Overview
overview
10Static
static
3Croatian.ini
windows11-21h2-x64
3Readme.txt
windows11-21h2-x64
3Unlock_Too....6.exe
windows11-21h2-x64
10langs/H_Hayat_x64.dll
windows11-21h2-x64
7langs/Qt5GuiVBox.dll
windows11-21h2-x64
1langs/Secu...on.dll
windows11-21h2-x64
1langs/VBox...86.dll
windows11-21h2-x64
3langs/VBox...86.dll
windows11-21h2-x64
3langs/winmm.dll
windows11-21h2-x64
5lesseeVari...es.dll
windows11-21h2-x64
1lesseeVari...er.wsf
windows11-21h2-x64
1lesseeVari...ud.xml
windows11-21h2-x64
1locales/re...le.xml
windows11-21h2-x64
1locales/re...le.xml
windows11-21h2-x64
1locales/re...le.xml
windows11-21h2-x64
1locales/re...le.xml
windows11-21h2-x64
1locales/re...le.xml
windows11-21h2-x64
1locales/re...le.xml
windows11-21h2-x64
1locales/re...le.xml
windows11-21h2-x64
1locales/re...le.xml
windows11-21h2-x64
1locales/x86/ACE.dll
windows11-21h2-x64
3locales/x86/AGM.dll
windows11-21h2-x64
3locales/x86/AIDE.dll
windows11-21h2-x64
3locales/x8...MP.dll
windows11-21h2-x64
3locales/x86/BIB.dll
windows11-21h2-x64
3locales/x8...pe.dll
windows11-21h2-x64
3locales/x8...ib.dll
windows11-21h2-x64
3locales/x86/app.dll
windows11-21h2-x64
1locales/x8...cc.dll
windows11-21h2-x64
1locales/x8...gs.dll
windows11-21h2-x64
1locales/x8...67.msi
windows11-21h2-x64
6locales/x8...67.msi
windows11-21h2-x64
6General
-
Target
Unlock_Tool.zip
-
Size
49.7MB
-
Sample
241110-jacj3ssdlr
-
MD5
b94ff5c9d88bb94471136eb639a64420
-
SHA1
c2b2053f395f50a82503b084af65e8e803efabc9
-
SHA256
1f7746f66fe34a60c699d206480985db98616fa0c5bb990db70d808efe0ffd22
-
SHA512
cea383399d2d2b94e50e92948faf3d5403100edd76d17b108ba06e7560834cee6d73924df581e47fd8f55b82bff2c45fe2fa2685d64c9ceec28698ae41bb7c96
-
SSDEEP
1572864:6aM2esxP+a3sRkaLwu/0WBJAZ229eBddBe7EDfNMAO:VMna8Pwa0m222Sd26vO
Static task
static1
Behavioral task
behavioral1
Sample
Croatian.ini
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Readme.txt
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
Unlock_Tool_v2.5.6.exe
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
langs/H_Hayat_x64.dll
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
langs/Qt5GuiVBox.dll
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
langs/Security-Common.dll
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
langs/VBoxClient-x86.dll
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
langs/VBoxProxyStub-x86.dll
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
langs/winmm.dll
