66c999c86423e544935396045c705933d3678c17325708dc6c2e2770ee9c2fd3

Sharing

Copy URL

Twitter E-mail

General

Target

Zorarmeowa2.5.zip
Size

51.4MB
Sample

240913-mdgjzsxfrp
MD5

b9d582b0c81c8e106ae512450435f63e
SHA1

fb9c1dc9024b4c1d658bc7d0ce9eabd6ed59cf33
SHA256

66c999c86423e544935396045c705933d3678c17325708dc6c2e2770ee9c2fd3
SHA512

022732e0109c7a94e5767d9ca3dd3ae37ea9bb96a57c13bb160de91f03d068d01d1dc89a1b23ae0ae028fdf537a21a7e32ce1de68a8d929635bac6c1bdae1ebc
SSDEEP

1572864:QnU1GOEyOqntgN+/zu224yT39ZhWmVicZ6nYrAsQgpdgwiq:QU1GNKntm+/z8tZhWwiLn/SgI

Score

6^/10

discovery execution

Malware Config

Targets

- Target
  
  Zorarmeowa2.5.zip
- Size
  
  51.4MB
- MD5
  
  b9d582b0c81c8e106ae512450435f63e
- SHA1
  
  fb9c1dc9024b4c1d658bc7d0ce9eabd6ed59cf33
- SHA256
  
  66c999c86423e544935396045c705933d3678c17325708dc6c2e2770ee9c2fd3
- SHA512
  
  022732e0109c7a94e5767d9ca3dd3ae37ea9bb96a57c13bb160de91f03d068d01d1dc89a1b23ae0ae028fdf537a21a7e32ce1de68a8d929635bac6c1bdae1ebc
- SSDEEP
  
  1572864:QnU1GOEyOqntgN+/zu224yT39ZhWmVicZ6nYrAsQgpdgwiq:QU1GNKntm+/z8tZhWwiLn/SgI
Score

1^/10
behavioral1
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral2
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral4
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral5
- Target
  
  Zorara.dll
- Size
  
  12.3MB
- MD5
  
  f4788ae5475be2894d79eaf6d5f8efd4
- SHA1
  
  545597ea55b56eb5a2475ab7bbdf336f6a9d7355
- SHA256
  
  71a60f2158f4f5cc391e491d6bc081c7b772c1ef5cffa603db5e5da6c4ca9cbe
- SHA512
  
  002954a07745cdc6cf6fd05c040b5fc99677c736fbcc7c0f10409c41dcca6bef2ab63f21208ac6d1b1822107a0d1a5519b493fd39065c2b4057bb014ad4f4ea1
- SSDEEP
  
  196608:S5cT4GRVBljcpCKROUiX9DTXIOCUgHIC+849ooGEA2YII8ec6NTo+wEx:3R4gUOkOCU9C+849Ti2YIPecIeEx
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral6
- Target
  
  ZoraraUI.dll
- Size
  
  172KB
- MD5
  
  99a61226d5680f1d669957352d04d889
- SHA1
  
  946bdbe9229a5a43333c0e936484beef19f8c3e5
- SHA256
  
  e685e8e9f6ffe2404c5004b50d640b5a70d86da92b1f83e6af9d1e70a44ef0df
- SHA512
  
  308b3b5be0d078caf873dd980070a8ceb551b4fcd0cc483fe470770366e5c60d7611070bc8770c7d9aeafab960ecf8df3c12e319ac66e38c9cf92c5a6a7a7b8a
- SSDEEP
  
  3072:hXZ7K+Q5iTF7TotIMWi745by6xZmYwSKoIX+:hXNKTih7TOZ7Uby6xZN
Score

1^/10
behavioral7
- Target
  
  ZoraraUI.exe
- Size
  
  254KB
- MD5
  
  6ab5f40d4b2b76c00171e56c152cbaf9
- SHA1
  
  9c38466e663505562c3717a23961fe3bd349896d
- SHA256
  
  ffae17497d4fb9c5b213172fa06488951cc9d4af6900e20cea97c7371e17187f
- SHA512
  
  0c27ac1d1e71777e04b955eb327837d28030ef06db0272262bf36415b035e763f803ffbee7626ff17cbfec9145925c7cd6740a7b7203e65c403ac34b05fc1abe
- SSDEEP
  
