5f73dab125efbe100426f39621d5fdedb343a1d912f88ed322ed04a66daab473

Resubmissions

08-11-2024 01:13

241108-blevks1lgs 10

08-11-2024 00:57

241108-ba4dsstqfn 10

07-11-2024 19:15

241107-xypq7sznbk 7

Sharing

Copy URL

Twitter E-mail

General

Target

infected.zip
Size

31.2MB
Sample

241107-xypq7sznbk
MD5

f3086b596f50e215a706559d5ec8cbc8
SHA1

afa5c27fbc93d1398d00324de3ac467ae377bc6e
SHA256

5f73dab125efbe100426f39621d5fdedb343a1d912f88ed322ed04a66daab473
SHA512

d5141566392f7089da4db9940d0ec86d236dfb68dbf05f9377797df0d9ae2b447cffe75fe0d32be402e6f3af57aff677e9ae604a63b839afd62f362a9c687016
SSDEEP

786432:qHjbJsO6eSFdZUDAea6ebsP+DPdIfpCdFD5ojjBW7PQbB:GjCRVFrDeqbsPCdIfpCnDWMbQF

Score

7^/10

Malware Config

Targets

- Target
  
  infected/QtCore4.dll
- Size
  
  2.5MB
- MD5
  
  fecc62a37d37d9759e6b02041728aa23
- SHA1
  
  0c5f646caef7a6e9073d58ed698f6cfbfb2883a3
- SHA256
  
  94c1395153d7758900979351e633ab68d22ae9b306ef8e253b712a1aab54c805
- SHA512
  
  698f90f1248dacbd4bdc49045a4e80972783d9dcec120d187abd08f5ef03224b511f7870320938b7e8be049c243ffb1c450c847429434ef2e2c09288cb9286a6
- SSDEEP
  
  49152:VTFgiFpGXOENKSgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjxJsv6tWKFdu9CZgfQ
Score

3^/10

discovery
behavioral1
- Target
  
  infected/QtGui4.dll
- Size
  
  8.2MB
- MD5
  
  831ba3a8c9d9916bdf82e07a3e8338cc
- SHA1
  
  6c89fd258937427d14d5042736fdfccd0049f042
- SHA256
  
  d2c8c8b6cc783e4c00a5ef3365457d776dfc1205a346b676915e39d434f5a52d
- SHA512
  
  beda57851e0e3781ece1d0ee53a3f86c52ba99cb045943227b6c8fc1848a452269f2768bf4c661e27ddfbe436df82cfd1de54706d814f81797a13fefec4602c5
- SSDEEP
  
  98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
Score

3^/10

discovery
behavioral2
- Target
  
  infected/QtNetwork4.dll
- Size
  
  1.0MB
- MD5
  
  8a2e025fd3ddd56c8e4f63416e46e2ec
- SHA1
  
  5f58feb11e84aa41d5548f5a30fc758221e9dd64
- SHA256
  
  52ae07d1d6a467283055a3512d655b6a43a42767024e57279784701206d97003
- SHA512
  
  8e3a449163e775dc000e9674bca81ffabc7fecd9278da5a40659620cfc9cc07f50cc29341e74176fe10717b2a12ea3d5148d1ffc906bc809b1cd5c8c59de7ba1
- SSDEEP
  
  12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
Score

3^/10

discovery
behavioral3
- Target
  
  infected/QtWebKit4.dll
- Size
  
  12.5MB
- MD5
  
  094f4248b13cc9890c3d9984d9cf4753
- SHA1
  
  fd56012de8499b6a4d37f4a011e352c096a564b5
- SHA256
  
  e22b92470da89cb30ff0d57a177e429a7a6b49ada3ad1f351546ff77783126b7
- SHA512
  
  c6d93720ed384301247dd961c8d3cd2f8663416039063f404c507c95d4fafbb7f4b1a4982e096b9c43b0fdc3d6d2faa2565397cd96072ce9a6e74910a91e326c
- SSDEEP
  
  98304:JfyKJXPSGJ9opKMT/HSWmgskU9Kbrh0oHCXRm6fUh5dEDlxnZTZQFlNNN7wIcQ0U:JKmcpZ3sE/+oHCX82E+JxnmtcQ0
Score