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
lesseeVariant/modules.dll
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
lesseeVariant/scavageSextos/muncher.wsf
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
lesseeVariant/scavageSextos/raphanyNoveletCreatin/becivetLadakhiUncloud.xml
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
locales/resources/Data/Managed/UnityEngine.AIModule.xml
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
locales/resources/Data/Managed/UnityEngine.ARModule.xml
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
locales/resources/Data/Managed/UnityEngine.AccessibilityModule.xml
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
locales/resources/Data/Managed/UnityEngine.AnimationModule.xml
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
locales/resources/Data/Managed/UnityEngine.AssetBundleModule.xml
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
locales/resources/Data/Managed/UnityEngine.AudioModule.xml
Resource
win11-20241007-en
Behavioral task
behavioral19
Sample
locales/resources/Data/Managed/UnityEngine.BaselibModule.xml
Resource
win11-20241023-en
Behavioral task
behavioral20
Sample
locales/resources/Data/Managed/UnityEngine.IMGUIModule.xml
Resource
win11-20241007-en
Behavioral task
behavioral21
Sample
locales/x86/ACE.dll
Resource
win11-20241007-en
Behavioral task
behavioral22
Sample
locales/x86/AGM.dll
Resource
win11-20241007-en
Behavioral task
behavioral23
Sample
locales/x86/AIDE.dll
Resource
win11-20241007-en
Behavioral task
behavioral24
Sample
locales/x86/AdobeXMP.dll
Resource
win11-20241007-en
Behavioral task
behavioral25
Sample
locales/x86/BIB.dll
Resource
win11-20241007-en
Behavioral task
behavioral26
Sample
locales/x86/CoolType.dll
Resource
win11-20241023-en
Behavioral task
behavioral27
Sample
locales/x86/JP2KLib.dll
Resource
win11-20241007-en
Behavioral task
behavioral28
Sample
locales/x86/app.dll
Resource
win11-20241007-en
Behavioral task
behavioral29
Sample
locales/x86/ccme_ecc.dll
Resource
win11-20241007-en
Behavioral task
behavioral30
Sample
locales/x86/configs.dll
Resource
win11-20241007-en
Behavioral task
behavioral31
Sample
locales/x86/icucnv67.msi
Resource
win11-20241007-en
Behavioral task
behavioral32
Sample
locales/x86/icudt67.msi
Resource
win11-20241007-en
Malware Config
Extracted
vidar
https://t.me/gos90t
https://steamcommunity.com/profiles/76561199800374635
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Targets
-
-
