31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0

Resubmissions

03/09/2024, 21:32

240903-1dvy9syeqh 3

03/09/2024, 21:15

240903-z35pbsxcnm 3

03/09/2024, 21:00

240903-ztqttaxalq 3

03/09/2024, 20:53

240903-zps4dawhll 3

Sharing

Copy URL

Twitter E-mail

General

Target

Cisco AnyConnect Secure Mobility Client.zip
Size

11.6MB
Sample

240903-z35pbsxcnm
MD5

a046e07111f7ecae523c8acd0e6a0ffa
SHA1

10c35ca94d6a834dc81a60c953abc11bdfaa4bb1
SHA256

31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0
SHA512

a84baed41cf5d7a4dbb599728164b7cf28cd7d92212513f3e821dfeb617b93030f545264adfe9ed1cfdd09220f5518031a368369ad035a3698bc7e7030719a76
SSDEEP

196608:mIgy+3IWzFPMN0d7GcXraogl7b9qvnE4le2eVVX/dgE5HK+ATELEvGlxp9TYc5N6:m1y+77GmratsvJej/dgISAYv+ppr51+X

Score

3^/10

Malware Config

Targets

- Target
  
  Cisco AnyConnect Secure Mobility Client/res/company_logo_alt.png
- Size
  
  15KB
- MD5
  
  c7e778218df157c50f830f50b80920c1
- SHA1
  
  1a663756fc7c61af6a1e22515512c765d41bd581
- SHA256
  
  26191352fc816f284d7972fab918474ff12c715ae373564aa94a9a859d6d9475
- SHA512
  
  d3869d1d01890b4b9ce9e97e33af80b9f4b1d84bcd768a4632940bec0d604d3c296b321286c4ad9e1ab7c08f5c90d42b7a95abbfe64876477185ed9f38bef063
- SSDEEP
  
  384:MSnfZRNrWyENRPC4OHYiiq9jQ5ZjmSq4Xwnw+HhygIa:z7NrWyedkHLd9jQXjmSq4ABEgH
Score

3^/10
behavioral1 behavioral2
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/cues_bg.jpg
- Size
  
  170KB
- MD5
  
  fb1c9b074b46f020f28dd7430e4a8b93
- SHA1
  
  261d69ace9eee4908e2b4cd618f697b1e46111d7
- SHA256
  
  61ffb25bb6c81abf9d1688180adb0e2071e3db5d9c7d3b39ff065f13962b5eff
- SHA512
  
  29639ebc71c7ce128ad35440f3b56f4d919ff04fd3b732b4fcff67d4639c8afcb203d0b52301872a1ca798400245d1e8b35e01625cedeeeffdfc792990c72510
- SSDEEP
  
  3072:HTzRmKdDytGNn555p+O4aD3AU9IZ3jeYsJPNkhsxnUL+DIVfQjjCbfa4mSXhrVMJ:HD5GGN5H4e3A1Z3jCysBE+DIVMmbfa4q
Score

3^/10
behavioral3 behavioral4
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/error.ico
- Size
  
  1KB
- MD5
  
  2a78d12dd7294e97178d1226465be806
- SHA1
  
  dab6d74c370d60bcd6c14157af9a7478a26b91fe
- SHA256
  
  1019b4568754bcffff4e8e51c3b7de01d7f2073a87257cbd22e6e386860f1455
- SHA512
  
  0d69b4b37e9e4c45093ee9cf53f38816ecc91f244ddfe15dae65deb7d569fbd61ecf1fda669ee459b1cad3123745e76c4cdcccf6ba216dbe02f30253750eb76d
Score

3^/10
behavioral5 behavioral6
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/expand.ico
- Size
  
  5KB
- MD5
  
  223cc34a3299a5777171f41df8453cdd
- SHA1
  
  559aa03c2fb5d602b4116c16a7d73ee81c99f37b
- SHA256
  
  7e62c5a39dcdd0dfb69f1ccc882579d71dfd4dd345828318f1170ac48ed7f934
- SHA512
  
  5dc60d3801387f534a126d0de4336993954274be9696a0d73ce3161c6b2d36b7dcffc38ad714ccd0cfbdb397fecc9df845af4b65215249a7637321f38a5033d6
- SSDEEP
  
  6:rlL14RyS5lhJEO7dVVvydaS+Qu7lfTllv7l3Jl//lHNlP4lp4lX4lR4lf4l54lng:xh4r3rEOKJmfGJ5
Score

