31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0 | Triage

Resubmissions

03/09/2024, 21:32

240903-1dvy9syeqh 3

03/09/2024, 21:15

240903-z35pbsxcnm 3

03/09/2024, 21:00

240903-ztqttaxalq 3

03/09/2024, 20:53

240903-zps4dawhll 3

Sharing

General

Target

Cisco AnyConnect Secure Mobility Client.zip
Size

11.6MB
Sample

240903-ztqttaxalq
MD5

a046e07111f7ecae523c8acd0e6a0ffa
SHA1

10c35ca94d6a834dc81a60c953abc11bdfaa4bb1
SHA256

31e347b556164f5e2d068ed6be0101b8ee12a248be2ced71a6744db817d787b0
SHA512

a84baed41cf5d7a4dbb599728164b7cf28cd7d92212513f3e821dfeb617b93030f545264adfe9ed1cfdd09220f5518031a368369ad035a3698bc7e7030719a76
SSDEEP

196608:mIgy+3IWzFPMN0d7GcXraogl7b9qvnE4le2eVVX/dgE5HK+ATELEvGlxp9TYc5N6:m1y+77GmratsvJej/dgISAYv+ppr51+X

Score

3^/10

discovery

Malware Config

Targets

- Target
  
  Cisco AnyConnect Secure Mobility Client/Install/Component/acsock64.json
- Size
  
  298B
- MD5
  
  58365827e9ece3456701de5b104ea9ae
- SHA1
  
  a0aaf7463564408baecdfe01618cc16fbe8b3bf5
- SHA256
  
  31ca70e80db8e53c6ec617c0ab1fef733415cd169bbf472c122d3f726681f4c5
- SHA512
  
  959b4cee3f51c3a911964824ae4640fa1dff1f89462623fbe61029726fd0385b0ffb5d21d9536000bcfd3693487c09c1d54ca978771e1fccb09a143a773616d6
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Cisco AnyConnect Secure Mobility Client/Install/Dependency/vpn_manifest.json
- Size
  
  1KB
- MD5
  
  a05878eb6bf893e0968927c51a4c5bba
- SHA1
  
  19119d36d7517fd05b9a2ebc5f80e64e5310e151
- SHA256
  
  7223dd4c3c9ef7eef46e04cb0b8fd521e71d4b485118da6923e5882382e48416
- SHA512
  
  e03b92159329ed1a1fb1e586dd01c106e2216824bebeae89ff53beb347b6daab4f2ad08321d1b264927047e7280acb84830f4a80da69caa54465a54c7e088a2c
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Cisco AnyConnect Secure Mobility Client/acwebhelper.exe
- Size
  
  567KB
- MD5
  
  b8abbf9f315a51bd641ea42a8c4446ac
- SHA1
  
  bb60abeb653971b9d2e1136fa9d5fd3934a86bcf
- SHA256
  
  4d2406ebc9bc3db3233b2361323d3ab3758966d2e28876c8d40439cf0afa3f08
- SHA512
  
  1d315934d4dd9b4bbcb2689dc3974f8f3770e1a4d04b60d0cad06fc196d171f7f91fd6090ef27b021da9fcbf6d1d1d9810736eed17e5e9abddcc5e20fe378bef
- SSDEEP
  
  12288:4qvZp9FD851Cj7rsmTkkL3YWXSIPGAq7x0/pRRr+RyTXu23:4qb/LoWXScRgx0/31rXuM
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Cisco AnyConnect Secure Mobility Client/boost_chrono.dll
- Size
  
  39KB
- MD5
  
  6ffc858755c100ad9f30fb22139087fa
- SHA1
  
  4e94cf57382624dd4f5535e5d96cf73fe90b0a81
- SHA256
  
  883fca728345f7fd88307b9e19745397c4bd19a80506f971a8d343a7e573d6d5
- SHA512
  
  789b1281760e1906217c94946ba9ace952cc90b07f6a0d0eb2665b80e7542ad412b4569bf6850e67c3163c7934c8eaa7a2bb64290c0fac87a0392687e1c2bf70
- SSDEEP
  
  768:7D0B4emSfS7QU1+oZgDGdhRZGPDGVyGEbhx:je8+o0KA
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Cisco AnyConnect Secure Mobility Client/boost_date_time.dll
- Size
  
  54KB
- MD5
  
  98e2a47483a06a43b6d603ef098584b4
- SHA1
  
  53967651e776246f3910002bb67562a6d0af84c0
- SHA256
  
  2bade2e1fc9a70cbd3f6aaa9c964567150416bf4742efbfff526d159e7b8f269
- SHA512
  
  fbaa418c41eb6a704e10f163835ae101881a5906a7739963e22440b35ae8d71e6e42a673d790b54becb799c8232d86f268dbb7b86031d5c5dd4c21302f7a74e7
- SSDEEP
  
