General
-
Target
EqualizerAPO64-1.4.exe
-
Size
9.5MB
-
Sample
240912-ylbt9a1epn
-
MD5
d431263f3a1f39db6698a4a568b5125a
-
SHA1
e2bae283dcf46815df41577eb1c1d3d60e0169ed
-
SHA256
77374fb48cda6e8739732672bbe6fed90e2e4a0ceed0a4e460f193135485fe50
-
SHA512
48d30c079fabeb0226bb3dbc692c16106daf74fcf18c5528d1e8000308e3ccc8db85056f5959998794b29182380658d6e616c27026189da21ddb854aae1bfbf9
-
SSDEEP
196608:gJTuVA0bqyv2fDWk24XPuKIobPr+cbR7DLB3BeZOEIdq+E6GmD5l//cFI:ITu/bHufSkrPuKHPdzB3yknjDnHcFI
Malware Config
Targets
-
-
Target
EqualizerAPO64-1.4.exe
-
Size
9.5MB
-
MD5
d431263f3a1f39db6698a4a568b5125a
-
SHA1
e2bae283dcf46815df41577eb1c1d3d60e0169ed
-
SHA256
77374fb48cda6e8739732672bbe6fed90e2e4a0ceed0a4e460f193135485fe50
-
SHA512
48d30c079fabeb0226bb3dbc692c16106daf74fcf18c5528d1e8000308e3ccc8db85056f5959998794b29182380658d6e616c27026189da21ddb854aae1bfbf9
-
SSDEEP
196608:gJTuVA0bqyv2fDWk24XPuKIobPr+cbR7DLB3BeZOEIdq+E6GmD5l//cFI:ITu/bHufSkrPuKHPdzB3yknjDnHcFI
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
13KB
-
MD5
28c87a09fdb49060aa4ab558a2832109
-
SHA1
9213a24964cd479eac91d01ad54190f9c11d0c75
-
SHA256
933cadcd3a463484bbb3c45077afda0edbb539dfbe988efad79a88cae63bf95f
-
SHA512
413b3afe5a3b139a199f2a6954edc055eee3b312c3dffd568cfdbe1f740f07a7c27fbf7b2a0b6e3c3dd6ee358ce96cc1ca821883f055bf63ddebda854384700d
-
SSDEEP
192:V26NwF1FF1bl9UsZBpDOjH3RGz47gnrVsybWZeAW4MwNR5yRR4XLLF/NTNIXoslk:T+1bYsZBwWsySZeIBZdP40l
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISpcre.dll
-
Size
164KB
-
MD5
bfe060c22b44914e05d3f5367de6c9fe
-
SHA1
24c72b0b57b0066a5e8b235104a0502400e44b9a
-
SHA256
43041f8540dccbc33268bfbef53037d17170b037f6393e77c21429f303ae828f
-
SHA512
ad3a23edd8d62b198e4a2ccf03f6d607dee41fa23fd6f9dfabdc5ee424b5e22a6e00b8a28e50fe177829a2cc25ce05484423e97c682036fc5146e2adf560bc44
-
SSDEEP
3072:5YFyk+vtvpoYYPkoYMtXTP5V+4Km//sbJVlseEOb+Y+UT:KFyznYntXL5XKCk9MeEm7
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
26836307758e048d1ce0afe754d6a972
-
SHA1
23a8f45cf5e2ad78add3c4dd3b3cf15fffced2cc
-
SHA256
a6919f5f3b53a9c8c015413babe7a9872491a2583e49bb3c261e60785c3c3534
-
SHA512
aaf7cfbb9c6951b65bd377db401617812f1d47960a01ae99164183c642fbd8f1ce08720bc92d26b642da5433b80720dfcd96280a162decf678139966be132746
-
SSDEEP
96:IgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tk3hhEl7y:IgiqVPgK8K9eIdE9B/t8hg7
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
