e275e8febf42d63d37ded05b4e6aacc1b36b9ace6318cd09d65b822037464c37

Sharing

Copy URL

Twitter E-mail

General

Target

e275e8febf42d63d37ded05b4e6aacc1b36b9ace6318cd09d65b822037464c37
Size

6.3MB
Sample

240825-g8g64s1ekm
MD5

9190aaff6a444edb896ed5c228c26276
SHA1

e7a1745c17b141159e87a6d8ade23ac7815c74d9
SHA256

e275e8febf42d63d37ded05b4e6aacc1b36b9ace6318cd09d65b822037464c37
SHA512

aa75ce03ef8594f066ffc2d16e0658637a6d9544c81555b8199a4d17fd42e35980e8a676f9f5b700ba966f3563cdd4816714014bcf5533e42b16379540c9a6b8
SSDEEP

196608:z6xePNL9ONBrYuU7yBCiAYPnGjzJIerhV5Q:zAA99ONuC5AYPnYJIe1V5

Score

7^/10

Malware Config

Targets

- Target
  
  e275e8febf42d63d37ded05b4e6aacc1b36b9ace6318cd09d65b822037464c37
- Size
  
  6.3MB
- MD5
  
  9190aaff6a444edb896ed5c228c26276
- SHA1
  
  e7a1745c17b141159e87a6d8ade23ac7815c74d9
- SHA256
  
  e275e8febf42d63d37ded05b4e6aacc1b36b9ace6318cd09d65b822037464c37
- SHA512
  
  aa75ce03ef8594f066ffc2d16e0658637a6d9544c81555b8199a4d17fd42e35980e8a676f9f5b700ba966f3563cdd4816714014bcf5533e42b16379540c9a6b8
- SSDEEP
  
  196608:z6xePNL9ONBrYuU7yBCiAYPnGjzJIerhV5Q:zAA99ONuC5AYPnYJIe1V5
Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Modifies Windows Firewall
  evasion
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  d16e06c5de8fb8213a0464568ed9852f
- SHA1
  
  d063690dc0d2c824f714acb5c4bcede3aa193f03
- SHA256
  
  728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531
- SHA512
  
  60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $SYSDIR/CEA_Crypt.dll
- Size
  
  60KB
- MD5
  
  b57da4ef6c923514de0efe4d4f409ca2
- SHA1
  
  638ef69da94f513955db4e5349b69c1ecbf4b9d8
- SHA256
  
  1161c3fac4a43485640a80336dd0edbc5569f332b3f36839dcebc8663ab8761b
- SHA512
  
  ad755429be4ac006354cd8d4bf8877baef093418d6b3e20af6c7da8fb8e441314c3dc37544510c2462abc4204013da12c1747fa974242ebbc6f8484858a1496e
- SSDEEP
  
  768:EkpSRkT6Zwg4TcYFsF3TaDvwHpVJOdKB67GrYxw/l+MSpL0Gt:EbDh4TcR3ODQzoK6GrYi+2Gt
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $SYSDIR/FTInitlize_bank.ocx
- Size
  
  50KB
- MD5
  
  f4641328913d7c18982cce4c99f580e0
- SHA1
  
  4250757a8455d59fdfdbff67d2b6b12939c83673
- SHA256
  
  09f584a625ea2f6b6c26a609c12457763504b4d0ee55cff4c2d9417f5a787fd8
- SHA512
  
  f3de30d3cd4312529c5706a1c377b3086987617dc9901c7e051c3c578d3f38c6888bc6898708f653962f832cf4ac5388f21ace66aadf15421686a139f55cb438
- SSDEEP
  
  768:EM7eEsCWff3DpjTKRbcvWnnqJJwZYi8pqAMxkEI1:1e4C3NjTKG8nIJe70IxQ
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $SYSDIR/InterPass2000P11.dll
- Size
  
  892KB
- MD5
  
  809f63601ef78a3cbcbdfab1f4816f73
- SHA1
  
  6122e2108502b7e52c8a07e8953daf2dfd54c6dd
- SHA256
  
  806b77200f87f245a39da02bb7548654ce11cf7ebbbc123c72a93f93c74ca7f0
- SHA512
  
  6496887b99a271c06d6bc59b54c99e3fe6108bed199d86c07b5b3945dcd362a396a925a9579f8fe16239a3d794347504d63f031d51d70624e06021bcad3b1434
- SSDEEP
  
