2db44b086d860c51a4f45f43a739cd20fb0822189deb1c1cf13e4b5a3b05bc3b

Sharing

Copy URL

Twitter E-mail

General

Target

gpg4win-4.3.1.exe
Size

33.9MB
Sample

240904-wa1ccsthlj
MD5

cff05af81adc5ca0066baf07d17edb24
SHA1

7c5fa919c2eb90194e844de027a36e87c7be8a80
SHA256

2db44b086d860c51a4f45f43a739cd20fb0822189deb1c1cf13e4b5a3b05bc3b
SHA512

6db824e5da2a9c0af492e78f06fd18fc864eefeb3de4861b09eee6e9da7db2b4a5c181061262deb530dedd56640c314647cac4b49c9b7bb65f7b6020f79f4e10
SSDEEP

786432:4xIC7bI5s6sxkbB2mULpBWfrw5nqGBbC7cSEW/4jHQrXcvbYZJiGLEhUiqQS:QwK6sSbB3ULpBWM5qG62HqBiqFQS

Score

7^/10

Malware Config

Targets

- Target
  
  gpg4win-4.3.1.exe
- Size
  
  33.9MB
- MD5
  
  cff05af81adc5ca0066baf07d17edb24
- SHA1
  
  7c5fa919c2eb90194e844de027a36e87c7be8a80
- SHA256
  
  2db44b086d860c51a4f45f43a739cd20fb0822189deb1c1cf13e4b5a3b05bc3b
- SHA512
  
  6db824e5da2a9c0af492e78f06fd18fc864eefeb3de4861b09eee6e9da7db2b4a5c181061262deb530dedd56640c314647cac4b49c9b7bb65f7b6020f79f4e10
- SSDEEP
  
  786432:4xIC7bI5s6sxkbB2mULpBWfrw5nqGBbC7cSEW/4jHQrXcvbYZJiGLEhUiqQS:QwK6sSbB3ULpBWM5qG62HqBiqFQS
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  bin/plugins/kf5/sonnet/sonnet_ispellchecker.dll
- Size
  
  48KB
- MD5
  
  e287428ce59a63912ab7d28c6c17b6fa
- SHA1
  
  3bc1d4fab81f897b2218705d5b34afe3c47d4d40
- SHA256
  
  dfe5df79ff94f89849793d39cfc144900837fca600dfef0c1e271dde77fca463
- SHA512
  
  ab264491828a7e0e68cedf59628409668029188935982d32963fc2509e8bc1d5f2359163de6467746ec64acc830e88b4dea03ae933236212761d37da668efada
- SSDEEP
  
  768:O9J/3vuIXmwB6k0O2JWqC3QUPdFWVEoSfXY7DDlBPfFL31W7Lo7HtZ3aZ3Pvbs5I:4/3vFGFT1W7gHtI3PY5rmmP0h
Score

3^/10

discovery
behavioral2
- Target
  
  bin/plugins/okular/generators/okularGenerator_poppler.dll
- Size
  
  292KB
- MD5
  
  a7c413f4b11e54e53f533b2356d6a43c
- SHA1
  
  269417919a72bb3ff4f56e696342523b69fc1186
- SHA256
  
  98fb08f893309777c668ac4eb139d4f7761e77257a044ecfb9407a25ae0408d6
- SHA512
  
  73faf009b0a7c1fd05241f4666eaaa0baa0901a973d3795e92c2284298816e6bebcec0999a8089b37ca92aff9cc866957eee5c25aa506bd605b493fd34c63624
- SSDEEP
  
  6144:LEMx7s+IIK/6p2Auku1yreGZ4Y3eeA+R9mntAqkpA9tN9v3dnCrmob:LEY74IK/6p2Auku1yreGmY3eEfmni+fE
Score

3^/10

discovery
behavioral3
- Target
  
  bin/plugins/okularpart.dll
- Size
  
  2.1MB
- MD5
  
  c7575ad9b83da60555bf9b17ef1097b1
- SHA1
  
  7b778bec48bfcf3c82062c8d614aded702842b33
- SHA256
  
  42abf86c67674d817465646839aafe905fcf79d682d226749942fe36613174fd
- SHA512
  
  667d1e6f05e2cb5a16d4ce2ba404a56d0f2bed2acbfaa513e2d16caac096a4bcee1e6f668034309182512ea13fb567c5886aa90caff0dbcf2cb9fff3c1b0eb3d
- SSDEEP
  
