General
-
Target
SpyShelterSetup.exe
-
Size
14.3MB
-
Sample
241114-mb9sraxfrg
-
MD5
ac81dcc50798a6ff218989e710a8faf5
-
SHA1
cdcbb8bc348bbcbc08ba6ab11bc07c4dd6044108
-
SHA256
f12a285cd494045e1ea9cd014305b9a063fe7fb44aaae60c5307a7e588503a23
-
SHA512
58761ee04d57e977a8c5a92a9ca084afda773166f8190938da4ebd54991c7e3588f76055a1b8661bc74e080d3774449078657353608a4b4490d95cac84a179ab
-
SSDEEP
393216:XcgnMV1brGe3pT32/0pBdmI4vOwXMmMv:XJMV1nlprbFyvOwXlM
Malware Config
Targets
-
-
Target
SpyShelterSetup.exe
-
Size
14.3MB
-
MD5
ac81dcc50798a6ff218989e710a8faf5
-
SHA1
cdcbb8bc348bbcbc08ba6ab11bc07c4dd6044108
-
SHA256
f12a285cd494045e1ea9cd014305b9a063fe7fb44aaae60c5307a7e588503a23
-
SHA512
58761ee04d57e977a8c5a92a9ca084afda773166f8190938da4ebd54991c7e3588f76055a1b8661bc74e080d3774449078657353608a4b4490d95cac84a179ab
-
SSDEEP
393216:XcgnMV1brGe3pT32/0pBdmI4vOwXMmMv:XJMV1nlprbFyvOwXlM
Score8/10-
Drops file in Drivers directory
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
35KB
-
MD5
416df3e2080321a726d2f3640de381f6
-
SHA1
60e97cb36af4d054ced1d8479b70f63605e76bed
-
SHA256
1c835256567b66f6e8c0e5629e2c07b1159eaaf8c5bfa0a1446a31fcc17d33e0
-
SHA512
778494b65ba559f4d805fd6fcc40a4001e6a661f262e312e3b2981d5c4e46ad6e90a66e31e3f1a7758dd9239e68a787567912436703fb56fab44c86203edc5ee
-
SSDEEP
768:/AvE90GuY2tO93oLrJRM7Z4Ei2bsoCHKFKcMkw:AE+GjnmbM7i2KIrs
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
22KB
-
MD5
662740bb61022c673dca1f539692a881
-
SHA1
3c3a6db52874ab31d85da05af8bc5a3e64367033
-
SHA256
7a1f5593fd4090a0cc5028bcd8e4e2b4a1b017f2b98ba8c3f39e5ea38721a77c
-
SHA512
ebfc19bafe09b2480217c02f202e5de46d8c541dc71c32a821f5caf415e9569b40e7b355a5639cd7f9c52605ca1fcbd48cd7184bc2fa55353eef579db1e4f9ca
-
SSDEEP
384:0/Qlt7wiij/lMRv/9V4bvrh6ki2wi34IZzIKFKjqfvGBkSz:0aeiijipUU2boGkKFKcMk
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
19KB
-
MD5
31e9d33a51ec14b061b13a07357d5597
-
SHA1
a0c457597b90dc7d1166430c9583e75d25bd0087
-
SHA256
d90e03598b0cd62da697e0eabea712e4d277ac179cfacad5b9ca0c753368dcd9
-
SHA512
bf2bb86a27a5e8cf5d3ce19bda7d121fd6025f97f0ea626b986cb304db5e1ec203b9106ef023ba608f10f4d8a348cf24de92d117c70a8a7686b09950d042bc30
-
SSDEEP
384:DA7k8985U30WAw0hGIFcZ6ki2wi3YmxSCSKFKjqfvGBkSS:ENi5U3/Aw0g62b7SKFKcMkn
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
17KB
-
MD5
0c220b7d0d37229177cdf8fc3ccc836b
-
SHA1