  24576:5Z5Sl7ZaOE7tiGJhDlqAony9OK+TdLO4og8CDtjYM42q4S:fA0QdLOQ8O5x42q4S
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $SYSDIR/InterPass2000P11_s.dll
- Size
  
  10KB
- MD5
  
  6b27956ba886ee230281d205e09e91a9
- SHA1
  
  d5c7d9297df241b52573d03185a66528a84f5488
- SHA256
  
  3df383f4b0195620badc0bb9f5e1d86ebdb4975b60da4b910a26fee9b4af474f
- SHA512
  
  e7b9d770ef04dda2c2cf144c218851b2b933d59395caff6594e70d0d71db4a78319a51bcbd3479668ab7dad56acee4a24cc3c4206186ad6cc91f5314a498212a
- SSDEEP
  
  96:Dpn00KCDOVnXB+im0KcOqW/PLZISj0epuVuw6YQCcTvka9IN80KIbWUksykajqq1:PAXBRQC3a9C8nZUadXe/09OFH
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $SYSDIR/PassGuardCtrl.dll
- Size
  
  2.0MB
- MD5
  
  174a19cd3a960100dbeb43fb9428bf02
- SHA1
  
  5bb0fa68ee4ec2a74b7c7ceb9ff1f42e42da54cb
- SHA256
  
  15333c63027b7e91c3298e566ee8bd1abcf61fb2699570280e66a84136ae7fba
- SHA512
  
  20f698d8651f61c370c840b9bbfbef8ee5b53c655c0d1b0dd704f2670bdaeb9366279e3182ff99a36b43f4d664dde1bbfeef9dc3032b0b5c769c3c81faf57aab
- SSDEEP
  
  49152:Tm4ggt/EcTPjh5e8uSdORm6ivr4qFFfS2bn1MF+7x/d3X16sUVE:Dg6zuS8m6ivr7SqFx/9XdUS
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral15 behavioral16
- Target
  
  $SYSDIR/PassGuardCtrlForYBXY/PassGuardCtrl.dll
- Size
  
  2.0MB
- MD5
  
  174a19cd3a960100dbeb43fb9428bf02
- SHA1
  
  5bb0fa68ee4ec2a74b7c7ceb9ff1f42e42da54cb
- SHA256
  
  15333c63027b7e91c3298e566ee8bd1abcf61fb2699570280e66a84136ae7fba
- SHA512
  
  20f698d8651f61c370c840b9bbfbef8ee5b53c655c0d1b0dd704f2670bdaeb9366279e3182ff99a36b43f4d664dde1bbfeef9dc3032b0b5c769c3c81faf57aab
- SSDEEP
  
  49152:Tm4ggt/EcTPjh5e8uSdORm6ivr4qFFfS2bn1MF+7x/d3X16sUVE:Dg6zuS8m6ivr7SqFx/9XdUS
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral17 behavioral18
- Target
  
  $SYSDIR/PassGuardCtrlForYBXY/passguardwin7ins.exe
- Size
  
  524KB
- MD5
  
  b40dc2b850c541138161080e8349a9fb
- SHA1
  
  8e9c77b96baa956c1c9ca8887f29ae92bfb1173d
- SHA256
  
  287d8914e42ade8139f23a93fc3c1bfe8e82bfce57acc2219ef9d4b7f7bf303e
- SHA512
  
  6165c4660f60977abe05cdc8bdb87d2ae5b4a424e6ce19e2d5829af3135e735e26ca17887cf5be319e85861c2d656cc9f4fd8847ace8c8a81b621b464f8d34a4
- SSDEEP
  
  12288:3XeT29v49ZFqjw6/SIojaiGXa5NUFoFh3UvhnmIBzGxDqIbYX:3XdA9ZySX2i2aIFoknmwYE
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $SYSDIR/PassGuardX64ForYBXY/PassGuardX64.dll
- Size
  
  3.3MB
- MD5
  
  c51656b26119aacd1a46c0e0a595a39c
- SHA1
  
  b75d8b77297d2fd7f6f7763a3d50ea06beb396e6
- SHA256
  
  665e7de614a196741af1a52b48f91453136d0bce3e0048699b3b115e3c7078b9
- SHA512
  
  a2a3747dc518249599097bec700cb09b1551b6d9052d0225f5e4abf2d458acff6edd4867db81685bb94c71c6dc5302f868be8de170ca6804ab79288c5a5afaf7
- SSDEEP
  