  24576:rgqKXzZkTOkkahQ90ddrsatNu5vWZlzkU/XmFPRCLRxpZm6OAxBrmpZcjl+8YISI:nRWSdohWoGbBzySGoLUs6i
Score

3^/10

discovery
behavioral4
- Target
  
  bin/printsupport/windowsprintersupport.dll
- Size
  
  59KB
- MD5
  
  0eb4b5694e0988320297a3ce2187701e
- SHA1
  
  00d47d172b848a36cea262039cd08d47f7a16d81
- SHA256
  
  8636352f528349f966f0b0ecaf951acbe409ac76f0604a816fa3afddd57d4042
- SHA512
  
  33b57b66a6fee5e25b5281271be48218a5161e10d1acc9ae6981eebc943a953ec88056db7b51128a766101fdb5ca0c42d04bec3045083bdde05fa286d1c5f420
- SSDEEP
  
  1536:u3dom2EyGLlMh0jU3CzeaHrrQPK3Euwo1k2rmbP0c:u3dgE7ihcU3CqweK3ED2rmbP0c
Score

3^/10

discovery
behavioral5
- Target
  
  bin/resolver.exe
- Size
  
  231KB
- MD5
  
  171c5648c202687345e5772f03c085c1
- SHA1
  
  f5b00c66c54d9fbeab4cb9d1a2c1e97bbe0e84b1
- SHA256
  
  3f88aaf4970547f2b93bec480c0bf375b8ec815a4f408fd146e08ca0b971f0b5
- SHA512
  
  3d200caa6cc8a93d570b576240fccdffff3d4b73f3b0e9c5e445e44e149f5fe4302a2bcfe762bbc2c53669acdefd5c3c8aefebf098f9942343af1ac62f4a2649
- SSDEEP
  
  3072:4Q41FKJnkgkOytb3Mi5eT+ORw+8kd4v6Ra3d/2rmgP0+c:451QJnaOW5e+ORck66Ra3durmJ+c
Score

3^/10

discovery
behavioral6
- Target
  
  bin/scute.dll
- Size
  
  350KB
- MD5
  
  1565ed3820d00ca621e681c4325f622e
- SHA1
  
  8a5331b17a59a63d39307bdcb4956ab60681a479
- SHA256
  
  f917e5275867afca782ad710f3ec47b78590df5e78701632727fb56d2b332013
- SHA512
  
  99ffd2f11add0036150236b74699dbf1ce4af91e328409d203766dcd62ec2f04336f1b893c312a0ee1b6a2523bc13a33d49b0dabd67dd0102f334365cf11ff80
- SSDEEP
  
  6144:oajIFDXxUB4llewsOVO9wYEMHttAu1l/Q5YlUQVHl8QdplOQBKlhQk1WGpHz6ALT:PcXBlewsOVO9wYEMHttAu1l/Q5YlUQVO
Score

3^/10

discovery
behavioral7
- Target
  
  bin/scute.dll.tmp
- Size
  
  350KB
- MD5
  
  1565ed3820d00ca621e681c4325f622e
- SHA1
  
  8a5331b17a59a63d39307bdcb4956ab60681a479
- SHA256
  
  f917e5275867afca782ad710f3ec47b78590df5e78701632727fb56d2b332013
- SHA512
  
  99ffd2f11add0036150236b74699dbf1ce4af91e328409d203766dcd62ec2f04336f1b893c312a0ee1b6a2523bc13a33d49b0dabd67dd0102f334365cf11ff80
- SSDEEP
  
  6144:oajIFDXxUB4llewsOVO9wYEMHttAu1l/Q5YlUQVHl8QdplOQBKlhQk1WGpHz6ALT:PcXBlewsOVO9wYEMHttAu1l/Q5YlUQVO
Score

