Overview
overview
10Static
static
100297bbb0f0...ee.exe
windows7-x64
30297bbb0f0...ee.exe
windows10-2004-x64
315aeb8380c...71.exe
windows7-x64
1015aeb8380c...71.exe
windows10-2004-x64
101820a0542f...34.dll
windows7-x64
101820a0542f...34.dll
windows10-2004-x64
101df11bc19a...ad.exe
windows7-x64
51df11bc19a...ad.exe
windows10-2004-x64
522934e006b...e7.exe
windows7-x64
322934e006b...e7.exe
windows10-2004-x64
324989d884f...b7.exe
windows7-x64
1024989d884f...b7.exe
windows10-2004-x64
102828fabf39...65.dll
windows7-x64
12828fabf39...65.dll
windows10-2004-x64
132b0fbaf95...08.exe
windows7-x64
1032b0fbaf95...08.exe
windows10-2004-x64
104bf2dace8a...d7.exe
windows7-x64
104bf2dace8a...d7.exe
windows10-2004-x64
1055d03f9954...44.dll
windows7-x64
1055d03f9954...44.dll
windows10-2004-x64
105e58e3818a...cb.exe
windows7-x64
105e58e3818a...cb.exe
windows10-2004-x64
10611cf2be67...47.exe
windows7-x64
10611cf2be67...47.exe
windows10-2004-x64
10654e574fb4...01.exe
windows7-x64
3654e574fb4...01.exe
windows10-2004-x64
36f4ac0da34...a5.exe
windows7-x64
96f4ac0da34...a5.exe
windows10-2004-x64
9$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Resubmissions
04-10-2024 16:44
241004-t8yv3syhpd 1027-09-2024 16:54
240927-vepkzsvbre 1027-09-2024 16:44
240927-t86wpavard 1004-08-2024 18:04
240804-wnq1vawbpg 1003-08-2024 17:26
240803-vzvbzazekn 1003-08-2024 16:14
240803-tpp4tsshqa 1003-08-2024 15:52
240803-tbarzsseqc 1031-07-2024 19:40
240731-ydk3yszdpq 1031-07-2024 10:53
240731-my145atfmf 10General
-
Target
New folder (8).7z
-
Size
17.6MB
-
Sample
241004-t8yv3syhpd
-
MD5
be23bf21f50efe03646c00428769da08
-
SHA1
588f68a1f66ee0c689104d9096415b9070838827
-
SHA256
0e06e9585cc9db33ee999ca4de668ab64ef6e9fa928ae6541b2f1ec68ff09da8
-
SHA512
b3850d8b79c88e5a1ac7d2855f5b03b08c3392629f041474a997f4c9d71e321c24b9a2c5dad79e8fa6a1bb94648a30808dfa37dbb61e1348fd221594beeda8aa
-
SSDEEP
393216:gTZqJOaXIZoQGPISZpx/0iw+lT+6uxC2JxpG25Bbm:gsJd7ISLW+t+6mCOTdm
Behavioral task
behavioral1
Sample
0297bbb0f00b3f591894ebcf042f2c6b0ed52e6662def1a9dbca0f8d20133cee.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
0297bbb0f00b3f591894ebcf042f2c6b0ed52e6662def1a9dbca0f8d20133cee.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
15aeb8380c7b5b50ed1e2ff29c342cfe5c29a26554020001f7f9f1449f996e71.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
15aeb8380c7b5b50ed1e2ff29c342cfe5c29a26554020001f7f9f1449f996e71.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
1820a0542f5950fd92ffa787cf09377a14d0fb42f0fa7419366090a5771a5f34.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
1820a0542f5950fd92ffa787cf09377a14d0fb42f0fa7419366090a5771a5f34.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
22934e006b3f1b8225c51a93ce0acaa1874c4f1dc895fa1664bdf16b0065d2e7.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
