330471973044d1ff265456fb532dc2c391780848277ba445648ee7e49829b469

Sharing

Copy URL

Twitter E-mail

General

Target

win-Miru-5.5.6-installer.exe
Size

78.6MB
Sample

241013-1x6vwavgjn
MD5

9de769d9d389754fa8a787ba3266437d
SHA1

d77dbb09f9474eb6ee831526237a07a2135981f3
SHA256

330471973044d1ff265456fb532dc2c391780848277ba445648ee7e49829b469
SHA512

097f370a4ab278446581302b8eaa897a568ff1c5f00bbc846e62d329c9392a71710f85894a244fae7786fad01153647d3bfb88cb128591ac929a8ca666071dd0
SSDEEP

1572864:hmm2um4VoC0gzasAnmMrJ7k84K5W9Nta40DBFTthaA9nEREF0G2BoM/+9Q:8mTm4QeasQ7m895W9NtdErR9pSdzBRKQ

Score

7^/10

discovery linux

Malware Config

Targets

- Target
  
  win-Miru-5.5.6-installer.exe
- Size
  
  78.6MB
- MD5
  
  9de769d9d389754fa8a787ba3266437d
- SHA1
  
  d77dbb09f9474eb6ee831526237a07a2135981f3
- SHA256
  
  330471973044d1ff265456fb532dc2c391780848277ba445648ee7e49829b469
- SHA512
  
  097f370a4ab278446581302b8eaa897a568ff1c5f00bbc846e62d329c9392a71710f85894a244fae7786fad01153647d3bfb88cb128591ac929a8ca666071dd0
- SSDEEP
  
  1572864:hmm2um4VoC0gzasAnmMrJ7k84K5W9Nta40DBFTthaA9nEREF0G2BoM/+9Q:8mTm4QeasQ7m895W9NtdErR9pSdzBRKQ
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  8.8MB
- MD5
  
  e47a5caeb2e2f18529ef744c68a0dbf6
- SHA1
  
  a02f9812e4099d6bde267c0f4e44dcf5dcebe0c0
- SHA256
  
  4cc5a28e965505a60dd7151bbdd0b5303cfdf1a3a359e58eb28a5b4d3a653203
- SHA512
  
  abd12f7413211c091801a8486b46f1aa5e70e578cbe44868f4afbfed3de4411896c77c4d2bab1acd9064ee6920b89366e0bf975a618f19e3bd18fd1e5c5dd2de
- SSDEEP
  
  24576:2ZBmO2u6Y+69V25x20RVzFmKgmfw6k6o6Z6t6y5Kr7VjsysAw:2ZciOYAMolIyY
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Miru.exe
- Size
  
  168.2MB
- MD5
  
  d51b2741d2e4351e903b5510ce24a912
- SHA1
  
  0a09f5655735ef79c7f3643f5dc0016850518848
- SHA256
  
  3e7da2889c5c58087529d554c684c1c17ac9a5eef96a7282810fc0d6f373b26f
- SHA512
  
  c14f8bec540932557d107fa2a1720b9d705a810a96f9f1dadf516f3e15d1a4970a4cbfbfa39dc05811e7f262a5141006bf5d18b1aaa830875875507ee0012e52
- SSDEEP
  
  1572864:Y8svaptXyWNhKd4XsQe9JMunF6p7kxNlvsP4DVuG0ZPW7PuGFuz5wrPKZfTzv:gYe9sFDhZfP
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7349236212b0e5cec2978f2cfa49a1a
- SHA1
  
  5abb08949162fd1985b89ffad40aaf5fc769017e
- SHA256
  
  a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
- SHA512
  
  c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
- SSDEEP
  
  49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L
Score

1^/10
behavioral15
- Target
  
  ffmpeg.dll
- Size
  
  3.7MB
- MD5
  
  0bc3d1e33931bf75128271b73008c14e
- SHA1
  
  d93d61d5a9ccea992802292dc3dc7c1076ca4abf
- SHA256
  
  b2d14f34c4d881d964a3c6458921264ca09dfb7213eab03e0dbce991c8fd6d4b
- SHA512
  
  1a9ca2b6fe0dacb69fe5dd575677a8d16f943d55a6c8f845b0b8fa62e62d2580c352b4c59dbc1e4aac6c05e84e5dea005f4be0955f0309b56a0fa0f5c23bfde7
- SSDEEP
  
  49152:AMr0CUZyVo+qAFySZH+h/NfmXh7UBdWiZW4ZcyMWa6uSBfen6yf/vdLPvBG0kbPg:AlMiNfmXhriZWccOa6uq6LPv9Ag
Score

1^/10
behavioral16 behavioral17
- Target
  
  libEGL.dll
- Size
  
  471KB
- MD5
  
  f32de7f8bdea8d8b4081131812ec7ba4
- SHA1
  
  8a492e0d4aea604c2e4800ff94f5e1970465722d
- SHA256
  
  84e4212ac785fa7fdecc4ace68cdbc4d0a555f53a554dd6169b45841a1d32894
- SHA512
  
  99ee7f2e020ffd3bf738dc1db5cee708324d2dc1fe343586fc64171804ac946ddb9061361939778bbe3e6a705a338156527c2e72a3a9394051e61e0f00f8c2e9
- SSDEEP
  
  6144:CsYYC6uzNYdf1C5NdsZeomYVvjd3em2OKhqN5C:26uzN6f1C5bemOjd3em2OKhw
Score

1^/10
behavioral18 behavioral19
- Target
  
  libGLESv2.dll
- Size
  
  7.3MB
- MD5
  
  2a1cf1e4a51a1fc6804061d3f4470900
- SHA1
  
  f1cd8a5f3f19f08a234601bc370d13b7478f330f
- SHA256
  
  120e0bef002e1bda7b2f7a819a2b9662737faa5e22aee54843d6bf5f93ce023d
- SHA512
  
  d00c1a2fd6e0a6accd002650309f43e0f3f9f2e93626cfba4f5c584d14b3ce36ce66e0bf9c26c383eb321834f0a7cef45d638633bd3fbac217a0a95d5c8e985b
- SSDEEP
  
  98304:TpWu6jX1dFKw4bru/FH1KiaQSGJblanDfXm3e0mI:Tu5dGbr4NlajCe0m
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/@paymoapp/electron-shutdown-handler/build/Release/PaymoWinShutdownHandler.node
- Size
  
  114KB
- MD5
  
  5d72165813c41cd6efeeb13cce2cdfea
- SHA1
  
  52e0a1c3e23e10b5f1459334d5199c17f189d52d
- SHA256
  
  96eb99a5215e8fda16f43fed31974629ea81796e6f48991f159d8b947de1cce7
- SHA512
  
  6d7d9f88ad026f63cabf77bbd5151d36f09f5387d8c2ffd8c379c9bfb9dc56435cd61ca077c66f8cf34a3f71db5deab1ab12af14f6c3a3577147687747d5d64d
- SSDEEP
  
  1536:8M0D1vjUbiPu4W+SGcWBlCSapkFcyWJBsWSDd09dlTsTJuPhM:8tD1vjmmu+PjlCzpdyWGMhsT8Ph
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/app.asar.unpacked/node_modules/utp-native/prebuilds/linux-x64/node.napi.node
- Size
  
  91KB
- MD5
  
  c89f0c228bdc07288a121634c9a2e4ed
- SHA1
  
  3baaafffc32cab00d42ac7a48a0f9d748d42c5c6
- SHA256
  
  05d19b60cc21fc2cc746455495accead40c25a5203b6b345335d1febd408d1d0
- SHA512
  
  dcc380d585f2d5b1e28541f3dcf4bf291c43581e0730ee34fb77bb3708679f2a986d1366951a02bf0434a24c1e3d1d38ad1b69adfd5d850d35eb91e8cb1d2913
- SSDEEP
  
  1536:J3uQGLu+13QW1r47JmWRZKD6Da+8ZSQDtVcj5SbdKR/MQzIMFbFSaRNxwZXPrbM:9uhQcxDgj5SZK9VVRNwbM
Score

1^/10
behavioral24
- Target
  
  resources/app.asar.unpacked/node_modules/utp-native/prebuilds/win32-ia32/node.napi.node
- Size
  
  506KB
- MD5
  
  2b2d3630eeefaa6248938c10cb67f9b8
- SHA1
  
  4cfc84caab965f060252d6090af52f1c0eeb6a5f
- SHA256
  
  ffce9bc906cf091d101b5ece0ed455f694a0a093a4e10e16390eb2bbcb8961fb
- SHA512
  
  7daf11d876574251d7457f15b20fd55e2c07256db86c0ec406f21e725d90ff43bfb88e43f2018272ed537945fd8f8d84cbb066b20f683318258dc924d04b895a
- SSDEEP
  
  12288:irlwBIrRmHBRgN0jYlNVEjJWZBS8Muj0ad:2EQVE2pd
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  resources/app.asar.unpacked/node_modules/utp-native/prebuilds/win32-x64/node.napi.node
- Size
  
  644KB
- MD5
  
  45b14230ff6a1fa0229c1a494c8f2a05
- SHA1
  
  a760ff8a2b04d5fe0f96d3f845129ae7c499be8e
- SHA256
  
  172bcb54e696157570d17cda2420df3da7c02c350f814ca0e0a1717394c8a778
- SHA512
  
  8d88bd549063246d2a92bd8bc09fb04db7810c5181bc2e030ffc6aa4b91564402f7b2465be1d7cdbee3dd8e6c72730aa804b2ae389cfb796f687b41343d10d9b
- SSDEEP
  
  6144:FCSghE67b3thphwLZkNqPKCzzTZiuWrz:cSghE6vPEZigM
Score

1^/10
behavioral27 behavioral28
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  vk_swiftshader.dll
- Size
  
  5.1MB
- MD5
  
  ba2e5a9f2b27db53b2a15f23e7cd395e
- SHA1
  
  82e8e4a33d870bb4c827be6fb0610ebe4ddc873e
- SHA256
  
  586c874bf576afb040f0d7a328ba2abe46c316796886d169a1209c2d9c64814a
- SHA512
  
  11b50748011d84b729faa65ffa0300cdcff941cdc02f42a67ff0d7e76538ded0737a487889b41bb01f17c35089ab9c676f1e058d1fbf397f9b0d94416532c6a3
- SSDEEP
  
  49152:AvZUUMjsl9QO9T9EO0fwMvPK3EY1XT9L45vTU7c38q5s68gXt8ZObehFkvPt72P4:8ZU52TkZPDhnSSc
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32