3^/10

discovery
behavioral4
- Target
  
  infected/Setup.exe
- Size
  
  80KB
- MD5
  
  2a8613b7d99903516b8fe02fd820bf52
- SHA1
  
  78a96addcb556ab1d490fac80f929305263d06b9
- SHA256
  
  f1d68c5e7c7660d4f2ce412c109b7fe3e088872fa0ebe61ca9ab9dd92a496407
- SHA512
  
  af0902aeb6169ea507b787da7b61c3533df4610c3f51c1d8f65dfc9008c8ce2580f2d86a49a4d0acc2c51c731f3e4c447d0d1d8e779dc1c75e43d30b79c46436
- SSDEEP
  
  1536:9A8oAY5SXfidLez+Q+EGfdUHLLXJ+CqoVpPBucQwk7qnKXKo5OMY8xk03ben8TK:M7Ohz+Q+EGlUHLLXJ+CqoTPBucQwktXS
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  infected/api-ms-win-core-processthreads-l1-1-1.dll
- Size
  
  17KB
- MD5
  
  29001f316ccfc800e2246743df9b15b3
- SHA1
  
  dc734266648d3463c1f8d88c1ce7d900a4e3b26c
- SHA256
  
  e5ea2c21fb225090f7d0db6c6990d67b1558d8e834e86513bc8ba7a43c4e7b36
- SHA512
  
  4cffc0c6f94fcd1155909993c622b9103abd7a7bce88742a10abd6a3496a334d667a39bb601f99eb174aa847d7dae056e0d9769754ca86320579b262a20a6599
- SSDEEP
  
  384:WRtwDfIe9jWfhWC+Y3DGk8ZpH3GCJErra8o7Q+Y3DGUKn8JN77hhET:ape9A5DGkiRBEXaR70DGa3hqT
Score

1^/10
behavioral6
- Target
  
  infected/api-ms-win-core-profile-l1-1-0.dll
- Size
  
  16KB
- MD5
  
  6ee66dca31c5cce57740d677c85b4ce7
- SHA1
  
  8969db03f98f9548caf8e2d8c7f2f5cd7071f333
- SHA256
  
  d00a0edace14715bf79dbd17b715d8a74a2300f0adb1f3fc137edfb7074c9b0a
- SHA512
  
  592e3b6c689a0d6c87079c54c3e13e6ee1fc0c5c770abc854040e85464687c46f0a558be22f8759dbc4a100810386ee379ffe4359cf9091d9afae548bc597be2
- SSDEEP
  
  384:WiIWfhWx+Y3DGk8ZpH3GCJErcx3l/r7+Y3DGU78JN77hhC6UHR:doDGkiRBEWV/rxDGT3h06UHR
Score

1^/10
behavioral7
- Target
  
  infected/api-ms-win-core-rtlsupport-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  0069fd29263c0dd90314c48bbce852ef
- SHA1
  
  dfb99c850a69e67e85f0a0985659f325bd8f84fc
- SHA256
  
  d11093fdc1d5c9213b9b2886ce91db3ded17ef8dae1615a8c7ffbc55b8e3f79b
- SHA512
  
  71965e8dd2fd81d0c6dba4dbec8d2d1bfd4a644ef6bba4f6027de4bcdf9c07da16f27f2156c21b52e678c75f0a93a4bcbc3e1942f0a73f1eea5ff64b70662f70
- SSDEEP
  
  384:WCGeVxWfhWD+Y3DGk8ZpH3GCJErYtN+Y3DGUO8JN77hhTew:3GeVmyDGkiRBEojDGa3h9ew
Score

1^/10
behavioral8
- Target
  
  infected/api-ms-win-core-string-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  2e5c29fc652f432b89a1afe187736c4d
- SHA1
  
  96f8480b9339411d5d8c94918e983523b1a55c56
- SHA256
  
  3807db7acf1b40c797e4d4c14a12c3806346ae56b25e205e600be3e635c18d4f
- SHA512
  
  fe1135532e18127f2cfefaaa4a19020d6c790374f648dc93383d58ee52b147d1451af01b8624234bd5d77abe2451eb3e15cbe72a19d283f00cf78c05c43041df
- SSDEEP
  
  384:W4yMv9WfhWx+Y3DGk8ZpH3GCJEr4ey/+Y3DGU888JN77hhnY1:DyMvaIDGkiRBEsnDGX3hxY1
Score