Target
Croatian.ini
-
Size
105KB
-
MD5
8477123868f12632d652c6da5df683c2
-
SHA1
23dbeba17e366e1bb5e7d7be156a9be309c9555d
-
SHA256
5bf2b70edb78073f3ce4fe6d809a3a25c982cb2840b8ebaf4367ebc42f16bd3e
-
SHA512
b785f8d680f22211c01cfa59cdf86f1bfdeca0446c1c26fc2c144e3018773d22e4050c95cd513d60df9b226df31dc504b5059db168977b3949dbcc428a7ff30d
-
SSDEEP
768:w0VnpiuM0pY1HIlw1VoIGRweBLUab7Fno8wBtA1yR4IY52t9RM8wE4c+Tyb3TRr2:VdpiuM0pY1olaEZLUYg4c+7wvO60ll
Score3/10 -
-
-
Target
Readme.txt
-
Size
105B
-
MD5
dc725c7d51887c1b081bca0d6a7571fa
-
SHA1
88134d6eccf7b128d20d6c77973e708b78df675f
-
SHA256
365e3615f862ac76420f2aa4665be1960f354d01a4715f2c70218a5f80b27cc8
-
SHA512
26ae4bb368c69167334722841af8d62e3b3965cc6d25efa683df58857d7a03de10de37c4f22205eadb826f504cc7ffe81337b6f5f958925d84be4920a163f7b5
Score3/10 -
-
-
Target
Unlock_Tool_v2.5.6.exe
-
Size
1.1MB
-
MD5
b067c29195a13494802f2eab3a9106d3
-
SHA1
adca61f35491b5eb7d85daaa917f96d666e9d612
-
SHA256
40592e02eec664b6c7358d2c44eaf1b019ff171755a9b824f0cf180e4f4251c9
-
SHA512
5c49e56265ce8df8b89b783d8d1e5468abf50348376fabe290e00d766c9e1d72f05c46b78fec6506f3e55ebe7f19b3afe8381cf91de036aa200f124f9eb902ea
-
SSDEEP
24576:YwpOrt477q5ltoeMyOxVBQAFMs0Se2gcxKXLMA1n7g0tuTgC46Wwr7v:YwP7mleBxVBQAF10l2gcxK72gd3u
Score10/10-
Detect Vidar Stealer
-
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
langs/H_Hayat_x64.dll
-
Size
111KB
-
MD5
1f39f078d03461a104336c68c8927505
-
SHA1
d54117a64c1d69399c2b978804971b2819ffeb8e
-
SHA256
5ed02b75802ee6bba47dd1c0064732329f98c0a3dce76ae4317bf398d5122f44
-
SHA512
f94797dbebbaa73310253ae3e573c6aa06717a9f832281363f6ac5dce47c2a6311eeb83bcf98db85f0c7205f6039196f575f61a9d6a3ed7ddba48bc2f5f1b725
-
SSDEEP
3072:Z0MRxLQXSljMSGVUjSFgWvNdta5PCpBXgiMtISY1ViH4X:BkSlITUjSFg/Pgp1XX
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
langs/Qt5GuiVBox.dll
-
Size
6.5MB
-
MD5
fdb292453760d9bc3cdd0b54013c6a99
-
SHA1
30d27da6ec867ed2b8a53384ac947b812d9d7cbd
-
SHA256
86f6a04fe611ca402d3c4841561f5b396ce61f0212bb6da58c7274532e2cfd14
-
SHA512
eca792cc814c0d072ecb866da4a5ac41629758c91faac4cf3f5947191899919c72a1462ce97bc49382afef44780302f7ac3fb2052cfe0cdc8d2a3f390a870c66
-
SSDEEP
49152:onEioloxnujFw81clK7uqtfMxzWHIbi/CCwjxpE4RFzwToN2BM7PV1HbSTiBAym2:OEiEZEqeHX/RFKociJYtl8vsOM04bm
Score1/10 -
-
-
Target
langs/Security-Common.dll
-
Size
1.2MB
-
MD5
c5c4d6351af07abbaece1a4aa03c21fc
-
SHA1
0c08ff968aa41a5cc5ac5c70bc98448d8a7d9b2e
-
SHA256
3054976f132dda71b964b9303757078bfb75e94f19a2d2100180b86a8263384c