22934e006b3f1b8225c51a93ce0acaa1874c4f1dc895fa1664bdf16b0065d2e7.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
24989d884f480964f0cfd5d5ed0cf785b6b97843779051ab12c6c17beabb15b7.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
24989d884f480964f0cfd5d5ed0cf785b6b97843779051ab12c6c17beabb15b7.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
2828fabf3937d88b85183664c9019c4639776ba7c2322f48e4957108ef07ed65.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
2828fabf3937d88b85183664c9019c4639776ba7c2322f48e4957108ef07ed65.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
32b0fbaf95fefcc9b89243be8721625592fc9ed92d76a48cab263898fd3d5c08.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
32b0fbaf95fefcc9b89243be8721625592fc9ed92d76a48cab263898fd3d5c08.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
4bf2dace8a23551a3cd374a14b68cef6185aa18f9148dac8bf77f19f734d3ad7.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
4bf2dace8a23551a3cd374a14b68cef6185aa18f9148dac8bf77f19f734d3ad7.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
55d03f9954e35d8bce3fbd084d909744b3719310bac7c359cda87e7831cc1344.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
55d03f9954e35d8bce3fbd084d909744b3719310bac7c359cda87e7831cc1344.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
5e58e3818a1b7a5c46fab0a1400f7ccd88f088a782bb9c9f229f5e835e57aecb.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
5e58e3818a1b7a5c46fab0a1400f7ccd88f088a782bb9c9f229f5e835e57aecb.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
611cf2be6752c173be1328ea47cc8ea736bc3bda9030da617390b23afa955b47.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
611cf2be6752c173be1328ea47cc8ea736bc3bda9030da617390b23afa955b47.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
654e574fb479af0a9f8d277ed12f2d86681b76b4cfe63d7c9e774f5144be8801.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
654e574fb479af0a9f8d277ed12f2d86681b76b4cfe63d7c9e774f5144be8801.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
6f4ac0da343abb9dd25d7a27c302a6ab29ed9e7c49123b3c8200138abd3eaea5.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
6f4ac0da343abb9dd25d7a27c302a6ab29ed9e7c49123b3c8200138abd3eaea5.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
icedid
2683308570
funnymemos.shop
trythisshop.club
shopoholics.best
buytheone.best
-
auth_var
1
-
url_path
/audio/
Extracted
wellmess
http://178.211.39.6:80
https://141.98.212.55:121
Extracted
danabot
4
192.119.110.73:443
192.236.192.201:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
djvu
http://asvb.top/nddddhsspen6/get.php
http://astdg.top/nddddhsspen6/get.php
-
extension
.ehiz
-
offline_id
94ZMASYQt4QGhpOo8gEwVMGuTvtKzw670thXUlt1