d5b6a594c679b5acb5893fb8c9b9c95d123ce31c
-
SHA256
52056666c77215c7aea1bc8e0f7d13b1077bddc9dafb5944d9a01121b665bfea
-
SHA512
ae8cede92694e140185b58c39c68e3f5796c13354adf0626c31409f62015ab7bd03716a0ee4eb71b8b8d037bc2abe143f0b079f1535db811d1b6e260c8408e2a
-
SSDEEP
384:cH/cXtqfUNQZGdH26ki2wi3a32MKFKjqfvGBkSv6u:cHw8fUAGRJ2b+2MKFKcMka
Score3/10 -
-
-
Target
$PLUGINSDIR/sps.dll
-
Size
95KB
-
MD5
f14021caecb24dc2f24854174ed1a58a
-
SHA1
50e9520c001eefbc68ba06e99c9f039ff20afd7b
-
SHA256
47ffacc6c155105138f6409765558a927b3cabc6c5c9cef587e22ffcc46102f2
-
SHA512
4153dd2f8b318d4dae2c32e7a11e6b3298419bf4d2f40cad88e055e87222783d697b00ba780187a33e39d8eb77564abc3e7f1e921483c9ad2ec5d679195344ac
-
SSDEEP
1536:wJHHw5hJZ+1XflXKJt6xsblCFOIYoVg/SQsWmcdm61gijj6igIQ52xIr:wJHQjJZ+1PO6xsJEg/Lm6Gijj6FIKUI
Score3/10 -
-
-
Target
SpyShelter.exe
-
Size
316KB
-
MD5
c637e5ecf625b72f4bef9d28cd81d612
-
SHA1
a2c1329d290e508ee9fd0eb81e7f25d57e450f8c
-
SHA256
111c56593668be63e1e0c79a2d33d9e2d49cdf0c5100663c72045bc6b76e9fe6
-
SHA512
727d78bab4fab3674eec92ca5f07df6a0095ab3b973dd227c599c70e8493592bb53bb9208cc6270713283ef0065acfad3203ddcf4dcb6d43f8727f09ceaaf2e4
-
SSDEEP
6144:VzsRSKkhKKXDD2mTLGxelHJ+SBae3VFpSX:6VkhZWEGxelH0SBtfpS
Score4/10 -
-
-
Target
SpyShelter.sys
-
Size
96KB
-
MD5
8601c8f4941e9c7139ee451cfdb2478f
-
SHA1
a214490aa4e8de7972ffbc8b5f7de25536d0ab61
-
SHA256
564aa9812e2502831e59f7e64aed821dcb4bdd2aa257d0ecdc71299402d69d8f
-
SHA512
aa6f0eac350d12769b0ba95187ff31ecc1b249625a82d80f410660047c15a5bc61593b68e292c7de50fd9a559af43082c4c62988251ac88f597bb6048c385fc1
-
SSDEEP
1536:laWK9kTnUKZG4hCNueJW3qwtSa5cmLnZeSMj20IrMsSzc:YWxZGMoueM6w7cNSMjNII/A
Score1/10 -
-
-
Target
data/app.so
-
Size
9.3MB
-
MD5
d3ccc0b5b9f6c06d9756435f876b383d
-
SHA1
c4925bfbce381f8f96e75e14f0896cdd46d8453c
-
SHA256
83a1802ce9f4d1872e37aa0c36924b5457bf3c8bc5356d2b3fba43aa0e7b3ee0
-
SHA512
b472faf32a93824f79538f491277a8d138d7f06154ef07b075ea5018ff1df115d0b1af11d60109427a5b8d11332caaf7553e39714124a5922c0b4dce4d0c6d08
-
SSDEEP
49152:sF+9DRqBvRyS4eEnzR1Tio339NBYuQbaREujeGSpYadliYAuRZhFQvYw9YINtk2c:ss9Uvkn7npQbpFOo5DhFOfs39Etpq
Score3/10 -
-
-
Target
data/flutter_assets/packages/fluttertoast/assets/toastify.js
-
Size
5KB
-
MD5
18cfdd77033aa55d215e8a78c090ba89
-
SHA1
80f2206dad90227fea5a62c57d5a20b03e0cc4f5
-
SHA256
cd822b75f51d89ef67de628a1252ef375b318889aea49fbe44ffcf0b082a6dbd
-
SHA512
