa2f4f7008faef03afed03d6a00af04c8b5c49667d8cade04b9a7403e6fe5b54603ae71b4c539aa351c785d2b300d04383b74
- SSDEEP
  
  49152:J59vei/JY5TCnQZ3/nWhLl/07TlVMpDFR96PEtMHPZO926fbFbtf6sgylZy8Y2cH:qZ/WhR/o2Yr8rAjWedDBVm
Score

1^/10
behavioral15 behavioral16
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  resources/extends/WeBuffCore.exe
- Size
  
  2.5MB
- MD5
  
  9593735ca3025647ba6e7e5543a9ccea
- SHA1
  
  28173bf4432a290a1fc33b6ae7473bee020b9746
- SHA256
  
  58163aadc9bba7defef3a33f9419864cf0d30679439cab6abe946c077b3d3b22
- SHA512
  
  2ed7c58226af7228430a194c93088952336bc7335efbf298cbfffb4ec1f97f79d7ecfd6df83a2e7698f61d28b7df9c9c883d382468cc5c948a77690eed29ff81
- SSDEEP
  
  49152:ystidYOICW90S2I9fYtTHGsvF22yd2w0nSW8jtT8mpBIYzbX:ystKUx9J2ykw0SW8jtjfIq
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  resources/extends/WeBuffHK.exe
- Size
  
  453KB
- MD5
  
  18ddf92cb1cb912f285a70923eee219a
- SHA1
  
  99d68db5e09fe0682a7c169cb837c4cf8f77f88b
- SHA256
  
  3d94d80998dd12c623a0613b127353b72b3571883569ce1615565768f222241e
- SHA512
  
  561d3fa1bd522c56375a85c7478bb2ea133123e179aa84bec25f02e17fd965a00c5a1df85bf2555415c376dbe52095ea77b54d3b698da1fe38c7837a3ee9de51
- SSDEEP
  
  6144:QmAj85YP9xvpBj7nA//SSNP1m8CZjBa/mbvUIRc:QSG3xJ7nA/TEFbbbcIRc
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  resources/extends/WeBuffHelper.exe
- Size
  
  1.2MB
- MD5
  
  bb3325df88e553acd240ab5e6ed9e472
- SHA1
  
  8b7655d12c6a1b6bb97f48b0867c56513e69c924
- SHA256
  
  faf53af7976589f44ef39b63eeb59ac2e4d07458b241330c482961a299f42279
- SHA512
  
  4d5284c954d0713222ec19fa2292eb9b3deedf20cd6332b9ad259aacc275efc9c310b0ae4ddeb51c3ef3c475f21df460d8708c8d33cdfdc295376350ead51d7f
- SSDEEP
  
  12288:mqJXzQYvcce4q3qRqN4WgtYkAH3H9CoxDnDK+0S0YbeTNr:LJXz/7e4VgWWg/y4eHPHbeTNr
Score

1^/10
behavioral23 behavioral24
- Target
  
  resources/updater/WeBuffUpdater.exe
- Size
  
  685KB
- MD5
  
  5bdf0577e6b814da9d499be0acea25d7
- SHA1
  
  a5890aa43ec33af8a24c1d860fb335bee223b962
- SHA256
  
  9e26ccd244b429bd932387b4310c2ec011f4f2c9d5fbcc26c9e482399e7490a7
- SHA512
  
  f6bddd94f944412f89a6d4fe95ae42deb711e7840ef4007d091b03f9db00f5c130e5d337270017a41a3d6db46538652736f48e0b6f0776b3578c49397b8b6045
- SSDEEP
  
  12288:l0rjv+t78yCzzci3sDjoLKGt+Xuuu886bDMS:erebCzzci3sXoGGoVHbDMS
Score

1^/10
behavioral25 behavioral26
- Target
  
  vk_swiftshader.dll
- Size
  
  4.5MB
- MD5
  
  8db23df2fcab5c8f511b51cf2e141c91
- SHA1
  
  0956c8d17a612ae98e0bad36db9b49c7d8a52ef3
- SHA256
  
  5d2c14de5809a2eed085d4af04a36676af23047590aed927caae8d9cfeb241e7
- SHA512
  
  24b14d34f433e48e11054d47332edc38dd36e53bf0eb95a479f5d8dd2f8a6910942df0f8f90a67ae50850a36e0b6e410ad138e5c623b9def19b310bd3872b4ab
- SSDEEP
  
  49152:PO6IzWGejMxLmo/FxJga4kIKvGtY48loR/ciu4skCDC88PF/VoQ28iasG+Stxf+i:+7/pEEkSUwsNEMd
Score

1^/10
behavioral27 behavioral28
- Target
  
  vulkan-1.dll
- Size
  
  854KB
- MD5
  
  dbb7bc50120b70622b76a975b1d116de
- SHA1
  
  45989611cf8203a26b7a4a52d037841e16886992
- SHA256
  
  71dec6c6c662214bd62774a7e788fe71200ae3bc4729428ee08c7822d3d35412
- SHA512
  
  6b5d0836a671d5d96b48016feed36b7611326f6cc44242750aef864362ec04e6999a34f004cab0854cb5843833d951da127890221ae08d82a7e93c660331119d
- SSDEEP
  
  12288:lPcsZ/i18O9zheQQZ7bjnfjaimmVBmJUAI0/bf1IohNX6G6:lPcL19F0QCn5VBKQmSy
Score

1^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  466179e1c8ee8a1ff5e4427dbb6c4a01
- SHA1
  
  eb607467009074278e4bd50c7eab400e95ae48f7
- SHA256
  
  1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
- SHA512
  
  7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817
- SSDEEP
  
  192:olsHeylO012En8pqHtcE0PuAgkOyvIFc:oATI0d8pUP0WAgkBvIFc
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32