General
-
Target
GKOJFKHLEKIGHIKAFCPJKIKLFBNLMEIO_1_230_678_0.crx
-
Size
2.1MB
-
Sample
241108-k2ghsazcqb
-
MD5
d737a08da9c41cfad18e56a0a3d86ad3
-
SHA1
d097f4a35eee961617d129a2acb0cad80d384f99
-
SHA256
364c3d70f3abb91efb1559952cba473f2563e6593841527c6aadf900f148b85d
-
SHA512
37e4bca4726a8c0946cb9877be5367e8a9ee94f6d914d9c055042f5d75b37c55114d26c7e6be83feec309213a1e7617ed1607b0e1f72a11c520467136f7e3e38
-
SSDEEP
49152:ts9U63bTB/EjN+EzFf5N1gQWjCMTX93FMYhfTtvUG/GsSpL:t+BsIkXnoTXMYBtN/Gt
Malware Config
Targets
-
-
Target
js/535.bundle.js
-
Size
10KB
-
MD5
6c2a1d858e695d66e8c447d94d4f9c22
-
SHA1
24edcbf949ea11ed1fe49b5018c0f3fd0fec6b9b
-
SHA256
64ec96d539f87798645dfd9454b78685112ed12b35a7a323ce0c312ab8403d8f
-
SHA512
28579ca55f9dfa9054fca41b6bafd0c26747478fb6acdcc1eaa5dc01725e678e0ddebc3adc323f4786d63a1e21b8f0145f33b048469fb5837a7b25d7481e14cb
-
SSDEEP
192:Xa6SqCFbkqjzW8mD0/FnIaZRdJXl9AkWg+Y2eqtUw/5a6+O3jWF+MI8NosoDwj0v:Xa6SJkqjS8mD0/Fn3zdRl9LWg+Y2eqtb
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
js/75.bundle.js
-
Size
370KB
-
MD5
7e30509e9652b8086b0b39d9b09a13e5
-
SHA1
350e23d340009f878b08b300bcdbcad5210f3f0f
-
SHA256
01167a89dce287131fb8f74367e93c9253ba433abf931d9d793be19704b79d40
-
SHA512
948df523a47614cdf05d1e8b207afc754d734c065541c08c4644b3724022e6b46dbd2fd8b603fc6b83a9eb71811ec0ec282432fcb9de57ff23284c9e63d68f95
-
SSDEEP
6144:HouDvDBSr2fHOPE2uQ7RYgpsvQYXy8xMnwFkq6IVoOI2gp:IuDvDBZfHOPE2ZRY6svQYXy8xMnwTnVq
Score3/10 -
-
-
Target
js/968.bundle.js
-
Size
999KB
-
MD5
4bfd982f50eb442fd41ac56fee85bcd5
-
SHA1
ee3d4ac6f337c6bc15708acb8aa244ae20c759bb
-
SHA256
8244d573b51eaa9bb042f377d38ecdc92d136ea93613ed41ad7a4fd4b545171f
-
SHA512
6b2cff16730ac4de5ed9fba51448a9af3c2f0a48b7db68637e5cbd9b815fabe79d83d738ff80627c323d65caf35e72af6c6f0bab34dc844a51b775f861eddf10
-
SSDEEP
6144:pcBOkWs4j1i5MvS3zBJF4Hubva6kQKy1JdCtmfariOhpdoUdUCnoZrU24XtOqFQM:SnWs91ariOaU24XtOqV
Score3/10 -
-
-
Target
js/bext/pub/pre_loader.js
-
Size
6KB
-
MD5
e7ebff9dc24f776596f8623f5f56d8cf
-
SHA1
0b8f936c954ec396ef75e79246b3776894108026
-
SHA256
a9ca150113ad3700d435b5f3a49f117e3e68629fc5cdda03e749eea69e934fd3
-
SHA512
9914bb7dee8dfd588bb69254a117f1c087a4e3e25a8364a89083c7016481a47a11d9cdf06fa8c94c920ef7929705b4b733d6dab549d79bd59309b25aafc101ad
-
SSDEEP
192:1gQsDnxO0kgjQ4DeAVvfEiQHnifvbAvPn7I:wnxO0dfMI
Score3/10 -
-
-
Target
js/bext/vpn/bg/cs_hola.js
-
Size
2KB
-
MD5
653d689731a672e312d541c4b1edb4ae
-
SHA1
f378e7241a1c5abcd9312e1d6f38d5a916726203
-
SHA256
95c3bfc22c2f964fe26ff1f3d626024971ddc9cbbd036113e763198b287dd8ea
-
SHA512
b26bceb8bf4c12d2c00e51bb18e3ed1a96aa24dead9230fda4e026070d39b76e64661ea7a274d16f93ab631f71ab15e8e8058c5e41e5d3c7d6b018018fc66207
Score3/10 -
-
-
Target
js/bext/vpn/ui/login_done.js
-
Size
268B
-
MD5
c44920467d9e6bc1895613e7bdb76458
-
SHA1
b586decfaf41986c0b04da52f19d3052fa355713
-
SHA256
414b988d2d92305fb1e40f5496ac611f157b83636fbcd55494e3a05c922db0c1
-
SHA512
