5ab9279e7714070a4fd23be8b7fc67d76987838f2a2daf1082b349e1912e5ff5

Sharing

Copy URL

Twitter E-mail

General

Target

Era Setup 1.0.78.exe
Size

83.2MB
Sample

240820-zkrdzssepa
MD5

428a0939ada772975b95cf73958b040c
SHA1

e64a753cdaa7d71472e7a7fff4ea797a8f44fea2
SHA256

5ab9279e7714070a4fd23be8b7fc67d76987838f2a2daf1082b349e1912e5ff5
SHA512

7298b8fae3b9dca00ff343ab712a00b07e83a0d53d8692db212bc68aa3942d739fceddf787e2f61271a709ab5d7f0559d5c256f5e1e544577232b314e3a53888
SSDEEP

1572864:kd4opqebrfk2ZN/w7v9xFJgHaXOTqPLk8rDbDkkagQkpIEDv5JiPaWo6J:kdHlbrMOwLzFJsNH8nkkagQf8JUaR+

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  Era Setup 1.0.78.exe
- Size
  
  83.2MB
- MD5
  
  428a0939ada772975b95cf73958b040c
- SHA1
  
  e64a753cdaa7d71472e7a7fff4ea797a8f44fea2
- SHA256
  
  5ab9279e7714070a4fd23be8b7fc67d76987838f2a2daf1082b349e1912e5ff5
- SHA512
  
  7298b8fae3b9dca00ff343ab712a00b07e83a0d53d8692db212bc68aa3942d739fceddf787e2f61271a709ab5d7f0559d5c256f5e1e544577232b314e3a53888
- SSDEEP
  
  1572864:kd4opqebrfk2ZN/w7v9xFJgHaXOTqPLk8rDbDkkagQkpIEDv5JiPaWo6J:kdHlbrMOwLzFJsNH8nkkagQf8JUaR+
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  82.7MB
- MD5
  
  91529810355298f268bcd4349278bbaf
- SHA1
  
  9a21b0b53462afe7d4027d3f405cee4657bdf129
- SHA256
  
  e47945df48456518e01cf62336bddf9c18d50b46e8346432d6aecf34d42b4cf2
- SHA512
  
  ab7afa1f8cbdc03a5bca3851b2e3abaf7130307c72f5e283abd25b682ba8cced17dad327328b580de560f0e386ea7ca68fb56f3bc364a1a5ce6a43c7947af4ac
- SSDEEP
  
  1572864:V4opqebrfk2ZN/w7v9xFJgHaXOTqPLk8rDbDkkagQkpIEDv5JiPaWo6u:VHlbrMOwLzFJsNH8nkkagQf8JUaRP
Score

3^/10
behavioral6
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
- Size
  
  487B
- MD5
  
  b7c89ec5dfb8b15555f32a3bef6c3103
- SHA1
  
  a92048052f5fc0af532cd97ebf82c1a9fbf12342
- SHA256
  
  7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0
- SHA512
  
  c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8
Score

1^/10
behavioral7
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/js/helper.js
- Size
  
  6KB
- MD5
  
  c29ad60a23d5406728a51afa4352b4c7
- SHA1
  
  2be817215890f5868717765570ce9f7422735c4e
- SHA256
  
  faa867204c92db252271c9d850962ae1ff5c9448444ca907af483a6c874a6eb0
- SHA512
  
  e1784b8bf7119bf3380b192f1597cb3179425ff7ab347b144011fd17b62794760e6e092a0a1dae99302eb6c333f1638440df4e4e0eaf64f26d4f3cc46a74d04a
- SSDEEP
  
  192:WSqkCoOycfhxPBRw/uL2FqRxJRLVeUdrga:WSbCoOycfhJBR+qjRx/VeQMa
Score

3^/10

execution
behavioral8
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/js/index.js
- Size
  
  1KB
- MD5
  
  50c3a734036b84685a15d56217207d67
- SHA1
  
  1893de2684072a3a2961337fa9a9b45a52c52c0a
- SHA256
  
  171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78
- SHA512
  
  3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9
Score

3^/10

execution
behavioral9
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/js/logger.js
- Size
  
