193d6b392962b88c13fd66b6ba3b923097d21029d3abebda1a46d82114285365

Sharing

Copy URL

Twitter E-mail

General

Target

xchat-2.8.9.exe
Size

975KB
Sample

240903-nbjf8svdrn
MD5

0c592fa258088f7ccef673b91182ef28
SHA1

9892106c2ed7000b3a64b5582cbc17d7f7bdbe64
SHA256

193d6b392962b88c13fd66b6ba3b923097d21029d3abebda1a46d82114285365
SHA512

d616b40c8dfc275029087062afc8fabcc431deaa1f6bca79c82c62c5c3b5e8c294b2744a0851e8cc4c7994ccd7edc860a1ac5d788ceefa3c418d6c52b58fb093
SSDEEP

24576:J8gJTLQ0nBlo+erBf5++5FDQLhK9GahOk5EX0fWmbq:pTLQgi+erBfk9LhATl5EXM1q

Score

10^/10

Malware Config

Targets

- Target
  
  xchat-2.8.9.exe
- Size
  
  975KB
- MD5
  
  0c592fa258088f7ccef673b91182ef28
- SHA1
  
  9892106c2ed7000b3a64b5582cbc17d7f7bdbe64
- SHA256
  
  193d6b392962b88c13fd66b6ba3b923097d21029d3abebda1a46d82114285365
- SHA512
  
  d616b40c8dfc275029087062afc8fabcc431deaa1f6bca79c82c62c5c3b5e8c294b2744a0851e8cc4c7994ccd7edc860a1ac5d788ceefa3c418d6c52b58fb093
- SSDEEP
  
  24576:J8gJTLQ0nBlo+erBf5++5FDQLhK9GahOk5EX0fWmbq:pTLQgi+erBfk9LhATl5EXM1q
Score

10^/10

discovery upx evasion
- Modifies firewall policy service
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  cce5450725a9429a1d3c7aa851d40e8d
- SHA1
  
  05722500e42757ac03f2558452a064b906e31937
- SHA256
  
  d850c786a68df9520a3ecf2a96f4f091c9bae71d3adbf7731e8c172533cb266d
- SHA512
  
  3ddb56429e097ecf942e8a5147ba4c4191c52b736df267934f0dca75ffa74faffee8911dda47c5d2542f91138abbcaf61be3e3d68b368631d6bc21e254b5c637
- SSDEEP
  
  384:kKlm7i+c3QW6ckPhyDEaLnD2bbBBIXwZ:xqi8BcyhEhLKbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  84d2f06c486dd316da4b04b426be06fa
- SHA1
  
  7b712252b7f4607a1912b15e65f3e53c69dd8a2f
- SHA256
  
  c49fa8e9f01ea644c0d67d8dee8ae676c7f6315c3334b7eb0aea331531e51637
- SHA512
  
  db5540ccb1f5914bff439229f5e35c1c1aa3731e0a03da3310530acef1196486d631db2b5ac963c9bed4113d84680bc4cafaed2e0ac64ac285607764f5d76d95
- SSDEEP
  
  96:/1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5FnhElMmV4d:Bep2w5k/FyEttgN
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  24a04541a0d2312e472f8236fd205ea8
- SHA1
  
  c47eeee6fc23590311f2860d80baa954386a8ce9
- SHA256
  
  74d7ac9e94305c3d30cfc19279ee73fa891bd5ae8800610dee391d1880825e19
- SHA512
  
  65e061d2776bc0db53ea8aa35fb50152818c74fa9735f1a5a370315c4dacaf2cb79374ec59174d86c2e87f5b0bb8662f8cee6ff97ae93261c9a9a05bd3cc1adf
- SSDEEP
  
  192:hOycJo/rJVCmIDNLU0dq5RD00lspbub765L://QQ0d0RD0USq/65
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  README.HTML
- Size
  
  46KB
- MD5
  
  dec37b7cdeafbf5ff1577ef946755478
- SHA1
  
  f803327376e4a520d668f8a7262824944eea701a
- SHA256
  
  3d86760ceef7301338ab9aad87fcddb3981dee680642b74af8ae1689fd3f659d
- SHA512
  
  726e1a5aea9eb9df9b3bbf538c6705920ea6a23fbf56eb6d11712d7802cda1aca6179a7fa483fe3d0e6d7c6bdcdd185ed46d70b6b2e011412a07f13aa50b4d6c
- SSDEEP
  
  768:Ipdr7ojjl4e+L/DhkFX+cRLr7Q31oudVhaL:Ir7ojjyL/DhkrR7Q3tVS
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  faq.html
- Size
  