15de954096541ea8b2b91baa7deae4622d7c85372c75ebf2f1360136253324c1f4f809dc683b1c4f77b6f165697cf3c9897e6b1c93cc21d033674068caf65462
Score3/10 -
-
-
Target
js/bg.824.bundle.js
-
Size
53KB
-
MD5
ce8846dc8b288c6de86b11352c692e0a
-
SHA1
23afe89189ee0cc55b7dcf0a30fca51d1953db6c
-
SHA256
520099afa11627264d73694a34168c6f4c74d5bbd1f5bbc096d3e6c67b66404b
-
SHA512
ced51c2b3c848e924f8a1c2fe310590f36e4bda2c76d31d80b815b5deb82c0ceccd9be1e72e0450983272f4d626bad5b4196a597a0c7633193872d3555e23a2c
-
SSDEEP
1536:+Kp4koQ0GKNgV1omzCkW04lh8xMI8f4+6hzg7U/:JpykW1D8xMnf4hq7M
Score3/10 -
-
-
Target
js/bg.881.bundle.js
-
Size
5KB
-
MD5
c705077309525cbf211f77ac9c300f75
-
SHA1
d96cee63dda2dba7248effa79f7cd9cecf7e93b5
-
SHA256
0ebc2c57317634c79a0c86748ae96c776b9962f59c19d50e848f820e279b8e43
-
SHA512
9151887bab66b9d6dcf2537ef3b350aec2e802eea70fc4702454790e33c86e645f31fcc4519ef665592f762098573f54f011810a07debfa3f39de29e022210c3
-
SSDEEP
96:ih6Il0EW7/lbmGmkXfs2C9w6FiKAbuGYrbMNl8CPUPhz1MibIMh:ifwIV2C9waoxMh
Score3/10 -
-
-
Target
js/bg.bg.bundle.js
-
Size
1.2MB
-
MD5
e73a505c277281e2f0f6c2afd87b0f9a
-
SHA1
1a48129d72df3a68e964d05e712e326c23ef0c97
-
SHA256
05aaa8189bd4872e7effbcf346c4c99db1d58f711ff0ef2ddf05290ced678aff
-
SHA512
fba4c4c1fa486af11e9e9ed83bdfcc8d1232e5b98dce54e8f8d18f738b4be7c59c452fcb6276f3419f6120828406c7285cf6d99f98547df9795c2bec5fb9024b
-
SSDEEP
24576:YJYSYLuDvDBDaj8ZfHOSQZXjqp/6hOc/0uPlgHAzHE2kWyrDQYXH:YJYSYLuDvDBDaj8ZfHOSQZXjqp/6hOce
Score3/10 -
-
-
Target
js/bg.conf.bundle.js
-
Size
2KB
-
MD5
5d39d15ad07ded4af09d712eb4205ee8
-
SHA1
e86a53c3f1b351d6f8a11e87d88e0717ac1e39e7
-
SHA256
e784b2d6a970d489d66004ace72498ce1a22e8ec892bd7bbe39925e63ab14fb8
-
SHA512
2410ecd01ccb825a9a431ce15eee229b6c3d05b4c158d85be3b004bbc52b0289929a8572da4f649a20d265dc71d7e1390013683a2f903b62a77467da53c49057
Score3/10 -
-
-
Target
js/bg.html
-
Size
154B
-
MD5
3e1d1b6d7b0c2ea84a0ea2edb1b9cb97
-
SHA1
829578cd7b6f5496f1064c009975939cc9fd078e
-
SHA256
f892d477c59e4c31d35b2200bb5dfd2648a085c7fbf2e9b8fca45a87f79b7317
-
SHA512
a6bd1134406e13ae4588752c3f63036b0cbc428d4174714bfa68ceda5f6e42306a4c858d97564f4d9e78e4c9ff7b59219f2037a1568111bf9e776a67ee739a1b
Score4/10 -
-
-
Target
js/bg.vendors.bundle.js
-
Size
137KB
-
MD5
c2287b4e31867d3bf54ec4c2e29e47ed
-
SHA1
db03fb12e7d43acb21f236655150fb7306f80f2a
-
SHA256
cb39cbb7169b420d0ee163ee16231506c3d61afbe5ddfa1710b9592cebed6ef6
-
SHA512
54aea0906507c405053e7d996459f66563eebcab092edac1ab46d9c096466caaad3965b8ec66363655387c8d4649e25846c1829df5b39358a6ae82b7e25f7698
-
SSDEEP
1536:Que+aRUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKs0:WzHNwcv9VBQpLl88SMBQ47GKItcnX
Score3/10 -
-
-
Target
js/conf.bundle.js
-
Size
2KB
-
MD5
5d39d15ad07ded4af09d712eb4205ee8
-
SHA1
e86a53c3f1b351d6f8a11e87d88e0717ac1e39e7
-
SHA256
e784b2d6a970d489d66004ace72498ce1a22e8ec892bd7bbe39925e63ab14fb8
-
SHA512
2410ecd01ccb825a9a431ce15eee229b6c3d05b4c158d85be3b004bbc52b0289929a8572da4f649a20d265dc71d7e1390013683a2f903b62a77467da53c49057
