381f4e0738912aef7cb2894834d95a5fab6f93a45fb685ab85b82ad612a25f96 | Triage

Sharing

General

Target

381f4e0738912aef7cb2894834d95a5fab6f93a45fb685ab85b82ad612a25f96
Size

4.8MB
Sample

240912-wmdzwswhjl
MD5

71f16aad578e8466f280b18bbdda24d7
SHA1

47b3bde34ec9a2a36ec61519b4adfe4d8c5552fb
SHA256

381f4e0738912aef7cb2894834d95a5fab6f93a45fb685ab85b82ad612a25f96
SHA512

f513acca913929ca81dbcffd87482886071e834cb59c2a1e6a48a8c3b6216370812d889118cf32edaf479b8a803a7cd3c536f46352b9931ff1f0242a042e51d6
SSDEEP

98304:iutIKBB6rqxUee3KGFfxKizfzYyQzOvJ2/T9Fu4SJRI82z/GOR6QT25:iC7BtUH3b/Q2J2L9FuBHT22x

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  381f4e0738912aef7cb2894834d95a5fab6f93a45fb685ab85b82ad612a25f96
- Size
  
  4.8MB
- MD5
  
  71f16aad578e8466f280b18bbdda24d7
- SHA1
  
  47b3bde34ec9a2a36ec61519b4adfe4d8c5552fb
- SHA256
  
  381f4e0738912aef7cb2894834d95a5fab6f93a45fb685ab85b82ad612a25f96
- SHA512
  
  f513acca913929ca81dbcffd87482886071e834cb59c2a1e6a48a8c3b6216370812d889118cf32edaf479b8a803a7cd3c536f46352b9931ff1f0242a042e51d6
- SSDEEP
  
  98304:iutIKBB6rqxUee3KGFfxKizfzYyQzOvJ2/T9Fu4SJRI82z/GOR6QT25:iC7BtUH3b/Q2J2L9FuBHT22x
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/WinPcap_4_1_3.exe
- Size
  
  893KB
- MD5
  
  a11a2f0cfe6d0b4c50945989db6360cd
- SHA1
  
  e2516fcd1573e70334c8f50bee5241cdfdf48a00
- SHA256
  
  fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de
- SHA512
  
  2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70
- SSDEEP
  
  24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL
Score

7^/10

discovery
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $SYSDIR/Packet.dll
- Size
  
  99KB
- MD5
  
  2ce150705bbeb30e6c8059cc530043aa
- SHA1
  
  3d8615f9d8f8f7a5d78b3c06bf746948b9ef6ba5
- SHA256
  
  cd9f4fb077c25013226e0883f9ae02e9ced9b71f07637081e55ae70fd0788f29
- SHA512
  
  9f7573ca679ef0cc0e1d815f605a399e87f7a046e3e51970d2c7597329b19e118cc2da7240ee854e13e31582f12bab8be506d1612ac81d5b453ef366d4674dcf
- SSDEEP
  
  1536:zbDKMXRC2wKDDuDirGfqs97WcETlsxtl2o+V:PDKMtfuysAcETlsxtco8
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $SYSDIR/pthreadVC.dll
- Size
  
  52KB
- MD5
  
  f04a90f917ba10ae2dcbe859870f4dea
- SHA1
  
  6668ebe373ce58c33017697c477557653427e626
- SHA256
  
  99c61abf41c3aec38cab3ed6270adbca9a247bbf5f9aa9d29ecb0659a5527f48
- SHA512
  
  aec29301b9ce311b27f1590b0e0c4121acdc183a30b570e087d77b7035684f02a6dfbdee950c37f3023b32e2ea5a075a5fbe6d18a2804da9490d4959733bb516
- SSDEEP
  
  384:hSvfC8Vv0Vy7ojuq7GQcdWTc4zU+GFronD/yD5rBEe0kiH32Jp9AhOW:wt+TGQcdWYdMG59EeJiH3YzW
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $SYSDIR/wpcap.dll
- Size
  
  275KB
- MD5
  
  4633b298d57014627831ccac89a2c50b
- SHA1
  
  e5f449766722c5c25fa02b065d22a854b6a32a5b
- SHA256
  
  b967e4dce952f9232592e4c1753516081438702a53424005642700522055dbc9
- SHA512
  
  29590fa5f72e6a36f2b72fc2a2cca35ee41554e13c9995198e740608975621142395d4b2e057db4314edf95520fd32aae8db066444d8d8db0fd06c391111c6d3
- SSDEEP
  
  6144:E4yIm5rC9WNWwKcNBSCiLvK8+jKgZBwIbg2:jyIm59WwpqCuEKIwv2
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  WinPcapInstall.dll
- Size
  
  91KB
- MD5
  
  e78291558cb803dfd091ad8fb56feecc
- SHA1
  
  4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4
- SHA256
  
  d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d
- SHA512
  
  042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f
- SSDEEP
  
  1536:s7xjrG5m+619YG7L2xo8JfmL4iMtgLZtAeYjFH:s7s27yaL4kVtAeE9
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  rpcapd.exe
- Size
  
  115KB
- MD5
  
  83a6c2cafe236652d1559640594a0ea8
- SHA1
  
  c99aa678f387c00c4470fa3cd7b037d26720960d
- SHA256
  
  52360f17c9c70c9cea3316560b40c4d89fd705ed7e6b6088c99fc54d4cc35eb5
- SHA512
  
  4f6981c4e8d64311087795e9639516409bf80ebca5c7f25af1fb436aaccf90f24617ecd3f95b63558981b12bc0e5eeacf120fea7be5e5fa05ecf3afa4f9f799b
- SSDEEP
  
  3072:mL7m5RTfrUna0m2BeIIgJ3155FulLfbt/6:C7m5RTEaseIH515qfA
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/insthelper.dll
- Size
  
