31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0

Resubmissions

03/09/2024, 21:32

240903-1dvy9syeqh 3

03/09/2024, 21:15

240903-z35pbsxcnm 3

03/09/2024, 21:00

240903-ztqttaxalq 3

03/09/2024, 20:53

240903-zps4dawhll 3

Sharing

Copy URL

Twitter E-mail

General

Target

Cisco AnyConnect Secure Mobility Client.zip
Size

11.6MB
Sample

240903-zps4dawhll
MD5

a046e07111f7ecae523c8acd0e6a0ffa
SHA1

10c35ca94d6a834dc81a60c953abc11bdfaa4bb1
SHA256

31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0
SHA512

a84baed41cf5d7a4dbb599728164b7cf28cd7d92212513f3e821dfeb617b93030f545264adfe9ed1cfdd09220f5518031a368369ad035a3698bc7e7030719a76
SSDEEP

196608:mIgy+3IWzFPMN0d7GcXraogl7b9qvnE4le2eVVX/dgE5HK+ATELEvGlxp9TYc5N6:m1y+77GmratsvJej/dgISAYv+ppr51+X

Score

3^/10

discovery

Malware Config

Targets

- Target
  
  Cisco AnyConnect Secure Mobility Client.zip
- Size
  
  11.6MB
- MD5
  
  a046e07111f7ecae523c8acd0e6a0ffa
- SHA1
  
  10c35ca94d6a834dc81a60c953abc11bdfaa4bb1
- SHA256
  
  31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0
- SHA512
  
  a84baed41cf5d7a4dbb599728164b7cf28cd7d92212513f3e821dfeb617b93030f545264adfe9ed1cfdd09220f5518031a368369ad035a3698bc7e7030719a76
- SSDEEP
  
  196608:mIgy+3IWzFPMN0d7GcXraogl7b9qvnE4le2eVVX/dgE5HK+ATELEvGlxp9TYc5N6:m1y+77GmratsvJej/dgISAYv+ppr51+X
Score

1^/10
behavioral1 behavioral2
- Target
  
  Cisco AnyConnect Secure Mobility Client/InstallHelper.exe
- Size
  
  550KB
- MD5
  
  18a5846e5f8357b5530a64b3f74bff85
- SHA1
  
  13162485be9251cebb322619a9e7f38591dc6a66
- SHA256
  
  8d9644a978ce012984decf1512c86ff282fe0fd01d3efc75ad87bbf53e2951bf
- SHA512
  
  8db10b96615c636f60a8c94448a1bcaf0195ecf5368feca67b068143a0c69e8de9b2da6dc93da6f2ea006a99c2be13259d71c4d8f476a3b806b1de486f632849
- SSDEEP
  
  12288:Dd1LP/msBEdy4TGYxQJUVcwflb6C7byjVU5:Z1LnmsBcHGr4Z7eBU5
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Cisco AnyConnect Secure Mobility Client/InstallHelper64.exe
- Size
  
  1.1MB
- MD5
  
  8fab6e0385eca1affb9e5d07fc6e15cf
- SHA1
  
  64a128c3b5ebb72409b5f8428df295be771bd433
- SHA256
  
  2c1ebf200ae805d61d4c3b14a76bf2d41dd938afe9a162505a2835e1af0e0e92
- SHA512
  
  6b088185a56de3244a8e93f9506f7612ce74a5fd03ef1249dbaff0319c887ac28ea5936eb23f8e90be8ca77935ab9a296f5dd2c3aceff46a0ffc866b79da7a39
- SSDEEP
  
  12288:ZxlZIFpcMo5GPsQhUkuDDwwmd5AoKELEdy4TGYxQJUVcwflb6C7byjr:Zx6pcMo5dQhUDw/d5AELcHGr4Z7en
Score

1^/10
behavioral5 behavioral6
- Target
  
  Cisco AnyConnect Secure Mobility Client/OpenSource.html
- Size
  
  556B
- MD5
  
  75dfe77d37ff2cb0887bcdc63fa11898
- SHA1
  
  adc55b017f46d1b48f77ac90f740f1cae2db074f
- SHA256
  
  ea0812963d6b2350b315b3cc8d7a8e19f5002ecf9a87b58c7bbbef198bb1998c
- SHA512
  
  c08f186bc1887e2965d0e6d5ba88234c8c60ad40934f4566eed3dd5d83949063928b59e3122bc7cf294bcdb824336452705ea6ccb314c1c177dcdd9f92834175
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/acdownloader.dll
- Size
  
