31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0

Resubmissions

03/09/2024, 21:32

240903-1dvy9syeqh 3

03/09/2024, 21:15

240903-z35pbsxcnm 3

03/09/2024, 21:00

240903-ztqttaxalq 3

03/09/2024, 20:53

240903-zps4dawhll 3

Sharing

Copy URL Twitter E-mail

General

Target

Cisco AnyConnect Secure Mobility Client.zip
Size

11.6MB
Sample

240903-1dvy9syeqh
MD5

a046e07111f7ecae523c8acd0e6a0ffa
SHA1

10c35ca94d6a834dc81a60c953abc11bdfaa4bb1
SHA256

31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0
SHA512

a84baed41cf5d7a4dbb599728164b7cf28cd7d92212513f3e821dfeb617b93030f545264adfe9ed1cfdd09220f5518031a368369ad035a3698bc7e7030719a76
SSDEEP

196608:mIgy+3IWzFPMN0d7GcXraogl7b9qvnE4le2eVVX/dgE5HK+ATELEvGlxp9TYc5N6:m1y+77GmratsvJej/dgISAYv+ppr51+X

Score

3^/10

discovery

Malware Config

Targets

- Target
  
  Cisco AnyConnect Secure Mobility Client.zip
- Size
  
  11.6MB
- MD5
  
  a046e07111f7ecae523c8acd0e6a0ffa
- SHA1
  
  10c35ca94d6a834dc81a60c953abc11bdfaa4bb1
- SHA256
  
  31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0
- SHA512
  
  a84baed41cf5d7a4dbb599728164b7cf28cd7d92212513f3e821dfeb617b93030f545264adfe9ed1cfdd09220f5518031a368369ad035a3698bc7e7030719a76
- SSDEEP
  
  196608:mIgy+3IWzFPMN0d7GcXraogl7b9qvnE4le2eVVX/dgE5HK+ATELEvGlxp9TYc5N6:m1y+77GmratsvJej/dgISAYv+ppr51+X
Score

1^/10
behavioral1 behavioral2
- Target
  
  Cisco AnyConnect Secure Mobility Client/InstallHelper.exe
- Size
  
  550KB
- MD5
  
  18a5846e5f8357b5530a64b3f74bff85
- SHA1
  
  13162485be9251cebb322619a9e7f38591dc6a66
- SHA256
  
  8d9644a978ce012984decf1512c86ff282fe0fd01d3efc75ad87bbf53e2951bf
- SHA512
  
  8db10b96615c636f60a8c94448a1bcaf0195ecf5368feca67b068143a0c69e8de9b2da6dc93da6f2ea006a99c2be13259d71c4d8f476a3b806b1de486f632849
- SSDEEP
  
  12288:Dd1LP/msBEdy4TGYxQJUVcwflb6C7byjVU5:Z1LnmsBcHGr4Z7eBU5
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Cisco AnyConnect Secure Mobility Client/InstallHelper64.exe
- Size
  
  1.1MB
- MD5
  
  8fab6e0385eca1affb9e5d07fc6e15cf
- SHA1
  
  64a128c3b5ebb72409b5f8428df295be771bd433
- SHA256
  
  2c1ebf200ae805d61d4c3b14a76bf2d41dd938afe9a162505a2835e1af0e0e92
- SHA512
  
  6b088185a56de3244a8e93f9506f7612ce74a5fd03ef1249dbaff0319c887ac28ea5936eb23f8e90be8ca77935ab9a296f5dd2c3aceff46a0ffc866b79da7a39
- SSDEEP
  
  12288:ZxlZIFpcMo5GPsQhUkuDDwwmd5AoKELEdy4TGYxQJUVcwflb6C7byjr:Zx6pcMo5dQhUDw/d5AELcHGr4Z7en
Score