  20KB
- MD5
  
  f7637ec1898a452f5eb0a32a2dacc432
- SHA1
  
  be20cac12952c5e4e909ed520d16ab29a2ac823e
- SHA256
  
  8b5d1b9ef4f4702dd30f4b13b1f8a4f11b7f5efb80e88436caa41b86695998fe
- SHA512
  
  be443e735322ce574ef21a316edaca97abfcec69e7f8f1f9a7ca2eb74bb88205eeeb4465cbb0247e6e7bf150692c69a860efbd6b81770db730d4122b946a9384
- SSDEEP
  
  384:HmAIUDt6WDSWCMa5bMTAJ/M07XiaXQD3bUsC0Og3tU44Re0:HmID8M+OtSSaXI3wx0Og3tU4V0
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  minigtk.dll
- Size
  
  472KB
- MD5
  
  4bf55d407eb46968a01ccf9392292727
- SHA1
  
  be938c0883de193b80828e74bf6c154f8c9540c7
- SHA256
  
  8af373d30ae47010efa36d2fe8d11b42e7697d866fd86580809ac52557d94555
- SHA512
  
  dc60eacd31341a45212317cd7797e80e93ee59ec4b892b638262685f34349c4b17bfd636f77e4e425dd5c996d89317b260ddd2eb216c22b6ddeed063c30b1433
- SSDEEP
  
  12288:aOs3WO9ow6oUGRwGgkSXvi6ToSBrBkFPrXvn:F4BZxUGAkQDV/kJr/
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  plugin20.html
- Size
  
  47KB
- MD5
  
  f761ebff247584a6ce0b0616c8907edb
- SHA1
  
  d40d5dd274a4d12b6c19788b8de6fa6ffe159207
- SHA256
  
  a1e6ac02e806f4ebe65ac1a4bbfd01aef413029756f6dc48d75f015b6dda183b
- SHA512
  
  9d2ea15ea786354e126c2fffe67e46549cd7b138db618ee4e90a8db972936ca55865843ff82023b46144a8f0496159b3dd9b3c00d835fd912870cb6853274440
- SSDEEP
  
  768:43PgLBRD35M+iQoNI7odNl10rOKEdRmVp89QbYRs6EnYuYSjFba9eVw2EZG0eMrN:4/07DpfiQo67odNl10FEdRmVpI+3Y2js
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  plugins/xcdns.dll
- Size
  
  7KB
- MD5
  
  dfe2e4f5e7d80ff88b5a0cf6183ebfe2
- SHA1
  
  3a11cf1762540c76a7c6113c52455292fb493718
- SHA256
  
  513a29ffca3c1745c4a7232145df9d3b21b302c03612ee06a24ef5ef145ea748
- SHA512
  
  36fd631005be26b0026298259adab56b259f696f33b5d5aeea96daba42d6dadbc0500f5696e39c66960a5ac6b562a583808a303b6bd1819e017afc9313f95a92
- SSDEEP
  
  96:AvIboJ8imGTr9W68wtzMg7hol4SoDpZ31bfi4rBdHWWsW:KIcJzfW63to0hmNOz31zrBxCW
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  plugins/xcexec.dll
- Size
  
  6KB
- MD5
  
  afa45d85a74cacbff2021f3c62496af8
- SHA1
  
  75b56c8fc9954a1f485757c6b63f3ea5076b92e6
- SHA256
  
  1ffc66fe95064a0da96f69f1d437d134f7ae2e794c45e87718a8dd19f217234b
- SHA512
  
  628c6819746bdde5bfb16d7c39b6f0fa94d240f117d51d2b00ce2176b025f9d19fbbae39a1f54ad6cbb7e8a0b2764c1fe38e53bbcb7ba6b5e4d8870efc4b7a52
- SSDEEP
  
  96:drOWJw/WTTPeQqiiZVbhrpmPvO+IyX9wDyHXWF1:dDK/Wjeii1YPvjIzQWF1
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  plugins/xcperl.dll
- Size
  
  17KB
- MD5
  
  50918c7882acbe4a89010c22f7199288
- SHA1
  
  24e3b99718fd3cb7f57173e17d06d40f1ba5d8e1
- SHA256
  
  1ca849a622c9af2f019aa849084094069b41cb054e8d71dcfec41fa7fd9a2024
- SHA512
  
  b683b289d52b2e2eb0c663eca088481b309d5a8ad52b4e367aa26a93dad6ce8ae888ce5402af3857dc1488ca8860d3fddf68bb3b4ed82fc64fca9a77b32a6f86
- SSDEEP
  