-
SHA512
6283ddb41619cca6ce6389896b045307feb3051c9e0065fc0f68c02e9e88007e4b8e967afbb873cbc02682eca76988aeba5defc9cd696ea58daa3984b1ba0238
-
SSDEEP
12288:c2SL/WMO8k65sFAkOLCjpN/BYP2jJHs9T/+WWUOOnDPgXz3On6LXfu0ztGtdBBEE:ch7dk65IDBFO9T/dnDPV51X
Score1/10 -
-
-
Target
langs/VBoxClient-x86.dll
-
Size
669KB
-
MD5
8499bcb782e639b57abb8b503d410eb8
-
SHA1
a4e3363a30c02fe999eedfed50a8dd200f4c46c9
-
SHA256
84b47308abc293515fa8b682d7ede3a53fed426a7073cfec466bcde681da715f
-
SHA512
344132b5148ce38174230efb51b0aaa85709bbe2f34c09ff47e9390324ee1139423717cc461e7f276db80fcb86a0509ca92cd84a18b7657d3da65c8fe427fc39
-
SSDEEP
12288:BfWBgRdNVSnkjiLSRHhWsfl4GhW0TAZoq:BfWBgRdNUnkHWsfl4Gg0ED
Score3/10 -
-
-
Target
langs/VBoxProxyStub-x86.dll
-
Size
666KB
-
MD5
6d3c7d2e108cbb7b5389f51ff68bcb9a
-
SHA1
e47006dbd81b0ad005dfe95339bb54ac59b20f47
-
SHA256
53ed3512437fbeb4277c24790ce67db048f81b60c3669765541495ef88056b88
-
SHA512
0b69c294c32beff25e91ccfc5fd3b26ff76e8a92b81b3f69fc0065ae6c8d8a676039303cc5195bff1d71735a1af97f920ed1a9911bcbcd27a7532f7539605fdf
-
SSDEEP
6144:HzhEDInt1CqI2HVP5CkxQ+1QYCQkdJvdkjiLSRen4QI2QjWsfl4GZrWJ6TPRcoLZ:H1EPCSnkjiLSRHhWsfl4GhW0T+eZ
Score3/10 -
-
-
Target
langs/winmm.dll
-
Size
4.0MB
-
MD5
11f756e2fa97d0fb46c2875b11dfde52
-
SHA1
e0301b76305ae22fbcb043a85871d2f7604c35ac
-
SHA256
3c0bd30009f4c97bb96742dbb873efc062a111bf6f4a39b808471310628bb42d
-
SHA512
b9a1c54225871089ae13a87da0e5e3e6f58be054dc2a9018a070e9b950e69abe97dca512d1258c94827b2e192bb6f5dbb1684219247604cd9fa94bf167bc2ca3
-
SSDEEP
98304:NJ06y8mfFEHhjaZ1m4OiPUDx9oEZmEu/5mGFY/3FP8:zKtIhjq1m4HPUDrEX/Q1/3+
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
lesseeVariant/modules.dll
-
Size
907KB
-
MD5
dc05f0b8f1a32e872721d3486e6332b8
-
SHA1
dbf055b0f934640fadcfaa93971fead8df7a3869
-
SHA256
37ec5f998a5c376d4fcd4342b43a4163d1f043e0f7711e46677cd30013882723
-
SHA512
0f89d713237ef11a1ef8d824ad9767bb13fb4f5f334acdd65af0ba6e54cec4a910398636683254b3fe4d46a069a1781187313684ff827a907b8b968134f6efa0
-
SSDEEP
24576:z0OY4ZFajHYDTR2yfVbf+c6Z5WODYsHh6g3P0zAk75:z0CZFaj4HR2yfVbd6Z5WODYsHh6g3P03
Score1/10 -
-
-
Target
lesseeVariant/scavageSextos/muncher.xml
-
Size
72KB
-
MD5
a57066ca589a62d0b64f3de21ced7c4d
-
SHA1
aa132ad7ef5b9e8ba34e406e08c59a79eae4bcc5
-
SHA256
9d7262468fc228355e1c5cc403ebc4265cdd1af71741c9241ce22c371c8b2cad
-
SHA512
f6648a1f23b2a4558f5cea3e5a80999bbcd0ea5a39e2af3ca8e25b01f0df05268859fec20c72e8caf8666b91c5fb681ae47174d490513673da51b0012a08ad6a