1^/10
behavioral5 behavioral6
- Target
  
  Cisco AnyConnect Secure Mobility Client/OpenSource.html
- Size
  
  556B
- MD5
  
  75dfe77d37ff2cb0887bcdc63fa11898
- SHA1
  
  adc55b017f46d1b48f77ac90f740f1cae2db074f
- SHA256
  
  ea0812963d6b2350b315b3cc8d7a8e19f5002ecf9a87b58c7bbbef198bb1998c
- SHA512
  
  c08f186bc1887e2965d0e6d5ba88234c8c60ad40934f4566eed3dd5d83949063928b59e3122bc7cf294bcdb824336452705ea6ccb314c1c177dcdd9f92834175
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/acdownloader.dll
- Size
  
  139KB
- MD5
  
  2ce0bf3fafbb8c78afaf32b1db5f6fff
- SHA1
  
  7cb6c57ab18124d703e84ffa2bf4e25931cb9915
- SHA256
  
  fc9dfffad39680dbb39ecb5e1c602f4f30e59a9b462692613b5421dc1b398edf
- SHA512
  
  a6bed88b45fd101c86e96dcc5e6a7b500c2a2fb6b205359872b20812949fb4f9de280688c80815853c5e957c8e5c0a12a9a6e48b48baf5e7c6ea4431cee12647
- SSDEEP
  
  3072:LVzS5tDHuvQzR3wRQD/kXUvERCTcLLYvDYD5qo7lcLDukJxt:L9S3HAS3ws/kXSav5jUDuk5
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/acfeedback.dll
- Size
  
  149KB
- MD5
  
  a252162e2d4a28a4565c6c823129f9e3
- SHA1
  
  6c453290575ec42e8734eaade3ad193129285ac3
- SHA256
  
  644635ae3cddd590aeb63f098906ece70ad6d1df22466c1d28177c60881e5dd3
- SHA512
  
  4529f31820e2b12a91f3fe323ac991030e13e6311df5d89e0ddce8a4c7e8d828286f86f6644c48d017b85999d645c4212d7594961fbc5c8b698bee261204d93d
- SSDEEP
  
  3072:UooM16pTQ/X7RNSHChG6oOKLx3f5YaQn++yZ6mfQwcgS:UovoQ/rXShbtVmF++yZRINgS
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/actoast.dll
- Size
  
  113KB
- MD5
  
  d05d69308f5a40f6404118889ba16835
- SHA1
  
  d29eb5f099ce66e8fdf90a1186f0e5eb71c291ac
- SHA256
  
  f3211b06ef254a9f08ab85f2e46067410e6f64bfa3ea0e768a215d6a3528e079
- SHA512
  
  8bb42ca5c0563564801cd5fa92c21f840832879e3a028e088d4016a5acf619af43cd19d4dfad02537bc203efbe8808f40a30bdf66861e7df96705f9c2fca0c6c
- SSDEEP
  
  1536:EF45N6llREUkxtyTU0sl/WskZp0M+pTPsWopcdqJtCj6xxrk52GdcBRY+:EF45/MRsRXkqJW4qJgjX2G2BV
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/acwebhelper.dll
- Size
  
  65KB
- MD5
  
  7c5c705ad2acb4e062c150fd31e903dd
- SHA1
  
  166c0097972b130b49c9e03b3a9b7f4f718dc970
- SHA256
  
  3d71e9661e64dbe65b8a2b434558f21c329841c318132ff624d41b61f93fbf5a
- SHA512
  
  680857cd3c0da433959c0e6b23ba2925a33e6d6cf5993bb8574b7e9e7dd1e3622b3a0641f26fa2e51fb6a8602d27f58dfef1f31ffceeb40434f4e6f59df53a11
- SSDEEP
  
  768:P4cxuKKi7gkY5BERatIRFTajyB7mvalhAQRrMC7H/pbhqUZYj5A0gfWWiDGdhRIw:P4qbdYjEVGACalL4SbhBiFgeWdoM
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/vpnapishim.dll
- Size
  
