Overview
overview
10Static
static
10setup.exe
windows7-x64
10setup.exe
windows10-2004-x64
10$PLUGINSDI...gm.ogg
windows7-x64
1$PLUGINSDI...gm.ogg
windows10-2004-x64
7$PLUGINSDI...in.skf
windows7-x64
3$PLUGINSDI...in.skf
windows10-2004-x64
3$PLUGINSDI...al.ini
windows7-x64
1$PLUGINSDI...al.ini
windows10-2004-x64
1$PLUGINSDI...rd.bmp
windows7-x64
3$PLUGINSDI...rd.bmp
windows10-2004-x64
7$PLUGINSDI...sh.bmp
windows7-x64
3$PLUGINSDI...sh.bmp
windows10-2004-x64
7Resource/1.bmp
windows7-x64
3Resource/1.bmp
windows10-2004-x64
7Resource/10.bmp
windows7-x64
3Resource/10.bmp
windows10-2004-x64
7Resource/11.bmp
windows7-x64
3Resource/11.bmp
windows10-2004-x64
7Resource/12.bmp
windows7-x64
3Resource/12.bmp
windows10-2004-x64
7Resource/13.bmp
windows7-x64
3Resource/13.bmp
windows10-2004-x64
7Resource/14.bmp
windows7-x64
3Resource/14.bmp
windows10-2004-x64
7Resource/15.bmp
windows7-x64
3Resource/15.bmp
windows10-2004-x64
7Resource/16.bmp
windows7-x64
3Resource/16.bmp
windows10-2004-x64
7Resource/2.bmp
windows7-x64
3Resource/2.bmp
windows10-2004-x64
7Resource/3.bmp
windows7-x64
3Resource/3.bmp
windows10-2004-x64
7General
-
Target
setup.exe
-
Size
3.9MB
-
Sample
240928-z9wp1axaln
-
MD5
81e69b29c4c09391a12b665e7661f48e
-
SHA1
b103b694d12544c9db444badd9e2263d219698b1
-
SHA256
81e45c1e6d6a718624159e116e6daa8c1547f39bef7f56163303e7eca8abfae1
-
SHA512
5476b9fa6967aefcb73793c965224c93d2ab46268830fcb71c69bc864e22e0cb92512959fe7a728ee77c2bde00e3ce9eda64d015ff1ef34273292707680c0042
-
SSDEEP
98304:QhVVJqioKMFh1qKsbZcMgsGwNmlCNE4CJgcMyfQP/4:QhV1pMzHQCMFGImHgcM54
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/dat_bgm.ogg
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/dat_bgm.ogg
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/dat_skin.skf
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/dat_skin.skf
Resource
win10v2004-20240910-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/ioSpecial.ini
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/ioSpecial.ini
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/splash.bmp
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/splash.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Resource/1.bmp
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Resource/1.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Resource/10.bmp
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Resource/10.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Resource/11.bmp
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Resource/11.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Resource/12.bmp
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Resource/12.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Resource/13.bmp
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
Resource/13.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Resource/14.bmp
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Resource/14.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Resource/15.bmp
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Resource/15.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Resource/16.bmp
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Resource/16.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Resource/2.bmp
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Resource/2.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
Resource/3.bmp
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
Resource/3.bmp
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
setup.exe
-
Size
3.9MB
-
MD5
81e69b29c4c09391a12b665e7661f48e
-
SHA1