-
payload_url
http://asvb.top/files/penelop/updatewin1.exe
http://asvb.top/files/penelop/updatewin2.exe
http://asvb.top/files/penelop/updatewin.exe
http://asvb.top/files/penelop/3.exe
http://asvb.top/files/penelop/4.exe
http://asvb.top/files/penelop/5.exe
-
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-IMhsjaUZQE Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0299ewgfDd
Extracted
icedid
1677747888
jeliskvosh.com
Extracted
lokibot
http://becharnise.ir/fa11/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Extracted
icedid
1910897067
epicprotovir.download
Targets
-
-
Target
0297bbb0f00b3f591894ebcf042f2c6b0ed52e6662def1a9dbca0f8d20133cee.exe
-
Size
2KB
-
MD5
4a6ac8d48c9793c0c852a6ac93ba2002
-
SHA1
cdc7a9cf8ee36099c823779ac2dd8ffe3a84d723
-
SHA256
0297bbb0f00b3f591894ebcf042f2c6b0ed52e6662def1a9dbca0f8d20133cee
-
SHA512
3aacced9817519ae31ed2bc4cf4063b2eb0a1c9e9addbcb9e08b3431f519ca0a8a6a8962e1039835a48e50cb52cd08d21cad642a66822c288d2b0a88541c361e
Score3/10 -
-
-
Target
15aeb8380c7b5b50ed1e2ff29c342cfe5c29a26554020001f7f9f1449f996e71.exe
-
Size
150KB
-
MD5
022f5345cfab4ef75476ffc7f708fcfe
-
SHA1
81802b0a5f738b7333a60eece96441c1bca19792
-
SHA256
15aeb8380c7b5b50ed1e2ff29c342cfe5c29a26554020001f7f9f1449f996e71
-
SHA512
6595ef6e3e0b65afd0a4f7d5bd5650466a4299df8284180b48ff0e30a537a42616a98c530fa4d39fdbe30eb1cc6c72fd749a98551890a0b488f04fd164b49f53
-
SSDEEP
1536:YyuipsAiJm4cJI7CweL+eX9kEnOCGzJoQL2VwEeYIsUE4KvVf+boJPtgm4qeYwqN:FlpYU6vqXRPE2VyYIsf4K9ffFSqe72
Score10/10-
Suspicious use of SetThreadContext
-
-
-
Target
1820a0542f5950fd92ffa787cf09377a14d0fb42f0fa7419366090a5771a5f34.exe
-
Size
38KB
-
MD5
a4017c06209e16b8f47fcf6e5845aba9
-
SHA1
66d99a1cc92ed316e0d7a2ab6df466c289154ec3
-
SHA256
1820a0542f5950fd92ffa787cf09377a14d0fb42f0fa7419366090a5771a5f34
-
SHA512
52e4df915b3cb6eb60a3f37874b0d8a14646ffadb9aa621cf8ea3fb04b5cbb4250fb9cec3a2ed8722a7eae4b600836b5b7bf72e53e297e464fb844096a9b2f5e
-
SSDEEP
768:tojIJWP0znqX60+KU6nCVUO2gTjZSXulSJ474fLv/zkSf2Vz:NnqXn+YoQ+lu474zo
Score10/10 -
-
-
Target
1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad.exe
-
Size
1.3MB
-
MD5
9344afc63753cd5e2ee0ff9aed43dc56
-
SHA1
ee1fa399ace734c33b77c62b6fb010219580448f
-
SHA256
1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad
-
SHA512
6434c212a85180c1af00f5c5fa081a6a6ab66f5633edb74e130a7b9d754a6a65dc973f5e820f6f57a43956c276dbf3721021d1e9bb53fa79ac51ed8cb23f4090
-
SSDEEP
24576:/U1v3pE+zO9mBt2bdm3EHVXkNA80Jl5IzCxWWDrSBkian7X5:/Qv74bdm3EHEA8UIzm8aj5
Score5/10 -
-
-
Target
22934e006b3f1b8225c51a93ce0acaa1874c4f1dc895fa1664bdf16b0065d2e7.exe
-
Size
2KB
-
MD5
af8ae6c1f2859cc139cd176a6656a855
-
SHA1
161e2d577b418eaa94bf1959a634956b75d7922b
-
SHA256
22934e006b3f1b8225c51a93ce0acaa1874c4f1dc895fa1664bdf16b0065d2e7