  139KB
- MD5
  
  2ce0bf3fafbb8c78afaf32b1db5f6fff
- SHA1
  
  7cb6c57ab18124d703e84ffa2bf4e25931cb9915
- SHA256
  
  fc9dfffad39680dbb39ecb5e1c602f4f30e59a9b462692613b5421dc1b398edf
- SHA512
  
  a6bed88b45fd101c86e96dcc5e6a7b500c2a2fb6b205359872b20812949fb4f9de280688c80815853c5e957c8e5c0a12a9a6e48b48baf5e7c6ea4431cee12647
- SSDEEP
  
  3072:LVzS5tDHuvQzR3wRQD/kXUvERCTcLLYvDYD5qo7lcLDukJxt:L9S3HAS3ws/kXSav5jUDuk5
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/acfeedback.dll
- Size
  
  149KB
- MD5
  
  a252162e2d4a28a4565c6c823129f9e3
- SHA1
  
  6c453290575ec42e8734eaade3ad193129285ac3
- SHA256
  
  644635ae3cddd590aeb63f098906ece70ad6d1df22466c1d28177c60881e5dd3
- SHA512
  
  4529f31820e2b12a91f3fe323ac991030e13e6311df5d89e0ddce8a4c7e8d828286f86f6644c48d017b85999d645c4212d7594961fbc5c8b698bee261204d93d
- SSDEEP
  
  3072:UooM16pTQ/X7RNSHChG6oOKLx3f5YaQn++yZ6mfQwcgS:UovoQ/rXShbtVmF++yZRINgS
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/actoast.dll
- Size
  
  113KB
- MD5
  
  d05d69308f5a40f6404118889ba16835
- SHA1
  
  d29eb5f099ce66e8fdf90a1186f0e5eb71c291ac
- SHA256
  
  f3211b06ef254a9f08ab85f2e46067410e6f64bfa3ea0e768a215d6a3528e079
- SHA512
  
  8bb42ca5c0563564801cd5fa92c21f840832879e3a028e088d4016a5acf619af43cd19d4dfad02537bc203efbe8808f40a30bdf66861e7df96705f9c2fca0c6c
- SSDEEP
  
  1536:EF45N6llREUkxtyTU0sl/WskZp0M+pTPsWopcdqJtCj6xxrk52GdcBRY+:EF45/MRsRXkqJW4qJgjX2G2BV
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/acwebhelper.dll
- Size
  
  65KB
- MD5
  
  7c5c705ad2acb4e062c150fd31e903dd
- SHA1
  
  166c0097972b130b49c9e03b3a9b7f4f718dc970
- SHA256
  
  3d71e9661e64dbe65b8a2b434558f21c329841c318132ff624d41b61f93fbf5a
- SHA512
  
  680857cd3c0da433959c0e6b23ba2925a33e6d6cf5993bb8574b7e9e7dd1e3622b3a0641f26fa2e51fb6a8602d27f58dfef1f31ffceeb40434f4e6f59df53a11
- SSDEEP
  
  768:P4cxuKKi7gkY5BERatIRFTajyB7mvalhAQRrMC7H/pbhqUZYj5A0gfWWiDGdhRIw:P4qbdYjEVGACalL4SbhBiFgeWdoM
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/vpnapishim.dll
- Size
  
  273KB
- MD5
  
  660d5360809bb8ae6a602496e9eb8c7e
- SHA1
  
  a9f102abe52f7a89d6d7ef98a7b21d8ff5776cdc
- SHA256
  
  46b81fec758ec24d450b2dd606e35339e3f82de4efefe626bd15d8a1e8871160
- SHA512
  
  fb2234c293dcb1f29de85a83c8909f7efd3e1120a51e2c0ed45d66ec47fc69fdcec56dc5954e2afff5d605993bc172f66f8f4280d59b5b6b29fa6af4e4f1a8f4
- SSDEEP
  
  3072:zJi28y6/645HfzhOxOPjKjypXkWkF5koXbMZ1eQIcB4q8YYrrqZkViMT804V1Ok6:zgnFOejmuYuorxcr5YrOAiMT8V0uzqcQ
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Cisco AnyConnect Secure Mobility Client/Plugins/vpnipsec.dll
- Size
  
  565KB
- MD5
  
  221aa1ff015abb63ad8e062bd609a8ad
- SHA1
  
  a5bc0ab07033d5a5bdc18b2893f4957b358dc89d
- SHA256
  
  cd34058dfa3d0dbfe48439800aa8c005362a998133e895cf356dee215ba93bad
- SHA512
  
  e230503a85c76c4fd36a5debd7c6c9f6617cad8e42a1714c646b8ed4ef1cc56b7b3bdda6187efafe4c6a5bf1895d4617e88740cad4c06264f06c5cf2cfeaaf7a
- SSDEEP
  
  6144:PaQsuXdcj50HL9UH0EPToruXjl5t0v/N6On5WMAYleiIck2TVbKMJGMgWvO+/Rq+:7W09UUEPn5q/N6OnFBei7TwG9aA1
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Cisco AnyConnect Secure Mobility Client/ProxyCon.exe
- Size
  