b103b694d12544c9db444badd9e2263d219698b1
-
SHA256
81e45c1e6d6a718624159e116e6daa8c1547f39bef7f56163303e7eca8abfae1
-
SHA512
5476b9fa6967aefcb73793c965224c93d2ab46268830fcb71c69bc864e22e0cb92512959fe7a728ee77c2bde00e3ce9eda64d015ff1ef34273292707680c0042
-
SSDEEP
98304:QhVVJqioKMFh1qKsbZcMgsGwNmlCNE4CJgcMyfQP/4:QhV1pMzHQCMFGImHgcM54
-
Detects Strela Stealer payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/dat_bgm.ogg
-
Size
165KB
-
MD5
f484a5db943fbefe894146a109513ff9
-
SHA1
3097181ce18c30933da3566d77b6beea5c9092ca
-
SHA256
ddae02d386f23c8d03792d06beb5100f1d230fa6c9c66b007fa5a3808e5dedaf
-
SHA512
634615101e5ccef3fbd6bb9fdac881808f231eccb79bd135dd804251b4d564cc89c7a14fe2fe548e7345a6437383edb8fb00ba19666834e4aeaced2103f3ff6d
-
SSDEEP
3072:tpbseuX0bbGvARsR9Eq9TBECn066ZCtALQOcCL3qFf4vklt/9Rs5BK2KAfnVGsGB:E7XXAc9NEmwmOb3qFztwBK2KAf2/KvT8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/dat_skin.skf
-
Size
551KB
-
MD5
f172c4e44639c2c67c019e94172c780a
-
SHA1
2e60045e6d80e9964698f95ecdcba3e12635cae0
-
SHA256
2f2f3ff75f666826f4b40b8e277040d286e6d7ad883cabd5f4bf64670d4579aa
-
SHA512
3eac9c5357590a6851b59b14130aa6c22c57caff107fc24b74f984a8f7a0fdd78610bb4277553d8746a77a6d5531b06ce1b20bbcfa08cf0e9c600ebb518572dd
-
SSDEEP
3072:B5/dAtjL20Lr9UiaTqXDY5LNMiSJxJig+uzVZ+WrPWruDkhUj8YNj2YeQiwe39Lm:2/20LrGi1XDo8+UPUuj9kQiLNLif
Score3/10 -
-
-
Target
$PLUGINSDIR/ioSpecial.ini
-
Size
211B
-
MD5
e2d5070bc28db1ac745613689ff86067
-
SHA1
282e080b4cf847174c5c11e4f9157b8c338ecb19
-
SHA256
d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
-
SHA512
a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de
Score1/10 -
-
-
Target
$PLUGINSDIR/modern-wizard.bmp
-
Size
150KB
-
MD5
344eacb265063cadfd6d3ee3ee66f895
-
SHA1
5606fed6dea08aebe1d7eb0187e7f5bd53c96fdb
-
SHA256
fe2f71f6a9baa4bf426ae4710f4edce296ce3d89c6e0a03448cb00fa562462ed
-
SHA512
c7f48ba8e8ef4602de74c71fce1a08e7b4c3299808d8525339b6af37b6f30a76024c45a1f182f32c77bb3389edc6e6c45d0ff37549d201bf1f86b4f84b14b641
-
SSDEEP
1536:E7xAG/O+g3Q/H8/T9jtYVmj42ucaKBlZ7b:E7xAGmI/H8b9je84TcaKlZ7b
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/splash.bmp
-
Size
600KB
-
MD5
94f52dc67c016167d6eaf6e0c3cf0942
-
SHA1
e03a061117872d458d106ff67a70df5b4b236e08
-
SHA256
d91b10d9516f3153cfad2e00b9975a835b1538be1dc0ec0e2821a7f3755322b0
-
SHA512
f2439352039abd0894e1addb23dd3033434300804c5c2d0139c1c74e8f02832033a54a0792a1bf2fabfbc220e5645bc4e4f77b9831edcf7cdecd162e7a5b6273
-
SSDEEP
6144:kcoYVYZtkKsq1ReH8z1UMKFAeH4kTBERaZN:kcoYVYZtPReczGM8qRaZN
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/1.bmp
-
Size
132KB
-
MD5
cd5ff562751a97fe101a67e771ba502d
-
SHA1
40ab4ef194902fed97926363fe6f82f3ddb905c0
-
SHA256
acbb674a36c859af77de0aa1d3d95c1cedf000e54febb31020e6f938194ffc6b
-
SHA512
4d8d1bce35189b6b20e478330e9d94c5b4863446366da8bfebd5e29303ea2560c1749c00ea181716ef9b873d19f7bb0b0b67217bf33fbcf14ef06034eb93da2f
-
SSDEEP
768:GZlzyFOQrMisKWPDWPQ6HxZ5/LVlSXhyuFKTuZ/tzIywza2oHVWWHwSKY7FgqwxH:cPorwX1du
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/10.bmp
-
Size
132KB
-
MD5
315fbe95e7b2a86b874b197fbdf15849
-
SHA1
1cfb80ce65a3ec7797a236bd21c5de45ff49ffaf
-
SHA256
ffa4a594d09f8faad81a30ba0999692530b1c248939328c57781ccae55129536
-
SHA512
d0ed7b6cac55509e08dcfb6ce4bfef8da2945cab9372e0e044297fd21f8d9a74fcb601bf8faf2e97d1350bbf9363d3d25421da34747a7a2dc7660c8b3be253b7
-
SSDEEP
768:UqL8imr7IriZj7gNPfkxD5KhPY9dx0FHH5m1ngJMNZ7sCBTiCabGZ95YqQ+9PaW/:U7p/WGHGk
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/11.bmp
-
Size
132KB
-
MD5
8379b1c3d19f3648f9236187e16149e9
-
SHA1
d1d4ef0d7071ac00c8d3abae6b79d8ebf2798452
-