  273KB
- MD5
  
  660d5360809bb8ae6a602496e9eb8c7e
- SHA1
  
  a9f102abe52f7a89d6d7ef98a7b21d8ff5776cdc
- SHA256
  
  46b81fec758ec24d450b2dd606e35339e3f82de4efefe626bd15d8a1e8871160
- SHA512
  
  fb2234c293dcb1f29de85a83c8909f7efd3e1120a51e2c0ed45d66ec47fc69fdcec56dc5954e2afff5d605993bc172f66f8f4280d59b5b6b29fa6af4e4f1a8f4
- SSDEEP
  
  3072:zJi28y6/645HfzhOxOPjKjypXkWkF5koXbMZ1eQIcB4q8YYrrqZkViMT804V1Ok6:zgnFOejmuYuorxcr5YrOAiMT8V0uzqcQ
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/vpnipsec.dll
- Size
  
  565KB
- MD5
  
  221aa1ff015abb63ad8e062bd609a8ad
- SHA1
  
  a5bc0ab07033d5a5bdc18b2893f4957b358dc89d
- SHA256
  
  cd34058dfa3d0dbfe48439800aa8c005362a998133e895cf356dee215ba93bad
- SHA512
  
  e230503a85c76c4fd36a5debd7c6c9f6617cad8e42a1714c646b8ed4ef1cc56b7b3bdda6187efafe4c6a5bf1895d4617e88740cad4c06264f06c5cf2cfeaaf7a
- SSDEEP
  
  6144:PaQsuXdcj50HL9UH0EPToruXjl5t0v/N6On5WMAYleiIck2TVbKMJGMgWvO+/Rq+:7W09UUEPn5q/N6OnFBei7TwG9aA1
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Cisco AnyConnect Secure Mobility Client/ProxyCon.exe
- Size
  
  31KB
- MD5
  
  dbf1f474322b428202bb5c8f7f38f44a
- SHA1
  
  0914912bfde61262bf643272ab3ab4d2445a751c
- SHA256
  
  12283f35d2a2fbf427a57b520e3c3777214f3804921c386eb33518085ed7d9ec
- SHA512
  
  e8d094fc59cbca2b9e45358008342763f008b591db9ae2904453f2b96db3c674c45e1f8eb00876b477db0e61cbeb4c978d4be1d44929d72f304dbf86464cc1b5
- SSDEEP
  
  768:UbXgSSwuSBOEaz2YsoMElOYGPDGdhRTGBDGVZGOhL:mSnjEaz2YsoF8jza
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Cisco AnyConnect Secure Mobility Client/Uninstall.exe
- Size
  
  964KB
- MD5
  
  23ae865f9e54ca199c8e5589c67f9867
- SHA1
  
  39cdf362b32f4e76994f9b7a1b1af9935896b55a
- SHA256
  
  fcdd6299975a64c4e73b9c343efb0a14361c84a14cc796b0fae75c406789c378
- SHA512
  
  75a778f7bf7f3f448800f1f5463581c59914e7976927c69344849bcdf514ad6088539ba7881732c4410293f5af644109662cb8472e643b6a304f8afd902926ff
- SSDEEP
  
  12288:UrofVdmZmbtaQcuWoC2uEVwIWN0+DTwx2Edy4TGYxQJUVcwflb6C7byje8SmpN:Jdm6V5C56wXNTwx2cHGr4Z7eypmpN
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Cisco AnyConnect Secure Mobility Client/VACon64.exe
- Size
  
  705KB
- MD5
  
  8954aeb27c841202e83fb3c3552c981c
- SHA1
  
  068f3144c64c41a89ea6bc807d6c546a9879f8cb
- SHA256
  
  29054e19357d7e833ce10081d60c45f4f590ed94d4197d53e8cda15355a863ce
- SHA512
  
  0e59b42ef7ad9884f746ecdbe2a95f1f5ff9436247953735bfed66915156a282b6ddb820320ee725130603722c2547ff579875f740439317c3e502e727cf6795
- SSDEEP
  
