84e6165d04f2d78f93004802d0efa6cd94d81c1a133c8827f07e41da51b92351

Sharing

Copy URL

Twitter E-mail

General

Target

AutoHotkey1000.exe
Size

540KB
Sample

240914-ryb78azakf
MD5

f0134a3723478be156d92564d11fb5ca
SHA1

411649e0fb3e2e8ad85ffd04ab23680f3ce34aec
SHA256

84e6165d04f2d78f93004802d0efa6cd94d81c1a133c8827f07e41da51b92351
SHA512

fc6ebb12aad5967f11cf08288ba23db02b41eaa66acd947572c754864d487d7fdba5d59731c44172a494029c74fc4901489f8789319cf2dbdbbbd7b1bc8d7fe7
SSDEEP

12288:M4MHVi0dCxIPub8yB3zN/wdeEevQIqieWeJ4YwCM:ZyLHMBDNXE5XieWfCM

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  AutoHotkey1000.exe
- Size
  
  540KB
- MD5
  
  f0134a3723478be156d92564d11fb5ca
- SHA1
  
  411649e0fb3e2e8ad85ffd04ab23680f3ce34aec
- SHA256
  
  84e6165d04f2d78f93004802d0efa6cd94d81c1a133c8827f07e41da51b92351
- SHA512
  
  fc6ebb12aad5967f11cf08288ba23db02b41eaa66acd947572c754864d487d7fdba5d59731c44172a494029c74fc4901489f8789319cf2dbdbbbd7b1bc8d7fe7
- SSDEEP
  
  12288:M4MHVi0dCxIPub8yB3zN/wdeEevQIqieWeJ4YwCM:ZyLHMBDNXE5XieWfCM
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  4c7d97d0786ff08b20d0e8315b5fc3cb
- SHA1
  
  bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c
- SHA256
  
  75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84
- SHA512
  
  f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a
- SSDEEP
  
  192:6KdqJ4Bhf1mdCMI26t510swClJOeFIsm7F1QuPs:6KdE4zAddwR0swqOeFxu
Score

3^/10

discovery
behavioral2
- Target
  
  AU3_Spy.exe
- Size
  
  11KB
- MD5
  
  86a0f547d9a8f9ac40a4864d6684bb89
- SHA1
  
  b5e9ad18dce4259f06069785417a3ce4909bd3c7
- SHA256
  
  64c84cc45c4ebc845e07b2e0df621e68316931859f2a9760555c98a53609e88e
- SHA512
  
  9f7461dc89985793b5d2fa7c947e7a78dd7177518187efa9e3974b5d29a4f9303d8bfd5b779da5fcba7daa3d65d5802aeabf91b85519fabb52b46da391e66e4d
- SSDEEP
  
  192:/JLFy4E6ioQMva65sDnvp/0JkjbcAeKXVHplkfG/Fxmah:jyoA7lIOtxmc
Score

3^/10

discovery
behavioral3
- Target
  
  AutoHotkey.chm
- Size
  
  199KB
- MD5
  
  64d6c17e94ad136329215d045de7ca80
- SHA1
  
  fa11a3eafe01c09f6e2f475dd3399d104a033ab2
- SHA256
  
  1481712301d97809d1ffbfc07eda6c8b9b66d252a0edf571be0cf78f1ff19180
- SHA512
  
  725625d7434b02ae13ff68d3d5ad6b9939309ab7e042bd95acd3a418a3891c9f3d1ad714c98a0e5d96f15e7c9ae18538369affefc23b03bbb5abbc5e96e8b184
- SSDEEP
  
  3072:ciXZQJ3AlOEs64o0nWBWza7J1LO8aUZ85d9rgq3zQjnX7JyOAgL7/:cw4dEs650nW4c1LO8aDd9kqE7EsLT
Score

