Overview
overview
7Static
static
70214713ef0...6N.exe
windows7-x64
70214713ef0...6N.exe
windows10-2004-x64
7$APPDATA/R...er.exe
windows7-x64
7$APPDATA/R...er.exe
windows10-2004-x64
7bootstrap.js
windows7-x64
3bootstrap.js
windows10-2004-x64
3resources/...ent.js
windows7-x64
3resources/...ent.js
windows10-2004-x64
3resources/...jax.js
windows7-x64
3resources/...jax.js
windows10-2004-x64
3resources/...ain.js
windows7-x64
3resources/...ain.js
windows10-2004-x64
3resources/...ain.js
windows7-x64
3resources/...ain.js
windows10-2004-x64
3resources/...ain.js
windows7-x64
3resources/...ain.js
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Rapidbrowser.dll
windows7-x64
6Rapidbrowser.dll
windows10-2004-x64
6General
-
Target
0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6N
-
Size
1.3MB
-
Sample
241027-w16basxrdr
-
MD5
84b07b994a0a4d70755a474205c878e0
-
SHA1
086557438738b320c33b60907ba423fdcc160eeb
-
SHA256
0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6
-
SHA512
0fd251edb45303ece2921e8046c2ebf9403a893c9b08158a8308ec00db82494580900faa5c3e6b82eb87290939c9641937c7c99e33543bc266a8c40f045ab14b
-
SSDEEP
24576:/Np+pIL73V/z9ABBEqOpYgzJ/jptDfTFdFHOJ3+WPGwil8rbO2PfnNoJH:BV/zSBEzpYgzBdtDxG+WC8/BfNG
Behavioral task
behavioral1
Sample
0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6N.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$APPDATA/Rapidbrowser/Rapidbrowser-Installer.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$APPDATA/Rapidbrowser/Rapidbrowser-Installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
bootstrap.js
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
bootstrap.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
resources/smootherweb/data/content.js
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
resources/smootherweb/data/content.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
resources/smootherweb/lib/ajax.js
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
resources/smootherweb/lib/ajax.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
resources/smootherweb/lib/main.js
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
resources/smootherweb/lib/main.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
resources/smootherweb/lib/main.js
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
resources/smootherweb/lib/main.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
resources/smootherweb/lib/main.js
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
resources/smootherweb/lib/main.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Rapidbrowser.dll
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6N
-
Size
1.3MB
-
MD5
84b07b994a0a4d70755a474205c878e0
-
SHA1
086557438738b320c33b60907ba423fdcc160eeb
-
SHA256
0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6
-
SHA512
0fd251edb45303ece2921e8046c2ebf9403a893c9b08158a8308ec00db82494580900faa5c3e6b82eb87290939c9641937c7c99e33543bc266a8c40f045ab14b
-
SSDEEP
