General
-
Target
7z2401-x64.msix
-
Size
9.9MB
-
Sample
241031-aal9vavblp
-
MD5
dfaace3296fabb7f9652fb36756a4b51
-
SHA1
65e87e3efdc905c49198ddb97110f54d0a306a8f
-
SHA256
84f2d273623efb6cdd126a89c1f9567e8977d21ffe684758dd722a27d2d53aa9
-
SHA512
3edd42734a8141e9d7fe27d9cc87f84411cf501b496f4cd83217355e636604936df2c7114463366ce8a316421d0ba43d19d080344b7c5c51d640ab76c1a6050b
-
SSDEEP
196608:CLFqy0ANIjC3Lh9KvhE/tjTMLoWMsJQwfwr2NV9lDegE5PTtvNBZXcnCncN:CL/TjLuvhCjTIJhfwr2NnVrWlIH
Malware Config
Targets
-
-
Target
7z2401-x64.msix
-
Size
9.9MB
-
MD5
dfaace3296fabb7f9652fb36756a4b51
-
SHA1
65e87e3efdc905c49198ddb97110f54d0a306a8f
-
SHA256
84f2d273623efb6cdd126a89c1f9567e8977d21ffe684758dd722a27d2d53aa9
-
SHA512
3edd42734a8141e9d7fe27d9cc87f84411cf501b496f4cd83217355e636604936df2c7114463366ce8a316421d0ba43d19d080344b7c5c51d640ab76c1a6050b
-
SSDEEP
196608:CLFqy0ANIjC3Lh9KvhE/tjTMLoWMsJQwfwr2NV9lDegE5PTtvNBZXcnCncN:CL/TjLuvhCjTIJhfwr2NnVrWlIH
Score1/10 -
-
-
Target
ChromeSetup.exe
-
Size
1.3MB
-
MD5
7f2273135df8865fa28d7d358a2693e0
-
SHA1
a2e1257fba939b4273ea57ed2359671eab9dfc3f
-
SHA256
edb4e47cc754fe16fff2d3882651ea87717cdd64bdadcba93d30852be09ab4f1
-
SHA512
e6068297bef7505cc87418af0abe8cea58145d43745c9023c539362133f616ff17bae702b9af89e8236fcbe58b1b78a3d1e45fc5105dfb47fb594cee4a8fa5c0
-
SSDEEP
24576:PJvKzcVkyEq9DRho1jFP8ltPP01Ws7+wFPEl9ix4fpUzoQDt+egElxdqFWVCGC:FKzcCyEq9DRho/ctH01Ws74rA4RUBDHo
Score6/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
PsfLauncher32.exe
-
Size
302KB
-
MD5
e005414b82df848717581bd260725b02
-
SHA1
6ad75f8152617858d463f36cf4b2ce432e0ad4df
-
SHA256
312bd304860f9865ed4073f5baffde8df9907a1ebfedd2d1d637ab48db3ca004
-
SHA512
be3d06d2049551e2d5acc3232c6d520236747d53dc49e388c6e616d1f7e1f6f7b6338a4e743773f5461589f2325a8a722af023009cc709f076f51e418382b562
-
SSDEEP
6144:Z85jcjnYXSFt8NUBtirDpOzF2akGcoRJKCNWcWAOEOrCng:Z85jedFtOdEF2asjnzrag
Score3/10 -
-
-
Target
PsfLauncher64.exe
-
Size
370KB
-
MD5
bfcb4275530e99a5e3fca4614a645fb5
-
SHA1
622421f44db52d39947e8229f7fa44a98339957f
-
SHA256
338fc84d0b309a726bae061ae7ef727884fd43a71aff70900dbce27de07791ea
-
SHA512
21cab7c56f53305038fa5603720853a38aeddf0dde2e02c9f1d0e83d6dbf9983f755b11a00d487bb8356b0ab69cf9e953a9786cd89e2180b7d428e038271c41b
-
SSDEEP
6144:thxzPfoMtkmiZqfrnZSG85YhDFohEUMaWT4I+wKn:tnzPLtbWqDUsNFoOaGKn
Score1/10 -
-
-
Target
PsfRunDll32.exe
-
Size
92KB
-
MD5
96376177175a1b23a95c6498e9ffb2b5
-
SHA1
f9d41e74bf714ed8ba60eac4f99060a5d5f92b26
-
SHA256
324f1db0dbe4a6577425d0c3dd72d4681e5000cca9d17cc62a2af0fcce12eca2
-
SHA512
f792432ac0c675548849ea238934ea84eadc44cd94eb9e2e7859267e20ea18a52a9d562602d96f61c5080e0fa94caa4ef6a41e49bafb670b7dd29e35490b48df
-
SSDEEP
1536:IU5eCS6ZrIb3BIh7iCH+E+MteSQ40X/qchNXQDGdl0S6gsWRUchcdesCkwcmSZ0l:/eCh23BIhWCMSQ40XCMNl0F6kesCkwcu
Score3/10 -
-
-
Target
PsfRunDll64.exe
-
Size
115KB
-
MD5
8466f69926a22670dcf6515a4fc3c054
-
SHA1
fd7a2d377cce9545fff272905af7016bd512aefc
-
SHA256
b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4
-
SHA512
5be11238923613169a2627b01db76a09b83e8215dd1872f8e96d8f646171bd9e365fa653da221671fd46258f661794b846ed09aa4369b5d55b3ac27f0b96b0e7
-
SSDEEP
3072:poN2YAE6yqki92M43MBaxRjn+ryYA/M5sfhew:pgAE6yq0MBBijDM5sfd
Score1/10 -
-
-
Target
PsfRuntime32.dll
-
Size
368KB
-
MD5
a9f0eeb621dd5883258113cc4b490929
-
SHA1
3c84cdde573eb0f94865f749d9095940cdef409e
-
SHA256
11d6916d6066e481f5d19bb503f654dcf9cac80aef818c2b52a2a1f0ca2efd5a
-
SHA512
336709007cb4723227f47ff153c99630209995315c8ecbbbe1ca24a48a133ed74ad6e557a123886dbb9a2022c752c67ef7c26524e6a59e8f0e125753a264c2fd
-
SSDEEP
6144:gkIVNQKH9HisvT9/taRJ9AONndrKV1UaMCk7KxAOOCyXjmw:gkIVDvT9/t6nAuEMjOxICQjmw
Score3/10 -
-
-
Target
PsfRuntime64.dll
-
Size
467KB
-
MD5
61863b4c1aeefe10d69f54c03d373fd5
-
SHA1
4b448f7b4358945b3e9d744d97d6b7c860e5c5b8
-
SHA256
495b13461b13c3ce1c766d9899b860add4dfcd9e6b2dc5815389aed6e26cda0e
-
SHA512
f97b69a5567e477ca67ad7f41933b00a57f74bb4f69c01161c17735b8bb35590cf06aff0fafe8308104e9385a0eb808d8735be9a744c8d2d100c9a9ea5f842a8
-
SSDEEP
12288:ybYu1g7I2hxD54yFTuWwp6wYcoDvbAfE63U4:qg7I2hZDFTuW/wx+kHU4
Score1/10 -
-
-
Target
StartingScriptWrapper.ps1
-
Size
14KB
-
MD5
da5bf3010154020db9db4cf8832b42ea
-
SHA1
15ba3dc3bbcb16a26839862d79b3519e74a5e03a
-
SHA256
7778c658411a2f1649ced14cdfe8a92145c1c7fa53b1ce5b14920000fe99bd98
-
SHA512
d70c6df571a069797f5eb1ac9a3e30293914b8f1378714e97ae0b881ee5a833f0944ee7246e2768ed74747637deade85306e837a25b1757a1bc3abb7d6eaa9e2
-
SSDEEP
384:wrBzBV4OHcvFcYlu2V8uMcg5apqpBw2qFA5WFQExxR/c/mZ1:KBr4DSYlu2VzMcgwgBLqJQO/ceD
Score3/10 -
-
-
Target
VFS/ProgramFilesX64/13/13.exe
-
Size
826KB
-
MD5
e58073e04563ee374ac9d33d64292b12
-
SHA1
2fce424fe45978693610d0226c73648932cc1005
-
SHA256
bf2ec1a2ea0242a24bb9c5b7bcaee3f335edcc384aabd07bbfe93e74888cb26c
-
SHA512
045d7b4f55aff32f15b0673dde1ba545fa81b4c8036b2a5dea5981ef1a7a103f40617bd5b66997e0658a9c7b51cf3c5978a625261d5e9e7c20670fe6abd81c2c
-
SSDEEP
24576:e8VzM+vWJXYXuT7i0k/i0Rt5w4VrpMzLnODs:eAgCWJoBD/pPQis
Score3/10 -
-
-
Target
VFS/ProgramFilesX64/13/7za.dll
-
Size
283KB
-
MD5
ef65428f79e120e5fc10e3eecb843d17
-
SHA1
4428930e17bccef34298826756c9af43106c3178
-
SHA256
3fc4ade77fa6207c646ca3906bb8c0f21b3472ca8dfcde6635ad6da5ab5491ea
-
SHA512
9d312179ff1b7c692252bdfd241d245e8d57b0cae6ce5c8c7755f9f074f8e31c63d93e4fae341f0af8824fc0b6c278bfe3efdb8c27e36f87a4375bd3d27caedb
-
SSDEEP
6144:o2ymhthvdTJ65E44h/84s+Eol8p/wReA+H6Y7hby4xPuAM6QJ3yV:olmhthvdTJ65EVg1uETH6uzxmAMLo
Score3/10 -
-
-
Target
VFS/ProgramFilesX64/13/7zxa.dll
-
Size
159KB
-
MD5
5c4408747f4bb3e3e65669004db8f8ec
-
SHA1
7ac6b8a217dca16deb60c7132a0aa3e5a1b8dd9a
-
SHA256
b20a579d21ec7d3bc3c80c5f0a4d6921b78f6af3b6e285e013f84220e143405c
-
SHA512
a8c6ed02ba46d8f57c756d5dc279ce84b56a44bb5e3130ae475b400d551f055f30209a7cc9fb6d54569750724921077dfa21c5e1e35943deb7de731dfcef8245
-
SSDEEP
3072:o/W7sa+jaIQG8eBqcDbOWR3EHmG1xW2AdNw6bvw/9jQm6ibMdGptziybUT:onX8eIcDSq3EHmG1dAdNw6zw/9p6ibeR
Score3/10 -
-
-
Target
VFS/ProgramFilesX64/13/Far/7-ZipFar.dll
-
Size
273KB
-
MD5
d04533fdbb455465721f437a2d849b8b
-
SHA1
bd8217249cf01e86b44d2ec17280de79d19dfcfd
-
SHA256
8e6d2b5bdfc4c1d3b88643a47aa13ab15005039456a7d4ebb078a42568a341b4
-
SHA512
2ec1d78b4e3e65db7b2ccea768e7f1964347198af1b276bebf00a91125c2fc2c3649e54f1fc61cb94d3b03fc9091abe3cf220d515e501f4c2fcc7f06a22b70ff
-
SSDEEP
6144:pIVsh0MxpsgoXiDlHU5N0CHzx6KyJzE0LMtSlzNhnrgWWgOf71q:vVmiZ05N0CHz85JYvkNh+gOT
Score3/10 -
-
-
Target
VFS/ProgramFilesX64/13/Far/7-ZipFar64.dll
-
Size
458KB
-
MD5
f8c737ca365dbbae5e0010e75bd641b3
-
SHA1
997b00a5807ffff06298b11e6c5cd427dc8d2402
-
SHA256
05c932f7c7391ba29b3dec39a7e273a9b51f1c6bd75b0aa942c08e1fa91dced8
-
SHA512
5f632dc5f85eab78ba7030be0347e497e309c4ebf109fb765368171ad5e56361f797bc742b25b1296240a02ed55eb4c14b76be849149b3b6367a00792fcdc7be
-
SSDEEP
12288:SkQxAVquWibWM1ysXvTz4NaGVg/6k+VrKk:lqni6M1yovTz4NaGY6nRK
Score1/10 -
-
-
Target
VFS/ProgramFilesX64/13/arm64/7-ZipFar.dll
-
Size
457KB
-
MD5
75e8535d87e708b53f20d0bb4707129f
-
SHA1
72ef3279ec34e404eb1b9db21cc1139d8b547eb0
-
SHA256
6ad01b9d823c3fa3c623483e302d04568e35230091aa8af7750715b9739ce3ca
-
SHA512
8d5c865668e17ef129e274487eadc375325c7d8e8685108a1752f95f6526253a8ab000af8815b567358542b9326a44fa966bf9d8bc22e095f2dc770dbbca8cd4
-
SSDEEP
6144:Esmzrvdw2gRlFmdT/oJ8A244PZ35wDDXjvfgNsNTeekilpi4lPbuOF4YSmCB7BLj:Oxgd+T/68AJeKANsZnaRnT
Score1/10 -
-
-
Target
VFS/ProgramFilesX64/13/arm64/7za.dll
-
Size
434KB
-
MD5
ae6a4f422e16e45b5dd0ab6da1a82d8e
-
SHA1
3fe04a626232b0c3de6770f8e2c600aeb4c626e8
-
SHA256
49e0503b316076b9e0c90c9e3a0c475ef5d9b4376d33d702e0469029a0008e88
-
SHA512
940fe46e357ba3601998e4639a30c8df49d6ea92562afda65decd13f7c3d9b3a72c9d89cf1246d9a1bd97e5b8a7197cb789ce752f5dbbe0c1586bc0b2549b120
-
SSDEEP
6144:QxU19008UrXRzK2xELbGQscTe8xRuKX/hyTSfUp1sL5T0:F19Z8UrX+Lb6/8r+SM7
Score1/10 -
-
-
Target
VFS/ProgramFilesX64/13/arm64/7za.exe
-
Size
1.1MB
-
MD5
8f456c574478339fb77ad580b50998ad
-
SHA1
6c1edb83a34319090b40abbcf0fc208f80c99099
-
SHA256
e94aef071141c4178fac4ccc584a12ef6301ea0d8cabe7200c2234646baaecbb
-
SHA512
ef0a37e9633bb71fc31fd61c9e0fe1f12284aee9b4794ac314271424c522fd1b25acef40ffa099802a2ff31068770552e8396e5a3d08029bae1dfd271076bdd2
-
SSDEEP
12288:/7THLZP31Bu7Vu/oviZcx+dQS4BTNBbpWf95n21gxEJApu6JUVKIHbw0LNG/VUNb:TLLp3ruR0J2Tza9wgxEJBc5Izcq
Score1/10 -
-
-
Target
VFS/ProgramFilesX64/13/arm64/7zxa.dll
-
Size
281KB
-
MD5
afbf2157c80490945745f6367abb5528
-
SHA1
813a03edd5fe1d28d57fd86d0e7ef00b3ae6858e
-
SHA256
a81e4ee586e31a3ecab3ccf0e41b41d56cb1686fdd38469aac08d9421d82bfd1
-
SHA512
7e065199bec9111de62dba34d0e36ded2e9a339fe957c3cbc0c7e278544b6427f3c0644c9bd3d538fb41e8e34058058f6d9a96c53b66f6dc1532af6b37096ecd
-
SSDEEP
3072:Vfe0Q+QHyx4nDoA6gD0tmhdSe5DjxHjYgXt37k0m154jCbGQakvQu9Iy:VfCyQErO+mhdSe5PxHcgXt37kWGuXY
Score1/10 -
-
-
Target
