20df13465b09ad3fabf707cdc3b370864ad0fe7e7ba550abb8b96cbd347283bf

Sharing

Copy URL

Twitter E-mail

General

Target

cudatext-windows-i386-1.217.5.0.zip
Size

14.4MB
Sample

240901-jh3fgawamh
MD5

6b4bc9fa05edda4eb4b733ca0642f925
SHA1

24cb9b233c83e21c2cc065eb5c88798fa22e1022
SHA256

20df13465b09ad3fabf707cdc3b370864ad0fe7e7ba550abb8b96cbd347283bf
SHA512

5fd0562ac41442e4a7fd45f28bd53833307ffdcd488f3a60ee97e2038b3193d6f8489100878d253b81dbbf858783615b8df5a4335ae06a355e83cea9e82100f0
SSDEEP

393216:qaMPRJREqcN3YQEjgF8Dy4g0SbEx7CI15eO:mRJOqwYQEjIsJvSbEx7x

Score

7^/10

Malware Config

Targets

- Target
  
  cudatext/cudatext.exe
- Size
  
  6.6MB
- MD5
  
  2c6ccad791db492c48377580b7809281
- SHA1
  
  6164150b8ea446ae4e81d6f9e94ff97dad7cbf18
- SHA256
  
  5cb597a65f876506c9e125c58f5113fd62bb1b17e27c9410f908400403b3af8e
- SHA512
  
  aeb751b2afcc592540275a63c67aa72ae5f3bb3288d8cc125663304b507cf48d2e228e0b40966eb61699363261c5a90d46774b6e30f48cd2627fd49c4983d80f
- SSDEEP
  
  196608:7mhM4S2V7xWXWmW04LnF79OZg3ouWtOGFKsmZyBbhT:ShTS2V7xWXWmWR9OZg4ptOGFA49T
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  cudatext/cudatext_shell32.dll
- Size
  
  859KB
- MD5
  
  f3d29f94139391df22c3603eb92e0634
- SHA1
  
  e971b5ea114b21e09ad0118a36e1ec5e710ea645
- SHA256
  
  5f279320e29f54e6d8a2046b2fda75eb28ccbb6e669fd7d6969b2c8ae36b634e
- SHA512
  
  90517f5e23e1917ee57e442bc03dd654af10ba2d98045c10763e5ae3a9dfbc90e3546365fda3bc6412e019846ef89768bf3dabf06f82b3576f5b05178bf113f7
- SSDEEP
  
  24576:+WgjxOjd0dyI12eNG2FtYTBgbL1gdyjgtW2ekRIx:+WgYpG91rNG2FsglgJWx
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  cudatext/cudatext_shell64.dll
- Size
  
  1.1MB
- MD5
  
  8990a3692839c66d4c3d4196beccfc19
- SHA1
  
  563a54d812946601e2633abe7488b31f960b6845
- SHA256
  
  a23607739b05a20bcf5c79f0fb79659ae992d081e5dc75b15c63663af9c57925
- SHA512
  
  dc727f6556cae91572ecdd50fc0470a78502ee84c7a442e28f04befed99619da93e60242379f93c68a153d40f294d333a71e0e3bfeb4375355eb70effa292757
- SSDEEP
  
  12288:Tk4ULJUxWeEsA5Ry/3X4XyIrHyGddSvj4tNfQWWB2RqQN:A4U1UxGsA5Ry/HRjGdovj4tZQWWT
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5 behavioral6
- Target
  
  cudatext/data/autocomplete/C++.acp
- Size
  
  244KB
- MD5
  
  0438a94b0efe0f88e29a80a581738a85
- SHA1
  
  a445acb1f0c0eb7b72e1fddda674e0d9ca81c278
- SHA256
  
  e3dca361b2c52fd1e00941282a435387f02d94b0ca3d378364881b9f85f800b3
- SHA512
  
  6a6cc6dab8392de4b8cebe8527ff15374560598ecffaa5ee08bcd617fd7bf23e68f7226129d4f893d192d147dbe954cfb726fe2989ae7bba5bf64a7c41fd541b
- SSDEEP
  