3^/10
behavioral7 behavioral8
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/gradient.png
- Size
  
  2KB
- MD5
  
  a3a99d7e09de348a18379ba84f5fbd33
- SHA1
  
  7e7be73d74601ea7ccfe7389152d189da10a275f
- SHA256
  
  a8f0c8e087c47d78ebc0d0d9fbe4bf124f9049be49a4d7e919d80cef3e294fd7
- SHA512
  
  414293559f4245b4065246c582d815582e4dff1e0882cdc3b0439e66204916b9c372d5430c77c49444cb69f61c715337c67275773d76e36c377ab287feac2e8e
Score

3^/10
behavioral10 behavioral9
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/mftogglebtn-down-solid.png
- Size
  
  1KB
- MD5
  
  f999f81b91475c98de33d66e186df2ca
- SHA1
  
  397b889c5aa95a25ffbd128656be5d91a71f3275
- SHA256
  
  f807e26da3a4bbfbd9552d2d50fb0f5fc28aac46635470e3f834c2042c05310b
- SHA512
  
  2a43cb4efc414f8fae4ea173fb53cf2819975c76170dcee4a995b3a74786c167c26df258e1e589ecd92decb999683ea38c6c4882cc2e299313c9357080521844
Score

3^/10
behavioral11 behavioral12
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/mftogglebtn-down.png
- Size
  
  1KB
- MD5
  
  1f1425233d56c7381e8a1b9544656a3f
- SHA1
  
  13da3d280a4561f9018bfdf2c55396862b42c3be
- SHA256
  
  fd348fefe62e962ad34d03b3639e850aaedcead2585311f8f665efff9319a6ba
- SHA512
  
  acec3fd68209f5af45fc0736ecd9db2441e69bd0a0dc43c45cef2529bdc14b4d4a41696c0bed6e11876f066e137d29e270866fe86f3a20fc4cb9f09ba0efe0ac
Score

3^/10
behavioral13 behavioral14
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/mftogglebtn.png
- Size
  
  1KB
- MD5
  
  8675e6cf868fce7270d170d83ce58757
- SHA1
  
  b08567acef2380521759e4a1c12b1c9fe657abed
- SHA256
  
  593a68e8fc7adf787e5728d044ac71d4a9bec6e4a6bf15895abc8c4869f33625
- SHA512
  
  6480b3304656eca345326a96fef93b653b9f40550e5b0d14498b2670bafb497e78a2517911f8e791e1dec3c9a3070cb4212db727fbe3fc648f6100e5ef349b2f
Score

3^/10
behavioral15 behavioral16
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/neutral.ico
- Size
  
  1KB
- MD5
  
  788efffdc640e225b2d21ffd56e71795
- SHA1
  
  aa85cfa062c2ed9e09d2700343d0ced12944fa86
- SHA256
  
  b80979304ac1eef7979f3dc0509afb95e7b199a5a1d2501c180b1d9192cac8cf
- SHA512
  
  8876630d69787e57f23805f385b0337deafcc2bfdb39690f14777f837a0e2291e3b84f773da76ce22ca7aa36f7e120f12604e3e2033e6bfa99a205b91d69f13e
Score

3^/10
behavioral17 behavioral18
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/noncompliant.ico
- Size
  
  1KB
- MD5
  
  c4d674a0654c64bb5e9b260c095c0c7b
- SHA1
  
  dbcaadd53e0344a84628f9354b80692e90981aec
- SHA256
  
  bae002268651f4414a4d5146c51fd7f9d806c5496a9ec2f480433019f5a8d647
- SHA512
  
  c8aa4bf3e7e4dab3ac91ac0525c78f57a988ed82d2ac19c94658bb9b9d4c56785da4fa805914ed564451afae94a5ac80ee784cf9f43b73dc3b8164113ead3f04
Score

3^/10
behavioral19 behavioral20
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/status_ico_attention.png
- Size
  
  17KB
- MD5
  
  c51384fd19eac405e918e7f0c30e4f34
- SHA1
  
  d624e8528e09428ea07aac3993513a2be42b3eae
- SHA256
  
  c59918b32d02d959a1d8802678d1f8e4d291d61b9043e020e036d7c87908adb1
- SHA512
  
  c3732ff8613845d55e440988e9a9dfb4d88f32056a16305dee3ca3c8e97dd55552bbe291719d8d720bd6f55c2103dbae63b95a1f26817740e4d3ac1c96003fc6
- SSDEEP
  