$PLUGINSDIR/nsArray.dll
-
Size
12KB
-
MD5
0917ee492308b691326e6581e8c793c9
-
SHA1
ff689c8051ffca7657461ac828bc46e303ab8e59
-
SHA256
81745087f193b6fa131189f4b3ee9caa93e9692e408d3955fbcb9a4ec8516e2f
-
SHA512
2a4ae4b93b0eac113a0e65f459798466120f1af4605a82a11f9022d790fe0b4f7d368b312f8a073b1dcfe8760e529ea56a5b5d4289321dc9f2fc8a22691b42b5
-
SSDEEP
192:L+QMtjhIz23Tv7QpAXXcxwtXexpnGOO81h2xXP:SQ6nDv70AXXcWtXexpnGIhW
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
1c8b2b40c642e8b5a5b3ff102796fb37
-
SHA1
3245f55afac50f775eb53fd6d14abb7fe523393d
-
SHA256
8780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c
-
SHA512
4ff2dc83f640933162ec8818bb1bf3b3be1183264750946a3d949d2e7068ee606277b6c840193ef2b4663952387f07f6ab12c84c4a11cae9a8de7bd4e7971c57
-
SSDEEP
96:o2DlD3cd51V1zL7xqEscxM2DjDf3GEst+Nt+jvcx4T8qndYv0PLE:o2p34z/x3sREskpx4dO0PLE
Score3/10 -
-
-
Target
Benchmark.exe
-
Size
606KB
-
MD5
3cef736b8ad5c40ca3126228c0d1f520
-
SHA1
0f51bc335a02c68aa50c8c680d7c98f3551ecacf
-
SHA256
44090da185849025c55980f1dd084cb7720ae5a0970d345d4b3464d149dbc723
-
SHA512
947fdec6d5b7f1324739dda4c1a841335b3a105f63d256bc4149e481580fdedcca6079010ace31df597caae5e476776498f2df255c3fe95bbeea9b0df8a30e38
-
SSDEEP
6144:pyEubsTb+eqRnAELVWRoc/V/1PThUV7i/sAkbqWU+nxa4doKngqtxiJmGM0HGmOY:PCrd/c/t1rhYiabmcnQ9/3vQa+hoFgi
Score1/10 -
-
-
Target
Configuration reference (online).url
-
Size
167B
-
MD5
b8ae8a09625a36105f78272736bf5e3d
-
SHA1
51fefd1bb3076c704b8d07186e4580cc940c15f6
-
SHA256
0386aba953d745c338636da1acba1941be7a5e18042ba74b63c6c047d17e75a2
-
SHA512
ddb257bfdc1223e4cf92c1dc06b643bfa228ac4fcd114e53aeb6303d462594afbcf9b8248d4668c6d8ac626dc36dc5c60e24e3edca6633ed943ba0b8ffe8da22
Score1/10 -
-
-
Target
Configuration tutorial (online).url
-
Size
169B
-
MD5
1e1d7502498c8afeb73241afc10c629a
-
SHA1
e68df70b786feb6927c21a576b8617eefa53e778
-
SHA256
f655030c56476500551b41bf2afd2545e728aa8674fd254700beeb0a21f1bb19
-
SHA512
59f198dcdc8b180be0a9dc50d83c004dcd1b5ec0013951faa451f64454c620f74da9fa675a98ccae713d69bbb2ff2727c66ce862933878b96d0c2596c9ac5bd2
Score1/10 -
-
-
Target
DeviceSelector.exe
-
Size
518KB
-
MD5
ac1ccdd400ddf4f7fbe82af9d3a97b84
-
SHA1
5d20a16e1cd0ac84e545762ca84c0ab95f5e3786
-
SHA256
8931df36c0af402faf328aa1e94c211ea3df91fccc21ce3194621daff4e49a9f
-
SHA512
b475517e9368fba6f4d9add898d7d4fc9dc402f1c510571e986e8693cbccf61d65e381dec3b191504c8ddf67f7f915ee9162c1699fc2ef5ef73c57156dff788b