  384:+W/+y1khFotcp/F2Aygs35dnug1gBIxnAmjS56JO/1yUCSKr:x/5Qpt2A3s35dX1gW9A/56JGQUCT
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  plugins/xcpython.dll
- Size
  
  5KB
- MD5
  
  8fd169942c4b2b8c9d3f0befb11020ee
- SHA1
  
  f28ba0e28a106ef0202ada9a2c853c5041f02395
- SHA256
  
  97939f507c8c1139d4c9a7bfd231d179e25cc7d3f2bb6f9839bdc975d1d3a83b
- SHA512
  
  7e7d3aac0fddb3c54e54b9a54bb97bb2a7c596ecc51fc8fe202e6df16eda1f3bad4c91ce6f7ce527fdd6cb3e1f1c6bacdd99ab53328bd6c18224b37a5753370f
- SSDEEP
  
  96:TXYFN0pT6IrxmN14GeHmaeYj3UfX4dUL:TXUOLMN14jmEp
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  plugins/xcpython.mod
- Size
  
  24KB
- MD5
  
  da1d6b456a96f4f8ed0bab9cb46b2b3d
- SHA1
  
  6afe95b820e3b91e2c115a420372246adda11266
- SHA256
  
  ee16e1bb369ce4e7781a623d1a66efabd1271ba2e960f4e78f33b4765130be48
- SHA512
  
  0da08de391e1a6e94f41baa3713e214986cb6217797cb1b93ff58b669f24886ec3217b61fe8ae98b6f5f9868de30d48e07ba0a31f6e98aafff1afcf930f5769e
- SSDEEP
  
  384:HftECg+dQTW+RgO+JA6VVOmGaETFC/u7g1hMVGWI339Nj+iIVK:/tEl+dQTyJfVVOH/FC/u7iMVoOiS
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  plugins/xctcl.dll
- Size
  
  15KB
- MD5
  
  5979ff5ad49022a6a5b283e2c3d1e4ff
- SHA1
  
  a3ee0ffc0488f94d60e555c1b1e47d116bafbc5e
- SHA256
  
  ba50ae6d2d5def827508fc27e8879461cda836ebdaef8f33a00711ff1c8fb018
- SHA512
  
  d0b02816e2f233a0f1d88cce20a3b5691c92c641059b8bfa4ac41ae58445ba0afe634509271ca0864e1980f30257b7fbf8da03a1e89a359e4e7ce56c4949f401
- SSDEEP
  
  192:/8MyS1djVOYINh5TtGqaPrnJ1F6B/igy5duqU/Qn2dgUs1PaV0QG4RKKSoyGXAa:UMddjVgrtcDOBaBPnnGgUqSV0eiAA
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28
- Target
  
  uninstall.exe
- Size
  
  52KB
- MD5
  
  4410a48ec5df1d75446c1042098c4a7f
- SHA1
  
  5aab0aa224c298a461ba35e7ea1602ad04c51c30
- SHA256
  
  1a4e231b7ef9b68f2399aa715cc44cf3234bcc601d9190060d3f4b0ae2c519a8
- SHA512
  
  49f168e7044c0ea3696b4948150dcee8036ce3467c0d51132f1c53c40775bafffb123c350a2dd39db5995dba96caeaa5e017f360048cc587ffd11cef9fb4ffe8
- SSDEEP
  
  768:9qCldEQm3mrVLgbfb/CiQAwEBX+JJRnnAm6kRRw2iZ+QgF4TfyhbY+0u3HO2+CpS:lKQ7K+jxA9LkQgs65Y+0oH+ElZRGUdWn
Score

7^/10

discovery upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  cce5450725a9429a1d3c7aa851d40e8d
- SHA1
  
  05722500e42757ac03f2558452a064b906e31937
- SHA256
  
  d850c786a68df9520a3ecf2a96f4f091c9bae71d3adbf7731e8c172533cb266d
- SHA512
  
  3ddb56429e097ecf942e8a5147ba4c4191c52b736df267934f0dca75ffa74faffee8911dda47c5d2542f91138abbcaf61be3e3d68b368631d6bc21e254b5c637
- SSDEEP
  
  384:kKlm7i+c3QW6ckPhyDEaLnD2bbBBIXwZ:xqi8BcyhEhLKbbTI
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies firewall policy service

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks installed software on the system

UPX packed file

UPX packed file

UPX packed file

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32