Overview

overview

10

Static

static

10

enjoy/enjo...FF.exe

windows7-x64

7

enjoy/enjo...FF.exe

windows10-2004-x64

7

enjoy/enjo...43.dll

windows7-x64

1

enjoy/enjo...43.dll

windows10-2004-x64

1

enjoy/fold...43.dll

windows7-x64

1

enjoy/fold...43.dll

windows10-2004-x64

1

enjoy/folder/SOB.exe

windows7-x64

1

enjoy/folder/SOB.exe

windows10-2004-x64

1

enjoy/fold...11.dll

windows10-2004-x64

3

enjoy/fold...43.dll

windows7-x64

1

enjoy/fold...43.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    enjoy.zip

  • Size

    22.5MB

  • Sample

    241103-te7acsyejn

  • MD5

    e47b534fac55c8508e602395015ff6df

  • SHA1

    b47d9a1bfee6c0745b58c17b6a785a9d71349614

  • SHA256

    8b3d9acb2888159636734c5bd90e1b6137057a74fb1ca7569be3556d5b141dd1

  • SHA512

    c902dfb3e74976810fae48dc8aa74ed0fb6885f5558d060a13f3395ba1b9a68a7be7f499bcea4e1ad7fa84fe64b82c61ec836c4eefeced8299153da0a491667b

  • SSDEEP

    393216:y17koB0yMv8jZ8OFw4Ot1ZMJgHm1ewsTdx5DlzuI+c+WF6atwAWOlIl9:SAoB0T8jyAwP1aJgNdxxtlrHQaYOil9

Score
10/10
empyreandiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      enjoy/enjoy/panel FF/Panel FF.exe

    • Size

      17.9MB

    • MD5

      b257c69da732683404c5306fccd089ac

    • SHA1

      060a0049472f2af7a646494e57d38eb2678ee2d9

    • SHA256

      799297010ab1f194fa1c0870f23970cd6dae5ce5ff85f8cbf541f8de43605be3

    • SHA512

      aae6abe0ef763d8062d24419f51783415a8619d8d274d6620f8a71f2eaa1c147e62a432bad3c4d45409f8f7f05c690bfb0e1e7bcfa1b14cfacba868db800caa1

    • SSDEEP

      393216:oqPnLFXlrzQMDOETgsvfGugyA0Av/zOEQ49Aa/2tpLL2d:ZPLFXNzQREjXA0AvYaAy2tEd

    Score
    7/10
    upxdiscoverypersistenceprivilege_escalationspywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      enjoy/enjoy/panel FF/d3dx11_43.dll

    • Size

      270KB

    • MD5

      9d6429f410597750b2dc2579b2347303

    • SHA1

      e35acb15ea52f6cd0587b4ca8da0486b859fd048

    • SHA256

      981e42629df751217406e7150477cddc853b79abd6a8568a1566298ed8f7bd59

    • SHA512

      46cbfb1e22c3f469bdc80515560448f6f83607fd6974bb68b9c7f86ca10c69878f1312b32c81c0f57b931c43bad80bd46bdf26ab4ffb999abb0b73de27ad7c56

    • SSDEEP

      3072:iCWVWFOaVgP7BzvjYlTc91N6Vkg4eK6DvDBcMqpcJbMYBu1+Iz54+vJq9o:EWw4gPdz7YlTc91i1DLopYMvIIO

    Score
    1/10
    behavioral3behavioral4

    • Target

      enjoy/folder/D3DCompiler_43.dll

    • Size

      2.4MB

    • MD5

      ada0c39d4eacdc81fd84163a95d62079

    • SHA1

      207321f1b449985b2d06ed50b989fa6259e4eb8e

    • SHA256

      44c3a7e330b54a35a9efa015831392593aa02e7da1460be429d17c3644850e8a

    • SHA512

      1afc63db5d2030b76abc19094fc9fef28cc6250bd265294647e65db81f13749c867722924460f7a6021c739f4057f95501f0322cdec28a2101bf94164557a1a5

    • SSDEEP

      49152:zf59zPxKcvHzDB6t3+C0/aJfyLg7Ie4Xy+5j4m2CTB:M2642o7lftd

    Score
    1/10
    behavioral5behavioral6

    • Target

      enjoy/folder/SOB.exe

    • Size

      2.9MB

    • MD5

      d5043c738bf3fbbaeea0a7c848db5a1e

    • SHA1

      d5186e734a7d3605a76554855f0e2ef46cdabcf0

    • SHA256

      2305fbd7e8f1e31e0ef0aa772b2a36fbf8c64df6e0b5b85ba3f186ec358f5dfd

    • SHA512

      d2286df50084237fa3644d3cbfe98fb3b1da66839a9dcbb10616c90ef4eebfa9069b5f46b495e6bef0f06ba6ef28132aa4e691b6b35a28884237a3f8cc6d4f1e

    • SSDEEP

      49152:96br9CNfPXtFFb7kXcB3IH0d8x+g7wy2U2qtWQ9xYvzYuCRQrwevW:Or9CptDpIH0LgUyF2IYvz88we

    Score
    1/10
    behavioral7behavioral8

    • Target

      enjoy/folder/d3d11.dll

    • Size

      1.9MB

    • MD5

      c0e1eb1b3af39a7e0cab79c2d8bc7a49

    • SHA1

      cb2526f7e430af3656e942163d4b9cf870999a95

    • SHA256

      6f513b22c1a6c959d778d6154ab61725f97110844bc52ee7d8d5c34a1be1e8f1

    • SHA512

      d26212c2f8546e0194c8a1e17aff3729d9d14c0a6c903c6674cddf4536ad8e4946b4756ed4e648c3ab75d6cd81234230c80254f52c6fea2f96bba4cf8fd1de60

    • SSDEEP

      24576:3QC0vMxEnG1hI/6/m4hLhGmMiRPsWsz9AujtyRyPTrDBjM4eRLXQ/NJgtxsz31Lj:ATHihiilaZsyPT+QixsRyoFdj8KkXskY

    Score
    3/10
    discovery
    behavioral9

    • Target

      enjoy/folder/d3dx11_43.dll

    • Size

      270KB

    • MD5

      9d6429f410597750b2dc2579b2347303

    • SHA1

      e35acb15ea52f6cd0587b4ca8da0486b859fd048

    • SHA256

      981e42629df751217406e7150477cddc853b79abd6a8568a1566298ed8f7bd59

    • SHA512

      46cbfb1e22c3f469bdc80515560448f6f83607fd6974bb68b9c7f86ca10c69878f1312b32c81c0f57b931c43bad80bd46bdf26ab4ffb999abb0b73de27ad7c56

    • SSDEEP

      3072:iCWVWFOaVgP7BzvjYlTc91N6Vkg4eK6DvDBcMqpcJbMYBu1+Iz54+vJq9o:EWw4gPdz7YlTc91i1DLopYMvIIO

    Score
    1/10
    behavioral10behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks