b8beb5e27fc339772b63ed454ec054a16b554e5c354eab8de7b4addbe238f403

Sharing

Copy URL

Twitter E-mail

General

Target

b8beb5e27fc339772b63ed454ec054a16b554e5c354eab8de7b4addbe238f403.zip
Size

7.7MB
Sample

240919-b4q1kavark
MD5

702338902a6de0a7a3ac5a27127ae1dc
SHA1

1cbb3efce1d2754c9151396d880326c79ae1a45e
SHA256

b8beb5e27fc339772b63ed454ec054a16b554e5c354eab8de7b4addbe238f403
SHA512

403c6c055f56d3d71b0d57920f20c22949d59a4cc53d31939cefd6ad7c9531abc351a512f69ea37e426c7121e575d6a5ffd5a1ab2468419127a7a22b83b9413b
SSDEEP

196608:J6eqAAOA83ayrzu2RjPu/IgvxNGS9o7eEXJz4S41xcgN:J68AOAjlkzuQez9OeEXJz4J3cgN

Score

9^/10

Malware Config

Targets

- Target
  
  op/GOG.exe
- Size
  
  2.1MB
- MD5
  
  36edd4fe5ee415f81e2ef8da75f23734
- SHA1
  
  cee7ceaa8192300c7ab656149fe4bceffed2b96d
- SHA256
  
  06019995309fec0a69f50b0bfeb9b74cd8be91f0212f3b3ad24b211ba18da139
- SHA512
  
  89b31dd8f564d5702e172514e3b1c675e7cc26d60be05f2f9560e3a32f8efffea71f4d2c821264e1bf6d539461f1858d3dc0b88366dcca60b286727ff3319895
- SSDEEP
  
  49152:rJ0RXNOM5kK3PYkP0bE5SAPTRozxbhro:rJ0K43PxdJRoz
Score

9^/10

credential_access spyware stealer discovery
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  op/Gogo.exe
- Size
  
  2.3MB
- MD5
  
  4b6b8135c2d48891c68cc66cd9934c40
- SHA1
  
  1221c3cec1154afc6c724b67bc8cd43d806a85c0
- SHA256
  
  b087a214fb40e9f8e7b21a8f36cabd53fee32f79a01d05d31476e249b6f472ca
- SHA512
  
  f38b75c26668f030071333f37863c5917b9ae220475d1f034369bfd4da300e94d9e9aba98aae3bdfbf84f00df7d7a46d264a8d0607eeaafa4ce1e5f090b916ad
- SSDEEP
  
  49152:kLkX3/3udbisON5dgsMrrPQU+ndxZ0M/mIl/:kLkvEmN5KsM4U+nd
Score

9^/10

credential_access spyware stealer discovery
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4
- Target
  
  op/GoogleUpdate.exe
- Size
  
  149KB
- MD5
  
  605ccc9ce1839bc5583017df7cae27a6
- SHA1
  
  ae73b2e2ea5dca80c5a98907a6786124edaa7623
- SHA256
  
  f1f67830fc3531dfbdaf5315f59422438ab9f243d89491ac75d1818e7ed98b5d
- SHA512
  
  1176d521c81eac836040cb6b8f444b6a8ebb5cfae84b0ac47e13059fd4a9bcff95d4f678e92d3288266a123d6e11a0f2f537195377a598f141bcbd686cf7b0ba
- SSDEEP
  
  3072:zYtZ2UylzQkBv9ahxzHyZtrFgLAQB+1lRqsf3BHofOYC/QVFYYFrAhLbooFCzXAw:KGpV6j1B+067G
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  op/Hazel.exe
- Size
  