1^/10
behavioral4
- Target
  
  AutoHotkey.exe
- Size
  
  230KB
- MD5
  
  0b16d3b26dca2da15fe8557e81a93952
- SHA1
  
  a0510e89d40f85ce43b22ba69d8c2615ef8cd8e1
- SHA256
  
  f08d05d32b46f58f182efdeff1db8852609b1781cbea150dff4a212aa4b5f802
- SHA512
  
  7a6f650207508452e5df694766f87c8db08545925bfc9dd3947e8ef3fc15960c44caef7924c60b86e2d760534abb6b4f96f48e2137a70583ded8918ee77d9c00
- SSDEEP
  
  6144:wrxoB1UQZfNB7mPWhXlamBiqQBCO14gBJjMb1:w9oB1hZfNB7muhXlamoqQBCO14eVM
Score

3^/10

discovery
behavioral5
- Target
  
  Compiler/Ahk2Exe.exe
- Size
  
  69KB
- MD5
  
  886756e2f23ca938a146c7b44256b046
- SHA1
  
  f5ffb13e58f23fb57716a9049989a2b3ace86ae0
- SHA256
  
  a496931a1d65165b4e4d4c8e4e1614f947e8176cbca34553d938f3c44f114839
- SHA512
  
  e1f1bb7f7626727b71d94869a0a82e8e38ddae4256f8c06907b6299cf06e5a2ea95b169d9d6c8ccad0149441b1f0ad617fcb8eb3ee6f9f27869585b120809c01
- SSDEEP
  
  1536:3k019+8gFJOr69sc/ntWpYXlSLn+Q8mfz0aFK28sosE6srN:00195gXOcznt2YXlSaQ8gz0QKLsZsr
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral6
- Target
  
  Compiler/AutoHotkeySC.bin
- Size
  
  233KB
- MD5
  
  bba7205d7f65ce9106b4cfba2f81cd63
- SHA1
  
  b28662dc51b498c6f6c7eb38370be175fcfd767b
- SHA256
  
  3cec23629bc75a3b07217ac78e5d0240d5135433ceb739e00abbd282cbbf9014
- SHA512
  
  a1ef0384df018a7282f2af3ec757b565cadbc4cc445a80d00449ae84c67bc9fd4dbd56a810c440d3e74f80a340eae0f54d9579e0ba58161afddb2073a663d3a2
- SSDEEP
  
  6144:u/fodPwoccARgk6UxoRSldb+YlERRRhR/IMBmMSzgoSNjMb1s:QSPwofARgk6UyRSl5+YlERRRhR/IMBm9
Score

3^/10

discovery
behavioral7
- Target
  
  Compiler/upx.exe
- Size
  
  92KB
- MD5
  
  6ef20e56d1f5eb53882e71a29701138e
- SHA1
  
  2b326e5003fc6f3ca35e33cad9263624974771c6
- SHA256
  
  67bac3b5650c719fbc15dcdb5ccb2dd07414876f6b55baa967342356d80357dd
- SHA512
  
  f9d7e6cdd2971e947a74b3c88b29fa92a75f517a098e1e77f7ae292bc64002683151fd654eb04b4b762325c4bd41a00356ade566f6213f2b9e0eae2f4ce83063
- SSDEEP
  
  1536:rch86wguitL/ZtMN0SYgrWZPpz8n5Ir6jPy1HqPWPCGwJs/5zwUOjVFLsm:cmnix/ZtdFgrWZd8nir31KuP7wJE5zC/
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral8
- Target
  
  uninst.exe
- Size
  
  49KB
- MD5
  
  d432e0f8295a5293a348881344bdffeb
- SHA1
  
  ac8e3e1d21b2b179b9a595dbdded7749cfaaf7b8
- SHA256
  
  49d9dbc58d38e9afc0fe7333cae4df495c1002d1ab09cbba44477742493007e7
- SHA512
  
  f46cb153c7287b03c41c64a93206f886e2bd234165f4ba51408c8b67d8e037b8a2fb2a0f9473c4b4808de4a183b02be7a56732e2b99bd3473806a06b0041302a
- SSDEEP
  
  768:qh03BWfzcJpdd4jU3eRo8rwV0GfL7rtU7UMt3MBJK2+eJRn5Am6kRRJ2iZ3igQ2z:qh03grsyj5Rk0gtUABJuqAELVigQy
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks installed software on the system

UPX packed file

UPX packed file

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9