VFS/ProgramFilesX64/13/x64/7za.dll
-
Size
402KB
-
MD5
967497e77171ac87ce0d9a306a7702b5
-
SHA1
48270d2f65c448b362898b972b3775fd859f0fb3
-
SHA256
583f67ca7b7301f5524fda8405afcb1d38b481556799d80a633978024577ebab
-
SHA512
498f3faefdbbb12d3b0170d06b954cffed6cb28889328a85a9394583b22c43908fc0b4debaff717e62e63f9b1e1dd60e73a6acf712e8e0f7b1f1853da20ec116
-
SSDEEP
6144:XZQPeCI4eVX65RxgmxcI4l6ghclhu2mzt20yhwBdLPrzDh8JHVsmvUw:pQPN/eVX65bgFI4l6J7hhwBVzDK1N
Score1/10 -
-
-
Target
VFS/ProgramFilesX64/13/x64/7za.exe
-
Size
1.3MB
-
MD5
33aaf6621cc4b441c335327c1e02a952
-
SHA1
cbf58e9e35ef72c9f271200bf1056410caac9086
-
SHA256
199c64ad672453e98d86ad2c4ea88212eafd6f7c4070dfcb7609ab7a9bd5df11
-
SHA512
66c90ae091be3ad7e3023d4ae14efd1253c44995add3273af8350e52a8f6e825abeeced9c0b4e0d145b547d77b4b921f8f21fef999d554113b88218f51945baa
-
SSDEEP
24576:f7xctZMwfCK4tJSTV0Tu5ZlyjzeG/JEt:fKtZM5K4tEByWG/
Score1/10 -
-
-
Target
VFS/ProgramFilesX64/13/x64/7zxa.dll
-
Size
211KB
-
MD5
5eab00f912824ebdc5aa47ebe863b63e
-
SHA1
8e2391668cebcf2aa6c7efecb3911895fbb98aa0
-
SHA256
7454cd03cfa197b979cb62360f69143a48a8be86227f06538c546a70a14cde2c
-
SHA512
6027a55536eca2724edf1e6687c6251ef9913590ebac44507b58fd9d92074ddba39d38c743cd0ef43d382f6b45d4276b1ec790108503fe6f2a85e1f4884edddb
-
SSDEEP
3072:LftOtcS7lCZc9Ltue1C+zV2zUmiRvgWDFSaRPQIDCuPK1gSBvAGfPFjaRv+PB7PW:LtViwgLtun+soC1vx2Hr0/NG1
Score1/10 -
-
-
Target
VFS/ProgramFilesX64/PsfRunDll64.exe
-
Size
115KB
-
MD5
8466f69926a22670dcf6515a4fc3c054
-
SHA1
fd7a2d377cce9545fff272905af7016bd512aefc
-
SHA256
b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4
-
SHA512
5be11238923613169a2627b01db76a09b83e8215dd1872f8e96d8f646171bd9e365fa653da221671fd46258f661794b846ed09aa4369b5d55b3ac27f0b96b0e7
-
SSDEEP
3072:poN2YAE6yqki92M43MBaxRjn+ryYA/M5sfhew:pgAE6yq0MBBijDM5sfd
Score1/10 -
-
-
Target
fedxrtdxt.ps1
-
Size
480B
-
MD5
3e390f3b3ca7d3716775f832c93fb1b1
-
SHA1
5cc8837f0f87f71c5551c009a69fa12daf3254d4
-
SHA256
11464f7ac40e3e5f771dfe19aee3b3d21cf526a11429038ba9de4c9d7e4bb42a
-
SHA512
8a71a94cb17699100bba67478e5ab0fa14f93b68d0efdcbbf1a35cb5a1d20d05a36c63b0a8be559645a084aee2109a2c77eaa7e6ecd89a99ffaf670100d56c30
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1