-
SSDEEP
6144:5zKbJqbPiX2SljtWOOJsABtgY1DNar8IZc1Jfi645XEKD8Wg9/JF2weTzd/nuxOl:sqbPiX2g57BY1D4HZ8fixB0W8Z8f
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
Editor.exe
-
Size
1.5MB
-
MD5
84378944a27918656b9eda88ab39b429
-
SHA1
8c8a358e2bf4f42a059f25a4621a289c2e483e41
-
SHA256
62aa425fd9666d3e9fa83fad53300eb26a51c0325b853a5f813720f0b2da3e37
-
SHA512
1c17b9cb61d6423926257df151ab0972141d8348bf0e6af61589f62c5b0daa1c762ab68497fd702d5b5c9fb68230a79db7f4e4c6a9735193ecb8a5e26cc3eb3f
-
SSDEEP
24576:5Y7gmwhDS6HTprDucBKDf2h5/ZqCBke840yq3ZzlaUeI:+gFS6HF3BqehRfBke82qZz0I
Score1/10 -
-
-
Target
EqualizerAPO.dll
-
Size
620KB
-
MD5
30cd687d92a837e9ced52ed63cbfff9f
-
SHA1
41c6b468891442f1dd34128bb58917d983fd1bb3
-
SHA256
82597002b0ece342862dc32085b44c0ab3cb6f669b075eb2840f99f46ccd2630
-
SHA512
6ee8085db534dd688abab6cb99a08a8d2ab7297120097dd789a9e6a5b9d401ce5ee916f2aa4dd1db89a1ad957bba127789efd2d53cee23df1ef008f19565674e
-
SSDEEP
6144:NQpKDWC5QWiSFkD5hR1OM9rv58nIOMtY0mw3dSH/mRt0OCKflL0yoqUmUNUAPXTp:upo/RDU5hrO85lOMhmwsSP7bA/TYaZF
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
Qt6Core.dll
-
Size
6.0MB
-
MD5
7ec4e096a94814a74f65529bd0114938
-
SHA1
943682e0c49925525d9ca8afc3853f7311950436
-
SHA256
653a445d56044410903499952a2cc1ae575e059a75603a2b2a37b10d15db51f0
-
SHA512
a59431899e75ca7526bbb3962b2ef96073c611fda690e6001d10c61de87c8bf9749a9154ef75d77528ac97d818504f115703ba3e024033173d9d93a7142fa285
-
SSDEEP
98304:l76sZMr/XenfejKFdu9CwJsv6tCs/3E5T:kbfjKFdu9CwJsv6tCs/3q
Score1/10 -
-
-
Target
Qt6Gui.dll
-
Size
8.0MB
-
MD5
2d4d3c6393fd7e75889c97af05cd0b99
-
SHA1
e915d346a0d3f5a94fe5dab213c19ed8f38163d0
-
SHA256
f710aab637560f64e759b2932fab383d01002436c73885a6d19b317e54d86bfc
-
SHA512
6a5ea4fc1feb0a27d2e4f215d61cd9a55b37a1b5fb53b73055eb4f5fee4bb0702b4b4a2aa5fe2d1a5398564794aef60816dcb482a91ba38e71a1953297605672
-
SSDEEP
98304:LXoXe4OGtMCLvbdJMzx/DrfC0JDOyat+wUiMq:LXo3MyBJmPC0J0
Score1/10 -
-
-
Target
Qt6Svg.dll
-
Size
481KB
-
MD5
c9a0285bf33b8baf5e21c54cf152b1a1
-
SHA1
24026508ddccfa2f41c07b668eb3d3239cd937dc
-
SHA256
88194a929933800eac26bf9f9e06489f71ffb8a56e5f9a184c2eb2d820a0d4c8
-
SHA512
99f06b7062efaf7ad2628c161caf242db1d5fdb014cf141884fe9932e913e8b3e11796f1b1e203867df80bda9ca3c233489991c8e7d90b820b9cae369600942f
-
SSDEEP
6144:vx247y4nlG9aK8+RGLid5hAoHVMLIf4fFfKRcuB0JDmbfCn7tTssW13DhnCdJY:wfKMlkLidDA5KRcF
Score1/10 -