32e3e1317dc52326e96f580ca918a7d410b980608ebb05f39429c721cb72df97 | Triage

Sharing

General

Target

airshipper-installer.exe
Size

28.5MB
Sample

241013-y7sd5a1ejj
MD5

5c1114e5ce4cd1b0fa423f824257a6cc
SHA1

d70155d2969680af26d5ca9e5dd549f0dc4f61e7
SHA256

32e3e1317dc52326e96f580ca918a7d410b980608ebb05f39429c721cb72df97
SHA512

01eff15c8a06d7242082efdd4516d25502ea5929f473c72b5b87582d1a4b725c6aad8ce960b6ab663bb1729f82cff8cd2a2b6d6bcd891c40f1915c81cd400009
SSDEEP

786432:6n50EQxw2zVTvPQCVn9XtzzGDcaZcKh/K+mMJBF:lECF1hhznucKxOM9

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  airshipper-installer.exe
- Size
  
  28.5MB
- MD5
  
  5c1114e5ce4cd1b0fa423f824257a6cc
- SHA1
  
  d70155d2969680af26d5ca9e5dd549f0dc4f61e7
- SHA256
  
  32e3e1317dc52326e96f580ca918a7d410b980608ebb05f39429c721cb72df97
- SHA512
  
  01eff15c8a06d7242082efdd4516d25502ea5929f473c72b5b87582d1a4b725c6aad8ce960b6ab663bb1729f82cff8cd2a2b6d6bcd891c40f1915c81cd400009
- SSDEEP
  
  786432:6n50EQxw2zVTvPQCVn9XtzzGDcaZcKh/K+mMJBF:lECF1hhznucKxOM9
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/EnVar.dll
- Size
  
  10KB
- MD5
  
  4ee6c0578960bcb5dad78947e0cbffe9
- SHA1
  
  dd90488ffde0b0df76e0a5e8dca8192c77619d8b
- SHA256
  
  eb182d049ba19f697628e20228af329780aaf62c3585a1e36b9fb988911fe697
- SHA512
  
  0592166761c32aa804a26fb90191f636173b6e5144e4c10b100841fcb4d05cc30d8ffc3716e823d02dd3bcc73cfb9106639cf8ae2aeeba409213f2f40df5932c
- SSDEEP
  
  192:hjD5Bzu8mRd7ylc01dOF6Nr4mNiFHFEH3HGH8t+zaY6GVIb6:V9BXI4cqxCa+WFAzUeC6
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  12KB
- MD5
  
  d5d2c8404b5f616c2a39cf023c0f63f0
- SHA1
  
  4f591c857724898429e215c25005ff38c7837776
- SHA256
  
  e8832ca91b2f909a34fb2d41d9c3c7928c055057c79277eaf5fb0725bcbddaac
- SHA512
  
  de54487f75212be426d12c342b2a5657d08379f2746549b54d3832e8f9ad0bab63b4c8dc91596fc39f313938afc9c1e5b0f0bb735d08c29cb1f41667f99603eb
- SSDEEP
  
  192:8DSmSTusK05zGwXwhJdlX3unYkvQhT38Fb98QJ/a:aqr5zG2wTdhunYkvA38Fb/J/
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  29KB
- MD5
  
  26c8a92678f1b970ac2a700bb844c309
- SHA1
  
  c821a5980c31b0b35f1505cde836d6769f45e3a3
- SHA256
  
  2a7b5d1cab96a5280b0694d0ed54510129626a1ba36a51bd34d546972b7d18b8
- SHA512
  
  fba6e371853fd6c27097eb7cce7ffc59d71e4f0a9b5e55de06472d094b70c44a409bd82f39d9a27a814e826ab8468c59e947401a3c3ead1f057cbac236588860
- SSDEEP
  
  384:icchls/EvE2XYBVtQQA+S4n+7g6ZxlU7RfYkvIZMIwwH3Y9pyWediASIo:dmHckOVih+S/Fxq7v4H3YCoASIo
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  14KB
- MD5
  
  8f45e78d9d02ca8a9f9c274a8bfe2a57
- SHA1
  
  9b3838e1d2d4fbc1c84e1252747e96aa1b223d83
- SHA256
  
  78f9594721361fd3415b8c5194f9c9b87c580d6a70ddb95f2c4743c61ce68ebe
- SHA512
  
  125f1bcf833e0c233ebee552c164d9726769f06e5163467888abea08048fdae60a94b903ef97ba82ca9cf684f3c027d9605d54e9efe794df3e452f9b20e4ca96
- SSDEEP
  
  384:jqWL5JCYXh2OPxv9OIR6oYkvLl5gS+BX9jN:jqXG2cLR9vPgFNjN
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  airshipper.exe
- Size
  
  55.5MB
- MD5
  
  c76048163c015cb417ebce7346bb4401
- SHA1
  
  fa8c6b203445a4c9c0408f93901d826dda9c6e66
- SHA256
  
  6f64e6d21ca1d543ed159176c2c3c97dce97b416007c6c0fb9b6fead5abe52dd
- SHA512
  
  cb2d0ffc6f7fa0989e84d2a0e50518486de9525467db3672c3be11b3f3cb57414fe86534f1c4318fc710d566c8ac3deee2e576122858ad1e88efc89ad9b4f9d7
- SSDEEP
  
  196608:B3hPvmeP91eajLd9SyWjyhQIDUXtQh3HkI4kSvfr+Xjn6PdZYPbEO3pSqv4TJi2I:nPNrT2yae4tQhXkI+nrKa4EKpSqv4TJy
Score

8^/10

discovery
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral11 behavioral12
- Target
  
  client/target/x86_64-pc-windows-gnu/release/airshipper.exe
- Size
  
  55.6MB
- MD5
  
  9ee1e942909a0ea8aebf463c846f6aa9
- SHA1
  
  3dfad185c16521754ad4f181b116a797ebe38194
- SHA256
  
  941ab5b94c0143c4c1d8b4c321a71ba10d99bd6583073c837cce7e9d66536fa1
- SHA512
  
  ee5024658202c0230bba58146e78e8eadd402225c4ac25eba815e6415419624361b5d43eb5ba3ef2bd48aba78840b13e46718e6eb829d4234f9d16863f5f9694
- SSDEEP
  
  393216:upmsXyae4tQhXkI+nrKajy/WOzgcAJdOmQ4x7PYptx:upmso4giOa2WOzgcAJdOmQ4x7PYptx
Score

1^/10
behavioral13 behavioral14
- Target
  
  uninstall.exe
- Size
  
  260KB
- MD5
  
  d6feb8f9e19612840129c8d38a839ecc
- SHA1
  
  afaaf47901ba7c6582df2b301c805856bdaf0061
- SHA256
  
  424e219a73f0d9c0a9133e86ef72e47b7e02f96a581bbd607ee75e5123621f1c
- SHA512
  
  058174c9fd1ebe8dbb17d114cfe52e772f6e2dead835cc02ff67028b7015ec78ff9d11226514f65f9907fad42792a009b2ea0f13f326a165505ccc49de16b909
- SSDEEP
  
  6144:KJ9ECqBWtxiRuQOpNPB3kiIstMCwjaEfC2xP3YJsAwu7Gw:KvsRwP3QjaA3JAPGw
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/EnVar.dll
- Size
  
  10KB
- MD5
  
  4ee6c0578960bcb5dad78947e0cbffe9
- SHA1
  
  dd90488ffde0b0df76e0a5e8dca8192c77619d8b
- SHA256
  
  eb182d049ba19f697628e20228af329780aaf62c3585a1e36b9fb988911fe697
- SHA512
  
  0592166761c32aa804a26fb90191f636173b6e5144e4c10b100841fcb4d05cc30d8ffc3716e823d02dd3bcc73cfb9106639cf8ae2aeeba409213f2f40df5932c
- SSDEEP
  
  192:hjD5Bzu8mRd7ylc01dOF6Nr4mNiFHFEH3HGH8t+zaY6GVIb6:V9BXI4cqxCa+WFAzUeC6
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  29KB
- MD5
  
  26c8a92678f1b970ac2a700bb844c309
- SHA1
  
  c821a5980c31b0b35f1505cde836d6769f45e3a3
- SHA256
  
  2a7b5d1cab96a5280b0694d0ed54510129626a1ba36a51bd34d546972b7d18b8
- SHA512
  
  fba6e371853fd6c27097eb7cce7ffc59d71e4f0a9b5e55de06472d094b70c44a409bd82f39d9a27a814e826ab8468c59e947401a3c3ead1f057cbac236588860
- SSDEEP
  
  384:icchls/EvE2XYBVtQQA+S4n+7g6ZxlU7RfYkvIZMIwwH3Y9pyWediASIo:dmHckOVih+S/Fxq7v4H3YCoASIo
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  14KB
- MD5
  
  8f45e78d9d02ca8a9f9c274a8bfe2a57
- SHA1
  
  9b3838e1d2d4fbc1c84e1252747e96aa1b223d83
- SHA256
  
  78f9594721361fd3415b8c5194f9c9b87c580d6a70ddb95f2c4743c61ce68ebe
- SHA512
  
  125f1bcf833e0c233ebee552c164d9726769f06e5163467888abea08048fdae60a94b903ef97ba82ca9cf684f3c027d9605d54e9efe794df3e452f9b20e4ca96
- SSDEEP
  
  384:jqWL5JCYXh2OPxv9OIR6oYkvLl5gS+BX9jN:jqXG2cLR9vPgFNjN
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22