-
SSDEEP
1536:8Xk1VJPp62bTFKMM3gir3SoyE1ruuIbjulkAifuTY:8XQfPEiT0Marhr1ruBj6kxuTY
Score1/10 -
-
-
Target
lesseeVariant/scavageSextos/raphanyNoveletCreatin/becivetLadakhiUncloud.xml
-
Size
68KB
-
MD5
fd9b1827a875fac623a9ac397efd2373
-
SHA1
4f8b83c8a94c24099f788965424baaa4f89ac330
-
SHA256
f71244dda7ebba392aba8b65dd4f7f919bc1fb15a0551b2e0ee26a644c413afa
-
SHA512
bfd078002624d52f195e4ac55a95f8ebabc978bc573b027c6d2d047a44d1b87470edcdd2b8a7abf4de50effb4d9a12b18cdbe526f72cf2d149ff8dcdac239946
-
SSDEEP
1536:oVlsnyEXyUrFB4ip61lLn57usUEh86WxnZmrwC7U5:oAnyEXyuYipilLnJusUdfnZcwC7U5
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.AIModule.xml
-
Size
78KB
-
MD5
ab129fa4d0a2e273c965b3555797e15c
-
SHA1
6b02a5532b9c5910ddb653649482102223df70fd
-
SHA256
b4739b823bb5e399271f449b5f960ba6217ca8727ee5cd995752b411286d42c0
-
SHA512
5b6e018394d139c6f64abbae8e6cf4529ea23632f3454995b3716e2ff1c3998665a05a834a7d7c9893c4c92b988dc2b25e3f8d2d361b9c7bf0f055dfa5c44f2d
-
SSDEEP
768:xFOQWFcCaa7AgLrC8NWs2fMdo2Ajd5Ne4qlSu5OOZDQc0bItVBaBEGPa6//H:yQFq7Nu2Ajd5NeIOZkc0bIOH
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.ARModule.xml
-
Size
2KB
-
MD5
5d1c9e3e706c5bea31fa40aedbf50529
-
SHA1
6978d0063822e3af21de70d36ce3b5c110c2b6c4
-
SHA256
87154021308c172fab924032bde59964abd961bea2f2d2146ba52adc1b31b4bf
-
SHA512
8fbad4241396cbbed421e5d9bda4d4f6fa475632363e46f766cbed0eb97c7390503a7e5ad82d74ed01a7674d220605be208f1f63d1b57cd9238924dd1421cf6e
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.AccessibilityModule.xml
-
Size
1KB
-
MD5
a35a08dd53944ed62dd0924e898b6e17
-
SHA1
4a67a771417d2514a0c5dc54c5f34a50019479bb
-
SHA256
513410936cda036e9e9d79fb1b06ffaac2c426f36df33a993cd490e4c704260a
-
SHA512
b5e0cb7e543460184e70389ebb9c3255e7a3896e35cdd98ae6a239bc86add5b1426b99c24b0d3f04c87e939e5205750b3ac6db3eec9bb701e3b2699a0f8be481
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.AnimationModule.xml
-
Size
209KB
-
MD5
2f2e21e4f4ecd9c21c1e118f88939625
-
SHA1
ade938b063ef9dd51a895a413e12a2660c0737e8
-
SHA256
5eec8b00cd98c832368d8028b400ad454e232c3cdd51a195ffab52374fb40026
-
SHA512
13551fd75e5d539d183c9f28ccf614f0fa6f4fbed04b78ade1bbe2403683e699b19e1d92631f4efe9625623e45bc138cb3521f2749700159eaaab83b29fb64db
-
SSDEEP
6144:2RSeNpGG3+3E52NMPZwXRwfcwOZJe+OFa3Fftw4TGiN8+x:2YHR
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.AssetBundleModule.xml
-
Size
14KB
-
MD5
6c183af7ed14091d34816fad859b43ce
-
SHA1
9e96e7668425f660ba4896a7a400a5bdd6322de1
-
SHA256
423d1cdd09ebea909a2bb618cfe5141ec682ba99af93996e64cc3fe8463298e9
-
SHA512
ef19c7ef85930bc8af51158a773f0987518eb8f882068f73cebb40aade8fb54af2dc335cec6062cdd4f4dcee52f441556a0d6da59efea93184380daca8215fd7
-
SSDEEP
192:n8/y0/GNE+8dLawoB2MoV6hRw9EXj9EXSD9Eg99dM99hR9YUcR9TyVU3rSTtn:ny9Ez9EI9Eg99W99hR9OR9BrSTtn
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.AudioModule.xml
-
Size
87KB
-
MD5
3e5be0e356a08388e457c076f1167182
-
SHA1
33ab8625d0c65c9e7aa79aa324da28c0265d2275
-
SHA256
d37f2491407c367ebdb8715589b19fb5f6d5e7e1dc9c3faf60cd1c7fa791a4ea
-
SHA512
9a09b25be789773858c32b3c76a6774c2247a94c32c83672f66a53a005f284ecc3804512ca15831a11436bad9f18e5aa22275b715a6a9214c6493e50bca374c3
-
SSDEEP
1536:qoFP6UotADx3FIuc7gx61A1s1i1s1C0+0m0QlA1lkKYZf:qoFP6UotAF3Tc7j1lkKYZf
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.BaselibModule.xml
-
Size
382B
-
MD5
692edc9bea831f3cc5f5734e3fdfee65
-
SHA1
ce37da517b86b91b2cf33227f2021f58f80bd660
-
SHA256
7c7db59b38006ec8662677fa7e992eccb9d4088603ec23a8754e10ecaa61aea9
-
SHA512
215260c23a0f5d93d1124763b81fa43bfc5999b8f9110c0db2782dd08042b4cfd49d2fbaf9c67df97a1b355e276328745d36067f023ff5f759946ef0309c0a96
Score1/10 -
-
-
Target
locales/resources/Data/Managed/UnityEngine.IMGUIModule.xml
-
Size
283KB
-
MD5
f1b9be29373c77e60b8113ab52412ad6
-
SHA1
22c6d76ef4957a72d4400fb85e628901646259ae
-
SHA256
2a07c70f84c51519799579d61836df06c694c2ed745a1dc1eee8e2cbf26e89ca
-
SHA512
abe8f27328d7256489dffa969415174864aa133aef0e5d82ff3ba6a7ac613e5db2a7bf861e3f92635cf650ad6fd846bcf9eae0aa642e4f8e4bd06e1460fb5209
-
SSDEEP
1536:GsH0404LEQ+rBPDN8HzDREm1ZbAMG4pG4AG4EG42G4pG41HnN+IH0D5euGrTXHcR:h040XPDN8HzDREm1ZbApHnN+QU
Score1/10 -
-
-
Target
locales/x86/ACE.dll
-
Size
1.1MB
-
MD5
d0ae82cdf9911bec3eddda128602af04
-
SHA1
58e167521f2b028d03aeb6c926d34c2c969fa9c6
-
SHA256
f9675304d13efaee32e6b4a3317b64231a59b684532a898d12b4e7ed88518afd
-
SHA512
c1520462a8e02ab09e2a101207e88cf6861b48c32b7c2523047251496479740a84987fb19aba4dc8610abe2c81e5f7dbc80c51b8667f4953e17dda583d27557d
-
SSDEEP
24576:tmGLzPLOXbuKR17zBXE+MXRHRg2yTEg863NzSxoopoo+F:v3jOyY7zB0+MXRHRg2iBrdzSqF
Score3/10 -
-
-
Target
locales/x86/AGM.dll
-
Size
5.8MB
-
MD5
b39b8d45413692ff856e9ba907256c2f
-
SHA1
ab06b594a57b8bbe0f4c4ba80a12129953521667
-
SHA256
ee32f4cbba3a601d57064695a8ed5955e1b9af984110d34504b8d5ebb132c084
-
SHA512
1dcc8bbbc55ac27b0a0b96e28de73338b972e2998bc9c33439c32b721de811b2c9ecf6d7953dfbdfadcbcc0c64f56871d09ae953a449c516578e9e8b3e1df661
-
SSDEEP
98304:lUpuc5sPE5fMZywrovF+rMnV17FVgvhiWaOuBue5SlIN:cuMCEZ3wrovF+a5Z
Score3/10 -
-
-
Target
locales/x86/AIDE.dll
-
Size
2.0MB
-
MD5
ad388ce4c2cc3aaff605994da782d57e
-
SHA1
f43c3f588c77a34e8b81b63247ac1d7657016050
-
SHA256
d3ba1adbfeef8f19e4aa570299c06d39a87dfc5fe3d85946270b722e44dacda7
-
SHA512
f8e8f0fc5d8e01f8afe1aac55d3a301fa0019c6e80099616abf5a41c09aeabd0294e4391ddac170c2cd5bcff0b9e9cb4b559a2eca50a273e398083542065e27b
-
SSDEEP
49152:h50rEANbHm4w0H5QZXjr/nZA9XANcZ4T5lQ:b0rEcbG4w0H5QZTrnZEmlu
Score3/10 -
-
-
Target
locales/x86/AdobeXMP.dll
-
Size
887KB
-
MD5
7c3033588c1a187918cf3fd246069a3f
-
SHA1
2b637a9d37de604ae8e98fcbc73746ccc0402b31
-
SHA256
e958f4ed8272a96e599ff9f0a79331e7b5109104a9d20d3f760c7eb162daf7e0
-
SHA512
80d513d25477081c84af87e8127a02bb332204ad7399ac653a27ca726e446fd25518d36189bf90b10cbf34119d35501e006a2e06dbca5a96dc2348aff6b6fe91
-
SSDEEP
24576:7CaZsdfNjJaN0OdQfLCKVkDavzVi5p5bafAAy4:7ZspNQVQdkahi5zaf5R
Score3/10 -
-
-
Target
locales/x86/BIB.dll
-
Size
119KB
-
MD5
404de37b800b661ebfaa218b20c8c0c6
-
SHA1
2a2416b663ee9d9ec6325d2c70bf05be27a73eac
-
SHA256
ca53407b356fcdea51a6d536447ed6b88ad14c87facf421080d141cae837eedc
-
SHA512
e6d66bcb0da4ca5456dab376385c73a918fc13c4b0ab9a05d2324dbb7a9fcf197d727acfbedb15e55452b916c9afde0ed01b233868a88ae0f34ee01306289430
-
SSDEEP
3072:x9mmiJ1WvqJ7fW7n/WY0EZrZsibdumKr9igRsNpKN02+OzHwn:TkaqJi7M0dO
Score3/10 -
-
-
Target
locales/x86/CoolType.dll
-
Size
3.2MB
-
MD5
6fb9f15b6a1dd1ee9cdb9b4ef290d69e
-
SHA1
c5955655e9b96004a72bbb09aa72996f3ddaa539
-
SHA256
d4a0db913fa555808ce627114fe6e2725970499c70364edbedf47d907d52242d
-
SHA512
24be26d2e0dc3e05f786ce3eee815247261fe99e1bff08e689d71bf68e7d5340e942aaaefd9203569f63c23a5f5cb46c1ff6a2d91f2753fd6d78240fffa7beed
-
SSDEEP
49152:37sVoVC47fsPVTs57ovd2MMg6NYpnd3EQUyfha+P/u6LSXvowU7u9qRXApP4Cqrt:37RCwfsdTk+dlb73ELyfhlf9K4Cqi3
Score3/10 -
-
-
Target
locales/x86/JP2KLib.dll
-
Size
508KB
-
MD5
73c0da5c825e3a2275dbef4f8dae0813
-
SHA1
6f6191867fddf3c284066dd855512198c509d64c
-
SHA256
979851cac4a2a0e394f06ca7139d7402911048b094f550dd9b33d1203ae92862
-
SHA512
aa01cba77cf94d3a4c66ac7169414d4d7f91d8965d312bb46430b766affe0ff93c241a84ad9e1796c08c28fcbc613c9d98cde37b2b4914e801abff6c638a111b
-
SSDEEP
12288:tskp3VH/G2LrUUIGVC3hCDfF5AzO5qkkZalIf+AGzVYu5uRcyef0njWcArh45j:tsK3VH/dlIGAGzqu07ef0qO
Score3/10 -
-
-
Target
locales/x86/app.dll
-
Size
121KB
-
MD5
768a1c4e4fc28a2c8addd11e70f824a4
-
SHA1