  49152:WYbgS0xNu63rtrgwNAOa1qXEeaenHgJEomipl4LgziNXfzEurRnKtAGeXbyg10:WYS5aG7onlw75fzE+RKtALLyy0
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral21 behavioral22
- Target
  
  $SYSDIR/PassGuardX64ForYBXY/passguardwin7ins.exe
- Size
  
  176KB
- MD5
  
  feeebfd24b6e6b490dae219d0db511ac
- SHA1
  
  851be598f328916c72efdc01e97908d3717bc24c
- SHA256
  
  2cff7d0b83c051a4677d9313976aaefc328c53c6851ab30a1524221ef571acd2
- SHA512
  
  28d3099930f4073bf40c301109a0494767a2eb4fd2d09d6e729a82f41e0ce63edac65d69b5047120490b5598907db19d21a182736dc793b0e193b64e5b4d0532
- SSDEEP
  
  3072:V3Gmsh8wZitP7uTpj6h/cTU6uD+OUicVTMBzGxKzmqktXbhaczc:Imsh80zp2h/cT5u31oIBzGxKzmq2XbK
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $SYSDIR/passguardwin7ins.exe
- Size
  
  524KB
- MD5
  
  b40dc2b850c541138161080e8349a9fb
- SHA1
  
  8e9c77b96baa956c1c9ca8887f29ae92bfb1173d
- SHA256
  
  287d8914e42ade8139f23a93fc3c1bfe8e82bfce57acc2219ef9d4b7f7bf303e
- SHA512
  
  6165c4660f60977abe05cdc8bdb87d2ae5b4a424e6ce19e2d5829af3135e735e26ca17887cf5be319e85861c2d656cc9f4fd8847ace8c8a81b621b464f8d34a4
- SSDEEP
  
  12288:3XeT29v49ZFqjw6/SIojaiGXa5NUFoFh3UvhnmIBzGxDqIbYX:3XdA9ZySX2i2aIFoknmwYE
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $SYSDIR/printCtl4RA.dll
- Size
  
  124KB
- MD5
  
  a89ea3892bfe94be61231dedc9263cd8
- SHA1
  
  768a8e6a08621f22447567dd96fde590071696ef
- SHA256
  
  12d5a0d88d72b088face2209427d1d9f116179eb48a90da27902f5712590d86c
- SHA512
  
  d3bc89d4fdd2de9b6cd2ea11cc3c12f6a524c7f07164590bdc8f12f36cc59432ff0dd8cb63bcbf40fa18cc064ba5646fa2c0c931439c6f8d39579676e0d16761
- SSDEEP
  
  3072:H5mgucQOCStrFrfaRqUgLRy2J0kGAqb9icB/KLY:xCSrtLZJ0OC5/1
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $SYSDIR/stwebdll.dll
- Size
  
  104KB
- MD5
  
  92119ff7a175e5635b87726306d82635
- SHA1
  
  6125103765180006ff3923ab03bf32d33dd491cc
- SHA256
  
  89cf6ae4df753095e06b2237e1127c8d0cc6cb879d877287355de47b59d08f28
- SHA512
  
  2130595f4a2be6ede12ff65084cbb90ffcb898fb5eb379cffaee5a4967305b6aa3c2b04e1a954b9d84000eee4d76447ceaf6031d3d0b0b09d7adf8330a750622
- SSDEEP
  
  1536:weCN8rpRhbxfocQBfH/0B0sxOtTvAWsTNjF1A+OWDlSuHnZQsoQnz8NZWYK+2GA:b1RhKcQBffc0sQAxjFSYlRH6sokz8HbK
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $TEMP/EsWebSocketKit.exe
- Size
  
  2.0MB
- MD5
  
  03608817f4280e182fe17dcc532b78af
- SHA1
  
  3810abd4bab3e9b962c96019a2e73422c90fbc31
- SHA256
  
  211e3a7eac588949321ab2bafd1317a18b5c33f5064faff26f5b1d409d73e4d3
- SHA512
  
  aa1f690f29e893b61a2ae18eb364457aab7086ccfa6394bd46b60e94f6d7834f93b6a5e336a32dae251fb79db0a70265d3ca0703c19cd6d99314aecef6cfae5f
- SSDEEP
  
  49152:xQxqVOQPx6T4ooThi+cKS6aWM0A5sT4KV3Bm:xQxqVM4Xi+/7aW3wsNJg
Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Modifies Windows Firewall
  evasion
behavioral31 behavioral32