3^/10

discovery
behavioral8
- Target
  
  bin/sha1sum.exe
- Size
  
  59KB
- MD5
  
  ebf393a496dae469c5f4b87eaab529ed
- SHA1
  
  908f55b10d465500e2b9ab762d9144b0664483b7
- SHA256
  
  b3d711d469002fadb5cd408f4c35c5a59191d38673910ab842f262acd50adf3a
- SHA512
  
  709214db1872590afc64f570534da174678238ff0242249bb67de72e6e2561a7f6bb185fc49bd75e8d7211421fd6444e997007ed69a57bf3ca14b3a7b4b72105
- SSDEEP
  
  768:KYhQuHaUHTiw5zQgOUoffQX5UQkys+UKHWLq/DRLCTg6LqTiV1VaXLkjEa/:KYhLHzuhgpKQ+QkhRLq/MTrmuP00/
Score

3^/10

discovery
behavioral9
- Target
  
  bin/sha256sum.exe
- Size
  
  55KB
- MD5
  
  76a1e3f7b7753b75c05d10532ccdad21
- SHA1
  
  b5033c78d50701a40a51a4388d7ecbb76ae8639f
- SHA256
  
  9d66ae18e36c91b9b7a0a3630fc176ea02ca700bdd77767f7bce5635160b7519
- SHA512
  
  6843451eae90d6c586449c2af8c4e5afc5c89833b65729db7bef8572c126c1085010706da4460276a382f9923bbd60beb4647bc5e1dbc54eda5937d501836809
- SSDEEP
  
  768:CXPFbs4eYu/3wiw5Kqg7UrVCK675fsVys+4KHijQEB1/DRLCKg6LqT+2bV1VaXLl:b4QrEgIN61sV1pjQa1/MKrmZP0nB
Score

3^/10

discovery
behavioral10
- Target
  
  bin/styles/qwindowsvistastyle.dll
- Size
  
  206KB
- MD5
  
  80cfda115163d968bb144f0d02cadd9a
- SHA1
  
  bd0236625ed8914a0251dd9f4df7a2809db9c74a
- SHA256
  
  647e1c93b337b0c1fa334e88e208b3bd11134cce434cf93b49b9eb657e198194
- SHA512
  
  231bbd8bdd5086c6f19f54e39942c60c9b6cd44e89fe81c75b1b55d7e4bb6ccac6de61698bd21c0939e1b8c044f6cfb58d9f9127e56a7b86f77a518cf0a312de
- SSDEEP
  
  3072:p5eFkpJa0H1BWVWYawokW3VJXj1ssssssssCsssY4sssdssssssQssvJk3FHwlhk:DpsrVoZfHcg7+3xrmWP
Score

3^/10

discovery
behavioral11
- Target
  
  bin/zlib1.dll
- Size
  
  140KB
- MD5
  
  b4be42518e7ecb8758d2d184db0cc674
- SHA1
  
  de68a823b6fd95ef7b9f6ea87fb0004462258701
- SHA256
  
  49ff1dba97bf62f0bfd5f357e08be7c2617b2f64b56eedaaf161e07bc6a7cfc0
- SHA512
  
  85fe5efb43785c835bfed27b44965d261a337b653fd46f8890c8309cbe7b210359f393e28fb091784fa8646b38996b1cfd464e0a9f511375e498498aec59117f
- SSDEEP
  
  3072:sEpp8vhVUC3mYFhgBv89foW+jv4y2WVkIXBrm6P05:sEHyhVrzkBvwgW+jt2WV/xrm/5
Score

3^/10

discovery
behavioral12
- Target
  
  bin_64/gpgex.dll
- Size
  
  492KB
- MD5
  
  6e3aa6891c29084e022089c4767396c8
- SHA1
  
  b91a892fa7ada3f5736960445abb1a1c1e86e19a
- SHA256
  
  5c99a4689c519fc0f918130cba268664a01e2ea23ede4e9aad5aee9abc1a3bc3
- SHA512
  
  65866cfbd80c451305c2f466ebc0c82018c0f280256e3e9f0f9b4084dffc4af2a0643d9283f5ba6cf7219102ea504b2880bc441719f0d079c9e78865d629431d
- SSDEEP
  
  6144:dXg8fS4haHQhgVWz45T0v7gUh2cyklmkRPuTxUqEBVt/vVf1JJKDo7wvxsaFUPKT:dX5fZhmCz45Tg7gUBtaTxmt/j/r+
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral13
- Target
  
  bin_64/gpgex.dll.tmp
- Size
  
  492KB
- MD5
  
  6e3aa6891c29084e022089c4767396c8
- SHA1
  
  b91a892fa7ada3f5736960445abb1a1c1e86e19a
- SHA256
  
  5c99a4689c519fc0f918130cba268664a01e2ea23ede4e9aad5aee9abc1a3bc3
- SHA512
  
  65866cfbd80c451305c2f466ebc0c82018c0f280256e3e9f0f9b4084dffc4af2a0643d9283f5ba6cf7219102ea504b2880bc441719f0d079c9e78865d629431d
- SSDEEP
  
  6144:dXg8fS4haHQhgVWz45T0v7gUh2cyklmkRPuTxUqEBVt/vVf1JJKDo7wvxsaFUPKT:dX5fZhmCz45Tg7gUBtaTxmt/j/r+
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral14
- Target
  
  bin_64/gpgme-json.exe
- Size
  
  125KB
- MD5
  
  aebec3d9ef95acd0bece3d2b11d41326
- SHA1
  
  f89b2582e56b580ca7b3b16ca8bc91cdc1d6357c
- SHA256
  
  e2b8fc2dfdd0b4a36d26bb87be09859e243ad9e69e4528fe4514875142e1cdf5
- SHA512
  
  6cb40ddca26e0e7db6a4fb087181d03f5f7e1e1ce97911c665807400ae036c376469dac28301ac624b3ee1e5001799b8037ecf6284bbf6c95b414809873eb8ba
- SSDEEP
  
  3072:or6B+kp1IjnxM1ci7Y+d2s0LkinkrmIP09:P/l1caSnkrmh9
Score

1^/10
behavioral15
- Target
  
  bin_64/gpgme-w32spawn.exe
- Size
  
  63KB
- MD5
  
  368ac6dd68419c1f1155ac365e8f97ed
- SHA1
  
  32195d240b8664f3913590f8842642822bdd0d33
- SHA256
  
  792a7b3fe841da7d6570c1a4783bdd4040bb47c54eb5560e8d18f52d0a4e579f
- SHA512
  
  d1c8160e041bc17f896c660a261043bcbf311304460d03f87b9fccdd7c35f1c16b73f8645bef68c50608b39b7d1d679e563eb10596a5d9208e55b53313d7f1b8
- SSDEEP
  
  768:iIWu/oB2hv4i9Wfk4bZhIub6x5WPjYWEaJUYffwH5Yyc4WnHHUhxLg6LqTiV1Var:hWu/hvjJ4bseA+UawyYrm+P07
Score

3^/10

discovery
behavioral16
- Target
  
  bin_64/gpgol.dll
- Size
  
  2.8MB
- MD5
  
  cb24c4a9759526e8b1b1186e1bfc6371
- SHA1
  
  b71236abfeb6de237d8543db885d774ceadd1dce
- SHA256
  
  00cf36f72afabcba8c4b48d57b9afcae080d5df802501b488e4c16a8f712478e
- SHA512
  
  4d6b79c81d27acc0fec927eb1a56b269b074aa29030d03338a343d054d4e86c980b371cdc673d5598d54a34d3ece8e1ea7fbc05e809c73ad87b9e19d36f76fb1
- SSDEEP
  
  49152:tHOPHPen6/PB2CdEL22PD93rTLgM9i8TrwZjnp7Dy/8ototgD6Hb:IXen8BvSPbg4iNb7Dyob
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral17
- Target
  
  bin_64/gpgol.dll.tmp
- Size
  
  2.8MB
- MD5
  
  cb24c4a9759526e8b1b1186e1bfc6371
- SHA1
  
  b71236abfeb6de237d8543db885d774ceadd1dce
- SHA256
  
  00cf36f72afabcba8c4b48d57b9afcae080d5df802501b488e4c16a8f712478e
- SHA512
  
  4d6b79c81d27acc0fec927eb1a56b269b074aa29030d03338a343d054d4e86c980b371cdc673d5598d54a34d3ece8e1ea7fbc05e809c73ad87b9e19d36f76fb1
- SSDEEP
  
  49152:tHOPHPen6/PB2CdEL22PD93rTLgM9i8TrwZjnp7Dy/8ototgD6Hb:IXen8BvSPbg4iNb7Dyob
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral18
- Target
  
  bin_64/libassuan-0.dll
- Size
  
  154KB
- MD5
  
  04932b84e5cd4ea826840ee8ede549b0
- SHA1
  
  6fe6f09021d4341537ea0c9010048d37462a0782
- SHA256
  
  74df283d6dde5fc5db3073619f712a80c9debe38291d3ef91edcd3c220601407
- SHA512
  
  35e5c73e59785df4e30bbe0b8b27960c9f38e3cf4944e0470622df20424b421387648172427c17ad3502fac3e2df4d1c21f2b9b1e5261b6707a528d79f9f3c00
- SSDEEP
  
  3072:CHpTY9D4S6S8AFezF9bqtdf1i+PTHnlLee0cw1XbCzoll1e+Asrm+P0w:CHpTnF+qe3yCzolfe2rm7w
Score

1^/10
behavioral19
- Target
  
  bin_64/libassuan-0.dll.tmp
- Size
  
  154KB
- MD5
  
  04932b84e5cd4ea826840ee8ede549b0
- SHA1
  
  6fe6f09021d4341537ea0c9010048d37462a0782
- SHA256
  
  74df283d6dde5fc5db3073619f712a80c9debe38291d3ef91edcd3c220601407
- SHA512
  
  35e5c73e59785df4e30bbe0b8b27960c9f38e3cf4944e0470622df20424b421387648172427c17ad3502fac3e2df4d1c21f2b9b1e5261b6707a528d79f9f3c00
- SSDEEP
  
  3072:CHpTY9D4S6S8AFezF9bqtdf1i+PTHnlLee0cw1XbCzoll1e+Asrm+P0w:CHpTnF+qe3yCzolfe2rm7w
Score

1^/10
behavioral20
- Target
  
  bin_64/libgpg-error-0.dll
- Size
  
  246KB
- MD5
  
  efe675c00c0543dd08ad96e4d7dd022c
- SHA1
  
  539a1724c5db6279d239e28bf0bc1d06751cdf02
- SHA256
  
  ef3a3677540aa47f1543c475e4531ce8be0c70fbe3b75957c0ad6a0993a4eca5
- SHA512
  
  9e35d053d2c2cd5b3a70ecb88023b3854a7837d4fd0498622c9238a5d8ec0e2ddd51070a8525e2ed066b76e67ffb4602bbe7bbf1057d23373a71287ae7b2c126
- SSDEEP
  
  6144:azN0KgZEaVmFI2qmDsHVf1JJKDo7wv52DP3dBrmSF:m0KgZcFIHmJU1BrR
Score

1^/10
behavioral21
- Target
  
  bin_64/libgpg-error-0.dll.tmp
- Size
  
  246KB
- MD5
  
  efe675c00c0543dd08ad96e4d7dd022c
- SHA1
  
  539a1724c5db6279d239e28bf0bc1d06751cdf02
- SHA256
  
  ef3a3677540aa47f1543c475e4531ce8be0c70fbe3b75957c0ad6a0993a4eca5
- SHA512
  
  9e35d053d2c2cd5b3a70ecb88023b3854a7837d4fd0498622c9238a5d8ec0e2ddd51070a8525e2ed066b76e67ffb4602bbe7bbf1057d23373a71287ae7b2c126
- SSDEEP
  
  6144:azN0KgZEaVmFI2qmDsHVf1JJKDo7wv52DP3dBrmSF:m0KgZcFIHmJU1BrR
Score

1^/10
behavioral22
- Target
  
  bin_64/libgpgme-11.dll
- Size
  
  410KB
- MD5
  
  351602be3f51883a098f4d19ad882754
- SHA1
  
  9cbb3d7f5bba9d1dade3ae9475a060411f1f6985
- SHA256
  
  cc15a2b7b56f64efdb09d6bc7c99482f84c96d76a3a72a5a33a20e5bc03d2d31
- SHA512
  
  2cd4570420f61a9212fc51ea320bb037e5231fef174305731635d50ee8371bfb047da3184ac37f1dd281bf274eb8c26871a9b78b1197f75e824cfa5a6643b450
- SSDEEP
  