64daf28c841d90b27f7f5c7b4bbd6788275102499b5293a1088006b8c5ad4db415fea74c5ae3be396e22bd80948cf0c2a5dd50e9e615e1fde71a55d23caf4b68
-
SSDEEP
96:3Lb5r4NkSo+hVCsGwnVE8y2d7QC3305q5uUr:v5rGPChSV33Kq5u8
Score3/10 -
-
-
Target
flutter_desktop_sleep_plugin.dll
-
Size
91KB
-
MD5
ae8bbd77a997d05c06e459f0f3faa5af
-
SHA1
843ae129debba252eaebce0459adccddc1315826
-
SHA256
9600697c57da5a1411a227eb5fc135f20d0ea292f458290d15fb959c1f75537e
-
SHA512
13067ed69244f94206e642b408143409b48fb976221dbbbbdd86f0b357a8b7b0cad334a6259751a718f2149e183d322bb8b03e26abff2cdcac2826a551e27d2f
-
SSDEEP
1536:yOCWkiWahkGF/g8+kAxfo7FBHFKSPvWIiHlHFConoc4J72BIr:ZCWkiW0pFJ+kA8nHkSPbqlHFConoc4Vl
Score1/10 -
-
-
Target
flutter_windows.dll
-
Size
17.4MB
-
MD5
9be9d90359baf57df5fba9ced70d2b41
-
SHA1
01b9aec6abfca7c1676fc0ba8f1feca5a1efc27b
-
SHA256
1231cb8239d20220844db6c9ec5c05da9455987c5a9bfc087d3efe22236e3a4d
-
SHA512
2b3e9d3b6b7fe15395f83fccc669dcf1e4efa7095bc51aa246d824e6c33d5efd9e450580cbf2fc07559b8d868f936052489e54aa4cfe8eed15fcb196e8fae3eb
-
SSDEEP
98304:MceV/7q+mWCWfHzZm5bbJTCVbnL3hs1qlYzauFIrwYhLoCRH3Sz+cyBgPvAPhZ3O:oEJTKBh06CBAnVLWH
Score1/10 -
-
-
Target
msvcp140.dll
-
Size
564KB
-
MD5
1ba6d1cf0508775096f9e121a24e5863
-
SHA1
df552810d779476610da3c8b956cc921ed6c91ae
-
SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
-
SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af
-
SSDEEP
12288:RBSNvy11qsslnxU/1ceqHiNHlOp/2M+UHHZpDLO+r2VhQEKZm+jWodEEVAdm:RBSDOFQEKZm+jWodEE2dm
Score1/10 -
-
-
Target
sps/sps.exe
-
Size
3.5MB
-
MD5
c05e51df7722f1b081d2a6f099479b58
-
SHA1
6db29805de6d3dd4da16774f407627f03bf7c2f2
-
SHA256
d7034a308aed0b993ffc1f99f66553e492e826af5705707d0d8086ac68130f3b
-
SHA512
324480864dac24bd1a836fba86d369a962c86b2f20f4cd44228161556f05605663687848e470e67bde3717603823cdac7cdd045be785d2a0162098de92e8a542
-
SSDEEP
49152:t28TTsaAklFj+vRODhs3bz0M7sE8QHhqCgHLcsXiyFyyEZ:t3vsbvcY4M7s7IqCEHXBFyy
Score1/10 -
-
-
Target
sps_helper.exe
-
Size
652KB
-
MD5
2eb981a98211a8eb0bc975c34977693b
-
SHA1
035277c0e64ababb977ec99ee35f7bcbaef7a9b7
-
SHA256
39287a6c9c3cd5a6620533c299af82779693c07e8ca5cb38bb54348c635669ba
-
SHA512
08a9e1a6bd6a9c422bb0d14f90eca01409f7f17f222d59dc6816c7298bd674a3eab577a739c595cf62c9b69b1538394a1c20c600e0a0e808a96a92ff2b9e4ba4
-
SSDEEP
12288:gbjrmK6QkvACdIVYc+lxD+9uBJ8IYOLlp:gbjv6Qkvbc+fK9FIfl
Score1/10 -
-
-
Target
sps_service.exe