1^/10
behavioral9
- Target
  
  infected/api-ms-win-core-synch-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  979c67ba244e5328a1a2e588ff748e86
- SHA1
  
  4c709ce527550eb7534cb6362afdb3623c98254e
- SHA256
  
  8bb38a7a59fbaa792b3d5f34f94580429588c8c592929cbd307afd5579762abc
- SHA512
  
  49f3c3319aa462b445c6a0b816e10034f6e5a9cf1250ea30b348cfa1ef71525e9f62e2f13253f61375f51fc574847de0d509cffa95103771be356327d5fef90d
- SSDEEP
  
  384:Wjdv3V0dfpkXc0vVaCWfhWt+Y3DGk8ZpH3GCJErHZpn+Y3DGUrUN8JN77hhYl:Wdv3VqpkXc0vVabkDGkiRBEtplDGEUq8
Score

1^/10
behavioral10
- Target
  
  infected/api-ms-win-core-synch-l1-2-0.dll
- Size
  
  17KB
- MD5
  
  659e4febc208545a2e23c0c8b881a30d
- SHA1
  
  11b890cc05c1e7c95f59eda4bb8ce8bc12b81591
- SHA256
  
  9ac63682e03d55a5d18405d336634af080dd0003b565d12a39d6d71aaa989f48
- SHA512
  
  010ab6d3971fabd2a956f891b8d9d20ef487e722443b2882a1a329830dc5c80d262e03a844cd3f5c3e4efcfbad72b9e1fbbf7d9dc6cf85ed034d84726946ce07
- SSDEEP
  
  384:WHtZ36WfhW8+Y3DGk8ZpH3GCJEFxMDD+Y3DGEC8q8JN77hhFGT:EbDGkiRBEsJDGS13hj+
Score

1^/10
behavioral11
- Target
  
  infected/api-ms-win-core-sysinfo-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  cef4b9f680faae322170b961a3421c5b
- SHA1
  
  dd89a2d355df989bbd8648789472bfe9c14afcd5
- SHA256
  
  1fe918979f1653d63bb713d4716910d192cd09f50017a6ecb4ce026ed6285df9
- SHA512
  
  f56617290d4ac25231631d708a6c8b003bdd358bae9672f7dee539a96b292c13e04c65ba5f05937c52f73288eb3dd7cba479ed030942a0d9d3a15512548fa4a9
- SSDEEP
  
  384:WBTnWfhWt+Y3DGk8ZpH3GCJEFxqIDh/h+Y3DGER6vJ8JN77hhHWT:0TsIDGkiRBE+IxfDGM6vW3h5WT
Score

1^/10
behavioral12
- Target
  
  infected/api-ms-win-core-timezone-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  69df2cce4528c9e38d04a461ba1f992b
- SHA1
  
  bb1d0da76cf696acf2e0f4e03e6d63fbad4325aa
- SHA256
  
  a108a8f20ded00e742a1f818ef00eb425990b6b24a2bcd060dea4d7f06d3f165
- SHA512
  
  4d02eecdda0fffc10d5509830079984c7a887b4ca3a80359aa56117b302dcfa594b0710c9f415c823d1674b5c689d31aade44f21750ccd7d53010e67f0b6f0d2
- SSDEEP
  
  384:WGOWfhWc+Y3DGk8ZpH3GCJEFxi+3T7Tu+Y3DGEu8JN77hh2KI:5XDGkiRBEm+uDGQ3h7I
Score

1^/10
behavioral13
- Target
  
  infected/api-ms-win-core-util-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  c6553959aecd5bac01c0673cfdf86b68
- SHA1
  
  045585659843f7214c79659a88302996bfb480a2
- SHA256
  
  68bd9c086d210eb14e78f00988ba88ceaf9056c8f10746ab024990f8512a2296
- SHA512
  
  ae8e42a428202d05fea4f1e6a4d3b919b644a792567f876b0fc392b1cddb856547b4c3b433c002fded6df4d4daec8fb7235f30d1ff9f42943d9e2557ade364d6
- SSDEEP
  
