Overview

overview

8

Static

static

3

dfsetup222.exe

windows10-1703-x64

7

Lang/lang-1041.dll

windows10-1703-x64

1

Lang/lang-1043.dll

windows10-1703-x64

1

Lang/lang-1044.dll

windows10-1703-x64

1

Lang/lang-1045.dll

windows10-1703-x64

1

Lang/lang-1046.dll

windows10-1703-x64

1

Lang/lang-1048.dll

windows10-1703-x64

1

Lang/lang-1049.dll

windows10-1703-x64

1

Lang/lang-1050.dll

windows10-1703-x64

1

Lang/lang-1051.dll

windows10-1703-x64

1

Lang/lang-1052.dll

windows10-1703-x64

1

Lang/lang-1053.dll

windows10-1703-x64

1

Lang/lang-1055.dll

windows10-1703-x64

1

Lang/lang-1057.dll

windows10-1703-x64

1

Lang/lang-1058.dll

windows10-1703-x64

1

Lang/lang-1059.dll

windows10-1703-x64

1

Lang/lang-1060.dll

windows10-1703-x64

1

Lang/lang-1061.dll

windows10-1703-x64

1

Lang/lang-1062.dll

windows10-1703-x64

1

Lang/lang-1063.dll

windows10-1703-x64

1

Lang/lang-1065.dll

windows10-1703-x64

1

Lang/lang-1066.dll

windows10-1703-x64

1

Lang/lang-1067.dll

windows10-1703-x64

1

Lang/lang-1071.dll

windows10-1703-x64

1

Lang/lang-1079.dll

windows10-1703-x64

1

Lang/lang-2052.dll

windows10-1703-x64

1

Lang/lang-2070.dll

windows10-1703-x64

1

Lang/lang-5146.dll

windows10-1703-x64

1

Lang/lang-9999.dll

windows10-1703-x64

1

df.exe

windows10-1703-x64

3

df64.exe

windows10-1703-x64

1

uninst.exe

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dfsetup222.exe

  • Size

    7.1MB

  • Sample

    240903-q5fzbazcje

  • MD5

    6961ad3a4a5625db89cf901d3b48d597

  • SHA1

    ca37e6361cedea61f167145b31ef0850c6ddcd77

  • SHA256

    167b7192937b39e657def16ffb0fdbbab326f007747505d5c8785811d6b03ab8

  • SHA512

    9d6b1456a60d5902650a5942dfb4137f476a2b81cdff4149117914f65b6444d1bfa0a3ce9dd29998017513ddae7eba0419da37ce054888bbd0937679eb673c55

  • SSDEEP

    196608:Sai5Pg/CtTmdarnCCpbdjchVBqrAZgK9UBdza3qkrkzhJMZ:Saqtidarnf+VQgKorkFqZ

Score
8/10
discoverypersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      dfsetup222.exe

    • Size

      7.1MB

    • MD5

      6961ad3a4a5625db89cf901d3b48d597

    • SHA1

      ca37e6361cedea61f167145b31ef0850c6ddcd77

    • SHA256

      167b7192937b39e657def16ffb0fdbbab326f007747505d5c8785811d6b03ab8

    • SHA512

      9d6b1456a60d5902650a5942dfb4137f476a2b81cdff4149117914f65b6444d1bfa0a3ce9dd29998017513ddae7eba0419da37ce054888bbd0937679eb673c55

    • SSDEEP

      196608:Sai5Pg/CtTmdarnCCpbdjchVBqrAZgK9UBdza3qkrkzhJMZ:Saqtidarnf+VQgKorkFqZ

    Score
    7/10
    discoverypersistenceprivilege_escalationspywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

    • Target

      Lang/lang-1041.dll

    • Size

      42KB

    • MD5

      488a7630c23ae5d36ed8a8acd76f55e2

    • SHA1

      a1c8ed90e521047b7663e89f31d1c2cbd2d36cbe

    • SHA256

      8d22d023deadd1381102db9e302bd870f19d40d868b0adf5baf6d0e3824d35fd

    • SHA512

      485d51d3742d837e22fb3069b5f755e62a7f3f49a03037a417149ef8d6afcf71489c1ffb84fac9a7b080ebb6a78da161c60f0a12728b14a51fc6b114dee52efe

    • SSDEEP

      768:QooAnkQMWf86dJt7hSQqgRjI1YGBp/E09uYOMehg+9rDDGgEXUf2hp:QooAnz3k6dJt7kQ9jITBph9uYOMehg+d

    Score
    1/10
    behavioral2

    • Target

      Lang/lang-1043.dll

    • Size

      66KB

    • MD5

      1d8cdb0aaf347cecf2196618ee76076b

    • SHA1

      288807f606ce8bcd5d8a98f664ba0b09bad0059e

    • SHA256

      7822ae780c28bf5ee63d1cfeecf5bb698efbddd88abc0d53a00fad13928db0e4

    • SHA512

      ee5abd86093b893bea70119db633750147ed0b0c1a9fe46db4c092d7bf73db893a09048c5bd12baa3bb17c7bb1dfc7fed564966711e267c4c99627f3cb182d2c

    • SSDEEP

      1536:8rskJ2ZVIFKCG+0EK/50d2n7Q6bslEPEJUfC:7kJmVZCG+0l/5q2n7QlEPEX

    Score
    1/10
    behavioral3

    • Target

      Lang/lang-1044.dll

    • Size

      58KB

    • MD5

      b6e4829335c1870d26766b056260d8d8

    • SHA1

      fa9834312f19a69074f2a271e1a3469be3c3f6ae

    • SHA256

      5181ce8849dedd9aabcf3bc69e8f57db8a86e2d680b8ab5b2af87f31f43cc626

    • SHA512

      48d95b51c04dafd87fed46fbeed86ab94d637ce0e578c6d1d8ff300d81362a18b162ba3a94ba3c9099a7da2efd0e8cddad0c36df5971634480f6f5a99101202c

    • SSDEEP

      768:feXzRUsavg15Bf3h5mlj4OpgjGtk2upnibsOeaR/QGoBek0ArpXgNLISDGgiSUf5:feXzwh4egjGu2792Bt0jUf5

    Score
    1/10
    behavioral4

    • Target

      Lang/lang-1045.dll

    • Size

      64KB

    • MD5

      c8a969e846e80e0ef3f2e24d09b7dc01

    • SHA1

      339063120d619927d8e0c6e727ac99b8f4d1cfe7

    • SHA256

      d202e3361c5c2117857fb24810a5c864af73a18e903144cfaa6704501988941d

    • SHA512

      8db8730b640680a63e782024944a92ee9f3768c705c7ba8530550a41e9fb15031ea18f9e9b1c93c5dbe1154a501b82dd30288dcd86b6911cdc9eb9c8887df3aa

    • SSDEEP

      768:gZ2XaubblPX34GyLx+3DJcFjou49sDqBUBhLrV0WSISwgr6fYK9IDGgW2JUf2hph:gZ2XagB8G6LZiUf+

    Score
    1/10
    behavioral5

    • Target

      Lang/lang-1046.dll

    • Size

      63KB

    • MD5

      6ef6c544337580b0728b9d104798d961

    • SHA1

      7c4959798e026dbcf4525f6c07ebe5a1cc241187

    • SHA256

      6a826bb4449eb15f23d4ba6195cc3c62ddf7836854cb3c093a510c158f84196e

    • SHA512

      96375335b7331f4ac6cb718232ab2c5922cf7027607e4f1e0cba677b7947611ba44ae542040654dcd1421d91dec8219d7db6cf26765725ceeefd54f05f01505c

    • SSDEEP

      768:zLAXrzvfXHmCX01Usavg15Bf2hXkU9a+FIY/nyUZsfavMS7YOGWPk0ArpXgNLIGa:zLAXlUqkSdGV0naUf

    Score
    1/10
    behavioral6

    • Target

      Lang/lang-1048.dll

    • Size

      60KB

    • MD5

      fcb6422377aee6d5cef4cce45180a25b

    • SHA1

      7665ed3306e3c371cec4f34364f41815d9d4161d

    • SHA256

      0d94f02a8113b998beb77b5fb615d8d75373b6020ae3608e22be04d89c4b6df1

    • SHA512

      40c580d972a20875b47668a47344daa422a070afe10fd9d4f43b562c53a23c8dcd688ebded19d8fa3107d4d63d25b58037f61510f87aa0809980df482248f575

    • SSDEEP

      768:WUXifq5k9Usavg15BfZhicU/UhgC/5fXlt9t+V5EyKuJUtRJqR/QGoBek0ArpXgV:WUXChi0lX0V5HUE2Bt0wyUf4

    Score
    1/10
    behavioral7

    • Target

      Lang/lang-1049.dll

    • Size

      60KB

    • MD5

      a7e9f6f62cd1101c118afb35970c46e0

    • SHA1

      34fa2959232456402678c33ca2ecb09c2609e850

    • SHA256

      680833508ffdf07be491e5429bb220a13c354ab66cd8f9f24b6968e2bbd3eecf

    • SHA512

      7e06238a0cd7970e044d67f1a6e0a38da7da4c90ab1960bb66f7ad03358062b28cfa1acb83a6ecb1584824c65e713ad92a5ece3b7129325cd46141838447815f

    • SSDEEP

      768:hdgeLQPhkg85haVRMkSDS2ETcgNFfMKZDGgHfdUf2hpo:hd50J2vkSfghr1Ufz

    Score
    1/10
    behavioral8

    • Target

      Lang/lang-1050.dll

    • Size

      67KB

    • MD5

      81ed567603e2602a5abe3c0ac758dcd5

    • SHA1

      984b48543be0fc96ce3d91c8dbf5dd7d5161da24

    • SHA256

      796ffd613409e54e171aca3c52dc3acc32946aa6fcd08ab6476f57ef6e2937fa

    • SHA512

      9ec56df06fcfe8ce97ff5bb3032979ebca448caf76affbd3b769a98455741ee152758673c9e606dd0f13502239455d41ff817d86b632caac93f217f12d4d45e6

    • SSDEEP

      768:1G8NB6bs1EqSBsO53Dj5yBBlQlNwyWQ8XfFp5DGg7hoUf2hp:10JfjssvlWrjmUf

    Score
    1/10
    behavioral9

    • Target

      Lang/lang-1051.dll

    • Size

      59KB

    • MD5

      4ae7d11919fec024ba4ed1ea6a7b0f8d

    • SHA1

      76085940278d70091046b42e9fb2d23f9eec3f8e

    • SHA256

      b216fa7995c6faf22b0220414aab2a6f20586d46f213f5769d6caa65c5163681

    • SHA512

      fa7cdd4fe18de9ddc1365402eca48109e16c58134ad80721367996c14d7be631acc07bc2a6458db68890d6bf6cd38f0d7ffb1cf5241b5298eb0aee4eec940438

    • SSDEEP

      768:OWXqPiu3QFg2LLpck88LU2AsXh9D/skKrlFHDGg6mUf2hpY:OWXu3QFJLLp3o2AsR9D/skcUfr

    Score
    1/10
    behavioral10

    • Target

      Lang/lang-1052.dll

    • Size

      62KB

    • MD5

      ba0f4d3b21ac05c76ce5c40d09ba09f0

    • SHA1

      18f301190d778654dd8e6ef8fa5d680fc3fdbd04

    • SHA256

      8f8bc4486cb97dfa3182fa361f2f804d7d430f27d1dbcf8356af8cb6dbaaaeb4

    • SHA512

      aa4c35608795ca48bb010dba0ab3ae8bdf3dd13d847dd5e7670a547352668ea39fae2353c048cc2be77f4bf4712c83f5678728220942bb1cb071f80ade376fc8

    • SSDEEP

      768:0cXtIiiWWkpyuUsavgC5Bfwh5BhVW7Vw6WNVj58kVjjPB4iMMONzx5SE+HJfKDzO:0cXaaCf7UUf

    Score
    1/10
    behavioral11

    • Target

      Lang/lang-1053.dll

    • Size

      62KB

    • MD5

      abb331b029541251b8aef2260af0038c

    • SHA1

      67db370bdf9694e70c9c6ba8726f8daea530395b

    • SHA256

      8d3981c40fd253a2682fb959424a581a61a075cd8b4a4bd7f5ece0eded9b6fad

    • SHA512

      457482f64af2adca01753e14361683d56f3bb1220921678fd5b6ccf6a2c7a6855b8cc99646db9042f9dd37743115e3b8f57fd89ea49168eaab7e526399b76968

    • SSDEEP

      1536:BD3Ufl9Dq27XCjTZG5aq+mCDKm0dnoYAm/fRFrCv3gUfV:ayEREh

    Score
    1/10
    behavioral12

    • Target

      Lang/lang-1055.dll

    • Size

      60KB

    • MD5

      24758c77f207a6372510154df646c571

    • SHA1

      60d4fc2460d7fd76851a9b9d9565617afdfeb4c8

    • SHA256

      86977e9053448580ed6bc499f5cddf94bbb4afe762920d4d9ce0af23e052c12d

    • SHA512

      2ff5116431ec0ebf12f98d48fb2b3b670697f002af7a14199cac5d2756718ff0bdf53c7695bdc9724d7746fe5aeeda25caeda935b54c31514c7047aa8683282d

    • SSDEEP

      1536:LSwVATHUIvlbSuMEnveOQq0o4emGDiqbApLbcJDiWSCwUfL:+wVAT0IvlbSuMEnveOQq0LemGuqbApLu

    Score
    1/10
    behavioral13

    • Target

      Lang/lang-1057.dll

    • Size

      63KB

    • MD5

      2e6a33ea2449de44e5cc9c015feb4b9b

    • SHA1

      7a0d568ffe2176a96adeb1d1391a68044bf5033e

    • SHA256

      c7c150113b18e2edc70f5940d627053fdf74dd008e7521cc17258b854ff68a45

    • SHA512

      599a3039c679b9b311ca0aee1f1f494e591a57ee9d54bddca4504343f4a6b05585dfd7712e253fc80363217547522e455521ed953fe38fc3d59f2fe93587cbf3

    • SSDEEP

      768:R8DQXm9uFRhkLHXg1juMZUx45RRzy4NC9gJPD6IHDGg2VUf2hphL:R8DQXHRhwnhO/wRqh+IkUfAL

    Score
    1/10
    behavioral14

    • Target

      Lang/lang-1058.dll

    • Size

      63KB

    • MD5

      f94086daa80a0a412dd06c701051d158

    • SHA1

      fb05bc2cf5c7e55bb0bbb796333b319d6e013333

    • SHA256

      42058da9efda902d2ff4d1fdaf65775871458467ed64e548abc14f3ebd7684ef

    • SHA512

      82485844c0c101e8e4cca4e9581434423e437ec5d823f108f2bf7182d774400ec9ffc37b3664db757d8144bf590e8d2c5670c631f75d2283d1a5849fdbcaed64

    • SSDEEP

      768:y3n85W3zjN8WGQenY5TOmr2EU3DGFVckH4mLg6+HEgg+PgEADGg1EUf2hp:y3aQenuTN2eqHEgg30Uf

    Score
    1/10
    behavioral15

    • Target

      Lang/lang-1059.dll

    • Size

      63KB

    • MD5

      f5635d0e89b41d73efa37e04c2275221

    • SHA1

      81fd4fe003da2ed3d9c4971acd6b876609fdfafb

    • SHA256

      dda82df17f39e5ebb1d21a1549658a215069ea094ae83f8bd4213a5b8435cc35

    • SHA512

      9d0bdd03d933a9db9b334facb76d9951779b5ecf10197b2add182dc64668333625a99997a44bf4864bdca0f49a9a278b5a345252a1095840d5208e3ce3f1bb03

    • SSDEEP

      768:fsUwn3yODU1lPZpYObZER/T08LuPl5Ane6DGgxiUf2hpj:fsDfU1EQ+hAUfM

    Score
    1/10
    behavioral16

    • Target

      Lang/lang-1060.dll

    • Size

      64KB

    • MD5

      65915ec44f52a3aa4f76ee4e79cf742a

    • SHA1

      ec975058ead1f4a1f62959d9437940d8a575484e

    • SHA256

      016c3dd795beed83d38539af361390001a85d7e6f06dd48fb7e3a66224b7708e

    • SHA512

      2d220937c696fd4c486382a1c2cd40488cfcb34f5846e9754325402b6975e817a11c11f9ac424240939ce6b83068e916283b046402db7115f4ffc74eadc52ce7

    • SSDEEP

      768:Hrn3uKjVjuut8I0AMu4Uixg+TpVkqVum2PGhYvxDDGg+ZUf2hpd:Hrn3uwNhtpux1gsSaUfi

    Score
    1/10
    behavioral17

    • Target

      Lang/lang-1061.dll

    • Size

      60KB

    • MD5

      d44906fbeacab80321f2963611e0aa8a

    • SHA1

      c6220e22cb799273afd9842bcc2dc522354d0d96

    • SHA256

      f0cfe81b53366a047cc72644bb61f5b24ba258bad0b31379efa5301eb59508a7

    • SHA512

      93f7086fe80b3f6f29d8b36f9b5d54f76ecab431073dff775078df62a8605a08fec5f970611ba8303ba50543a0097f19b00b971a429757c83ea889d7fe645607

    • SSDEEP

      384:DP3/pdnHLn3GYpk7mb7nsorcdKflBx8uZ6qa7pxZdcPKyYm9lnWYGfJIMNsRAIsM:7H75nsihL+YGfJI+N/5eDGgzZUf2hp

    Score
    1/10
    behavioral18

    • Target

      Lang/lang-1062.dll

    • Size

      64KB

    • MD5

      96911ad0951e419616b903fe19c54c86

    • SHA1

      5d1ed729a109b7b7aba3a0884dac49bcd8ce4bb0

    • SHA256

      8875124ca2c1d3cc98c7f19941110b7051441ef89f99701a3880993aea6ce520

    • SHA512

      b6beecbede3b7986bdcd00615441508806a4b65eff7c19711739787d6d3b2335e00452a30fdb63099a98299293d10fc9207b43e5d55c80eb875ca944b22da2a2

    • SSDEEP

      768:uiRvNT7X/XUmS4WBij5SUzF8VlWCgoC+d8L2ypPNHDGgznUf2hp9:uiDnJFj5nzIHgoC+d8LLl9Uf+

    Score
    1/10
    behavioral19

    • Target

      Lang/lang-1063.dll

    • Size

      62KB

    • MD5

      ed1fa27ca28ca70aeb4e3afc0137d58c

    • SHA1

      e9fce7db17cd27a1caac282c3ed4aa7c9406d87c

    • SHA256

      8567a72fa7921e1777f546aa409ceb29399f930e6445730afc26d1017f2c30d5

    • SHA512

      43ae4931e1aa7d358a7155aed82aa8598dce4630c9585a5af1a3a85e064fb8c28e65d74f62a60c1b492d89b496f543b22aacc5a10d4885cf71d53f5994cdb81e

    • SSDEEP

      1536:vEXK0qtr3LHwY0F9452FceBBQ5C0sOUfa:3Wy52KeBBQg0X

    Score
    1/10
    behavioral20

    • Target

      Lang/lang-1065.dll

    • Size

      58KB

    • MD5

      d62895a13d928a6080ddc809a35b4dec

    • SHA1

      9dcef14f3746af9e4b989f2fd756c0403a1c9215

    • SHA256

      29f467015664c1b16a07b95f83640088ecd7912a8e5a5c554f2054c596d82c82

    • SHA512

      277e952b8a9c1909685f6090886ce5df5b87d4f7582ce18c8516f2dd19e1ad7bd9f2bab62cb1033dbcbbd7110ece23de944b4f3cbb9d0ecdeb3771d95895427b

    • SSDEEP

      768:p1MUnMyQF3DR53llG+Bnl2xtNITZtVo8hQLEDGgA+zUf2hpK4:p1w5++BEwZvOmUfE

    Score
    1/10
    behavioral21

    • Target

      Lang/lang-1066.dll

    • Size

      59KB

    • MD5

      190f5b1979350dfcfb4049055bd6e2cd

    • SHA1

      b22446d4f3bf6da8162b3b90a4471a817573777b

    • SHA256

      af81e6282e3612c53a0e19a1bb9779ef01d7964f1fed32d3cfb378022953b8cb

    • SHA512

      3c8a9f1554d060d88a10a3c2b787bf1b37298b452eb9bbdd048c758749babda0e323451617a24898c8500992ae827bffaf847aa6ed471e4f2068ccf1e64a45ce

    • SSDEEP

      768:NHXJLmSUsavgfwqjB1h3dL5eGynZwYvy0P+J6bcXgNLbDGgE0Uf2hpJ:NHXNwqjxK7nRyE+J6UfW

    Score
    1/10
    behavioral22

    • Target

      Lang/lang-1067.dll

    • Size

      59KB

    • MD5

      648e5c2a5fe4ee7c909299a84e641b1d

    • SHA1

      a7e9f5df8a011cf59f76a08fe4d040759154b99c

    • SHA256

      2acd8d3d30cfc4e2d5bfe3d21f5a0145ca0421c37b3a077ea29d062bfc600f7f

    • SHA512

      35d67878eacbce98874379c280a9e943363d3abf1e2a5cdcf1d0451c8fe1da43711c6c3f74c460b08da82a2dff306b2fe3c8c7aaede14550e81a58107d90330a

    • SSDEEP

      768:TO38LdimXgh+TkBq/68zcTnNHTvXyjtqAl48zEQ6rsBADGgsbvUf2hpQ:TO38LdimXU+TkBq/Bc5Tybb5BrLUfD

    Score
    1/10
    behavioral23

    • Target

      Lang/lang-1071.dll

    • Size

      65KB

    • MD5

      6d8dd40c0a2b88434c7ebbfbcc91b951

    • SHA1

      594a284c37c9a065ce20397f1cace5dd806349e2

    • SHA256

      4e0518a11bc6445174cc928c5180cc798a5e6bc733d774818e184859573649c4

    • SHA512

      e1fcca2f40ac31ef3cff9dc83a164a742eddd247a5157b7bcc40d2fdc87c9b00d26118d25e2d6b25ab1688d3b0826ef5618fedaee59712ed85c1d43a4a8193f2

    • SSDEEP

      768:bOX5f5Bf4h35IOkohXKrPf6+TFNyMr1rvgNLpTDGgT3OUf2hpa:bOX5gGAMJUft

    Score
    1/10
    behavioral24

    • Target

      Lang/lang-1079.dll

    • Size

      62KB

    • MD5

      538c8e91c594b4bd4fe7f3bd2b9ea632

    • SHA1

      a20a95ef8286251f3bf43b2a9c325334aa10ee48

    • SHA256

      f94fd1d96b9d579c6da0d07ee40f5d55b90619bf711af85abcafd9ed29584d8b

    • SHA512

      bb6f9405cefd26efd75ef8eb30279114cdc86354a5b9c9cc48e8d4bd60bf6e7ee263c49c34e1d44e891c72d0ae078d68b6c695d974b2a9b993aff34d3545d820

    • SSDEEP

      768:F2IVXJUsavg15BfjhVqE402Bjpwgek0ArpXgNLIP3DGgihvUf2hph:F2IVX1qEiV6gt05VUfy

    Score
    1/10
    behavioral25

    • Target

      Lang/lang-2052.dll

    • Size

      30KB

    • MD5

      90c2f5da26fd2a301638d69c6c3d0067

    • SHA1

      06fb207c92e4fc9a9447ec41158b34a24f261d31

    • SHA256

      9c4d5a864397b44d7aac8edc95ae7178d171a42df3e3a5ed7d76aafede10ec0d

    • SHA512

      731a00579ddec3a85176f50968ba0d2e1cbd2485e96984d41c6ec6d15bde7fc6b017c9c6c26e0ec5958cacf1452c4397ff3fc37f18833b8a0ea7ab14008f2b45

    • SSDEEP

      768:d7rU3/lwcP7zVUvnixhRr8DGgxRUf2hp2:d7YP7ZUvMGUfN

    Score
    1/10
    behavioral26

    • Target

      Lang/lang-2070.dll

    • Size

      62KB

    • MD5

      5c1cbcf606e6b4dc41ab2297d3e510a6

    • SHA1

      92662563463583720e6fd1c08ff8d482fb0901e5

    • SHA256

      0d0916a4083bc37016f325703b9971b4e543688568f7be7869ca5aa34fd096b6

    • SHA512

      b827e238b31bd1abd42acc7d61ebb6a185d92a6e38ea7da648133109e24b4d469fa6b0540239088f374365b4e4c3ea199a8b52cd60c1f2a49dcc6b8dcffc2eb6

    • SSDEEP

      768:GaXXQEJg6/Usavg15BfIhPW9tm5YouNSj1R5G2O6wAIuPEZzeWrHkBBtS7UArpXR:GaXXTmDuNW10Al8Zig6BEU1Uf

    Score
    1/10
    behavioral27

    • Target

      Lang/lang-5146.dll

    • Size

      60KB

    • MD5

      20e217ed0f0dd7ffa355ac80b1ac43a4

    • SHA1

      b3c174d47341723334a5e8891d27764863a7e11b

    • SHA256

      8802b75e1bcdbf59532bb3f2e7bd2a943ae68ff216da9e8175d73a34352b6e68

    • SHA512

      8297675c952756c1980fe0b7ceff3469de26fb143625cb5262054571b8990f87f6de19cfa35ec830318ce4a15a98640b2286b515e3ce6c52dd6e468c78bb4bcf

    • SSDEEP

      768:T/XuUsavg15BfgMhujr5BtkWVfkbsOeaR/QGoBek0ArpXgNLIkDGgovUf2hpY:T/XVDuWl692Bt0WUf3

    Score
    1/10
    behavioral28

    • Target

      Lang/lang-9999.dll

    • Size

      59KB

    • MD5

      8863a8da71125f85022ad47b0f32e863

    • SHA1

      240dd62cf8e661cbe15bf715c52186d901109451

    • SHA256

      ddcca97c2f84954135b453645aea7cfde2b159c4179a8061399b19a10f2bb739

    • SHA512

      36c7207dfe70c2af600f9e4545e636698e9e71614badc9badf83a88cf531ec22b606f9994d16addcf4e110d7b54d76b8083477ef9996dcd5ca20b1af8c6a852d

    • SSDEEP

      768:tlXqUsavg15Bf1hsDSg7OhOTtKR7ZAM3aR/QGoBek0ArpXgNLI9DGgLvUf2hp7:tlXuios2Bt02Ufo

    Score
    1/10
    behavioral29

    • Target

      df.exe

    • Size

      1.2MB

    • MD5

      e9db47d848e3d2e0064d1c8af02b3b2a

    • SHA1

      a6bd19cb8e622e8c4b674f4e4d61441192437cf4

    • SHA256

      6158a02df84685c83e1a7e519397ca99fcf1ed3625f4c6a2605947b51fb18859

    • SHA512

      a6ad01731ffe145f5b1466adc94f8e74d4be21d0a7c33ac73cc5732b1fdf54cb43dbea35388b01a7447726ee070c41129cc77b203408070d5ae3387868f74b28

    • SSDEEP

      24576:C2wUmEz/hiBegpUy1xJ8PzZtYW1q4sInni0IuICAF73z:hwEzYB/xJ8PnYWovuICAZD

    Score
    3/10
    discovery
    behavioral30

    • Target

      df64.exe

    • Size

      1.6MB

    • MD5

      033f2ae002a260ece9a11b05cbd039cb

    • SHA1

      108e85e90857b22574c72b1d6b9e4a3aec4a8eb1

    • SHA256

      70d1d827d08956bcaf2595974064e71afcb1357822eb7fceaf28703314c295ca

    • SHA512

      db5496e7e4b373ce7a081d95b803b76be72dbb893c8db5886e733a2df60448441785f414b2df485bd9395d38f673c3038b85cee067120dc0bf3822e0c4065d5a

    • SSDEEP

      24576:JPdKRc7UjlaEcU5VeFOpzuRbJglvgcnZzoSCc/MSx5CYtz3Q:JPIR5a05Ve0FQbylvgdFzGL3Q

    Score
    1/10
    behavioral31

    • Target

      uninst.exe

    • Size

      162KB

    • MD5

      8714e02ab8492fa906242a4aac7b6f12

    • SHA1

      70a660aa2a693f7fddc51edf0673c5e8a978dc6d

    • SHA256

      063cde0afeb24ad52bc95f162167375305fa6ba843283b5fdc86e3da81939b79

    • SHA512

      de260607ab21c5a1307e466950f5436756c1e171a853d2261c22e3f753e063eebffb338ff9d8a1cd9e52259324925b729c1cd3cf7965813e6a35a43196957748

    • SSDEEP

      3072:1IS23BZO7kF1g+d2uumUvobAEoTG4X2EO9H311wz0mQZgwMSR:SS2PzdimUwIO9HLmigtSR

    Score
    8/10
    discoverypersistence

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

      persistence
    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

discoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

discovery
Score
3/10

behavioral31

Score
1/10

behavioral32

discoverypersistence
Score
8/10