Score3/10 -
-
-
Target
js/locales.bundle.js
-
Size
453KB
-
MD5
cbe8072698dc2d32efbd2d658febc095
-
SHA1
fb29a9f019601b322512ff04cf9b33cfa7d29b97
-
SHA256
5e9bda8587333b88c18f1a9fc19014e3f307d631eef4f03486930c97ef5f6a8d
-
SHA512
0afe1d4f78ced22a1f57e4a21c236c78e5568a207a2e83372bd9898b83cf1a214bd769eaa2579765f47f733b8b39d6d53530b9d457d020789fbff34ed4cd0d96
-
SSDEEP
6144:n0Od8i9bFYOrhfDeBTFPN/u7lcRr4jJf4T/ZJROD/qcy5httXZW:0OdR9bdrhfURr7CLvy5dZW
Score3/10 -
-
-
Target
js/login_done.html
-
Size
102B
-
MD5
65db0a37183af6e0fbc04cb477446536
-
SHA1
9456640f8fbe6ffbec557fb5a071577e82516e81
-
SHA256
0d6b751a92a2fefa56b425d6fb76748d51c1693b9a437cd1081cc9378cd65219
-
SHA512
b759299f514beec7656286dbb8828d9c12fac90642137434f1ffcfd4a62d1546ba379e4807a403a94dba2d279f6a7b9746d5c3bff808993478d08a0ebecdc1c1
Score4/10 -
-
-
Target
js/mitm.bundle.js
-
Size
6KB
-
MD5
40ef1b79660b3e412da225548ac4d3bb
-
SHA1
ecbb3a65282bd8756cb945e57d6c9032ef751b95
-
SHA256
44be2d0b9e5b80450b23e6316ed160a816b591fb57057cf29a6422d12aad1319
-
SHA512
fb9feda717e05c34f69356c03aaaaf6bd2e524c5440142fb7f54413f035dc7fafd24064063c1a4c3caf62e792b80203a478b68c7f00cf82de0b6d180daafd234
-
SSDEEP
192:AsK996cNmdYAPqHxMUbKGKOQz/46YwjaFAE:AsK9QcQdYAyMUbKGKOQz/4qY
Score3/10 -
-
-
Target
js/mitm.html
-
Size
300B
-
MD5
46ebd2c9382e9015f8e6d9d3cfe1cb62
-
SHA1
32e17db9108e78f954f0206be9012b6698d24cfb
-
SHA256
0effa00e917e50d7917fd379fe40396054e051e2989b2adbb91f29cd848e2b8d
-
SHA512
a06beaecb8a3e8e37c320c96a9e5d2e8188d14fd94c414433fbecccebf2ab3770b5b3f4a09398dd6945fe80b46b4b2ffc98c82df6699eb96ade7d857b87575f2
Score4/10 -
-
-
Target
js/popup.html
-
Size
300B
-
MD5
d59f71b5ce4d7195cc140efee0b51344
-
SHA1
8365a947e081f8a93036d00cc6d625ac4ba6b1ad
-
SHA256
29443be50948be320ff34d18e2384f0017c75e966ddbd7a4fad15252982eec65
-
SHA512
32a9d480e18936259d4b0dd328f398c89b3161c8fd0e744760927efedffa42ac8b9f998bc4846f78a9b1a3c8ac1ea05150180b2a7f0f5248b35e13db255aa635
Score4/10 -
-
-
Target
js/ui.bundle.js
-
Size
7KB
-
MD5
b8cd029397c319f074e6c3c0fb49f693
-
SHA1
d4834dcfcd27bbf36af6ee355951ce2ed7dfec18
-
SHA256
55f6f6a10896fc91680aff09061af8d433db4a866ed67e2ec2cb93666dd1c478
-
SHA512
dcf1517e16ae193463e20ed932d6797c0404ec91a40ea97f6358e30d3b40a2d1a6fa74b6c3a0907cc39b8531fa0375ebf46f1287b4b870aef6799341497a3557
-
SSDEEP
192:AIK996cNmdYAPqHxMjbKGKOQz/46Yw4qbijLS/GLXAVgBc/:AIK9QcQdYAyMjbKGKOQz/4q4TLYGLXsj
Score3/10 -
-
-
Target
js/vendors.bundle.js
-
Size
696KB
-
MD5
efa18390a8f817e3a2bf395bee4154fb
-
SHA1
74d657102b7fe979f705242ba82b1795cdbb85ad
-
SHA256
8292ca71643020365ae075d544eb2c9feadbea1290ddfcb970ba57d1752973c3
-
SHA512
15e7e46b8c323c6c6d5298819596aba1709a28cb500f953ff8ecaef0a1b089ace2c2e61e2a20799787e7945ebee9d28a518dc4e85dcb74694d6371913d917254
-
SSDEEP
6144:xt7ArnKjum2yvPSIoPa2/Ld0lx6Gms30UKtovOaLAwD5epgn3uqwVd566e+:xBATKj+zdyx6431OaLX5ag3uqwL5I+
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1