  6144:a7TpoDgMBq3cuxPRcqA5aKfIg5CeEO4gPbrmNg:IogMgRcvagqtgPbrX
Score

1^/10
behavioral23
- Target
  
  bin_64/libgpgme-11.dll.tmp
- Size
  
  410KB
- MD5
  
  351602be3f51883a098f4d19ad882754
- SHA1
  
  9cbb3d7f5bba9d1dade3ae9475a060411f1f6985
- SHA256
  
  cc15a2b7b56f64efdb09d6bc7c99482f84c96d76a3a72a5a33a20e5bc03d2d31
- SHA512
  
  2cd4570420f61a9212fc51ea320bb037e5231fef174305731635d50ee8371bfb047da3184ac37f1dd281bf274eb8c26871a9b78b1197f75e824cfa5a6643b450
- SSDEEP
  
  6144:a7TpoDgMBq3cuxPRcqA5aKfIg5CeEO4gPbrmNg:IogMgRcvagqtgPbrX
Score

1^/10
behavioral24
- Target
  
  bin_64/libgpgmepp-6.dll
- Size
  
  408KB
- MD5
  
  06c50e819e3d4f33bc25ae7ab3fda4c3
- SHA1
  
  4393d514c85c7038610a5a186ac66e613b7681f9
- SHA256
  
  0fc4cc791d545616f6b4b093e9355fd0b8d0be8da3ffc5a04be96aaf840dcff0
- SHA512
  
  721455fa2553217bbf665cb475f2c4d5ecbe15ac5b01ad2cd496a07c208cf8dbabb3d58f6dc82663f37049cb72cdf62e789e19fa1a42cba3063a08464dac589d
- SSDEEP
  
  6144:jTX95evyvoGmNRC91ErHqXVxErH6BRH5OnBluiIgTWbpr0Kf3F6AnACO4yrmc5:fX95BvoGmvIxXVxZJF6Rr7
Score

1^/10
behavioral25
- Target
  
  bin_64/libgpgmepp-6.dll.tmp
- Size
  
  408KB
- MD5
  
  06c50e819e3d4f33bc25ae7ab3fda4c3
- SHA1
  
  4393d514c85c7038610a5a186ac66e613b7681f9
- SHA256
  
  0fc4cc791d545616f6b4b093e9355fd0b8d0be8da3ffc5a04be96aaf840dcff0
- SHA512
  
  721455fa2553217bbf665cb475f2c4d5ecbe15ac5b01ad2cd496a07c208cf8dbabb3d58f6dc82663f37049cb72cdf62e789e19fa1a42cba3063a08464dac589d
- SSDEEP
  
  6144:jTX95evyvoGmNRC91ErHqXVxErH6BRH5OnBluiIgTWbpr0Kf3F6AnACO4yrmc5:fX95BvoGmvIxXVxZJF6Rr7
Score

1^/10
behavioral26
- Target
  
  bin_64/libwinpthread-1.dll
- Size
  
  64KB
- MD5
  
  4f8c576f1515282ff03306b01de7f75d
- SHA1
  
  52cece362f99e1b65732f54275f9ca984338882d
- SHA256
  
  c27f1770f0648a3feb826c6d480cecc37d8d807f193f45b721eb466688ff3998
- SHA512
  
  7dde6f439314c79c485a3b2eb7213fe17fc822377984b77cfa4012e2ab0bac4c0a5b2951727497d2017dba2140646e71a169bfa720e0c19d54fe4ff81552e59a
- SSDEEP
  
