af8b500428ae1502c2b6c3ed6f91714b873f8c4f418847cd234fb2b9e2b5a0c2

Sharing

Copy URL

Twitter E-mail

General

Target

cdba0935f95f8e97ffadb50d510ace60N.exe
Size

482KB
Sample

240906-ffhfqsxbmm
MD5

cdba0935f95f8e97ffadb50d510ace60
SHA1

22940e1590aaa949c23faeaf02c46c0e1c8c9d6a
SHA256

af8b500428ae1502c2b6c3ed6f91714b873f8c4f418847cd234fb2b9e2b5a0c2
SHA512

d6428c70a44b77ad441ecd806a80e5c4f56400cc41e6675598f86d467b3ec6870787d0304dbe183a6e7f510e869f54c12081db67d58f685d62e11cd8c0565f2e
SSDEEP

12288:ZpG3lMqLngPixjkRGAy4EkqDkJE+FUsr0v:ZSMqLgPilOytc2cLr0v

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  cdba0935f95f8e97ffadb50d510ace60N.exe
- Size
  
  482KB
- MD5
  
  cdba0935f95f8e97ffadb50d510ace60
- SHA1
  
  22940e1590aaa949c23faeaf02c46c0e1c8c9d6a
- SHA256
  
  af8b500428ae1502c2b6c3ed6f91714b873f8c4f418847cd234fb2b9e2b5a0c2
- SHA512
  
  d6428c70a44b77ad441ecd806a80e5c4f56400cc41e6675598f86d467b3ec6870787d0304dbe183a6e7f510e869f54c12081db67d58f685d62e11cd8c0565f2e
- SSDEEP
  
  12288:ZpG3lMqLngPixjkRGAy4EkqDkJE+FUsr0v:ZSMqLgPilOytc2cLr0v
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  $APPDATA/Genieo/Application/TrayUi/bin/gentray.exe
- Size
  
  550KB
- MD5
  
  7103eddedf089adaff84539585df19af
- SHA1
  
  a4cbef70b9233956bcfeccff176ae971fb16b73e
- SHA256
  
  41e09d91850d85cf97ba5cef2936cf9bda879595694b1457e27c9aecad1ac349
- SHA512
  
  38fd37ce6e3a72cd350dc6535222dffc011d0c66dfb09ce4adb3cb2ed1eb1834b7444172500e7e2062b8660b0c61925fbb2d249b5fced9166c7da7c49b93e191
- SSDEEP
  
  12288:X1yFkepOza4J1k7/g/DP6eUbJn6uviTd8e:FynpV4J1S/YDPeJn6xTd8e
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $APPDATA/Genieo/Application/license/Apache log4j 1.2 - Project License.htm
- Size
  
  16KB
- MD5
  
  52486847bedbc3b57533f9f522cae148
- SHA1
  
  d9bcc36c905494a029f9b348051fa8673b61344d
- SHA256
  
  7357717c3e79e70f40399915dc5c93bd7174749764d345a6c4073ebe63b2bd91
- SHA512
  
  1b6a8f4b8700a09dc6f3e4f7af5a2330e4285b32f8dc1cbddcefbd1367b0eef5b54c06dde8db88035b31dc3c1805d3e2947f1dad9625df6ff8e3bf97752453d0
- SSDEEP
  
  384:2kEFEAU3P2TLqu9vlKM1zJlFvmNz5VrlkTS07H9:OYaqu9TzJlFvAfxk1r9
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $APPDATA/Genieo/Application/license/IE HistoryView Freeware Internet Explorer History Viewer.htm
- Size
  
  67KB
- MD5
  
  f5b751338a501ac924345d0121fd1e4f
- SHA1
  
  4872e2693224a0f2162dd77e2ed1d6bb77a538f0
- SHA256
  
  a5153fe19acac1f79c2a2bb93b6b9be9695afd6ae329be15b57eb7c672038d18
- SHA512
  
  772260f3df392f36be3d22de1ce09a1cacb5a6ac8b7f4b15a11d198dda375b14fecdf75f602ec2126ec418b11f373756044d0e4989ddc759cdfa47c4b1776c3a
- SSDEEP
  
  768:dz34hiCHrWAKq9jwJeVGGe8UyYVMYkSun/g7Q:ZynSAKq+J8evhiSun/g7Q
Score

6^/10

discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral7 behavioral8
- Target
  
  $APPDATA/Genieo/Application/license/JDIC_Plus_index.html
- Size
  
  21KB
- MD5
  
  7b44d4ba805668607bf7a83471fd034e
- SHA1
  
  22abb2f0b989670bc0f05f9cec5db30df41d862b
- SHA256
  
  cbf30fd1ad8a8cfcafdc00ba1ae3effc2323ccdcdaf4795dfd10f7787d87897f
- SHA512
  
  1f9b4c0709bcd317d7fc538afac9d3810dbc8d4057a768bfd6e538a3b6a936c2a864b1f515c3c4b381d032cc84740d511fc870be0b04d8699cdd398342a37a23
- SSDEEP
  
  384:S7vDEgesdKwY1M5/HjgU297/pe7+MzSYdFznLD6no0b+jKy42z1xqMF:S7bYXJYfznLDKo5jKy42hxqg
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $APPDATA/Genieo/Application/license/JDOM_FAQ.htm
- Size
  
  77KB
- MD5
  
  3d9a7c1bd514b292beefb4ac53e0589b
- SHA1
  
  dcab081d7221da2819cd633522be981d31aba88c
- SHA256
  
  493fa128494447a50a45e14d5943f6db7df4e5fe2af10a55972c9c14a917721a
- SHA512
  
  4cf28c31b0ad90b56c52a5cf0bf1b3bd42775908593a731af2592e546c62cfef1ccaeb1030ac73677d06b69aef437a1f45b912ee8e2c9bf57a44822917931120
- SSDEEP
  
  768:hkUhH2rvZ8O+WKcL9IX9AnRxwYVqqYK1GPHU88IRrCUh2:hOvF+6G0RqzK1GPHIIRrXQ
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $APPDATA/Genieo/Application/license/JavaMail API Reference Implementation  Project Kenai.htm
- Size
  
  19KB
- MD5
  
  0aa0444d60a9c8a7d6d9c169baba6c08
- SHA1
  
  38b14c28a60b05b3e8909cdb8e7cc401f161aacf
- SHA256
  
  d979decee709ca79f4c407e47107b4e10440e530f680cccfb4ff527fb544f994
- SHA512
  
  432e0cf8684f8aee8724a5544677ab6a25839b383016b4c713b176b251dda417e27b167d0b34c117c306914788ce543e0e2abc06953523500944714a5c9dcf23
- SSDEEP
  
  384:tGE14msGb6LnyT/OPAxBL7jbYgUfdp/s8Pd3dOdYRpAoqnNVz0RqJXnXYaPa:uG3wV4wwi
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $APPDATA/Genieo/Application/license/Launch4j - Cross-platform Java executable wrapper.htm
- Size
  
  7KB
- MD5
  
  b767118dc5230c1d9ae7c309c87b280a
- SHA1
  
  1ce56097cd58640676c8245fb66e443e2b782b3b
- SHA256
  
  e814e77923b1c622df9df86088784b3b0fa8f36eaec5badf203034a7718256aa
- SHA512
  
  e66ac2a5fac30b46ed53731321c86d7ae2daa1a472fc48defff8aed21dc516c4a08319ee7753c447a2de7f1322704353fb44d7d0e552f6eb09c672dca7cfefc6
- SSDEEP
  
  192:FN4+16IyqPZMsouJAxNkfwz4Ws5rH49CN71uEAPRc+k6yfm:Fq7C5oqAxNLz4WmeCNY1PRk6yfm
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $APPDATA/Genieo/Application/license/MozilaHistoryViewbrowsers.htm
- Size
  
  19KB
- MD5
  
  f66e16b413807981865fdf7d40c4c68f
- SHA1
  
  407c7a45fe438d7ed3846bc34b21d83051ec26b4
- SHA256
  
  6d91011f886f96a454efbc74a75a61700f8506966b5d7d29bc6e090ecb4488ae
- SHA512
  
  7d5be0ddb471bb686ea4920c86107cbf74d6a01b2a1f13ffb564545bc9159873b6beb742436380e063e7945e97fb0d273f0979bb0419c5b8145b1141480125cf
- SSDEEP
  
  192:GkBggQON6t58NZ2m42XQpiAS2GjByCZ2ELbJ1u1xoWWiHDAYZuEZ2g8NuhIW6atR:GkWJ4b0xoWWiHDBuGwiM2
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $APPDATA/Genieo/Application/license/MozillaHistoryView/MozillaHistoryView.chm
- Size
  
