Overview
overview
7Static
static
3vjvd85.exe
windows10-ltsc 2021-x64
7$PLUGINSDI...ls.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...em.dll
windows10-ltsc 2021-x64
3LICENSES.c...m.html
windows10-ltsc 2021-x64
4d3dcompiler_47.dll
windows10-ltsc 2021-x64
1ffmpeg.dll
windows10-ltsc 2021-x64
1libEGL.dll
windows10-ltsc 2021-x64
1libGLESv2.dll
windows10-ltsc 2021-x64
1resources/elevate.exe
windows10-ltsc 2021-x64
3spotify.exe
windows10-ltsc 2021-x64
7swiftshade...GL.dll
windows10-ltsc 2021-x64
1swiftshade...v2.dll
windows10-ltsc 2021-x64
1vk_swiftshader.dll
windows10-ltsc 2021-x64
1vulkan-1.dll
windows10-ltsc 2021-x64
1$PLUGINSDI...7z.dll
windows10-ltsc 2021-x64
3General
-
Target
vjvd85.exe
-
Size
70.9MB
-
Sample
241101-14lhhsxnhl
-
MD5
0cda6bc4af6b10bb62d2b6527dd9694f
-
SHA1
4bd705c8d39d96b32c5b1b2cfbd36115ea9d39c6
-
SHA256
3e080ffe19488c369de59e1478780689c51197d12807d6056ae05a84804404a0
-
SHA512
1726b01e6858d533b05ff4913084cf72bb20e2a26df7ab25b46c7cad995c16f0503c31c7a067b5df70619ebeba6711db597291b64850cc976705a61f4e5da616
-
SSDEEP
1572864:v4/4rzOchP8UKFEa9S9l7gC39nEH6vXwSBcuNEXfQyIPvKj7:AkqcdsEw6lL9nEH2SfYy4vy7
Static task
static1
Behavioral task
behavioral1
Sample
vjvd85.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
LICENSES.chromium.html
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral5
Sample
d3dcompiler_47.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
ffmpeg.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral7
Sample
libEGL.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral8
Sample
libGLESv2.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral9
Sample
resources/elevate.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral10
Sample
spotify.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral11
Sample
swiftshader/libEGL.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral12
Sample
swiftshader/libGLESv2.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral13
Sample
vk_swiftshader.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral14
Sample
vulkan-1.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
vjvd85.exe
-
Size
70.9MB
-
MD5
0cda6bc4af6b10bb62d2b6527dd9694f
-
SHA1
4bd705c8d39d96b32c5b1b2cfbd36115ea9d39c6
-
SHA256
3e080ffe19488c369de59e1478780689c51197d12807d6056ae05a84804404a0
-
SHA512
1726b01e6858d533b05ff4913084cf72bb20e2a26df7ab25b46c7cad995c16f0503c31c7a067b5df70619ebeba6711db597291b64850cc976705a61f4e5da616
-
SSDEEP
1572864:v4/4rzOchP8UKFEa9S9l7gC39nEH6vXwSBcuNEXfQyIPvKj7:AkqcdsEw6lL9nEH2SfYy4vy7
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
LICENSES.chromium.html
-
Size
5.2MB
-
MD5
df37c89638c65db9a4518b88e79350be
-
SHA1
6b9ba9fba54fb3aa1b938de218f549078924ac50
-
SHA256
dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
-
SHA512
93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67
-
SSDEEP
12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZb:sPM95FCWStQj6ERs/mfMl6H0skDpS
Score4/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
4.3MB
-
MD5
7641e39b7da4077084d2afe7c31032e0
-
SHA1
2256644f69435ff2fee76deb04d918083960d1eb
-
SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
-
SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
SSDEEP
49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.6MB
-
MD5
c3842fb3087cdcdb04020ac38683c289
-