  3072:GjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOBhBu+mYwSKgIwB:GjK4TDUqgpqWDLZ5H+xuZ04ihA+N
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral8
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/Default/Cache/Cache_Data/f_000001
- Size
  
  170KB
- MD5
  
  d9d5de59488c160ec82077a175384aff
- SHA1
  
  0d3b0b2ad7636793e06406682dba49fc043000b7
- SHA256
  
  d50aeef84ae7e3685863249d28f6322e952792940fc5c851d921c9836332dab9
- SHA512
  
  daa64356473dc7143a864aa77895fd7258d61a5e4b6316fa4b4a258b18e20ef3805feed596fffd73dd7eb7e23522f097b5ba68ff705928c761aa20c38c08f3f2
- SSDEEP
  
  3072:TAdbCxeQJhYeIh+NXmqdFa+rzFu/UBILrcTypuQpBMBpB6AclI6Wy826:TA5CrYt8xmOFzAU8puQpBM1GUj
Score

3^/10
behavioral9
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral10
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.55/adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral11
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/WidevineCdm/4.10.2830.1/_platform_specific/win_x64/widevinecdm.dll
- Size
  
  18.4MB
- MD5
  
  c1878711d6b7415b3d938da6c4b58e44
- SHA1
  
  153e61050cb6c00a341b23e46030c84eba4088f6
- SHA256
  
  d995bc4bebc34612f026cec2d1fb94e63079aa50e427130f528a047af8e21021
- SHA512
  
  e0d9df10b5739e9a517cbb5615cd99d74e7c8d97ed616a6a9aa374135956b5781b66b2fa9673e160af3241fa382056d28b877955f238156a1fa51ebcae3aacfe
- SSDEEP
  
  393216:tPRzXYeXFyjsrZuvpYl5SJIhw7PJeP9TZHZMaMq0Vrq8G:rFyjs0pYl1hwDJeVT7erq8G
Score

1^/10
behavioral12
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/alpjnmnfbgfkmmpcfpejmmoebdndedno_1.3912AE3B63A3E8EE555D67078FBBDDCC8B8441A2EA309A96030A8239637C1476
- Size
  
  213KB
- MD5
  
  c815e5deac892f68d92c3e136d03fa33
- SHA1
  
  c5282fb4a78344bbeddc89571f11f6da4e0ee402
- SHA256
  
  3912ae3b63a3e8ee555d67078fbbddcc8b8441a2ea309a96030a8239637c1476
- SHA512
  
  9a9a3c1d43103bfc74efbbb53f046a1c7f17a26313467ad100ad0e3fee650acbbd20680254846d5c7ef609dd93c869bfc65278aaa20d1c3bc4555736fa4c00c1
- SSDEEP
  
  6144:KBxj2S7Dx01gqo+kCnTm+dKSiz8HX7LeSv9+xrIqUViyTrauocb9Q:cxj2Soo8083Dv4xrHUrWpci
Score

1^/10
behavioral13
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/eeobbhfgfagbclfofmgbdfoicabjdbkn_1.8BFD50D350D47445B57BB1D61BBDE41CEDA7AC43DC81FCE95BF1AC646D97D2A0
- Size
  
  1KB
- MD5
  
  e15208ff647aea1698bfa7da5287df5e
- SHA1
  
  bc5d6e7d0d71ae1bcac13320ee237ce0adc493f3
- SHA256
  
  8bfd50d350d47445b57bb1d61bbde41ceda7ac43dc81fce95bf1ac646d97d2a0
- SHA512
  
  07e2435f9e609d92daf97b5c6b75a79c9f8c229facd24999a45d954ad2eda130f7b7deeab6403f8518c5bfe2791b9796952c7ee58023488c90165cb1b0d5f47b
Score

1^/10
behavioral14
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/fgbafbciocncjfbbonhocjaohoknlaco_1.142EFD7C68A0EFF43733FFCA7B3B6A95BCAF4DDE63B5F0556A9B69A79BBB7947
- Size
  