24576:/Np+pIL73V/z9ABBEqOpYgzJ/jptDfTFdFHOJ3+WPGwil8rbO2PfnNoJH:BV/zSBEzpYgzBdtDxG+WC8/BfNG
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$APPDATA/Rapidbrowser/Rapidbrowser-Installer.exe
-
Size
1.2MB
-
MD5
39af6a5259e51df165f8f665a4ab68cc
-
SHA1
9dad02be8bc3c0f3ca0731959978263752b45bf4
-
SHA256
a22942f082445ca0b894fa46954c7e12a60636b6fc76ba549d547efa80c18018
-
SHA512
bbb2e6efa1b812dda6cf6ecea001f7b83e05f556951beeb26b603036bf167801cd7921aeabc4b66a194128a7d2b9f630939b6178c907b2768402af5f2d22fded
-
SSDEEP
24576:AZd7zVFj9kBPEqO7YOpZ/VptDhTFpDHOP3umPGwA1wrVs+PVTNc:oVFj8PEz7YOpxbtDDQumcwxZV5c
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
bootstrap.js
-
Size
12KB
-
MD5
edeeb3f4b254ccf86a7e0c9f85133384
-
SHA1
4d60f46f9064028297af9ea5d13b77024281cbcb
-
SHA256
747eb3be7184769237cdecbd8d6c03dcc2876cd4ba2a3df69650608ba3b0cc8e
-
SHA512
d0f501e1841425450c05ff3b5beae22d09637f2b5ecad2be6b2019b639961a5d9e9af13804d07307b9588587ee2b6876f7fa5010f05082c510dccc25544ebdea
-
SSDEEP
192:Ac5TD1rwMCPn3bIWYXqoTnjtqFmvYX9pzGfPID4aXvHJaNUyVMhPThd:9hJrwrLYausmgQC5byaPThd
Score3/10 -
-
-
Target
resources/smootherweb/data/content.js
-
Size
3KB
-
MD5
2c7d8a0f57ad60fdf0708e8a4cdbdc1e
-
SHA1
5d2d540f6bf641cdb2928e05c56e28b35ea0be30
-
SHA256
2bda833af2d01da7091ab3693916d6d2367d81750560b8e84e680811f25c2bfe
-
SHA512
af2ad720e9894f6b52cca67f24d2b57cab804ff85a14c500911bbb41cf15a0e612a5c36e93acdf523de4decc0243bb6b325ff0c19be21b80752ed98f36cde0fa
Score3/10 -
-
-
Target
resources/smootherweb/lib/ajax.js
-
Size
1KB
-
MD5
228edff56bdc5f553bf40a200a48c362
-
SHA1
f974ec6411ff18c78d2f26f73ad716357f824911
-
SHA256
dc247f9abdbc8b2fa631e5ddf071153d405784873c4e269a03622140f6e2a5d0
-
SHA512
5fd52665bfd98d7f994bf88fc79074528d1b1610304ac182c6bd6cd892600be15e9b5fdda81fd0654675b7f89ea09332377712df12ab2e6f868f5f5519a592c4
Score3/10 -
-
-
Target
resources/smootherweb/lib/main.js
-
Size
23KB
-
MD5
cca2bee4ac45386ef9851251cad58b00
-
SHA1
92be96d4a979ffec71ab13ac337560553c02334f
-
SHA256
2629e4922021c9de86ce5ac5253c4914e17c487baaa52b67a776aa79e2fa95e4
-
SHA512
d5cefa1b1a49a29aaa3f7404263dbf80bc45843664bde8941ab24d0b9f9f6bdf1fec302722e3316b16f111e6abbffd14c511527c4e14b92a71afb1b1f89cbc01
-
SSDEEP
384:2uqeo+CZCRcrcKscjCtLM9lut5H6gdl62Weut5Hjgzl6cPMqD+Gf2G/2Ec5MJqid:OsftLMqt9ldl626t9Ezl6uMSc5VFno5
Score3/10 -
-
-
Target
resources/smootherweb/lib/main.js-backup
-
Size
22KB
-
MD5
5f77a154599b4de40619a90c41d5f67b
-
SHA1
b24c0bf8c6f0ec5ac909cf7c7cd4ce1248a1f777
-
SHA256
8b05dd23cfcf522e535972389b63ad23dc9c636ed4be1daee68cbbbabc2525c7
-
SHA512
747ab22b3308954b6329c0193dede188a64ec874b2eae0f90635498f00d8d7d54567ea49d4837cdd90edc7dd9df707b1f05cdbc72426f383f8d5adf535f28fef
-
SSDEEP
384:8mXasaHwVQVp/z12sh2s7nlnR2ZQmzdZwiec/8ZgXSn1zdZwieF/jZgXo3nyax4W:SjREZnulK8yXSLulFjyXmniq6T2h
Score3/10 -
-
-
Target
resources/smootherweb/lib/main.js-backup last
-
Size
22KB
-
MD5
90041b6c83b10c2d98f815d3bf41afaa
-
SHA1
972191d86a84de508f38298cf2f54b038f9290cc
-
SHA256
f4153bcfb6a60930d6477df3fa171a5da40f72ee5b1acd9cab3b9971105e9c42