SHA1
329dbcd4a1c79b891b200f11eb50194b85c493bc
-
SHA256
e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133
-
SHA512
069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5
-
SSDEEP
49152:JcMr6+FXptsXTmgP7he370olRK+KCKyRb+kyqVZWxX0b4unfruHw:RKer0olGyByEf8
Score1/10 -
-
-
Target
libEGL.dll
-
Size
437KB
-
MD5
8352fd22f09b873193cabc2932be92f0
-
SHA1
5bd2b58854b279f1733c5f54ea2669ee8a888d9e
-
SHA256
14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
-
SHA512
7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2
-
SSDEEP
6144:odpiWYLBViWOSdAr1Knk2mI3LpxE0RYqowpW6VmHrtff1FI:ipvYLbiWBqrQnPxE0cKmHZ3P
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
6.7MB
-
MD5
b6a433dc7b4030fb17bd1683a9606b6e
-
SHA1
0602c50532e3f13facc67bd95a048c470e88afcc
-
SHA256
f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9
-
SHA512
b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1
-
SSDEEP
49152:aYKj6OhH5vSqGZ/UUopyV+gsIm3H9VnT+EisbCQ12+Q6nUBnKJ/lwE2f9rgqFnka:CvSqGZaVoH9xz+TPYrijOxm
Score1/10 -
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score3/10 -
-
-
Target
spotify.exe.exe
-
Size
139.5MB
-
MD5
732e752c8ffefbd4f918aa3305b993e3
-
SHA1
b82b3b2500fac5f317aa0264fba27bf864c05ddb
-
SHA256
c1c270bdfb7510497dab959494eb408451af1f2ef8bb9073348eea9b6ae5294d
-
SHA512
56f29a28b32d7332485dc360c65c7eb3562d1b57e7fb5f5b6595c999a70db9db38c8590a9435f19508e676274104ef97f35f2105cf8b34151d5342951303cb79
-
SSDEEP
786432:n14w5ThzHwQBgmoLWv+K18nCzKdo5DTdvfMQr6SSmPuvh8tSIW68:n14kpHwQjCWv+K18CedmVvEQEpcJW
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
swiftshader/libEGL.dll
-
Size
450KB
-
MD5
19dc9ee70e7765bb63a66b6826e8ecb7
-
SHA1
1a12f983f8b35cc2955d30657971f113c47dc164
-
SHA256
83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
-
SHA512
1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68
-
SSDEEP
6144:gFzcMPKWOp0q29LDwK3p3KHvDstVpphcSGbwSi6DH0hl:g2WOOqiLDrthhcSGnc
Score1/10 -
-
-
Target
swiftshader/libGLESv2.dll
-
Size
3.0MB
-
MD5
c0b36d56d83e601bf246f7709a8c5f9d
-
SHA1
b025a6070f7d61c7d1827856d2d4043834fd23f2
-
SHA256
45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53
-
SHA512
e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1
-
SSDEEP
49152:D0mOy4fytPTlZQPF/IBCfG/owBx8iqQyehF3Hn0gPD2vzFW/GyCbZpjGKiqZ/nYI:DgfyjyeelZ/YNg/Yr
Score1/10 -
-
-
Target
vk_swiftshader.dll
-
Size
4.4MB
-
MD5
de2d91476e625278c30a5f69a1892e05
-
SHA1
4d707f6a801611fb437f5c1cba31b0909bf41506
-
SHA256
02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba
-
SHA512
d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532
-
SSDEEP
49152:px2VjoakX4pb7QH1fUlTB7zmNmdpTE5NSomaZXYjLlHks2RPF/lOzl+LZ/n6du7F:K2DtJ+wixdag
Score1/10 -
-
-
Target
vulkan-1.dll
-
Size
819KB
-
MD5
b91586bd80e057a7f62bdc4422744812
-
SHA1
a1df644421ece2e740e5bf0ed98b4f269fd85c39
-
SHA256
8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
-
SHA512
94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053
-
SSDEEP
12288:ekyJJLfcn5To6PuXtLvEdGnZSss43uobIoD:JnhoR5Ed8S2ukD
Score1/10 -
-
-
Target
$PLUGINSDIR/nsis7z.dll
-
Size
424KB
-
MD5
80e44ce4895304c6a3a831310fbf8cd0
-
SHA1
36bd49ae21c460be5753a904b4501f1abca53508
-
SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
-
SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
SSDEEP
6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1