  3072:PK6tUiIHQ+Arxu+Dl3fATs3O0W5qZEblsOyGdwVlOmuoC0xr:1x3gqmbl/yGGlGYxr
Score

1^/10
behavioral7 behavioral8
- Target
  
  cudatext/data/lang/translation template.ini
- Size
  
  14KB
- MD5
  
  beeabc29339bf43787ac9f4d832ce2a4
- SHA1
  
  eb09972ea0125a0fc0a3c96b1c66d028960e6216
- SHA256
  
  926e103bf358e2aec0cc9bf9d3bdb60c9faa55d13a0b22f42cba02c86eb3cf01
- SHA512
  
  d12bb55e8165660cce0291a8d738da21d640ef4341dd97700d718a718041716d867c1f049a97f2a68897627ae3575242afad46bdf06343f3b8966dd5a2071cfc
- SSDEEP
  
  384:yYh1TNx57FS1QDZbbtbG9qJj8a4La++84nsDmqEnTJrg:yaNxV8E3C9qJj8a4La++84sDB68
Score

1^/10
behavioral10 behavioral9
- Target
  
  cudatext/data/lexlib/Bash script.cuda-lexmap
- Size
  
  414B
- MD5
  
  a14718afbb58c2d23aca62ae398f617c
- SHA1
  
  3444c969fb4e5f1cff8ae988319cac112c591ecc
- SHA256
  
  59c5a05b918d6e7ffad51d2c2967d7e705ff907b28285bca117a63c7e964cfdb
- SHA512
  
  207cec0e59324057941ea0ae1db82069309df595b46c837b38cd8ca1dbaf89826a95b8014b18c0c4e9a5b4b3c5297a3171da2da4f356837a503a186147987a06
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  cudatext/data/newdoc/Frameset.html
- Size
  
  530B
- MD5
  
  51a1045735a97e03fecb5eefd22e9c00
- SHA1
  
  f3b2a029412dad902937faba4e6e8d7cabe1b038
- SHA256
  
  a2817f66f98f27bf204a0deef79ddcd1838d884028bab21f3d3a7379d67ca338
- SHA512
  
  a3f8ed3e3d277cb3bd1a82759135f8be4d02e189753cde1ab562ec4f84539c9fc3a14a75d1f3f058b0f9c2a2ba6d25a73e8bb6b839d4747f90eb718fb84cd12b
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  cudatext/data/newdoc/Glossary.html
- Size
  
  3KB
- MD5
  
  fea24249bba4f88429a7c66f0b3f5e8e
- SHA1
  
  0af468bfb0de145d5238b5cca6cb83d7fe1ef3ab
- SHA256
  
  80c28d75923ce857f83383ca7b90f0d6d2a03ce80a37b8991b5ddfb9e731d9db
- SHA512
  
  8a3f1aa3e786d1360cf92ac05489c70cffcdb691ff20a9cdf4640cdc17271b1aa3e264c42a14ca0744be173c27317c41265bc32c95b05586a7d5af03df010927
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  cudatext/data/newdoc/Redirection.html
- Size
  
  540B
- MD5
  
  504202c9f32c79c71988d78b99e1b639
- SHA1
  
  f5df6efbbeb6c21af3230df1be2614b349185b4b
- SHA256
  
  bfeff2d3ef317968d999473c6875bda5320ddc6810c020c2a903c1f3504fd997
- SHA512
  
  72f967beed3246dc57393891b4daf6d4291dcbe199257548e2d2c86cae0eed4dbf60afa8590106a22c59529a47c414eeccf11e978a4b0c7ae81d02d3ff8e0bcc
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  cudatext/data/newdoc/asp with HTML.asp
- Size
  