  253B
- MD5
  
  1d26f69361e75ca5cd2eac5f99249c72
- SHA1
  
  787d51c708ce15b2c533a180a2bf639648bc40eb
- SHA256
  
  d7d63601d3347efc93425f4f93049cfb9ed2b9ead1dce662c9c1bed3cba302e0
- SHA512
  
  7350774074462d33ac9f2e130829306af08a6693fd597f40c39bfb194684f66d965cd23c10de5fc4389e4a2ffe84db727aad23dd683a805ae4825f10026cb040
Score

3^/10

execution
behavioral10
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/index.js
- Size
  
  10KB
- MD5
  
  e8282413c1895eaff49de6dd9b71ab13
- SHA1
  
  4e058f522a46e20bbd26f15a6922390ec2c1da36
- SHA256
  
  d6a28994173c1c36476121f8b0e3633e01ecd0589289901fba34fe218293443d
- SHA512
  
  301d2a6ae958e1ba936cae6f555a587ad87567055f4709d4676a3ef5b1a3112cb338b8a9e744c24cbfa784f00f13a1118ad48fd4f6bb060c5608e4ddc8779389
- SSDEEP
  
  192:0SLrK4h1VeAdTeTj8rHiZNWgqAKezwec2D6LaQLonNbcWdw2SEfsjy7J1nDIDu:13DLdKHaMKezw1QNbXPsfu
Score

3^/10

execution
behavioral11
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/options/deploys.js
- Size
  
  368B
- MD5
  
  f42c24cde0162b93624df51f4e2abfab
- SHA1
  
  f819638944878ac4cb49438d8599d3fbd9081949
- SHA256
  
  3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d
- SHA512
  
  67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674
Score

3^/10

execution
behavioral12
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/options/uploadSourcemaps.js
- Size
  
  1KB
- MD5
  
  d060ac623857ad5ca08e3a944768925a
- SHA1
  
  26fe78c92f55f9529ffa2b71da403873da29313f
- SHA256
  
  8d4bd4c779e177724aa7bf98e768e50ce8b2950ef5bf39fa08033057b400888b
- SHA512
  
  ae1b42d7e5c5d60f935bcd08417d4d9055d71bfb80653281e990a687353592731a7c4423655fbb988728152846aa56a5f180335d254885338bf6c96ef2a8357a
Score

3^/10

execution
behavioral13
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
- Size
  
  931B
- MD5
  
  94b0fc212af523b8bfcd6c2aa5a5ab2a
- SHA1
  
  cc0cb35f7ce729f7affe6b2c463e57966515e476
- SHA256
  
  abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16
- SHA512
  
  af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6
Score

3^/10
behavioral14
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/bump-version.sh
- Size
  
  567B
- MD5
  
  2ff8e17ece2c70eff9efdb2b1a524555
- SHA1
  
  d61c93df38f70f2244817c688a140224c9a99af9
- SHA256
  
  f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4
- SHA512
  
  0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee
Score

3^/10
behavioral15
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/install.js
- Size
  
  9KB
- MD5
  
  1ffedd383c8097dd628411836505787e
- SHA1
  
  969306e8127b354f35f4c870f2da7b4034d4197b
- SHA256
  
  df3b6ca3fff442454ffee98e8e4db5e3fe0d82ff19a49216cd238fa9282cb30a
- SHA512
  
  1392958e5a9c2e0c6df617c48547f5fdae32960bfb55953528ee345e06e1ae191ca4001a618233adeab27e16de5ecd203c405e8b4fa7f3a739cd3d2c4a1e9ed2
- SSDEEP
  
  192:sqzsjizUx36Ol7bCXsGp+H+2MgCA/VnZ8JDKQfdfIu9sOFhfe4NxiF:sqzVzL/CCA9nKwmG
Score

3^/10

execution
behavioral16
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/test-vercel-nft.js
- Size
  