SHA256
fd3a02f023176a6ae82935f00f72fa13d42be28d58eec0422b9783184ea852f3
-
SHA512
1822e9eb3c1943d0a6e78a78d6920db26f92257a5a368e5524162c65c08eada27a4d7fdc1714279910665189398ebe510e1e4d982bedb4915d75ce9f825b215b
-
SSDEEP
768:SDbNi/9re4I3yTa3xz5bZKvnedS0hHHiOGa3JRNQJCFcimltHLAFEpJvhdb1hHWt:C0Uu/IAY
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/12.bmp
-
Size
132KB
-
MD5
ba19c720c62fb04a6d0687763eb3f0f9
-
SHA1
80ca6d7bda2b287c87d36ad2535bf9ffb5bf00c2
-
SHA256
67c1e8f97cb11fe2d5d658e994682dcb9b81ec73ee221e2d704bff5da8f7a360
-
SHA512
298128377ca05e88fd5000725e4871ffb81f0b49de805552c7fc205b48a1739a64cfe246f360186259322ed162fb31320fe4f7f511b0f106677e0eb8c7ed84ce
-
SSDEEP
768:SDbNi/9re4I3yTa3xz5bZKvnedS0hHHiOGa3JRNQJC6U1WAXoIpFAPlpUwgzHQ6X:C4GskgrY
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/13.bmp
-
Size
132KB
-
MD5
a0e8b1c81ddc511fcb5310c5deee8e9b
-
SHA1
88f9b448d7f5ca3a00b36b06e25fbbe94ca0a451
-
SHA256
f329a87886a84e7d36a03ab620221ce2e5909bf595210a0a70e62065b68bd458
-
SHA512
3e7b08f44e8534b2208c37e8f78fc91831ef7a7f9e634577b40be3ba970141437565182e2fb5f659fceedadbadf1bb562db351a95c4ce531913a72ea35cef272
-
SSDEEP
768:/nk0jLE2Lr8RnfWncJZx/5/N6r4VndtGgHHxoZPNPX4lXICR8nmItsNHdqoQ9F9o:zZriT
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/14.bmp
-
Size
132KB
-
MD5
22fcb3ea5ee2414880ef094b6b965c94
-
SHA1
dbfb1cbb08981fdd3878faf4179f5fddf67a4a9d
-
SHA256
9058e0d9ea998c21309757586d30b0e5378c0c1904ebc2d95bf01223ddba269c
-
SHA512
f104e05e5fff7ea1b5e7e983ed8185ee5fcb3d5affe07f9d60663b61027c4de76743b4b67d21578de7f35eca75d953a8182c7d3330c2ec65966cca6a4363c294
-
SSDEEP
768:TVDtEq8oBHHtrCOVPggBFxxwi5N6rcvyNvP24pTkgXN39OC6hk1J+BOUozzGLjYO:2QiqbJrGBO
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/15.bmp
-
Size
132KB
-
MD5
db6d2dbb0a0f2836f725f942453b29ec
-
SHA1
83448f73bb9104178ab354128e47a239b1abdeba
-
SHA256
46ed9e0e6d46d8840fc3771c5b8b5a9457d91e0a994e72a8289481dcf4a83c32
-
SHA512
5542a2a8dcaf436d2610cf685a2760bcc93d077086658cffe2361f3da0fae5f5f76a1761034cea5f8e9ac1151944bafa726761213acccf012bd01ba38f4d5ed4
-
SSDEEP
768:TVDtEq8oBHHtrCOVPggBFxxwi5N6rcvyNvP24pTkgXN39OC6hk1J+BOUohzLLdDz:2Qi5T9rGBO
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/16.bmp
-
Size
132KB
-
MD5
74963a0e21b0a442f0e327a9e83fcf02
-
SHA1
4aeba2036721e7d73a346c295eb436067c8d3976
-
SHA256
d2bf6a0edd77365e2593a2fa154a9a7e1c609111316e17538706d7d453cd5b43
-
SHA512
b5c0eadd8cebcfefa98b6080a51f1801233dd4f2e72b9df028fbcd571d046466ca9b7cf36172a524ff7c60820d40475a8e190d5bada901d3fd485e17c41daaea
-
SSDEEP
768:gj/TdkCTjrGQ5PMXISjxV5CzANeXWOWbXvpHV7eNsdoVELCeRNsF5nyt2JHg9B2A:QcEERWglz/MAlVgQT
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/2.bmp
-
Size
132KB
-
MD5
b983fb2e8d67378f2eead3af35a41276
-
SHA1
001d4dcdd316b285845f82743bc9353040365221
-
SHA256
5de6fac064d9897c7865b71528b0f4ee4375a9a1f94cfdd8ab355c17099ed75a
-
SHA512
c71980ee0466bf58518d914ac667516f484e991fcd03751536225ea76707e732f939e55c49137431f1d72417827339af6817ae2ef32098fe9af354c2619ecc3b
-
SSDEEP
768:T1+8TJ6ioYhMrr+xUxhAPbdBx05ngWQJuJB3ue3TBNq6h4HoTrJcRqLbDpaqNpIt:hHKgW/7mI6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Resource/3.bmp
-
Size
132KB
-
MD5
a21bc00d83d44f8ac7a4025e352a9cdd
-
SHA1
b44314553d206c68f901e623227b257b9b1cf4e6
-
SHA256
91d0a751e34a1cdf6329bdab73d8c583a2600d359d4a6ee78e0a557a56d6825c
-
SHA512
928c5060e863c6ca2052cbd51d4a4bb0170b8f5499a0cd8c6434a5ffa3c1314cc557f17bc550d8e356687c943538462b854175452e873ec256e515ad5e20fbb4
-
SSDEEP
768:T1+8TJ6ioYhMrNbxEicfDze4yckExo+535895beufdRTaNG/6P/VBnL0Ct7USTOM:hHBzCLEiWI6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-