  7KB
- MD5
  
  bd113c2446943d82fba96b0a996c5207
- SHA1
  
  ddc7064f08b05fd69683469841974ba81a63f149
- SHA256
  
  142efd7c68a0eff43733ffca7b3b6a95bcaf4dde63b5f0556a9b69a79bbb7947
- SHA512
  
  a69931b66136c9ff4200ee4a014da45dd667944ddf231bffab01ab5971500e0d3fa2d08bde61e2f7632a86c1b3b3e4e9fe9921cc6a95cd6345928f9a2c81b210
- SSDEEP
  
  192:KYArV6u8MziuO9jGSrTOjEe+64q4Q9gXcs6IzORMn3:qvzUh7rSEenH4JMBKwMn3
Score

1^/10
behavioral15
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/fppmbhmldokgmleojlplaaodlkibgikh_1.A81D1959892AE4180554347DF1B97834ABBA2E1A5E6B9AEBA000ECEA26EABECC
- Size
  
  952KB
- MD5
  
  1a9c030cf025d340ff394cd9e5b664f3
- SHA1
  
  c1e8490662903d90de97760cb3102426f2784bd9
- SHA256
  
  a81d1959892ae4180554347df1b97834abba2e1a5e6b9aeba000ecea26eabecc
- SHA512
  
  7a9584c96849b1c8c623119bea4255a628e0f36d3a5f670e9c6a20f84d250fee859751a521322864b1577d7ca3ecdd7ee805c0f35bd7d74ddf43afc9f2abf8cb
- SSDEEP
  
  24576:LwrAaUx3buUhBVQYflCitQKjQKR6kizJqpAGQ7xj8pUvQCg2:LCAH3ZsYflCiuKjgkc7B8mvQC9
Score

1^/10
behavioral16
- Target
  
  Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral17
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.42AF0D1905C8F1D8F6167365271C4549A73603B838BA58B9A664C57C00DB1EE5
- Size
  
  783KB
- MD5
  
  f3e5f7de5184a6aee396ce71a0b45840
- SHA1
  
  84d92390f346cee527cb890d938f3522f916a386
- SHA256
  
  42af0d1905c8f1d8f6167365271c4549a73603b838ba58b9a664c57c00db1ee5
- SHA512
  
  4ce26e46105e4da26ca1fa6d5cc869bab234ed5baf68fd397bddcf1c4d47f642e89c3e210629efa8b8831596bd1321b298e34b4d60b4daa9cb2f7967c68531bb
- SSDEEP
  
  24576:r+wlAtUkNexKMU7ngXEwx2IXwoiBjwoiBI:rTlMwEzkEwQI2KI
Score

1^/10
behavioral18
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/ndikpojcjlepofdkaaldkinkjbeeebkl_1.8657AD8DF1B23B55192C68D707CEBC7653AC24FBD8F4EABDA9F8954FF88F1634
- Size
  
  1.6MB
- MD5
  
  d2687845daad246d0282aa916ef5f9b8
- SHA1
  
  f6fa3b70e8f2508b40bb62b263eb23b3b2c56001
- SHA256
  
  8657ad8df1b23b55192c68d707cebc7653ac24fbd8f4eabda9f8954ff88f1634
- SHA512
  
  6c506a3b85d94126890518a3fe9d827313d7823d7178b25d42aa2c15d65c1bea26950fbac3fb4b363cc2f7d34b2326f092ff0880776d338bdc085975b9d4484d
- SSDEEP
  
  49152:mGB5EH8IG0NyDG65GL03LVYI+Sk6hcePuO:55s8bFG6IQ3LVYI+R6XPV
Score

1^/10
behavioral19
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/oankkpibpaokgecfckkdkgaoafllipag_1.44C48B9ECD87ACDDD850F9AA5E1C9D48B7A398DEC13D376CD62D55DADBD464A5
- Size
  
  22KB
- MD5
  
  cbfd6b1a1f278778950a4fcb6d683008
- SHA1
  
  ae27d38af7257c4c846970116807244b723881bd
- SHA256
  
  44c48b9ecd87acddd850f9aa5e1c9d48b7a398dec13d376cd62d55dadbd464a5
- SHA512
  
  0c7c46ccba1048496127c40592774f7b211f57f002de84bd28d3b023ad3d81bf68e9aa8db2dc8dbf9eb3a176e2733a34318810a06db3b9a8d662f5b5e188d91e
- SSDEEP
  