  384:WyzWWfhW++Y3DGk8ZpH3GCJErst5+Y3DGU1a8JN77hh8T:35DGkiRBEQpDGw3hKT
Score

1^/10
behavioral14
- Target
  
  infected/api-ms-win-crt-conio-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  7190cbfad2d7773d3b88ccc25533a651
- SHA1
  
  71fe2bacc14b433d51328ea0810c1a030c80d844
- SHA256
  
  4aeeae0ac9f6c1b0b8835067ea3b7fc429f353565f18de7858f4ea5d6f72072e
- SHA512
  
  b314666c400268bf261c5f9e9966ad0680435241e7a24d85b28ae4405d798b80eedb65ed8db7e8d93df90f886a6719a8b7ace8c25d0429392bc061868890c40c
- SSDEEP
  
  384:WL5WfhWO+Y3DGk8ZpH3GCJErBf+Y3DGUCU8JN77hhIw:FVDGkiRBELDGfX3hKw
Score

1^/10
behavioral15
- Target
  
  infected/api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  3e415147ccd7c712618868bdd7a200cd
- SHA1
  
  b332f29915d846519dcb725d39e8c50604d7b414
- SHA256
  
  77b69e829bdc26c7b2474be6b8a2382345b2957e23046897e40992a8157a7ba1
- SHA512
  
  7e7e50f148414f8a84b4c39d3c7c1e0952f86f95873f3abc25b7f08574bbcce41394a59451868020b178bf68df12615bd356677e8c935c1185c5d07d15e61896
- SSDEEP
  
  384:WluyxWfhWK+Y3DGk8ZpH3GCJEFxkNN0O+Y3DGEhy8JN77hhHL:RhDGkiRBEqDGsd3h9L
Score

1^/10
behavioral16
- Target
  
  infected/api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  ad0cbb9978fcf60d9e9ca45de6a28d30
- SHA1
  
  65549d9d7ee72de7d0cc356f92ad22eeb8dc18cc
- SHA256
  
  6c9c0dc7b36afe07dfb07dd373fc757ff25df4793e6384d7a6021471a474f0b9
- SHA512
  
  aaf4919e7629cd0bcf52283d578214043a4bdf6597a7d808dfcecd5fa1ecbd0b1395c60a165c575d20ca42928500815e14837b9e05530a667c6898e14243d64d
- SSDEEP
  
  384:WgWfhWx+Y3DGk8ZpH3GCJEFxHiA6+Y3DGEi8JN77hhksg:CsDGkiRBEJeDG03hCD
Score

1^/10
behavioral17
- Target
  
  infected/api-ms-win-crt-filesystem-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  14f407d94c77b1b0039ae2c89b07a2ff
- SHA1
  
  528b91a8a8611da45463fac0a6bd5c58233f8fbc
- SHA256
  
  85b1b189ce9e3c6f4d2efdd4cd82b0807f681bea2d28851caaf545990de99000
- SHA512
  
  152b97a656acd984592bf58854222ec97c661f9f8d19557ea03501457fb5a07821f90d332f21b1b51a5bce5ab84f862354b8ee21c7c1f6b7aa1c127f4a73ab5d
- SSDEEP
  
  384:Wcq6nWm5CpWfhW++Y3DGk8ZpH3GCJErNi4H+Y3DGUfhd8JN77hhcu:G6nWm5CeBDGkiRBEp5DGk63hqu
Score

1^/10
behavioral18
- Target
  
  infected/api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  9c373c00ac3138233bdf1655c7be8e86
- SHA1
  
  ee38f868e32950d1b8185249edc6ad4e1bc5592f
- SHA256
  
  0166edfb23cfc77519c97862a538a69b5d805d6a17d6e235f46927af5c04b3c9
- SHA512
  
  d2f56b3169c1fea1a604523b2215dbad02c6306bd804445b367756f288310554dd049aefd024babc26a3b270b8aede8b10e5ec8d80e772d3d1076b8013491067
- SSDEEP
  
  384:WgY3eRWfhWn+Y3DGk8ZpH3GCJErTpTX+Y3DGUm8JN77hhwJ:TGeDGkiRBERTVDGm3hiJ
Score

1^/10
behavioral19
- Target
  
  infected/api-ms-win-crt-locale-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  c5d747f96237b6e9aa85c58745d30c80
- SHA1
  
  c6ad21597265faf25ea8d7f09577f3e6f4f7be10
- SHA256
  
  f16447b5fc7fe6fb8a6699a3cef1b2b8ba92d408579bcc272d3dd76acd801e2a
- SHA512
  
  5bcee06d62633ecdfdf5dd1bf92ff9278f535dc5f21bfe36faaca15e378beb4da6be7ba9767569119fbf9f7383ffdb3a4a17c99d5918a64b8e12926ac0ec3140
- SSDEEP
  
