4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f | Triage

Sharing

General

Target

EzExtractSetup.exe
Size

4.4MB
Sample

241001-n5t5tssclb
MD5

7399ebe1e1b9c99f3cb4a2521d424384
SHA1

7a560782421feb72b1e84f162cf0abd0809fda28
SHA256

4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f
SHA512

80b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d
SSDEEP

98304:fH85t/nKfACE3rHQc6cdxaf3JZ4csu+VCnkcayYl:fKhKfTkAzfHnstVCkcayYl

Score

5^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  EzExtractSetup.exe
- Size
  
  4.4MB
- MD5
  
  7399ebe1e1b9c99f3cb4a2521d424384
- SHA1
  
  7a560782421feb72b1e84f162cf0abd0809fda28
- SHA256
  
  4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f
- SHA512
  
  80b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d
- SSDEEP
  
  98304:fH85t/nKfACE3rHQc6cdxaf3JZ4csu+VCnkcayYl:fKhKfTkAzfHnstVCkcayYl
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  25KB
- MD5
  
  40d7eca32b2f4d29db98715dd45bfac5
- SHA1
  
  124df3f617f562e46095776454e1c0c7bb791cc7
- SHA256
  
  85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
- SHA512
  
  5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
- SSDEEP
  
  384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NsisPlugin.dll
- Size
  
  280KB
- MD5
  
  1d0e98e6817a35237509731e1398b47a
- SHA1
  
  2690a72941f1641495a1cf51ebf5399987a74e5c
- SHA256
  
  23abc9395b36419700f31b507f13a189ec2eeb70c7e1a1fe9406c2b9e0728298
- SHA512
  
  5cf919baa11e3cdc3518a351e206a5dc84bb1beaf933194d27fb0a96edbc6b90a58106c45a357e8c7af9de815b4e74cf5e42a22bc91b5fac02bb386a6638d0ce
- SSDEEP
  
  6144:XqvqVlHTqbHKd7kapR1hlfOhykuOP/BtVF:FuHKR78hwOP/DVF
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/gcinst.exe
- Size
  
  1.3MB
- MD5
  
  6ec7094e0756a6698b33e1420fa614d1
- SHA1
  
  717a3065334c0851d908d3a9c03e9fe98f577914
- SHA256
  
  5690d7de821e2d10210b6ae5f9a490934bc77a3005ee72c56eed00fea63bf4ce
- SHA512
  
  785be9a41b37265071eaf5d2fe5a9c5a7c780764eae33ede2d71099d527e1b17068951a758588a57e1b29a2a898196613c5751bc380b94fcf8cb84b8bc90f84c
- SSDEEP
  
  24576:kUZGvjjCcQiydy+2cB3Q3gmsSHXd34cyE7jQ9gHKM8OHdp:xUPCcQjx2cB3Q3zFjQ9aKM8cdp
Score

4^/10

discovery evasion trojan
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  GoogleUpdateSetup.exe
- Size
  
  1.3MB
- MD5
  
  88a857cb7ca6702ab812666b4c88dfe9
- SHA1
  
  6f97409352d52db138f3637bb5d5a6478e7de4d6
- SHA256
  
  027299ea8dfa96e0e59794c59abfd562e2f675e8b8b9a84028da8c58c58d243f
- SHA512
  
  6f3fc98f11286823db68d45709b845f14679fad1f64cdc0f0c3ef029c486fa551e57ca22d60ad902a865fbc0b246751b4d97edeffd1ef04a0ad190e71da2b6c1
- SSDEEP
  
  24576:+xCKHNv19YcQuyfycSQhTQ3WIssBXd3YcmELjQDgHKoaOHdh2Y:vKH1zYcQXPSQhTQ3NRjQDaKoacdh1
Score

4^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  EzExtractProCoreDll.dll
- Size
  
  1.9MB
- MD5
  
  ede6796697abfd295b96322048642a69
- SHA1
  
  d0e7aaa407c4576eee42032bf743e9194a9c21e7
- SHA256
  
  6f9b0b8e8d1efbe25b81b0676a5902ec97aac1bfdc84a1a2d1b58659eb44dc5d
- SHA512
  
  88daf23e91c542c7348aa5c0fd16d382ef2fa95d7d5f91a4d5e39cf5d5b361eeaf4f33fcb43a71b52e4cea20c2b9dcb2b4e909d7ca3e5ab0c6d569f672dd385f
- SSDEEP
  
  24576:8diAakp5QsUmDCKTgo/A1HGFnpzRsFDEDmCjJMcqvbBHwrqRh:8d9p5QXwAxGFpz2EDmeJp8bX
Score

1^/10
behavioral17 behavioral18
- Target
  
  EzExtractProShell.dll
- Size
  
  167KB
- MD5
  
  968e162057c49c860813e465bfd3c2fa
- SHA1
  
  78e5b2e365a3cd7bd3f7fc4dfd9991568ee2ec8d
- SHA256
  
  08ccd848487f570175e3c5b8fa70b04ce30e3afb9f43b4105180e2eb079c85c6
- SHA512
  
  5c41164239607fd32393742943e588d461b8a1d276d9e8142929aa7a22b6f5a82a723b2fff0389ed84677cb9ea9cbf1d793a66d27c367b8f7b9909a242f94eec
- SSDEEP
  
  3072:Bq7Kl734yjiELlcCQyUTaM+iK5BVlnJPO4RD5Hb0CreXKL6XSV:BZB34yjBBjQyUdO3VNN5wLK
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral19 behavioral20
- Target
  
  EzExtractProShell32.dll
- Size
  
  126KB
- MD5
  
  24be51bce468016e106b55b19a2cbc80
- SHA1
  
  c7e18c81ebe523a1fefd845c9f9e09b881fccd11
- SHA256
  
  2d3a1c7e0e6256344648a054bc5526d4804538fef9cc87efab9edb426bf1f4a6
- SHA512
  
  697d736f24b8e28db98885ad248048f43d6bf26237dc0e9651d37810d992fb2482cfd23a26d10164a2a30ad326fbbaca9390730ec498972cc91f673b77756859
- SSDEEP
  
  3072:y/jBvy5HvTzwlKF75GsZMV8/bvQ3MOfJUES6Xm:y/+v/wlCtG+VgRBUEX2
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

discoveryevasiontrojan

behavioral10

discoveryevasiontrojan

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

persistenceprivilege_escalation

behavioral20

persistenceprivilege_escalation

behavioral21

behavioral22