  3.0MB
- MD5
  
  e7b2b10be2c805d3fb1a3e96469e62c0
- SHA1
  
  331c4056252d6de624f3fa4e4e2d958cbab0517b
- SHA256
  
  a84e8e4f24aaae25c743ac58f2124008d0f6341983ebdec05b8914d55da7e345
- SHA512
  
  43dd1f8d4c18a7fb1c9f344db8363b10874281790c334063d6d913d4e837709a9455931df105eea04f1617ad01bb767de4a3d480e1dda2fa9042d790edbe0f17
- SSDEEP
  
  49152:W9yY8YUkjeHoBgUGOJFAA8aNbaNPT5+yxSB8MS0T3CmPWspplx9y3927:WMY8YfImGKFHXN+t+yxSB8Mjy3
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  BugReport.exe
- Size
  
  846KB
- MD5
  
  7bb23a843b30c08f0dc9f28e734c3fe3
- SHA1
  
  f27951ffab9f4adb581ce27d94f265183bc34794
- SHA256
  
  a54b12128d2175ce20d8abbfcf8fc9f571d7c9baca6e7245e2919de10b8433bd
- SHA512
  
  e1161d42bde9a885aa7bb674005bb1f16cf0fbcfd57af0bba90e1be1fd6b72fe70b65e8da458fc0dc552eba5bc0dff7560c215c2274640421c80d4105af90a31
- SSDEEP
  
  24576:nwWV9aDN8teiD1NNkX/nES4eAi35kWLRpsPKJHKg9b/TBiikbzYN:wWVCeRNuXBsgHKgt/TBn
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Lead.dll
- Size
  
  262KB
- MD5
  
  42af59a6abdabaa872f69118ddc2e401
- SHA1
  
  b92f80866cfd324a84e4b98d67604f414193734c
- SHA256
  
  0a6e943b03d37a6ac917dd820a0dc7ad6a74b5ce589b3513d9d759aed65800b6
- SHA512
  
  1fc238add012bf1d21d7c05655bc328dbc34418b6c6f20250dd6c1c2b0ecd2ab56d9b7ba6c2a828db0bb373649e50b87d592c675faa6d4daaeab8e2cf58c6faf
- SSDEEP
  
  6144:tZgSHURQ89KDSQwLBWTJk04bTvGAOUFJo+MCxi:tZgSeASfBWTJwTvGSFXbxi
Score

8^/10

discovery
- Blocklisted process makes network request
behavioral23 behavioral24
- Target
  
  Newtonsoft.Json.dll
- Size
  
  398KB
- MD5
  
  f75fe8d06448d07720d5456f2a327f08
- SHA1
  
  dba5d60848a7c24ce837225709d9e23690bb5cb3
- SHA256
  
  977998aec486395eaba6ce5661648425a1a181ce18c2c87c6288af62b87d5eca
- SHA512
  
  eb05696f92881a698b7def0f8852286212a5eb235a2ff8a41460dedbc6ae1964bfbef613d3bec736df66525bf6e5a6c95ff5e0a71c904fa70b5c6675e2275a34
- SSDEEP
  
  6144:/+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWk:WPw2PjCLe3a6Q70zbR
Score

1^/10
behavioral25 behavioral26
- Target
  
  PacketDotNet.dll
- Size
  
  215KB
- MD5
  
  f195039b2ab6d0bd566032199bf9cf10
- SHA1
  
  0e2751230ff6720ff08d47e33fce1aeedc504f1e
- SHA256
  
  8816248550d8dc59db486af75c0da19d86a68d5321c2362a64a6800dd70f20c6
- SHA512
  
  3f95dec4a07dd3cddd10b9f9a5cf01361c7f7d2a0c603e4e51b829a9b4b5f84ffab8caae9a29be856baaea404dc162e6d5084f775bc6e386de3b2810f98c1e21
- SSDEEP
  
  6144:LIzrd0tHqpnOiUtdLhXMC3iwUoNjh/9LJHlTRvT3VDBfdrqNYY2mVyPDf90vJ75Q:IwmUbf90x75
Score

1^/10
behavioral27 behavioral28
- Target
  
  SMYIpc.dll
- Size
  
  85KB
- MD5
  
  11ed20401e2d15736573e813bc28c3e5
- SHA1
  
  c0e5940311dc6028aec2b3a4c67a997735b8dfbf
- SHA256
  
  d9f04f1e6512125928224c3cdb59ef4f75504877306e28cf064a8929166f92cf
- SHA512
  
  f78d42cc253864433b22634427d03a393d9700116317005cbd3a4abc1ae4e9637398a3dd15cb57e952964ef1cc066629ae1913d7c8ccd6106ee2c64decbe1d53
- SSDEEP
  
  1536:vpL9abo5xb54sXlIkN4GTpo4CUGkNeCZZ5o6gGr+oKFWrPZlEzv/1aY9m1:naoxbTcFBqTBIoKFWrPPEzvtp9m1
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  SharpPcap.dll
- Size
  
  80KB
- MD5
  
  4285d22940af344b6d6a982006fc1d16
- SHA1
  
  30da31c838e784243866e87d147d84e410acec12
- SHA256
  
  8269945070067080beafb77173423e89d16a347bb023d10040f6b8309e9faea4
- SHA512
  
  95c1d51c424d3c616c5d1ff50a9f58c40615e24c39397a547850b5b438b40890a1042c90babf6656d129d5dce6e64c19d30ff06a3de2d97ac2b43347234cb63a
- SSDEEP
  
  1536:RuIq5G1mLJ5VvfaqxzMavvDvj38d2paXIh0pHnz:7EtfaqxJ/38dZIipHnz
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32