  384:WVWfhW2+Y3DGk8ZpH3GCJErYIcc+Y3DGUA8JN77hhKdf:JxDGkiRBE44DGk3h09
Score

1^/10
behavioral20
- Target
  
  infected/api-ms-win-crt-math-l1-1-0.dll
- Size
  
  26KB
- MD5
  
  bc418a3461c5fdfa1a0d75f7e03d08a7
- SHA1
  
  5cfefa62226f117b7e2fe58961269294eb62b84c
- SHA256
  
  c7115159babdaa1f52e478e67b4e612da2332fda4e4036999b29425fe303b6e8
- SHA512
  
  4c9f3d461a5fc42d829d517ef523423ceb18f6667e6f2d83f1e5cd645a359d32b58ac8652ea734f567ed3b9e2999f358bf0e95bf38265df7abe3fe4b2f5fa978
- SSDEEP
  
  384:WXQUbM4Oe59Ckb1hgmLVWfhWC+Y3DGk8ZpH3GCJEr0a6eOq+Y3DGUOe8JN77hhoq:SRMq59Bb1jyRDGkiRBEQeOODGp3hqQ
Score

1^/10
behavioral21
- Target
  
  infected/api-ms-win-crt-multibyte-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  9e9c6f83a015029808f5257f7b7e39c6
- SHA1
  
  5674192eb60eb152773fe0d50161f32759e2ea0f
- SHA256
  
  c6b4e1d903b3cc83bfaffbe4e82eee634cff8f97f12217caa45b464ddc4e1455
- SHA512
  
  6e124732646cbe95ef94773d57b08c68a399854f906b14f15996bb12400d5e92b34596c38795a3ba4cdf8db4e8dd5ad486890634951a4686c6679b486ab19cb0
- SSDEEP
  
  384:WPy+Kr6aLPmIHJI6/CpG3t2G3t4odXLVWfhWS+Y3DGk8ZpH3GCJErRMOnR+Y3DG3:uZKrZPmIHJI6kVDGkiRBE9nDGa3hYV
Score

1^/10
behavioral22
- Target
  
  infected/api-ms-win-crt-private-l1-1-0.dll
- Size
  
  68KB
- MD5
  
  ad8d9a6ea592a6c8a78c67a805cec952
- SHA1
  
  3e9f35013044be456f33e300418453ab12c70df8
- SHA256
  
  696c10112d8b86a46e5057cbd0bf40728e79c6bb49cda1f2c67fe45d0fc1258d
- SHA512
  
  31c1b5717432b67e6b150911747f34e8099c1a0870262bb3b5d3ac5c9e28b3b08e4239bd105408318806f983b3fcd10e617b2385511c46efe9fe58a9cd4a7067
- SSDEEP
  
  1536:b/XeuJDe5c4bFe2JyhcvxXWpD7d3334BkZn+P7niDv3hO3:DXeuJDe5c4bFe2JyhcvxXWpD7d3334BD
Score

1^/10
behavioral23
- Target
  
  infected/api-ms-win-crt-process-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  66f4e530a19ed2f6862b5ce946437875
- SHA1
  
  016bfa4eafb407e43abdcd9582dbca7dcf85d3de
- SHA256
  
  542a22540cdb7df46d957a0208d50507916f7c737bea833931239d56ebe8d68c
- SHA512
  
  2653b2118f4db250850dcefd3536e0fd2bc55e9774376b51e586658e4e5d79a35cb425ebe0a8391124997e24c8aaa84bac799162a31446ef47db667a4a3f0eb9
- SSDEEP
  