  8KB
- MD5
  
  1ad818406f06d1cb728b5d0f324fb3b5
- SHA1
  
  2cedfaef2739f3960194b19e3ee61eeec4820f3e
- SHA256
  
  85a6ac13510983b3a29ccb2527679d91c86c1f91fdfee68913bc5d3d01eeda2b
- SHA512
  
  4703dc1549cedf09eab7c7862ec340ad0b5750149374a0cb281f5b985e594851a11757966a0f90307937e7a9b19dbdd8e50051142081b81536ea64b5d05c0085
- SSDEEP
  
  96:Mj3Er0k4gZJUoWYs9a5O8ng8nK8n6Y+9heuYkUBmaTbkBXBgf6nt3xy72NqNE5TS:MjUr0xgDeodn9n/nD+KL+aTbu1toC3g
Score

1^/10
behavioral7 behavioral8
- Target
  
  op/Nix.exe
- Size
  
  90KB
- MD5
  
  eb9cd31960e3bc9da5a3a03cd0055180
- SHA1
  
  c96f510bcbb2bb774a3553f24eb910de01a4fec7
- SHA256
  
  95237e4179f0385cb400ace3835d5f1382c3f16944d4e76a0a829f9ca41442d9
- SHA512
  
  91807e6f3f4473b4d79ec1293d660d85c3c01144e0b4d18b1a858691fa486d5269e3035ce8ee92437319eb553a8dc00efa9d83bda9f09344be1fdb66e5cbddb0
- SSDEEP
  
  1536:WgkTyomDWrpGNxriWAYvxKtqS5zi9/Mv4xhJ8CyHsWhbid09dlhd8C:Wgk+oZEPPvssszi9/Nxh+CyfIMTd1
Score

1^/10
behavioral10 behavioral9
- Target
  
  op/PageService.exe
- Size
  
  342KB
- MD5
  
  95da36252284fe4f8fc6dc1b52448b83
- SHA1
  
  f297bd436890a94e67c110bf4718ae4d98eea864
- SHA256
  
  8730deaca1e593da1a13389945f8a6a9e126a4a9f8304ae90cbbc95171bcd4db
- SHA512
  
  608e2a6f679714920ca0d368b8206f9315b1b4b638c5a6e8f4946778d4ab5d10008f7bd07f6ceff8ead01a56b92058eb00c654827756d37ce44a7f06e6d962ce
- SSDEEP
  
  6144:n3XwQKXG1mA+8/0a+HsjaxngrmcafdgJGLohOYejnvZb:+WQD8/MHhpg8toch
Score

1^/10
behavioral11 behavioral12
- Target
  
  op/Pro-CLA.exe
- Size
  
  8KB
- MD5
  
  79ed88fa92f87bf8f36ed98c44436472
- SHA1
  
  4a3d67a2fcfcf744699eef9932162b32dc1dcad0
- SHA256
  
  94cd0c50f1cd9cd0e5e137e765dc8306793624a94584415ad71473eeed98401f
- SHA512
  
  e5ea8bfcd591e879ef6d38a809bb03b936f3b4f0dfee5890d75d04b360af2931e465031f303120752df540ea667224397f0d704a4f49f3ead194b2f9dffb49b2
- SSDEEP
  
  192:UHg9gKm+3vOFBN/k6Kl170hwwMaf2Smo7eSbu:UACQeBN+r0BMa9N7f
Score

1^/10
behavioral13 behavioral14
- Target
  
  op/SearchApp.jpg
- Size
  
  11KB
- MD5
  
  16c33dbd1d7f6f98827e14f9d6d918e7
- SHA1
  
  17b6d4e416bcd92610f960fb27462f93033f30f4
- SHA256
  
  d69ba74e4712cd7c883fdadfd5badf769f8ec887f9a7ad9fba44fd75b78eaeac
- SHA512
  
  4bf5f064987d016ba38eab3dd847fa63bb9c41fc55c187ec576479906bbbf5b202e5db1b75a21d7725c098e1acd4c321a44768dafc35601fe9321026ec183cea
- SSDEEP
  