  384:CEN+tHDwKLJDvnqay/i4NUcOrja7gMG+mBpfAbmEkWodT13DLJARbJwmKQ:CECzlLqayRNjOr1FtBWmVWol8bJRR
Score

3^/10
behavioral21 behavioral22
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/status_ico_error.png
- Size
  
  19KB
- MD5
  
  13b838da69b9dc7b6913ce1b8f9b2291
- SHA1
  
  b30f80acbb43c1fba4deaa8cadc91af6cb09ae34
- SHA256
  
  764802fdf8d5e25fbd5fc7decf124996dadd928d4363bd3d7bbdfe40424da807
- SHA512
  
  a2d65870eaee20571793bba6e468b1879276847765b67a38843a1952d479250416d471248d7c98736251900d2c9ef9b431182a7a29fb65d8bf755178bf065bf8
- SSDEEP
  
  384:gFy05qPDDv2dWQOUQU3hoCaPvELhYkllrTohfMpVyQ7i8VoqXRD:qyDfuosQUR3aPcLNllImyQu8SE1
Score

3^/10
behavioral23 behavioral24
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/status_ico_good.png
- Size
  
  20KB
- MD5
  
  859eb6341e57a01d66a2498c07c38868
- SHA1
  
  c4e69a6171715a98aa04606b8656a4b35be1b0d5
- SHA256
  
  a9c9fc1977a8032e092512ac28fa66bf5d4b51ca8574a32f947b2c94cd150f65
- SHA512
  
  d4bc15597d96c0cf029ed85850f545f3bff2c801d4425b9e8bb3bc4e04ffd27b1b20d1912fe54a37cf34bb661587a91a9193ef717b1b74dcff1c107642540ade
- SSDEEP
  
  384:U+u+BpZhh9vEL9RxQBQPM6bsUaNpz0kD6Ofn5HhAnSZlRv7uMXBqZ:U+u+fZVM5C/6bsUaNikOOPBqSZlhvxa
Score

3^/10
behavioral25 behavioral26
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/status_ico_neutral.png
- Size
  
  19KB
- MD5
  
  c3a83487136a3907e51330ab90bcb610
- SHA1
  
  058d72418d5548ea8980f0cf9c3d0c3a383c841c
- SHA256
  
  4c8740b7beae08c76dc91f37419d5d9dbc4341a2c45fe5143c5df10796230bb1
- SHA512
  
  b60359922bb12e051045a53f8c1cfe8c265f572f8352921946ff68d4edaea202d1f24a5c842f6c64eb0f89163af75bdd75ab535359d8628be27a56ae8cb09a6c
- SSDEEP
  
  384:R0/gvSIp0QL1rLdCoCC3Cn8JozcyQko2BUfwj3kodIYiC:R0/gGEtdCWCns+xjzdYC
Score

3^/10
behavioral27 behavioral28
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/status_ico_noncompliant.png
- Size
  
  17KB
- MD5
  
  d41db0829e9b5e29273eedb30cf0bbbf
- SHA1
  
  ecd08990bec99eca5b1c70f65e22255d61fb32c2
- SHA256
  
  9e678f024507453edda4190df033566350c96d107984499c038ca90df6b420e7
- SHA512
  
  26c5f3c1da9ec4c82d76ab465467dd6b9219f3facacf79a75a054c83c6599cc34b1c29cc0d0174808635e29c50acb934d4518a479395f31fc4660b8fc8338fd5
- SSDEEP
  
  384:22rWYrUShHymD/Q3Cgg3ch5RoTs7m9YYfrc4qebKH6AU2h7bw4z5Rl:2R43ghNNwYGAd6AVb7Rl
Score

3^/10
behavioral29 behavioral30
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/status_ico_transition.png
- Size
  
  4KB
- MD5
  
  bb592cbb7c96a421fd8bc37e8597a8fd
- SHA1
  
  149b0ef611eebcbd8c812cc270372ae1aee35d96
- SHA256
  
  210246922c3643baa8e9c0c93cc36eb23dcc754e184c96bb798aeebac2a454d6
- SHA512
  
  5c40418da7990b5a9e0215b3229d8482e2501ccc9fbd7acf0dc8f4afba3e3fbb55c5073970b9db32901ca72be315dca18c71def55efef2ef1f3bbe01156dc991
- SSDEEP
  
  96:27SDZ/I09Da01l+gmkyTt6Hk8nTRJA6fbaRmQGReF7:oSDS0tKg9E05TRJA6fbymDI7
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32