  384:W3KAWfhWk+Y3DGk8ZpH3GCJErW25tL+Y3DGURRQ8JN77hhGz:fDDGkiRBEy4BDG43hgz
Score

1^/10
behavioral24
- Target
  
  infected/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10

discovery
behavioral25
- Target
  
  infected/msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10

discovery
behavioral26
- Target
  
  infected/nvdisps.dll
- Size
  
  11.1MB
- MD5
  
  da3e5ecda1487fdbcc6d7db314815696
- SHA1
  
  b2775d5a94a2af489590e1544dbff7176c39d389
- SHA256
  
  77173b4b61b59eca507ca3ece87a77a87e4e77a48dd162ba813d61cb0513421d
- SHA512
  
  cb3a14dbb15fad5bee97f3ec2236c7946778b1c884b38086026029f1bbbf20648e420bd829a82b8796f420ee50a5ef896bdc9aaccc67b82ac4e89eb67294c656
- SSDEEP
  
  98304:XNTNmlyn5aaKgwF2MxtrjgEe2eVivataUN3Dumf/S+CJ4RoLERm6iVv/lraqXtxG:XNT8lxjVWiCwUN3d/RbCv/9tx/KLce3
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral27
- Target
  
  infected/nvdispsr.dll
- Size
  
  11.0MB
- MD5
  
  d74d7dca89d97bc912a376a5c34172b1
- SHA1
  
  6420073ab703884dbacd499c1b7174f858e2068c
- SHA256
  
  0681d4e92b84d238b3e3fb118b0a359be1aba83528b94f7fde2d9101d8163417
- SHA512
  
  3e4a308794b05b9eb99902367ed8916a590316261175b02dd35007fabd900d715625e48aa0d5b5518f02550b0b678eb7ef83dc96f68632d93d21378351d82f2c
- SSDEEP
  
  98304:0lRaeidue2eFivataUN3Demf/S+CJ4RoLEROyiev/lraqXtx/SzLce3hNc:+CliCwUN3d/Rb5v/9tx/KLce3hNc
Score

1^/10
behavioral28
- Target
  
  infected/nvptxJitCompiler32.dll
- Size
  
  16.6MB
- MD5
  
  3ea5205d6831ddc3670ab8eeacb853f5
- SHA1
  
  dadb303e031089535ea01c8a10d89c1033a5d7a4
- SHA256
  
  caa6ae6c505e54875761443171c229ed367b2e51e448a9034b81be062b961847
- SHA512
  
  5e7118d3db968d30f7020fb5a3e4373acd1572eb7736f55229d1aba836e43b755cff2d78e7bd22daebec5a53bbcf7eaf00a0a5d233bc6679c36675a03bc1b36b
- SSDEEP
  
  196608:LeXcR+Vei+lHBfL90NUIE4/pp1D84she84lt7Hpml9DCqIsXC:Q5+7j9SG4lw4HDltLknc
Score

3^/10

discovery
behavioral29
- Target
  
  infected/trading_api64.dll
- Size
  
  282KB
- MD5
  
  2bca4e2c047ec969cb3cff277e7fc184
- SHA1
  
  c4b5b00b605e59c6fdcb6731f2e53069506e287a
- SHA256
  
  f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69
- SHA512
  
  3819178ec650298157b1d67317e0895cb92709b106d0d8525921e341eba5e960f42434e010066bb405f1ba1619adff1a645ede58e16c4b2d88df2c90611a6cb5
- SSDEEP
  
  6144:Aa0EKzmilQBrUssevOkHcAxilMrCynC0bcLd1x:B0EZbr3se1SynC9x
Score

1^/10
behavioral30
- Target
  
  infected/tradingnetworkingsockets.dll
- Size
  
  4.1MB
- MD5
  
  3cf26ce759c5e261fe3ecc6451b8b08e
- SHA1
  
  b5da110034fe394a4020367404534903764473fe
- SHA256
  
  fc4a65ff603bf1f4bfe323de1866145ae1e006aa656799fd134dfa63d92d47c1
- SHA512
  
  e7b543483f38bb6338490b5c8f5da6f95e0d78b45f2b26d898cc3b58cf7c359952bfe413414cb6cd1532c3c6fd7a860026b2bec7b6d0ddfbee9a1385a62e14f2
- SSDEEP
  
  49152:kGtlqhcIU6ilVwASObX9F+LWDumqrJjAZVT4kmrqEUAYVxkG3q+XRQsmqkALD4z4:M+dl7+8z1mqkA8lv0bH1bBGZZs
Score

1^/10
behavioral31

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31