-
SHA512
99bfe906b51135fe19170ff573ff9eedb5dda0fcf36872c885da040f728eadcb633c5eef4510ffe63486c704d22adc712caa28b3e8d830ad982886bbc91a6a13
-
SSDEEP
384:C/ceo+CZCRcrcKscjCtLM9lut5H6gdl62Weut5Hjgzl6KP4qD+Gf2G/2Ec5mJOid:dsftLMqt9ldl626t9Ezl6A4Sc5BFno5
Score3/10 -
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
3KB
-
MD5
8614c450637267afacad1645e23ba24a
-
SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
-
SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
-
SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
cf85183b87314359488b850f9e97a698
-
SHA1
6b6c790037eec7ebea4d05590359cb4473f19aea
-
SHA256
3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac
-
SHA512
fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b
-
SSDEEP
96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug
Score3/10 -
-
-
Target
$PLUGINSDIR/ZipDLL.dll
-
Size
163KB
-
MD5
2dc35ddcabcb2b24919b9afae4ec3091
-
SHA1
9eeed33c3abc656353a7ebd1c66af38cccadd939
-
SHA256
6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1
-
SHA512
0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901
-
SSDEEP
3072:8CkSJJ30k1pn2T4ISnUGN+E8KnCOxA17jxLmRtWHyPDQFllOdJiSg:tkSJy+c30UxbKnA1hLKWSVdk
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
20KB
-
MD5
c498ae64b4971132bba676873978de1e
-
SHA1
92e4009cd776b6c8616d8bffade7668ef3cb3c27
-
SHA256
5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8
-
SHA512
8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7
-
SSDEEP
384:EVJOXQZkjhm+Np3aWgzxljzbbEUhU7ya4LtU0Ac9khYLMkIX0+GBty3S:EeXQcm+NpqWgzxljzfEUhUua4LtG
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
72ef340bc58f53d1a196581dcfb80f55
-
SHA1
f4167ebd1adbb34e7b45a0d013885575c1bdf4fd
-
SHA256
4f69550bba4583ae5f4df10d3b2980b3d164eac21d45dba3496f9ed98a675f7c
-
SHA512
87919a3768a143dd80fb73c879342cc3ebf8935983af5bb499701559216048f5a0835a0f34c3f0e54f827ff1265b8bd2e369398b901c89303f92ffe6e8cc8d7e
-
SSDEEP
96:3jp41CMj95rKhkfL5RkEdKkcxM2DjDf3GE/E9v5E9av+Yx4FndY7ndS27gA:3jujesS4HRE/K5MYxcdqn420
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
b2639b996a3d69541c78642772283e9f
-
SHA1
e8a0c678708b8b625234a3ac502e37940ad2992f
-
SHA256
79aa4f0daf303b02bfcf0306e690378e050003e42c7c9d3e1bd5ad62fb2f3a21
-
SHA512
fabd2f9dd6ff8887cde99c9ccb7c755722daed0e6d7d332e1811b7a4a0f10daaad3ab750fb90838fdcc8049bda49f0cb84283e007c48e54b117b4de41c321815
-
SSDEEP
96:57GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN838:Vygp3FcHi0xhYMR8dMqJVgN
Score3/10 -
-
-
Target
Rapidbrowser.dll
-
Size
628KB
-
MD5
9cf9260438f7b3c4ba75c44df756dbb8
-
SHA1
057dacfa804729532059cf86a85eb96e168d53e5
-
SHA256
7b47343d11a3e4fecef3d1f7a29ec6ac2b47372d73a2083663269eba185334ca
-
SHA512
38d0ec13247506d89fa9f5e693f057122e49cd2ef268e688a7849055ff0be5d1d0ac459127f6a66024d67260d08d132970ca7b5aef0c92a0e8c6639706863393
-
SSDEEP
12288:h7rt1PH38HzmKuWPHJnam5G4iYYUvLGHTwjKFEkjj/r/qv:h3HPH3uzRNHJN5XiYBwEuTC
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1