  192:KOgaHDB//OZuifafu/P3wLvRWK/4/v3V4GrriV/qDR7:FB//ORaSqRWK/I3LviV/ER
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  op/VersionInfo.dll
- Size
  
  321KB
- MD5
  
  978d862a36583dd0532de33565e02683
- SHA1
  
  800a206d661198f8d89c8b3611e4255b33d28b70
- SHA256
  
  85542438303e4974917ee2ef3e984d9ba9b3e731ddcf2b7626d0fad65b252a0b
- SHA512
  
  ce3f33941b2b45584b64444902e46ac3f0b1baba212f970d2168fd108618baa7d91e0d989f13521e3289f5e6e47e9b1f6ea658c63bf5fa95ba6742637518017e
- SSDEEP
  
  6144:ea5VCzoXchZKIdxMAAZsdhAWPwtAQ1Qoh+UQOQgv:/XwKId+AACdjP3Q6o4G
Score

1^/10
behavioral17 behavioral18
- Target
  
  op/calc.jpg
- Size
  
  27KB
- MD5
  
  5da8c98136d98dfec4716edd79c7145f
- SHA1
  
  ed13af4a0a754b8daee4929134d2ff15ebe053cd
- SHA256
  
  58189cbd4e6dc0c7d8e66b6a6f75652fc9f4afc7ce0eba7d67d8c3feb0d5381f
- SHA512
  
  6e2b067760ec178cdcc4df04c541ce6940fc2a0cdd36f57f4d6332e38119dbc5e24eb67c11d2c8c8ffeed43533c2dd8b642d2c7c997c392928091b5ccce7582a
- SSDEEP
  
  384:Otj8FKzuRxmeWCJxhd2WS/YWyiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiB:QXif4CbPQ7
Score

1^/10
behavioral19
- Target
  
  op/dart.exe
- Size
  
  152KB
- MD5
  
  98f6007dd8a18d14b03fa1bbf0b1e3a1
- SHA1
  
  f3f5e635e77792a46e8ac4b2e160e74db52ee608
- SHA256
  
  4798e79597fbde0059c2e2be04d8ac5801bbbb75bcef9a75d2811d8ef033513d
- SHA512
  
  67ddf707498a9f012ec7772fe132bc741fa7c4caf3eda4cbf7fcc995c549ca899363c553b38f62015a1814a9d59df5894e7724cd018fc960b599859c701ff008
- SSDEEP
  
  3072:RgEjpsvKN3VhEnz8yT31cAG74GOhhQAgW17:RZsCJVhEnz841cAGUU8
Score

1^/10
behavioral20 behavioral21
- Target
  
  op/dlibvlc.dll
- Size
  
  71KB
- MD5
  
  2c046e9d7bfd8b63bc11a2e5682cb1c3
- SHA1
  
  44df90b6ed9b279b01afcf3c4928f7459490e0f4
- SHA256
  
  d9ca0a9fcf6458ce310c234410a27bc1e50eb51e41e29434c5ef1182f556d3ba
- SHA512
  
  8415f18b03b19b8179350d56e6fd91391703f1a33eec123cb868b04f297c3f24194d95a0b1ca3f71433a0f7c711c2442bf22a2c5faac9fc280e954e002d976f5
- SSDEEP
  
  1536:xEf39HAGzOP5Ee9YNdZqOQ4hxsWXGcdQZsNHLYD:xcvyPb6V1hjQZshLW
Score

3^/10

discovery
behavioral22 behavioral23
- Target
  
  op/dvlc.exe
- Size
  
  133KB
- MD5
  
  81896b186e0e66f762e1cb1c2e5b25fc
- SHA1
  
  10a440357e010c9b6105fa4cbb37b7311ad574ea
- SHA256
  
  9ffb61f1360595fc707053620f3751cb76c83e67835a915ccd3cbff13cf97bed
- SHA512
  
  204490554cf13143a4ee06540c0bef39362ab7278e1f941e49500f21fcc41ab88f4506570ab2ec8529f73e4c1f3afc1c999349119998809eee4338980f1f3861
- SSDEEP
  