  14KB
- MD5
  
  b63249fbc7cb896d11472fa8de515932
- SHA1
  
  d27f95f1bcffb122c4584f9ac5382c284e12d3ac
- SHA256
  
  42c89ce034b38fa2cd30a9031ef79bf7105b0722e9ab4bd5c4ff1dcb9b3ce786
- SHA512
  
  322d447289906c79d061ace5e6463ce032603ed73d4457f50d525326a198f4e72107c02a18c0c50b6ccd96f311b94ea50fa8ef472def9f6179806b7408c99e94
- SSDEEP
  
  192:seZpnyxwAaOe86x0ZEZAu4J6qVVuwQhM4Kx:seZNy6AaOdh5uc7Cw2MR
Score

1^/10
behavioral19 behavioral20
- Target
  
  $APPDATA/Genieo/Application/license/SQLite Copyright.htm
- Size
  
  6KB
- MD5
  
  72c3e6b369e63215b2ce7e57c5e4bdf6
- SHA1
  
  16caafae369f2549323cd982cfb94084be8a5496
- SHA256
  
  241e9658c3386da53c31761a4d2560ab5d9008819ef5b3fc7d474211a7564646
- SHA512
  
  ac6bf6795e38ba60b3c4030cb6d8d44352b3b0a13b326d9c631aaaf20e52002712a14bfdc1ef37f407a7c2c50d5e9ec4b18dee48c88a6e2a1414108132207a44
- SSDEEP
  
  192:sZq3L3/ORLhcS5RLZ3I/9IdJ5o9ZJTesDGuWwx:eEPotdhLO9ZJTesD3
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $APPDATA/Genieo/Application/license/iehv/iehv.chm
- Size
  
  15KB
- MD5
  
  8edc7fba167e853a60af4367b0737be5
- SHA1
  
  5305ef17fe2a3b33293e2143a4755a2d508cd5c4
- SHA256
  
  6eaca79eabbef97b7f3453c74c59a76823260f46e802d181244cb85f4d62780d
- SHA512
  
  776ffa054d7960d9331262d59340ef65fde14cd8ff58701ffb5cb1730bba369f3d77cd2eba3646cc76d7ed5944666c0319800a46eadd7c2b94c44b2bdeb62dd2
- SSDEEP
  
  192:eut9UCLExqGLe4uF/gHUTyKdWF8Vqi4nW7FG:eutuCIssbnHUTy1C0
Score

1^/10
behavioral23 behavioral24
- Target
  
  $APPDATA/Genieo/Application/license/license.html
- Size
  
  1KB
- MD5
  
  501df5a2bfca887ea5c3054af3a17ba6
- SHA1
  
  55a0dfcf7b4bcc7dc0fbdd9e7a659364d14f2265
- SHA256
  
  24170bac83d56cdc1203ce955cbf24c10c9877ed8c6dc4756cfd545c365abd31
- SHA512
  
  bd88ef7b7fe93f5edd268c147296b677d3cf2016bc0505211613adb63aeb290da32ef227ec7af679e5be86691eceaa3c285ff2217d8174db0de9c400c098bfd5
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/fct.dll
- Size
  
  4KB
- MD5
  
  e3f3809f51c7982d96aaf9c090f7d176
- SHA1
  
  7494daa8000c0b31c58d94edc509232569a4606f
- SHA256
  
  010f5e0c69b4a630b08b2551e03d8044a33350f151848dcf50953407012fab29
- SHA512
  
  3fca284e384abc95201dc73f19bd9d75413e8890e819967070b9d9991115be2a8c17e07bd1aaaffcbc770b393bf9a2af253100ac4d9efba8d21110bac97737fc
- SSDEEP
  
  48:qlQOVagyAU3gJS+Tgc43uiu7Dh/gdp/gRfykVwv+:qa33gJS+ccQuiuJE/kyku
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  bin/IeSearchProvider.exe
- Size
  
  52KB
- MD5
  
  b26556dda849dbf6f2fa2ef9c4e54a8c
- SHA1
  
  20cf4b6da4accf855a8bddfaa4326554b6f00c74
- SHA256
  
  64c2c76ee519eb914801cbdc0a0738bb04ecff8a9c0fab5ff54d529a1dfb5670
- SHA512
  
  ac0a8a3ad0c12e3639b26c559d44861215e3c04dfdccff965c90303bb8d53c4f1adde22c0d382b894de76db3804657b20e18b9f19684811ca604f596d16a2d10
- SSDEEP
  
  768:ubiJQ5LiEy1wNBdIpc1tEeA/mJerBPPY2trcD0NJwwRfbkKYqL:ubtLiDpc12l4erhYJD0hRf4lE
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Network Share Discovery

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32