-
SHA512
a80672ea1f49ebaeaf5b850377ee346e7953bf6379a79db91b826ba2249a66424b0f1be189351dc86088ff9efd72142a46f6d4bff2c5dc7271a4db22c10bcd1e
Score3/10 -
-
-
Target
24989d884f480964f0cfd5d5ed0cf785b6b97843779051ab12c6c17beabb15b7.exe
-
Size
1.2MB
-
MD5
39ae3110dc8ee4239811f2a1083e675e
-
SHA1
f235ea35b4a408a052ec5bc93310adb77b52ecbc
-
SHA256
24989d884f480964f0cfd5d5ed0cf785b6b97843779051ab12c6c17beabb15b7
-
SHA512
cee1b9804a3a3d4f033d8076f66ffd6021a0b017a7588b96749d319d382056847d26aedc2f1fa5b7140c01697407da3c2873d59c78044376b083bc8f0c8494ee
-
SSDEEP
24576:aG4NAckBXt2Uj3WTNWIcXuDTPyYaOnuhZiOASiN0A:O0shOeDjzagumObiN
-
Danabot Loader Component
-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
2828fabf3937d88b85183664c9019c4639776ba7c2322f48e4957108ef07ed65.exe
-
Size
179KB
-
MD5
69828a3d5c60eb466c3a62f3389f6f87
-
SHA1
7b9526f82448d0a1fb59a8125d1de55e3a166d72
-
SHA256
2828fabf3937d88b85183664c9019c4639776ba7c2322f48e4957108ef07ed65
-
SHA512
ce8818f78b62453fb56fcaf98efa7bc52068f7ddf915e1df6841f33a39aff6bd7c60692af16ea361cdf15b3cc79787e4a39bb6648faffc3eaac10ce886b45d5f
-
SSDEEP
3072:uq3W3hXSPA5aodE8pn6kTDnlBtx6Qg9+Fh3SslsR/dLcEZD6zs:uIuXSPA5aWpn6kTDnjzjFm/1Z+4
Score1/10 -
-
-
Target
32b0fbaf95fefcc9b89243be8721625592fc9ed92d76a48cab263898fd3d5c08.exe
-
Size
844KB
-
MD5
a6f049a056e37a65280ddfe17f689b50
-
SHA1
479e08954d4d58b643ada84da280bd01c71e779a
-
SHA256
32b0fbaf95fefcc9b89243be8721625592fc9ed92d76a48cab263898fd3d5c08
-
SHA512
f7effb9a12c0723ed336117e3399940d4fe9e3682eec18cdf19cf074dab27d2ce8b1c14d30f1e3e26b5883732f8b970477a32ca4c12fe36a8fa3bc452586511b
-
SSDEEP
24576:40bAk9PkFMVNgsbj6d2dXrpcpZBWGyDs1lwBUeF:PEGNgsnHDIZB/yDseB
Score10/10-
Detected Djvu ransomware
-
Renames multiple (171) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
4bf2dace8a23551a3cd374a14b68cef6185aa18f9148dac8bf77f19f734d3ad7.exe
-
Size
787KB
-
MD5
0b862b9c889d4bdc6f0bac7d702d8753
-
SHA1
fdc030df123e6e6a712cbc960a2e7c63266bf040
-
SHA256
4bf2dace8a23551a3cd374a14b68cef6185aa18f9148dac8bf77f19f734d3ad7
-
SHA512
4f7284a625b4909f9a0d80023c1dbfe3ed2de8a14fdf9a5bd3687d7e2fb21e265ee6cca613e4e6c8cab35f806501b155e6ed70a11530eb1cc78dbc38b22d3e8b
-
SSDEEP
24576:reKt4RjnJ+wWEr55fRue+cfxiskJM0BPA:rORdGA55fkcJinM0BI
Score10/10-
Detected Djvu ransomware
-
Renames multiple (160) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
55d03f9954e35d8bce3fbd084d909744b3719310bac7c359cda87e7831cc1344.exe
-
Size
231KB
-
MD5
ee28a178e3aacfa1398ca74a9bc1822e
-
SHA1
193bc249bac79c0a195e736c62de5ec16e5ef38d
-
SHA256
55d03f9954e35d8bce3fbd084d909744b3719310bac7c359cda87e7831cc1344
-
SHA512
3f0dbbbda0cba4a32fe49fd7941d3fa640a8b7aeec56a3f584d519593de68e4acf8036c651cd469e386a32c5465521035dccebb6f3732f7893be552803d48353
-
SSDEEP