  31KB
- MD5
  
  dbf1f474322b428202bb5c8f7f38f44a
- SHA1
  
  0914912bfde61262bf643272ab3ab4d2445a751c
- SHA256
  
  12283f35d2a2fbf427a57b520e3c3777214f3804921c386eb33518085ed7d9ec
- SHA512
  
  e8d094fc59cbca2b9e45358008342763f008b591db9ae2904453f2b96db3c674c45e1f8eb00876b477db0e61cbeb4c978d4be1d44929d72f304dbf86464cc1b5
- SSDEEP
  
  768:UbXgSSwuSBOEaz2YsoMElOYGPDGdhRTGBDGVZGOhL:mSnjEaz2YsoF8jza
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Cisco AnyConnect Secure Mobility Client/Uninstall.exe
- Size
  
  964KB
- MD5
  
  23ae865f9e54ca199c8e5589c67f9867
- SHA1
  
  39cdf362b32f4e76994f9b7a1b1af9935896b55a
- SHA256
  
  fcdd6299975a64c4e73b9c343efb0a14361c84a14cc796b0fae75c406789c378
- SHA512
  
  75a778f7bf7f3f448800f1f5463581c59914e7976927c69344849bcdf514ad6088539ba7881732c4410293f5af644109662cb8472e643b6a304f8afd902926ff
- SSDEEP
  
  12288:UrofVdmZmbtaQcuWoC2uEVwIWN0+DTwx2Edy4TGYxQJUVcwflb6C7byje8SmpN:Jdm6V5C56wXNTwx2cHGr4Z7eypmpN
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Cisco AnyConnect Secure Mobility Client/UpdateComponentManifest.json
- Size
  
  441B
- MD5
  
  a7a3a625648c3157b954c2527db2e611
- SHA1
  
  19ccbb19668f5936932f3fe46f710b816a965403
- SHA256
  
  212949909502babd58c948dd7a51a26a8a5d58399ac65c5275d92fd00524ee7f
- SHA512
  
  604e4f801ba3d0ba20f2e13689ba4f930ba35571788c31b0cb89ae757b67b6b1ac3ecddc7c606c8a3e9a67e07d951972e6581115afae50287f82b8d74cc3e382
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Cisco AnyConnect Secure Mobility Client/VACon64.exe
- Size
  
  705KB
- MD5
  
  8954aeb27c841202e83fb3c3552c981c
- SHA1
  
  068f3144c64c41a89ea6bc807d6c546a9879f8cb
- SHA256
  
  29054e19357d7e833ce10081d60c45f4f590ed94d4197d53e8cda15355a863ce
- SHA512
  
  0e59b42ef7ad9884f746ecdbe2a95f1f5ff9436247953735bfed66915156a282b6ddb820320ee725130603722c2547ff579875f740439317c3e502e727cf6795
- SSDEEP
  
  6144:sylm5n0adi49alkKS9OFGwgGngTqRr3BiudRPkuDDwwmffcQohU7squnto:9l8n0QVauOdfg2rwykuDDwwmMQo2cnto
Score

1^/10
behavioral27 behavioral28
- Target
  
  Cisco AnyConnect Secure Mobility Client/ac_sock_fltr_api.dll
- Size
  
  129KB
- MD5
  
  729eb6ef13785d564685116ba1de3db3
- SHA1
  
  a95c7b73f84ae750327f68b83bc0114c1b94f88f
- SHA256
  
  620d6fa135700d6ec0fe91832641ac4c8ab66666b4ec3d580ebf597e8487f953
- SHA512
  
  619882c5fc5a0ee9368e7f0c5b8b4133ba17f927bbfab6a473779003f2689ca8f55104347cf40fcbcec2509844f52a1ec9cdd1a6cae90443971c833191c7d59a
- SSDEEP
  
  3072:teH1YW5SXyOQ8avmah3j5fzx4eWHakkBYPN3FXPil:o/5SvQpmkzkawVVfil
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Cisco AnyConnect Secure Mobility Client/acciscocrypto.dll
- Size
  
  1.7MB
- MD5
  
  a54fcb9766fd039f386895bbc861d920
- SHA1
  
  dd08cf3ca76d6a77555ca73138851274987f79fa
- SHA256
  
  4ee81890a5f08a840f56221e86358e7b9265a1caa977d96e4bc2c58194ca4a40
- SHA512
  
  205176652db6fed334f78e60185e2a9e7707304018c448a459b5a9fe3231c9081ab0a597138c103b696313a40f2dc9679b7506d428da5a1cb5b648bce0325352
- SSDEEP
  
  49152:pN+/NDr/EA0CRtPmAT8R11CPwDv3uFbvFg/W4:pN+lDotCRcAT8/1CPwDv3uFbv8
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32