  586B
- MD5
  
  c63a1659a645a5095524923081813d51
- SHA1
  
  1d97d7ccb0804b7a15f0593c87990ab0da4b6887
- SHA256
  
  644476fd66a507adc49582e7371c87e4cacc3c7840c23fe920da2a09f05db08a
- SHA512
  
  ae452613a1dc728428ed2e596d7fbb041e00a8aa300aaada289fd454f71267569fa548fa7c7217134572decab12e56f4aadd4853c96ef705ccba2dcb377018cb
Score

3^/10

execution
behavioral17
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/wheels
- Size
  
  5KB
- MD5
  
  6fec563925ecab8b6a98c3f38655236d
- SHA1
  
  9ad08eb80167574de6373d871cfff5511d2554cf
- SHA256
  
  6fa0613c1edb0c6b26baac0b759bf756f389a11e0ec0e64904cffb26ef8dc016
- SHA512
  
  850a5285519965fe26ab0da2ae62d380648acb723d879e2ab770124e4146ce0a6d03f089e28af20604dd3e00913169f82ac568a1741014e0bc5ee7b2c583888d
- SSDEEP
  
  96:K2bH/+ggx6KylWS1qwK3jzxza2JEp7TAmGZw+H4MkAQy6:j/+ggx6/lWSswK3ZO/pQm+HeAQy6
Score

1^/10
behavioral18
- Target
  
  resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli.exe
- Size
  
  10.4MB
- MD5
  
  4c1bbccaec3f88e00c176e49b3ea9742
- SHA1
  
  eea00e776e5979ae8e650ee9ddf3d4d4e93ff2ef
- SHA256
  
  299e9f3632bd8278384e60f7384279ccb394ca532515448f44e089a3fb119f1c
- SHA512
  
  3c82f9f06be9bdbdb6fc94709d6c582641b2bd1ba1987c0b42a8d5c653fc32c006873c8f236b45c62970b3abe6a8b5f9faa1a57c0c85d52fdc94ecf1bd21abd6
- SSDEEP
  
  98304:ixrxM6prx/s50Yfx3JoUojexRA60lirh8DZKqArlTy79tSQOAtx7hGM8tu:m1KhBekT0lil8DZKqARTyzOcVGM
Score

1^/10
behavioral19
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral20
- Target
  
  vk_swiftshader.dll
- Size
  
  5.0MB
- MD5
  
  a0845e0774702da9550222ab1b4fded7
- SHA1
  
  65d5bd6c64090f0774fd0a4c9b215a868b48e19b
- SHA256
  
  6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810
- SHA512
  
  4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b
- SSDEEP
  
  49152:tG7ixZvPbWjIXTFy1RYQZHJvuZBiDTwgvsrt5/PXd0kpmaN+WUf4CvB25zT7RCAq:c7iDPqjvzO1Lhgf49zT7grg4
Score

1^/10
behavioral21
- Target
  
  vulkan-1.dll
- Size
  
  899KB
- MD5
  
  0e4e0f481b261ea59f196e5076025f77
- SHA1
  
  c73c1f33b5b42e9d67d819226db69e60d2262d7b
- SHA256
  
  f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a
- SHA512
  
  e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2
- SSDEEP
  
  24576:PR9nl1crwjLAQw6Z5WUDYsH56g3P0zAk7:PR1l1culw6Z5WUDYsH56g3P0zAk7
Score

1^/10
behavioral22
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral23
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral24
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral25
- Target
  
  $R0/Uninstall Era.exe
- Size
  
  151KB
- MD5
  
  1d577ce0c4ece3298d20a748a34a07a1
- SHA1
  
  99379a000f8418eb4fc9315fc329d1984ed5f3e5
- SHA256
  
  1b4c3b9781d48d5b974781c187801409690d6e16ca89513a5aaa39e80db3f49e
- SHA512
  
  1ac0b359ae5de5fb7606c1db444883ebd0ea39b21065e235f9822575781a9f873aaf1e3efd304366967251170789bdf55bb66e61d89d2b7e1c34fba59b9e1133
- SSDEEP
  
  3072:Qn77v00hEoDEtauZCMfcTN8tYzim86/1aH2tvhOEA1RJCir86SrSrvrRbOa3H:Q740I0MfcTNgY58u1s2t0EyL+2ia3
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral26
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral27
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral28
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral29
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral30
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral31
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32