3072:ktkuGh43+xNkZ4I0+NFS1I74Y61cyJDz/+6BjbkJuWg349uoZaOG/mf3vfUgrfQj:FMZ4P+NEc4zYgV9QFhP0grf0dd
Score10/10 -
-
-
Target
5e58e3818a1b7a5c46fab0a1400f7ccd88f088a782bb9c9f229f5e835e57aecb.exe
-
Size
865KB
-
MD5
aeccd0447a233ab8f7de5d7df28e9331
-
SHA1
c9dbaac42e30413f8cdb6ef09cf90ca75d0137a7
-
SHA256
5e58e3818a1b7a5c46fab0a1400f7ccd88f088a782bb9c9f229f5e835e57aecb
-
SHA512
44bcb72760eacb7c69b30b2835043f11fa47e3c950afc795286317645d92925cc1c7884bd611b4f0df2b74750949401e377c6d4fe5741926a0f720ddf99ca40e
-
SSDEEP
24576:EejP2Qq5NJf5osyeT2DiqkRD73mOcohh:/jYNp5PTZqkRn3mz
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
611cf2be6752c173be1328ea47cc8ea736bc3bda9030da617390b23afa955b47.exe
-
Size
280KB
-
MD5
284b061036a1e367e41c00235d1b5e6f
-
SHA1
f6277c4d7a39427e7c86a3f9040729d6b17aff65
-
SHA256
611cf2be6752c173be1328ea47cc8ea736bc3bda9030da617390b23afa955b47
-
SHA512
21733f5d5953a07021536928842bce4be637235b7c1578fa0096c53a546614ecbc172f0e500fddf2611acd2dba94b13152fb1eff75efb0666342183c0f6627c6
-
SSDEEP
6144:x6DKNllJ4Uc/gqXKq8+RigIWU+Ydm0UAtXbe9bu:sDKNlAUcBaq8+RnWm0UA9b
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
654e574fb479af0a9f8d277ed12f2d86681b76b4cfe63d7c9e774f5144be8801.exe
-
Size
8KB
-
MD5
096a19cd1460c87f343444a4740327c2
-
SHA1
0f55409dbc70927548c2d351185408f7615ee47c
-
SHA256
654e574fb479af0a9f8d277ed12f2d86681b76b4cfe63d7c9e774f5144be8801
-
SHA512
259552c2bd72062aa531ea9dac59b6411b64d735c01197dbf0e2943cc8a9ddc37eb1e0be9f22118a48bead99f57a237f9bb986f8ceafc67ed463f9c00a6587bf
-
SSDEEP
192:/G6OThBwj6k8TqLUh5wCb3py+g2O9Cung9C:/G9hNxh5Zp1i9Cun
Score3/10 -
-
-
Target
6f4ac0da343abb9dd25d7a27c302a6ab29ed9e7c49123b3c8200138abd3eaea5.exe
-
Size
3.0MB
-
MD5
07ab47ba492cb4ce3b9255ecbfb543f7
-
SHA1
b86f8aeddddd245f0198ad92ff6cee605cbe1d4e
-
SHA256
6f4ac0da343abb9dd25d7a27c302a6ab29ed9e7c49123b3c8200138abd3eaea5
-
SHA512
0f161c751011070eca63baf0d544e35adfb7ae23c7bef6ef21684d93ee81d88fa0a83f5f1cc7be10e5a31c2012711298e599e4264d13f6607c9ce7abc8c5ad3a
-
SSDEEP
49152:fb1ZTEb66GZQJAaYqh3owdV+xYtb/Khu0Ar51hRzEHgR8wfXhxld4sl9O3/TvHv0:5ZQ+6uQhYEom+mtkQ1hRwH2X9i/vFO
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
c7ce0e47c83525983fd2c4c9566b4aad
-
SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e
-
SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
-
SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
4ccc4a742d4423f2f0ed744fd9c81f63
-
SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc
-
SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
-
SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
-
SSDEEP
192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
1Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
5System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Wi-Fi Discovery
1Virtualization/Sandbox Evasion
1