  768:BG+TDeIz+avSPNWxdk8uSDmzItwhHXWT2nLHSRDGdhRBjG+DDGVWGvHhY:BveOAidk8uSRGWCeaa+Gva
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Cisco AnyConnect Secure Mobility Client/boost_filesystem.dll
- Size
  
  118KB
- MD5
  
  07ff2b30a1526b8b9860e8d5ed086806
- SHA1
  
  d2b1fe5ffc68e545062c33e3a3295a47abf52de9
- SHA256
  
  b4735e59d19e6984518ae11d640b9f7cb89e161d390285346602ee8a79d4aa75
- SHA512
  
  c8bee72040205bf2a5c80323b7d4f85f4f2a2c50abb4d992900c7b48f6984e9f2b6617ca7e71b7bf7a9746f2c90e61a0ae868a2ec101198f5202d19f2a1c7a87
- SSDEEP
  
  3072:VGGKu/VLwQR1ky0vAF2/Fk5kIEFor6SVTdUT75Ve:VGGKu/VLwYIAA++9ohVpUf5Ve
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Cisco AnyConnect Secure Mobility Client/boost_signals.dll
- Size
  
  63KB
- MD5
  
  caf87459ee21354084beda1453480a3b
- SHA1
  
  b64d232a18b0139231825d07fe0c54cd3ea12623
- SHA256
  
  5a9fe76f8d90803c09dd864e1b40f71aa5982a2312ccdaf7aabc21fd03fab118
- SHA512
  
  46dbacb83d73064a7178daf19797cb9d97e2420f6ad4e62fdb77337f65e7c5ed1086e34f842a906f6696c4c5aab7768b0c1735fb1be4e7f9c0dd1611ed9d4a5b
- SSDEEP
  
  768:BsZeY06WI66LyNTHqGHGEjDCvwc4Bqzxp32UK4Klt8LC/kdDGdhRH0GnzDGVJGSo:BsEYPw6L6z/DO+8xp3I4Klt8u/k8Jl3D
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Cisco AnyConnect Secure Mobility Client/boost_system.dll
- Size
  
  32KB
- MD5
  
  2352feae80994cd90490f71b4d8d3b9a
- SHA1
  
  f3d87b56681e20b19cbb4ae75c595a4e3dab2b74
- SHA256
  
  9eba069acc93515891a41d6a66afee728ce01978a9eb425fbf51baa9403f43f3
- SHA512
  
  41e0fa1826983069767c5da0029fe2339bfde526a5de1be1bb19d5b1e1988e35f16cefc3a336fd7cc240a2ce87b33674cc5747df175d769151c2d99e124afd19
- SSDEEP
  
  768:mukB1x1cnnFDRhUtUMquc5RDGdhR1GmDGV9G8hPH:M1LcnFFWRvcZgGH
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Cisco AnyConnect Secure Mobility Client/boost_thread.dll
- Size
  
  90KB
- MD5
  
  bc202a98ca82afd5feaeb00678427f39
- SHA1
  
  0e5d78dd3b3748012d7a15eb824f3d74cc057893
- SHA256
  
  2ef9f016389e3311f687957b9f6675cab0f88929033e1e23fd657abf8136bf52
- SHA512
  
  37e6d34f65766dc2f00172eb219ad44ad6e1887ce1e34a70f66c26ff010ed4b9b393369b1de2a3d9786dbd22f36ee69a7ee18fcb11e703e46cd6f00c844cef37
- SSDEEP
  
  1536:EqA5yIFN6BM8oAb7KgcvteBM53LZLux2ZXcpXNmzoPd0y+oo49JSa:q5yIFIM8pbeteBMXNZXI0y+oo4l
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Cisco AnyConnect Secure Mobility Client/cfom.dll
- Size
  
  387KB
- MD5
  
  d805e3c171dcbac06865329892e316dc
- SHA1
  
  e385f11c7a3c37fc906d0760f263f2fbb07e135a
- SHA256
  
  188e4e5b71a04c4428daf41c79cdfc902d2289295d981f540faff236f0ffd4b2
- SHA512
  
  b05129cd66d8c40e7aa88e75a83c18bb6b7e1459bfdc275e1d94ffe29c3f4cb203e6d9ea85c8366e8852b2dcad5a16305a20939c38c2724868f3d7fe3204c671
- SSDEEP
  