b7ed732e19a37fe248d0d7934ceb9944f4e5bcad
-
SHA256
f1d56cdfc9c7761b3fd1cd7dc9dd98c6c0494fc525d970c4d8df1e1b32ccc9be
-
SHA512
4582b50a063f2507fec67ca7749b3405e2f60692094aa510a9bb8778d0ef2b156f6c9837e79dc2a41cf03e92caac721d5052319a96aee184a3db465aa053d5fe
-
SSDEEP
3072:6Ep7lUDfjvMyJfZOG6p/VtW+AtpFrpqpqpvKINZ4F49Sp6gxy:6EXUDfjvpBqttg/93
Score1/10 -
-
-
Target
locales/x86/ccme_ecc.dll
-
Size
548KB
-
MD5
19f2641706952f221d5f1066d064db4d
-
SHA1
84bf37c1bd5cb3f35cd2aa934cd9c17cb2690282
-
SHA256
cd87094bdb78dbff8a593bef3952495414b2256eb75ac2d466da276d17e8bd9f
-
SHA512
155a8d9fe2fe238cbc341cb0f088b5be0b58bc2f0ab70eae488972c0e8cd0e16ae3afef64ab96e0c63f14ac53b2ab167f906e2b94bec7ba87b494121edf5ed67
-
SSDEEP
6144:Ra3lDLZaFal9tiA1GzrTJdln27EEvdABkVJAOlRs5DIcxkjSuo64hTQ0IL0QpC7K:RUlD9aFal94PDlGuBk3Js5DIqjv
Score1/10 -
-
-
Target
locales/x86/configs.dll
-
Size
471KB
-
MD5
ee220e800cb5af38e60f26b51999b105
-
SHA1
194c0891d7a9cec5fd8f4af5e9dd9ef28a967053
-
SHA256
08430abbc4eabd0615f42286038bac373f24ac8fe1117b2e304428bab7e143fd
-
SHA512
b776e9457f5ccf367aecf0816152602c5bfc206322d7e1134a2fd23673d51c4427a4b54fe35f4079c6470c06d2bfadd2b1ef5541dde7ea1f17be842d184978a8
-
SSDEEP
6144:/KK400WTwtX+fGPufBERUtk+Q4kiwoF0YG+L2Wf/xLu6:/5fiufqeBEHgGpY2Wf/dL
Score1/10 -
-
-
Target
locales/x86/icucnv67.dll
-
Size
15KB
-
MD5
c89f7b63c258a2d8b68a4bdaf5bbb2d4
-
SHA1
b1181f70adef2cfc1b884aa4a895984843ca326c
-
SHA256
ee7e175ca56e43932878a617e3a1ac3c005e33ad6964277fea811417ca10d2f2
-
SHA512
39ca6c5ad801795bbaafe1c85719afdd7ced663ac2fb6530130797a40cd4ed7047d33292c5b41601408488cb5ed4926f9e0744d158a44b128bf517e0562d6e47
-
SSDEEP
192:+0NMi7v56dIYiYF8rVs9+qARHk/2WJfsHR9y2sE9jBFL2UzZ9O:+06iuIYiI9yHk/24i/8E9VFL2Ut9
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
locales/x86/icudt67.dll
-
Size
15KB
-
MD5
d73b8ebe06c05cddad49297f668b481e
-
SHA1
44b139944043d4c4c5a33e1782cd8256f3fa70aa
-
SHA256
6bb13375779535aa693f51038540381efba654676b1471a10b61c5ad616fb81e
-
SHA512
8dfe75a0219fa67803da33adea82f6e08fd568c938adad3174f9248f060306e4725852282538691a22fff29a9cd50af66c9d884c94f15c9ed392b9f3048844d6
-
SSDEEP
192:NFNMi7v56OIYiYF8rVs9+qARrk3WJfsHR9y2sE9jBFL2UzZQp:NF6idIYiI9yrk34i/8E9VFL2UtQ
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Modify Authentication Process
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Defense Evasion
Modify Authentication Process
1Modify Registry
1System Binary Proxy Execution
1Msiexec
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4