221944cf8cf33d706f1418545c2cc5f375743e0cb2db913ceda97b7eef31f776

Resubmissions

04/09/2024, 18:35

240904-w8k1bsvcjk 9

04/09/2024, 18:30

240904-w5jm4awcmg 9

Sharing

Copy URL Twitter E-mail

General

Target

MixerLap_x64.rar
Size

81.0MB
Sample

240904-w8k1bsvcjk
MD5

f943bc1085e858bd50e60213371cb223
SHA1

946982492f68d3c3eee3983fefcb551c7468349c
SHA256

221944cf8cf33d706f1418545c2cc5f375743e0cb2db913ceda97b7eef31f776
SHA512

f41dbdcb0faeb2eb23ad0ebcc2998635d9557be263022756199e071fcd899e4cf434d0c7e8877fa8c900db45c079b3120916fb5de3a37d7cade59fb06d2b5d24
SSDEEP

1572864:5zfTDmsyuZLO0jEc+20cUToIGdGIi9u4LWOJK8NgbKsYh4tidXX8Pyb0iIoF0xs9:5LHHIhAzzHdG99u4L3/gbVYhYidvYiIo

Score

9^/10

Malware Config

Targets

- Target
  
  MixerLapx Setup 1.7.3.exe
- Size
  
  81.0MB
- MD5
  
  af594291a273b2b971a12048ca6e1983
- SHA1
  
  3daf13475d11c8c51b923c9d04692dcd52a9010f
- SHA256
  
  110e87aae10a76bd4998724509ed628608c5df296913e051ee7550ab3d4ee698
- SHA512
  
  915c2fb2706ee29eff889c9194936b921d66ee4c88b207b981e7df73062a041b3dccea7dda87bf4ff34a956ce3863ff5cc39022013ae6a777c569ab0c47faad9
- SSDEEP
  
  1572864:gzfTDmsyuZLO0jEc+20cUToIGdGIi9u4LWOJK8NgbKsYh4tidXX8Pyb0iIoF0xsR:gLHHIhAzzHdG99u4L3/gbVYhYidvYiIS
Score

9^/10

discovery credential_access execution spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Run Powershell to get system information.
  execution
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  9.0MB
- MD5
  
  f017c462d59fd22271a2c5e7f38327f9
- SHA1
  
  7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9
- SHA256
  
  40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37
- SHA512
  
  72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07
- SSDEEP
  
  24576:G8QQf6Ox6j1newR6Xe1Vmf86k6T6W6r656+eGj7dOp+:fG6eGd
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  MixerLapx.exe
- Size
  
  177.5MB
- MD5
  
  52ca1f3fae0ed5d90a9700949e63639b
- SHA1
  
  1e4d11282529e87a0652249bbcc4ba4953e82ba8
- SHA256
  
  a1e27c69e0d104f6f89ef98d5baa6718fc3de16462c0a7063552383b845eefe6
- SHA512
  
  64ffdecf041ad2c08351aa8986a73cd87c64f1a5c6ac394c48075fe4b9cc6f3fa865d5daf79a4081146d879d235d6bec2eb83e6662461c1a7a1a6d4cd3b5d945
- SSDEEP
  
  1572864:t6SlyW//ASwc0eKrtjR3QelIHvSfIc7ro6f1cVYc+lj3PVXaC2DPLTCncMHzNHt9:o4KZxQrFQl
Score

9^/10

credential_access discovery execution spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to get system information.
  execution
behavioral13
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7b7470c347f84365ffe1b2072b4f95c
- SHA1
  
  57a96f6fb326ba65b7f7016242132b3f9464c7a3
- SHA256
  
  af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
- SHA512
  
  83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
- SSDEEP
  
  49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
Score

1^/10
behavioral14
- Target
  
  ffmpeg.dll
- Size
  
  2.8MB
- MD5
  
  ebf0485fbf546b010c2b10c5c8e7d5ed
- SHA1
  
  a4a546f6be93bae535aa724ce2832f428cc91f89
- SHA256
  
  46a20d91861f6e966959635dd5f1adfd7f33449dd814a9aecf207b0cd53117ba
- SHA512
  
  9e6011c0269556376907850fddac8fdf50e132434da7daf4d87be83c1b89b7aef847b25b6216686915225a82374fac6ff987f22efc01d5b1c2cc81d53d7facc9
- SSDEEP
  
  49152:SQFsi7+HXKvCJkvYio7E2yxIHjcQ++X6CfzBDWV/Hf3d:SQFuJ7iW7yCDcQfa/V
Score

1^/10
behavioral15
- Target
  
  libEGL.dll
- Size
  
  473KB
- MD5
  
  4c01b3614be1f38a6d594443a547c257
- SHA1
  
  7eaa456b164613577d0965ab5a57ba2b681a6ffa
- SHA256
  
  e36da1a4228899bebe50cc5da1fcbbc590cdcb3ddee0b2a19defd99a805b6ed4
- SHA512
  
  b72fc071dc791c63978465a68c9a4904d5f1c458d302bb710e83576f20ef928d73c487248a305bb455990c2d8a6b894ee47d88bca6bc92360f286849ae1a1257
- SSDEEP
  