  6144:zqsfJVqWkraXabRmZoByMNI8eESnVwUQDxTaS0IRV3LkHIIII31EGS9uQNDjcxTX:zqsfpkPqogMNh5SnHixTJkdFTIPw
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Cisco AnyConnect Secure Mobility Client/concrt140.dll
- Size
  
  243KB
- MD5
  
  8651e6272e310d5c64d0c91ca975b029
- SHA1
  
  0e2433c8771ac420b5684c79e96eb7e206350757
- SHA256
  
  b721897db5542d5b0c970ec624440442ed9ae781e55147feb9ff264f70f66cde
- SHA512
  
  d99d049b9ae9f7bcf9e6737b26a90f544a08ff49e06fdc39617b869eb97676024e18ba42e680db255a8a04f323de494dd8e7b706007e9b961c78a64cdf078ff6
- SSDEEP
  
  6144:vGh9nrxRw13UyU2G8g1QYYZTDt3n2x+Bdv5zsSiBsTYrPlUEYD/QzkRWAFcUv12W:4InTDtXF15zsSiyZ/0UkzcP
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Cisco AnyConnect Secure Mobility Client/manifesttool.exe
- Size
  
  339KB
- MD5
  
  c91a28843e645dbafbdfaca8f0ec77a9
- SHA1
  
  915f6c343777465c720d0b0ce6482de79d4e35c6
- SHA256
  
  d987bc0b335a9dafafcceaab8a10096994cd523f0fb69ac2913a048075b26072
- SHA512
  
  32f5f00db051191d6364dd34c1594280094f030b3d3aec89ecc87fb3a98a563a6514a2ec4b444fdd705eb9f29b94b7112bd8cf57de283ae4a6b111aca5171c48
- SSDEEP
  
  6144:CVDDK/8HsuSpfcUA2B+fsNMBYShENdkh4AOU7AtrXJp:CdK/8HsuSpEUA2aTYIEIyK7KXJp
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Cisco AnyConnect Secure Mobility Client/msvcp140.dll
- Size
  
  438KB
- MD5
  
  1fb93933fd087215a3c7b0800e6bb703
- SHA1
  
  a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb
- SHA256
  
  2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01
- SHA512
  
  79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e
- SSDEEP
  
  12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Cisco AnyConnect Secure Mobility Client/msvcp140_1.dll
- Size
  
  27KB
- MD5
  
  cb8e791faf8a711f9863f759f37fd316
- SHA1
  
  ab7a1a33574364d8bfbeace46bda3c8192faf379
- SHA256
  
  f1efc4a0f0aef50477fc979642a51b1cdcd23c689f98afa9f5a039f5f05904f0
- SHA512
  
  30a30ffcb3514649d2aa747d4036eef50dbfd986d1bf8e5e855f74a5c55db61c4d77444378eddcb73a251cb22fe4f8658a0aa7989a78552b36a7fed5bfcc1a2c
- SSDEEP
  
  384:Kl6+smpXUJdqJv+lWcg53WlZwyRTpBnF0GftpBjfDc4HRN77D1Zl9SfYM:Kl6YUHqJvZCn+iBBN4YM
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Cisco AnyConnect Secure Mobility Client/msvcp140_2.dll
- Size
  
  168KB
- MD5
  
  4af173f59b892d99c8d5ff27828e64c2
- SHA1
  
  348b4c24daeee22c28be7083e152d04fa9689005
- SHA256
  
  53a0aeac7d59a707a10a95707788015f1824a34a69905a1728d9987b955f4b45
- SHA512
  
  66a4299d3ba16bda5577df153043a4239a69f3c6bf8ec2051e9b0a0df0aefbacdc1186593485f1d035ec93b0cb30f384dca79c949c70f34823f5b831632a2aba
- SSDEEP
  
  3072:QeMZ3i6hr8dqXk7Bto76vriyFiE96jRjcdZaDyYy5m:wZhiFto76pFiE96hkDNM
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Cisco AnyConnect Secure Mobility Client/res/company_logo_alt.png
- Size
  
  15KB
- MD5
  
  c7e778218df157c50f830f50b80920c1
- SHA1
  
  1a663756fc7c61af6a1e22515512c765d41bd581
- SHA256
  
  26191352fc816f284d7972fab918474ff12c715ae373564aa94a9a859d6d9475
- SHA512
  
  d3869d1d01890b4b9ce9e97e33af80b9f4b1d84bcd768a4632940bec0d604d3c296b321286c4ad9e1ab7c08f5c90d42b7a95abbfe64876477185ed9f38bef063
- SSDEEP
  
  384:MSnfZRNrWyENRPC4OHYiiq9jQ5ZjmSq4Xwnw+HhygIa:z7NrWyedkHLd9jQXjmSq4ABEgH
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32