  384:2Kz+yjT5FaTB29uJID+2Qlyi+jBzAi4dLQTf49fmA4tVyk4exlfiMRoLnJ:L+yjQw9L2lyiSBzJLTCmJUei/nJ
Score

1^/10
behavioral20
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/ohckeflnhegojcjlcpbfpciadgikcohk_1.26123BEF7D73536450862D2C4D44963D720AA80B6FC2D8496F559CB9C1FDEB00
- Size
  
  1KB
- MD5
  
  a36d70bcd9333175811c53122f7d2c1d
- SHA1
  
  9a9a0c0ac2fc1db6e7b78868c8d4c96d747b8f1c
- SHA256
  
  26123bef7d73536450862d2c4d44963d720aa80b6fc2d8496f559cb9c1fdeb00
- SHA512
  
  e69aee2d91c50dd63030bd64cd12b5120c1db9871caf3c26b2cbf29ff96891b5f2e7d1388e4b731f77d7fb24904f379a6a8d5c1b2aacf8a8501fd0111ab0caf5
Score

1^/10
behavioral21
- Target
  
  ZoraraUI.exe.WebView2/EBWebView/component_crx_cache/ojblfafjmiikbkepnnolpgbbhejhlcim_1.C1E0755E98DF77F5A56556098D6898E27C5295377F6F0703EF98DB199920CDB5
- Size
  
  13.8MB
- MD5
  
  d636f20983b6e5ddbd9065dcd89631ab
- SHA1
  
  65237dd62e6f301c136dc15617ecf6717ccf9afc
- SHA256
  
  c1e0755e98df77f5a56556098d6898e27c5295377f6f0703ef98db199920cdb5
- SHA512
  
  b12f5e1f90688e3d677487ebc9520d0e9f13b0fccfe3b50566fdd8efc67b3223dc9c3e69acb6faf42ac99d4040bc52cb56458ffcd7e3898c4900d909a3ab3519
- SSDEEP
  
  393216:9Iun3ut4GGDxGJLm3aQg5A5ofLQs3zqO6XWTywigGC:NTGGOLm3n5ozQsjl/WwigGC
Score

1^/10
behavioral22
- Target
  
  bin/Monaco/index.html
- Size
  
  164KB
- MD5
  
  c3506d78dfb11ac87eddf97efa2aa3e4
- SHA1
  
  4e89e7ccff6df38d2d0a4d933e253e1b6730347e
- SHA256
  
  9519ba7f31d3a2836f04c0dac47d1eff3ad5626da95006ee8b29587f3eebbdc6
- SHA512
  
  bac5ef162ff8b8b452359a140f7f94a5be9d40647803e2dfeb5a4358db328038adf834c467c60970416f357b6a906f2c76bc374ca2a540f0dbdbf70462f98925
- SSDEEP
  
  3072:gKl34J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pl:d4J09BA3pZaFD48VOAGUWYPjdlLJbRBB
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral23
- Target
  
  bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  133KB
- MD5
  
  d0ac5294c58e523cddf25bc6d785fa48
- SHA1
  
  1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5
- SHA256
  
  e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b
- SHA512
  
  fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb
- SSDEEP
  
  3072:bzjH/zYJc5c/7tMLrJ78II4F9N8+em5W+:XjH/zYJc5c/76LrJ78I7BL
Score

3^/10

execution
behavioral24
- Target
  
  bin/Monaco/vs/editor/editor.main.js
- Size
  
  2.1MB
- MD5
  
  a7e3083cfe200263edfb4bf011b893a3
- SHA1
  
  18b52dc38e7a8a612892f5e60a08d9b19e1f472f
- SHA256
  
  9e2fb6171592f7a3c33d3b5baef58b516b36473ff7717bbd643574991923435e
- SHA512
  
  6bbb149102958e23c42accbbd18595fcfffd547bb826f2309956c036983692e83b7313567a42e50d98a1c946fab554e32b77ef4d0f8bc0cc7f0dda196fd7e23b
- SSDEEP
  