  1536:Xoun2j59yXrmGv5jqGcZJt7im3YtQrmEKP0m:XUyhAJt7im3YtQrmEKP0m
Score

1^/10
behavioral27
- Target
  
  share/doc/gpgex/gpgex-de.html
- Size
  
  2KB
- MD5
  
  f59951eae0f1898b812ec7ce84b786d5
- SHA1
  
  63cab0810c223feeb9b396940e3e494457fec5e0
- SHA256
  
  637d71218c8e5b85c1cd07127f88c87dfec3871512041461370d34c12c1a69b3
- SHA512
  
  cad4d9db401fd36e9fc09b9283b58a0fff92e8c32f5fa818c4a47a1c20c6218b1eb3da6cfbe57ae1aa79d74587878b66e44447006cad226cb8af5e032fd2e576
Score

3^/10

discovery
behavioral28
- Target
  
  share/doc/gpgex/gpgex-en.html
- Size
  
  2KB
- MD5
  
  9dfddb7b5f503a4fe689697690842363
- SHA1
  
  69d9a1d4efea4d7b21a7fc3b17c6aab299661f74
- SHA256
  
  2be9f0e5dc47e3bfebcec728fb952c87dafe2333c43ecec9468ded1e4b603eeb
- SHA512
  
  fabe4358ffbb6acc8a48565a8054c7cbaf9c85d5d87bb59f92d9b65dbc938949e61c4c5876a4e75f27c98ef3b9318851ee0f7741718df25759364612c855cc93
Score

3^/10

discovery
behavioral29
- Target
  
  share/doc/gpgol/gpgol.pdf
- Size
  
  187KB
- MD5
  
  ece45e33f2479062c71d159fad29770f
- SHA1
  
  ccfb0fdeaa65330b6927669de516ae1bd9660ffe
- SHA256
  
  100c497d4c4e0aa5e6ee4f179b02b92465533999af664f40a899a8734b162a6e
- SHA512
  
  af2ba0faef03117945406e188d0a5420b10df79019049b5f36c156b7b3ef30f630af7eda698f7325f28a6c5da3d958e126116a5a6fdca760ee4dcb7494f56677
- SSDEEP
  
  3072:UpcoEcm0jeXkyRx6x1+a3x2yRuVgWlpY9NUvG6mwGX2o/ZlU/uA9r99:oucZ5x2yY+WlpY/UvGXrZhK289
Score

3^/10

discovery
behavioral30
- Target
  
  share/gpg4win/gpg4win-compendium-de.pdf
- Size
  
  2.9MB
- MD5
  
  d37430275ed5e0a75b2ffab38fe05070
- SHA1
  
  d7f4d74c374b5662040a58f6e244cb103e31bbca
- SHA256
  
  133f658ddc18d60cec0a3fd790912964c895c9e2bd34074e37c72cf6c2346d03
- SHA512
  
  85d42b06fae47b1169426de833719acde34d60912e820a68ad58f3e892c2afafc9044531756dbd0f77f116501dbee8dcb7f76b7b155f4defdec3d2ea7df34ca4
- SSDEEP
  
  49152:UlgV1ULbZWTupXxYd7kinFJ2NQ2uLfvzDbpTHCB1ydB1tAhrH9wLy2bC0bLdLs:EggLoTYmd40FJN/pusH2hLeLVbCos
Score

3^/10

discovery
behavioral31
- Target
  
  share/gpg4win/gpg4win-compendium-en.pdf
- Size
  
  3.5MB
- MD5
  
  9af7373be3d00bbbf8bda8831fab5dd4
- SHA1
  
  c47303991d4a0cc070f293197d5e8b50951743ec
- SHA256
  
  3eaaf30722630c4622cf6bccee817d57060848e93624b3a45786b79d5100d799
- SHA512
  
  d3c04117540832244cee20214128119743d6873b691be1e30c14a0c9c99e9c603d80a25d582db29f5f4eb75a7d22078ab42dfd6d98b62ae36b183ff927ac1e64
- SSDEEP
  
  98304:4sggLMymmvg0FJfcR/pKdqYeVseB4ghu7mSOpk9LVbCJ:4bj/mvZDERBKdqbjhu7zOpkXE
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Event Triggered Execution: Component Object Model Hijacking

Event Triggered Execution: Component Object Model Hijacking

Event Triggered Execution: Component Object Model Hijacking

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32