  6144:fx7X9FY9N9dlUxMxHbjjvKir8WQ3hP3yUo6DyKuyY:RXgNlUixHbjDIWWP3yUo6DC
Score

1^/10
behavioral16
- Target
  
  libGLESv2.dll
- Size
  
  8.0MB
- MD5
  
  9bbeb7b27646442c8bc2d202a73516d5
- SHA1
  
  a7f7a52dc45bf130581953e07ce9b9851cbce90a
- SHA256
  
  2b80817443265e7979b9a77075492e8e29be3ba775d20f646cdda391efbab21c
- SHA512
  
  f9826e43f53bb9b906b5c62ff2502d4e8dc3ff99b72420cf313a5811061cb146651cba3b8f864f34dfcfd51c6e3b39a0a640719ef94d7696bdc4fab7e9d16785
- SSDEEP
  
  98304:HZM87bHub/9cQtRy/EguNnOqofF0iGULhtNn2uXC3ST:HZM87bHub+gR4ukv5Lhf2GmS
Score

1^/10
behavioral17
- Target
  
  resources/app.asar.unpacked/node_modules/@primno/dpapi/dist/index.js
- Size
  
  412B
- MD5
  
  0b33e83d33b01a51625a0fdcbef42ce3
- SHA1
  
  1c29d999ff7da39426b97f2eb31a3d83db8f5fc7
- SHA256
  
  a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2
- SHA512
  
  1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c
Score

3^/10

execution
behavioral18 behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/@primno/dpapi/prebuilds/win32-x64/node.napi.node
- Size
  
  137KB
- MD5
  
  04bfbfec8db966420fe4c7b85ebb506a
- SHA1
  
  939bb742a354a92e1dcd3661a62d69e48030a335
- SHA256
  
  da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
- SHA512
  
  4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65
- SSDEEP
  
  3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/deps/extract.js
- Size
  
  224B
- MD5
  
  f0a82a6a6043bf87899114337c67df6c
- SHA1
  
  a906c146eb0a359742ff85c1d96a095bd0dd95fd
- SHA256
  
  5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74
- SHA512
  
  d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240
Score

3^/10

execution
behavioral22 behavioral23
- Target
  
  sqlite-autoconf-3410100/Makefile.fallback
- Size
  
  547B
- MD5
  
  8ff4cdbeec29d794549a0aa48da06bc3
- SHA1
  
  7fd897fc720b6c9c6f760867c97a95431fa4693e
- SHA256
  
  67d473327dd92f5cad68fddb78b8bb3e8745aba851147945893e4db5a2b59892
- SHA512
  
  9871a654d8b140ad5d6768d385b86ba7f32927f8ed6374e62c93db99be4a40841f6900d648f33d07dc118b6ea93f00c45f53e4b675643b2b487c9c0df1ea1474
Score

1^/10
behavioral24 behavioral25 behavioral26 behavioral27
- Target
  
  sqlite-autoconf-3410100/Replace.cs
- Size
  
  7KB
- MD5
  
  335ee30449b5d0d52ab314dbff93d52f
- SHA1
  
  02c67258801c2fb5f63231e0ac0f220b4b36ba91
- SHA256
  
  74ba0687a84c328df2836f73d7d36368099a5f5c1c360a84211e51fa71f1dfc0
- SHA512
  
  02f40bc955c833105811f78471e29f062c1cebfe4bd96ffba941670c0026ad5bbc81f336b7c2c6b9f804c67ed46c9dabab927ec0fb4c709bd7a049454f27073a
- SSDEEP
  
  96:lJC/3zjNPMMQIQBmajlyM3px6D3t1KO4vNoHyJ:l0iAM3vlO4vNcyJ
Score

3^/10

execution
behavioral28 behavioral29
- Target
  
  sqlite-autoconf-3410100/aclocal.m4
- Size
  
  364KB
- MD5
  
  6f9e7a7b0ab591c27b3cbf01a3c1036a
- SHA1
  
  1f464e1017c18769c630a1d4fbfe9acd57a303ec
- SHA256
  
  a459cf9e72aa3bf51c748226e37c2e192144047e3b1a5173119b92fa62f2bf82
- SHA512
  
  aa0aec1a3442ecf4bbcdb908f32d72803e0988ca0b3d6ebaf32a49a2a898328c3bb71cf77ca3b062d55ccec9d86953fa52ddf02460d7724de09a4efb38d8ef7d
- SSDEEP
  
  6144:tdAwSQSqrgHFnOvwYAU9FWgi/2WDg5+YaNk56cHrYw+Zg+XrZsGEREYRGAFU25tt:rAtM7E0LQNnc
Score

3^/10

execution
behavioral30 behavioral31
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/lib/binding/napi-v6-win32-unknown-x64/node_sqlite3.node
- Size
  
  1.8MB
- MD5
  
  3072b68e3c226aff39e6782d025f25a8
- SHA1
  
  cf559196d74fa490ac8ce192db222c9f5c5a006a
- SHA256
  
  7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01
- SHA512
  
  61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61
- SSDEEP
  
  49152:B+m+ocH2xfpTOi8stmFlZwwpx8AzdWgl+06OHULH5dsGfl:ihCTOi8sQrZwwpxTbG9
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Credentials from Password Stores: Credentials from Web Browsers

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Command and Scripting Interpreter: PowerShell

Enumerates processes with tasklist

Credentials from Password Stores: Credentials from Web Browsers

Checks computer location settings

Reads user/profile data of web browsers

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32