  406B
- MD5
  
  bb925aa3eccce13735e334656a18bac5
- SHA1
  
  8960e68192dfff9dc3c770785a80db0e8fb1ef66
- SHA256
  
  d28f03e54739d4bb228517f85442964d17daf285241607f4384c1cd8d4867202
- SHA512
  
  c520f3f8da4ae1d2a78ae03726992955899d1ae96b8e12c067238945516414e20259b715fc70e74cbf1d7db7de1738c774287ac3eef78aa14f6112bcaa63fbad
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  cudatext/data/newdoc/asp.asp
- Size
  
  10B
- MD5
  
  269c6d75d11a2d913edf9e0f6bc1b3e7
- SHA1
  
  69c2f23fa886eef17a718b2651ae248bc8e88dee
- SHA256
  
  a923b79cf4c2497f1ba291ac766d52bb10d8c1f45338c6b38b6edd45684c9905
- SHA512
  
  242c5e92c6016cf6dfac4b99a707b2655b45d8170d477fa94d2257f2e7c127d2b74d770721f1c3ad4e1d954cca3790d38e81d4af17b714eaa2d9d46967d8603b
Score

3^/10
behavioral21 behavioral22
- Target
  
  cudatext/data/newdoc/default.js
- Size
  
  140B
- MD5
  
  36eab40717cac3a9a05a6a364dbf92b6
- SHA1
  
  9a4565678ef520f6549fa2df793043527858040f
- SHA256
  
  f20f1d93f610dc323b07246aa5956175a6ad118df8e4b1cc785dbaa612552f39
- SHA512
  
  04d308919c6aa25d75787c1bf3a92f6386395a126deacefb298ce3af716f90eb03b20dab0d9c7e3963c559c70f9ca253aa078eae7c228cf37f87a09ab12aeced
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  cudatext/data/newdoc/default.py
- Size
  
  88B
- MD5
  
  92df6d9e9ee43410beb969f3d61d62ff
- SHA1
  
  ca4bcc5755f1d33b6b4b5890203098e3cc8a5097
- SHA256
  
  96af7945ebb6dbe4d875dcc6c1b39a4e2800ab93dd527c36eb498ec088dfd1e8
- SHA512
  
  f3888ed61d02760b5537a318d6480ed16a315371a0d49f01d6561843de12888c18547dfdc21643f4675e457262174af2947b4643e8e18bda910ef2ef97cc2c68
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  cudatext/data/newdoc/default.vbs
- Size
  
  133B
- MD5
  
  ddab8406cf1d4f5cd5ae4dd61b4ad006
- SHA1
  
  4be49b292d9fc7b50eec1de98f6adcea3f14efa0
- SHA256
  
  694dc6205a68e2940775b761f4b26b2be28e5c575dd983e6c87967958ba158a1
- SHA512
  
  e14410b4bee879787dfd2c4d88d9f942a8a56030eb37b3e55c1a222bffebf46a928598f0dff703ee793f2e1c784e960eabdfee1d725721e7646223fa19f06b6e
Score

1^/10
behavioral27 behavioral28
- Target
  
  cudatext/data/newdoc/html.htm
- Size
  
  260B
- MD5
  
  4f40bdbbc3e4567c2926c8cad9843751
- SHA1
  
  17415d2ff44d96da789182ecc394033161e6722a
- SHA256
  
  ee771b6f4e63a57e04f43ec3b15e1f3884c6459acdf03d150789aa58372e6607
- SHA512
  
  a2e7ebf799c3083b0a465246e68def89f3cd7d828d53c8644f54f400ea5619d71736db7ca670bd35714ed2592aba9e046962eb34bde86c71e606b7886e95f442
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  cudatext/data/newdoc/jsp.jsp
- Size
  
  439B
- MD5
  
  575211c27147df944a3429e8c4ddb86f
- SHA1
  
  a9e4759ebac077ba6e9938c4b82a247e4e17bab6
- SHA256
  
  97b509d6c6d320d0a303839df17e35080e1846b48d975f24b0c9a84f07e86852
- SHA512
  
  66d898ebeee9091497087deb7073f94471a1dd4a91a90059b9425bc47c6624b90bcb6e8f3d8f52f10e596d001672ebff7d8a977f7913c55b48dec774ab81792b
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32