  3072:LEmHU0hfH2k9Hc3/nl6LAHkzI1UfgEA6IIyRB3h3:omHU0hfWk96kADF3
Score

3^/10

discovery
behavioral24 behavioral25
- Target
  
  op/edge.exe
- Size
  
  179KB
- MD5
  
  5ddc61d4c8d486f55fa8b97aa4cb8817
- SHA1
  
  9583f79f689fca550d7871b7aec178ec1a353c35
- SHA256
  
  700827a157a3c3ddd1a4ac80b98d4519d937f240ec9046d1e9c3a480024c8ccd
- SHA512
  
  cc854e74c5f0d5621a225cb2e01f98ad65acd8f3331058eff1cc9202e48486cf564fdc2a6b2187abda205e7297c1282e5d202bb6441f75b7c0eb8427b56634e1
- SSDEEP
  
  3072:93uUz7+LUf3ASkYEbt+50SLcGJVxuIAxNobvt7V:93uI+gfASj+tWtLdkobVB
Score

1^/10
behavioral26 behavioral27
- Target
  
  op/figlio.exe
- Size
  
  13KB
- MD5
  
  25e5d1790f61e6a45720da0a500be131
- SHA1
  
  14df65b13fa26f7457c3ca7dc884559012d7a861
- SHA256
  
  9e681830cc1835e8041ee578fdd8cffe94ee91c92e946b73e7270787caacc296
- SHA512
  
  2676745db7eebffd5510fb8dec666f4e5f434b9eac6232e9c0f101335953fffe1201bd347696072d5458265293de3b83d6fe9a60ef3b632a10aba717489287a8
- SSDEEP
  
  192:HDTRRtRauuuaIZqtYRngmYgowVmP0cw8oK7yoA3fyBE4/+spEtqMztKH8VR6XhJN:HXRApuJ12ZZ7K36BxpFPcVihJh
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  op/forest.exe
- Size
  
  672KB
- MD5
  
  5242f809563eb3764684ef1180adb902
- SHA1
  
  491399cc669f92229d4a0c4a418067c5d4a808e8
- SHA256
  
  2a3519501362a44a4b122fbf869e195989741525883f07d0fc2d2e5e48fb7fff
- SHA512
  
  d8ab0ae014be8a70a6ad4c3e4d20dc5816b8a47eebf102b84aea0fcc2f4851f9162aa6fd1fe97d6cbaa213b9f392d679e451ea2ee3d99ea503e313b04a1acc49
- SSDEEP
  
  12288:T8RNDWKhjjr+8M7e0dcrG4e5DNBRfex4d2Ozr3ST80yjlDUjHi8B:YRBBNU7eA+6rs80i1qi8
Score

7^/10
- Drops startup file
behavioral30 behavioral31
- Target
  
  op/goopdate.dll
- Size
  
  94KB
- MD5
  
  0cb698bf40859340ba939aeb390b4118
- SHA1
  
  f98d6ad34db3be64b70061c3777852723179d347
- SHA256
  
  7eb0d740674ac24156a8ee66a660d67ff7505d1552c14b203b39331cea7a547e
- SHA512
  
  3f4c5d2111933599e090f8320a0479d5ecde0851e2890fa46baa398e50ccdd094b9d6ebcda74468c8f066217c4fac708577e9d8f6274c6f313742d33a5122242
- SSDEEP
  
  1536:V2PUsXD0RmkgoJo8vm76Lfv/KEYuNSzwiPvgDC9Z2hwLa94qsWCBzYcdr/EICOMN:V2PUsXwskgoo8v66LntYuNVC9845rMIM
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Credentials from Password Stores: Credentials from Web Browsers

Reads user/profile data of web browsers

Credentials from Password Stores: Credentials from Web Browsers

Reads user/profile data of web browsers

Drops startup file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32