  6144:sylm5n0adi49alkKS9OFGwgGngTqRr3BiudRPkuDDwwmffcQohU7squnto:9l8n0QVauOdfg2rwykuDDwwmMQo2cnto
Score

1^/10
behavioral25 behavioral26
- Target
  
  Cisco AnyConnect Secure Mobility Client/acextwebhelper.exe
- Size
  
  333KB
- MD5
  
  511be417606e4a0b9ae5b21564b4584a
- SHA1
  
  389dab53f6a0a1ebd9a8f069a9fa520b45527a53
- SHA256
  
  cba83482c1bfcf7e82f392b718939ada9ee2ca0e94dc2bc4a8fb2daf7a56537d
- SHA512
  
  2152a2ef7ecd6c92c41257fa8a10549cb02ec5fb71c6600f1365b22bec1911a423f1aa36e66427e0d242a972f75cf08823d170f02f1188f67c0d1f0de1d0fa04
- SSDEEP
  
  6144:+OzMCUrkaGhP72Owp+cKsGIe2l10CwU9MwJw5Otji4UblueejAwF:1yrrdOwp+cKsGIHl10CwU9MJg5IueeZ
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Cisco AnyConnect Secure Mobility Client/acsock64.sys
- Size
  
  293KB
- MD5
  
  ccf8de3de5f06968cf99dffb589e48a8
- SHA1
  
  5624d38fd3cad2a4f2ab1412d8d8f09e846e02f0
- SHA256
  
  d93074976c8cc2286e069c9e38f665ea3ee5b75d0d4f6b34c8de2d3d61c0b8aa
- SHA512
  
  2d01fb2eeb467a547303e502c7ed238d97defe63e3659b9550ae5a0d6ff9dafdaa6a1fcc81e9ba5d8fe01438cdc0fc1b55f1a1226b3906c42cd7a431d515f301
- SSDEEP
  
  6144:tWIzvi6wPdJbBcqIM6TdsoSPFst60TqdCGNvlfNgK5Htp1lnUOH1z:tWIzvibbcqE2o4i60qdCGNvDHtpnhz
Score

1^/10
behavioral29
- Target
  
  Cisco AnyConnect Secure Mobility Client/acwebhelper.exe
- Size
  
  567KB
- MD5
  
  b8abbf9f315a51bd641ea42a8c4446ac
- SHA1
  
  bb60abeb653971b9d2e1136fa9d5fd3934a86bcf
- SHA256
  
  4d2406ebc9bc3db3233b2361323d3ab3758966d2e28876c8d40439cf0afa3f08
- SHA512
  
  1d315934d4dd9b4bbcb2689dc3974f8f3770e1a4d04b60d0cad06fc196d171f7f91fd6090ef27b021da9fcbf6d1d1d9810736eed17e5e9abddcc5e20fe378bef
- SSDEEP
  
  12288:4qvZp9FD851Cj7rsmTkkL3YWXSIPGAq7x0/pRRr+RyTXu23:4qb/LoWXScRgx0/31rXuM
Score

3^/10

discovery
behavioral30 behavioral31
- Target
  
  Cisco AnyConnect Secure Mobility Client/manifesttool.exe
- Size
  
  339KB
- MD5
  
  c91a28843e645dbafbdfaca8f0ec77a9
- SHA1
  
  915f6c343777465c720d0b0ce6482de79d4e35c6
- SHA256
  
  d987bc0b335a9dafafcceaab8a10096994cd523f0fb69ac2913a048075b26072
- SHA512
  
  32f5f00db051191d6364dd34c1594280094f030b3d3aec89ecc87fb3a98a563a6514a2ec4b444fdd705eb9f29b94b7112bd8cf57de283ae4a6b111aca5171c48
- SSDEEP
  
  6144:CVDDK/8HsuSpfcUA2B+fsNMBYShENdkh4AOU7AtrXJp:CdK/8HsuSpEUA2aTYIEIyK7KXJp
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32