11fe7a13ad470ff3c39423f1ebb5b7abff8cf8a656d2ac97c0183d680d07687c

Sharing

Copy URL

Twitter E-mail

General

Target

563299efce875400a8d9b44b96597c8e-sample1.zip
Size

23.9MB
Sample

241002-mdv3da1bqj
MD5

8625e1f9e8548342a4f9f1641a1ae4eb
SHA1

3b602c272347d14cc91e07bf0dae686d768d7965
SHA256

11fe7a13ad470ff3c39423f1ebb5b7abff8cf8a656d2ac97c0183d680d07687c
SHA512

6c9c07b70e8c53ef10df4cf839ee47a28acdda815dc1a5f337967a4cbe2f9b26b8075ecbc4e5295f755cfddcc2459aef1b21f9f46a7b11a89e554347261fc520
SSDEEP

393216:xUYMp10LmoSzKCcMhttMWlPXxLBzQdDMOf8GInTd7EoOUwY6zcqtXWZ6:mYMsmoexcMhTlBz0f8GOTd7EY6zccWk

Score

7^/10

Malware Config

Targets

- Target
  
  1a4e5ccd35a56d84281a143f831563be
- Size
  
  24.0MB
- MD5
  
  1a4e5ccd35a56d84281a143f831563be
- SHA1
  
  d3748dd01572d9c8e8dfd655186f8c32d97de414
- SHA256
  
  321502845d1c6bae83addd564ff6db1b92e9d5722865795daf9cd66cd3a9d39f
- SHA512
  
  7a79f5d4a440643ab49c68ca038601bb7dc53449e2355f4a1391b92d921ef4778611853ec94aef30b7b89f794ee0c5ee387cde680c6ad1ecff2cc37658aa6c0e
- SSDEEP
  
  393216:rpzfSFU1OYrLM3NRivs3r401VvVRdqjxccJhLctQ7Lq2qMbX7Gs3RIoK1phuVHwQ:N+FU1n3+Rik3r4oVtRdOxcEhUrwXn3Rd
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $1/listicka.exe
- Size
  
  10.7MB
- MD5
  
  b29bfd8ee3a426894b4ca3753e5b62a8
- SHA1
  
  47dca130179d877abc85cd7046a469c3ac74f502
- SHA256
  
  d3d7e6b3f65ba7375d356da4818f8caf09b185e200dd97310abeada793d82077
- SHA512
  
  2ddbf6c4d38029089db20bbf8d942bc852e6e48dda834e492be423ab5556c33bd180b2b4ea2de791d48edc581ed819f36583d3142293ad6fc53ec794ec5a4eb3
- SSDEEP
  
  196608:kdj55vVVlA1+bzOkUHQGuhlL3indHXPhiSpIUi5cOong7YflZP9uKy8Mpg:o5FHW1+zOkT7Kd3P43Uz5gglZPAg
Score

7^/10

discovery persistence spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  7579ade7ae1747a31960a228ce02e666
- SHA1
  
  8ec8571a296737e819dcf86353a43fcf8ec63351
- SHA256
  
  564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
- SHA512
  
  a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  install.bat
- Size
  
  56B
- MD5
  
  4271a7fa5e233e43048de68e2945f523
- SHA1
  
  52f2f7333535f77dfa1834bccd752944b3957685
- SHA256
  
  f2bf2fc9f09d668d79df8fca8ff827f1997afbae7d99a3ac50584b73e336204d
- SHA512
  
  c06a210c19982cbcecfe6606cf7e4b534d18d077e673f548fd3b42ce953b7a33dbc70e9f227584ddd3c609eae51ff6b43fe814e89aba15bb434b3144f7071dd6
Score

1^/10
behavioral11 behavioral12
- Target
  
  msvcp100.dll
- Size
  
  411KB
- MD5
  
  bc83108b18756547013ed443b8cdb31b
- SHA1
  
  79bcaad3714433e01c7f153b05b781f8d7cb318d
- SHA256
  
  b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
- SHA512
  
  6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011
- SSDEEP
  
  12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  uninstall.bat
- Size
  
  42B
- MD5
  
  438645dac0a08e21dafcc6ee75284ec1
- SHA1
  
  8d99ce0f6a450271b1f226b68f698236fea216e5
- SHA256
  
  9b977bfd65f844cd708b3e6649810ee6f2130aeb2674966511581dcabe9d0b87
- SHA512
  
  6b0218d27f71f112561311fb7a116aa570a60c19b4094d51beae2cc8a44ac42aabfdf5d8bd9ea4b1952ee0293425a856a5ef0d68fc4b2bb9ae9ada24f8fc1939
Score

1^/10
behavioral17 behavioral18
- Target
  
  $_13_/sznsetup-lt.exe
- Size
  
  1.2MB
- MD5
  
  9033dbee427815f396f63928c3273862
- SHA1
  
  999a21163538790c49640969648818410ac3ef5c
- SHA256
  
  d73b8aeb672800608ad5df8351cbf38f7b7a6e56781c75827e7d10025ecddc6a
- SHA512
  
  efd48a08883cb19e704ba5b867f41edf25237f7ef55b3e408ca993fadfafc569b1bbfce3f2e1981444887866686835defe06c3a58c19d05792e2a5c53627394e
- SSDEEP
  
  24576:a7sp3PWWBbM5IrRn9LVt9cExxYJvpwLiAaZrcp:Xp3PWWbTVglpwLisp
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $1/setuppicasa39-setup.exe
- Size
  
  13.0MB
- MD5
  
  3df3d3c125d3bb1a5bd55e88f9e48920
- SHA1
  
  72f3e2f18e83d60ec657f03c341a3c1df701c2a9
- SHA256
  
  cc36161b6d8ea29528bed7d5883ad260cfc8d8e32825938c52e93c1a495c355b
- SHA512
  
  a171cb62b35f63749f25196f5f94805f44b1795ba9d0c4e9a26f2511afff82f500f76b913b96f83e777e0a4089a4dcd5d804b1fcd5a655dc094b741198b25bcb
- SSDEEP
  
  393216:1pOtxS2JzVMrK5r8KmON15WytJQmA79/uFJOV:1pgxSezmdq1ztJQl
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/ButtonEvent.dll
- Size
  
  4KB
- MD5
  
  55788069d3fa4e1daf80f3339fa86fe2
- SHA1
  
  d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96
- SHA256
  
  d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f
- SHA512
  
  d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616
- SSDEEP
  
  96:hrA2+5HGZFYJf9D8IjDflDCoMzncsGSmE:hE2+5mMJfJ8v1zFGSm
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  26KB
- MD5
  
  4f25d99bf1375fe5e61b037b2616695d
- SHA1
  
  958fad0e54df0736ddab28ff6cb93e6ed580c862
- SHA256
  
  803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647
- SHA512
  
  96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130
- SSDEEP
  
  384:Hh2aeOfOkR+nMsNNtnQ8+y4nLD/B6D8p/Ykv7HyVOIgMHciS6hM:SOj4MWNxl+yCIDIv+nHI6
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  12KB
- MD5
  
  2029c44871670eec937d1a8c1e9faa21
- SHA1
  
  e8d53b9e8bc475cc274d80d3836b526d8dd2747a
- SHA256
  
  a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2
- SHA512
  
  6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7
- SSDEEP
  
  192:lGqmrBw8Xk21Nu4xfuM5/x9e1oh6YYkvQh+hlfqO1OoAs546QN:gqmr3i4xm+/x9Ooh6YYkvblfVgocTN
Score

3^/10

discovery
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Checks installed software on the system

UPX packed file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28