  24576:jFFExk98EXl2uRJxjP3Gdv6QLtQ2MbRpn:Yxk98EXl2ixjP3Gdv6QLtdMf
Score

3^/10

execution
behavioral25
- Target
  
  bin/Monaco/vs/loader.js
- Size
  
  29KB
- MD5
  
  bc15bb48d4d5c60ce7f16819f4d988c4
- SHA1
  
  87c7f328aa357d52b68b2cea0a214365a40cdc36
- SHA256
  
  5c3cf09973404ba31d760952f267751ef2bb09f315331d13ca432b65ce2c480b
- SHA512
  
  b5d7481773cafd01f3d738949a54e49c166c9a8fea3a150f6f0eed7449176d630991e27544a4e7b23fdad29700ae7fbba5de42f97c69874b6f2ad374194a9853
- SSDEEP
  
  768:o7J6CgCAqoxgiwYeMX/so92s8hHlDmc0yvrCfS5kUN+WV+X7:oV6lC8fwYeFKcV5k
Score

3^/10

execution
behavioral26
- Target
  
  libcrypto-3-x64.dll
- Size
  
  4.5MB
- MD5
  
  a9c1f7ca15c65c139bc9d4bf57df2e1e
- SHA1
  
  1b1377139a6b289d43a6b1161cd1089ffc817cf9
- SHA256
  
  03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116
- SHA512
  
  97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073
- SSDEEP
  
  98304:Ml+f+K26t8Te5zUeP4xA1CPwDvt3uFGCCQ:4Ctt8Te5zUewxA1CPwDvt3uFGCC
Score

1^/10
behavioral27
- Target
  
  libssl-3-x64.dll
- Size
  
  802KB
- MD5
  
  51b0d5f42a82f6fa8739b403e9b8b81c
- SHA1
  
  75968c157628bb7aca9b5f2331f7a0c9a1d28865
- SHA256
  
  0bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b
- SHA512
  
  94fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814
- SSDEEP
  
  12288:Mzjte0Fevo3VS1npHEDHLqjRmqWSTzt7opiTdEVB3S:M9e5o3VVZVSPtopwdEVB3S
Score

1^/10
behavioral28
- Target
  
  runtimes/win-x64/native/WebView2Loader.dll
- Size
  
  161KB
- MD5
  
  c5f0c46e91f354c58ecec864614157d7
- SHA1
  
  cb6f85c0b716b4fc3810deb3eb9053beb07e803c
- SHA256
  
  465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f
- SHA512
  
  287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91
- SSDEEP
  
  3072:7evoTTlTRTyiuPThTNTKm81SbbMYSPLNsknZiZ2HZ5AaliiT88FEtJ57dXSvlCW:HTlTRTyiuPThTNTKmFQdhsknZiMHfEti
Score

1^/10
behavioral29
- Target
  
  runtimes/win-x86/native/WebView2Loader.dll
- Size
  
  113KB
- MD5
  
  9d7744e15bb8e3d005079b18979c8544
- SHA1
  
  7b326c96e5f3f6baaf6e9390b119a4ffb3df2c64
- SHA256
  
  cc2f661aac9c05646933f717e629a69be93d8d06803066289d6dc1105aac6cd2
- SHA512
  
  732fd17714ec5ef0afd8f17d06adc895e93bea4585b6b1dabcf95c3fbe808e7b31a19c13cccfac0b30cd425cf96926749a0373a861f55fa8db442430803f4a25
- SSDEEP
  
  3072:rJ7FfqJR70vRq2KVsCKKa/gqeNZ/TvxEtJlAlp8Ugr4fm9IxK:r7fqJRQY0RKD5EtJeTMr2mV
Score

3^/10

discovery
behavioral30
- Target
  
  xxhash.dll
- Size
  
  46KB
- MD5
  
  249a5f6ca047df2a2f802782696c7f80
- SHA1
  
  6a1d96be0f497d689fb55de70284af83cac61f52
- SHA256
  
  2828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671
- SHA512
  
  d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f
- SSDEEP
  
  768:zziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3QimeSyygGz1K:zziR74kgDn2rDRuIrN5mAvgbTgi3SylI
Score

1^/10
behavioral31
- Target
  
  zstd.dll
- Size
  
  638KB
- MD5
  
  21dfe873f6ed38f2f713ecd43ad1ba41
- SHA1
  
  7648cb043587da0e85743f9da8dca8be621ccdf0
- SHA256
  
  2a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997
- SHA512
  
  67b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919
- SSDEEP
  
  6144:XbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4eTTzp:XbauYGT5BYMxjDHMk0petRCEyb9emHW
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Browser Information Discovery

T1217

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32