-
Size
4.0MB
-
MD5
a5cc1b60dec88b60fa68660288e29977
-
SHA1
39fd18602b9eed862cb399a4cf7cc6e16b830661
-
SHA256
f5f7d57392d7687511587898353b2863b9747b4962ef0426275dcbd040fd4dc5
-
SHA512
9da0068e1610e9231d0f3e6a0b6ea73a2ff75f5e7e94d0325c8d1ea0456e4730e5fafeff2c0cfcf6809b67487a8b76a99a8d6bbeca1352ef6674bf191e134717
-
SSDEEP
49152:r99uvOaztDUUy3kxshaa4XTzwyfY1SCtmbNQtjKYKFiqjf1yj64usLhu:rCUUy3kxQaa4jzwNAEmmFTwf13QLh
Score1/10 -
-
-
Target
tray_manager_plugin.dll
-
Size
113KB
-
MD5
65dcbb76cbb2bbb1684186f1520e888d
-
SHA1
25d656c1cb3c814776779bc53e0e2b937d8441f4
-
SHA256
9c7e0de576932c8b2149849c96f3493bcae215f6db5996dbaf5ae1788697e8f0
-
SHA512
e351547e551943db0267828e283797c81b593ec303cee4d4447226e86927acac93b87226e79e1a913a1ec397b4183b7ee81a2af8764f71d7fa73c41bb102d9ca
-
SSDEEP
3072:IVV+oRKikJVXx0esFNKKr9VNLe1Zl1QaI:MVxRkJVh0esLKKr9VNLe1Zl1Q
Score1/10 -
-
-
Target
url_launcher_windows_plugin.dll
-
Size
92KB
-
MD5
7e6a40e0083af22b186b662553d679fc
-
SHA1
b74c38d1d33004fb27b1df8003ecd4b87a5739c1
-
SHA256
578323ec0b492e72987778af3811cd00b71171b1e84b92e720964543f8f3a183
-
SHA512
3ac74e807bddffc2965cb3878a51e5c7c3b5eab2dcf8bc1ffaa41a56e20460cd01ff6b9a00d78e1aa021f5b9c38ba4f4726d37bf42749da4fa208e3f8985c114
-
SSDEEP
1536:bFDb3dBYnaTP5ixDXEdOk99sVwC8LpL0lHBV8Pl4sA72+AIr:Bb3BTPMbQOk3sr8LpL0lHBV8PlHYQI
Score1/10 -
-
-
Target
vcruntime140.dll
-
Size
106KB
-
MD5
49c96cecda5c6c660a107d378fdfc3d4
-
SHA1
00149b7a66723e3f0310f139489fe172f818ca8e
-
SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
-
SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d
-
SSDEEP
1536:BcghDMWyjXZZIzpdbJhKm6Kuzu8fsecbq8uOFQr+zMtY+zA:BVHyQNdbJAKuzRsecbq8uOFvyU
Score1/10 -
-
-
Target
vcruntime140_1.dll
-
Size
48KB
-
MD5
cf0a1c4776ffe23ada5e570fc36e39fe
-
SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a
-
SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47
-
SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168
-
SSDEEP
768:a0Q4HUcGJZekJSam1BbuBSYcCZbiLzlSHji9z4GwZHji9znwT:afnDex5izbiLzlE+z4Gwl+zwT
Score1/10 -
-
-
Target
windows_single_instance_plugin.dll
-
Size
82KB
-
MD5
00c451a17ddfcd810086fb2ad794125a
-
SHA1
feba77a0ca91f828099a3444a93ff11b6ce40fe5
-
SHA256
f1430479210c19093d76435e5826e3578420933248b51164e11f0992f77ed1f1
-
SHA512
6ea4d2556e0b82d017cde2a3c5c9b2881daca6b5af0e92cd10be886047eb6303085244ac1bb764e96595b3ca448504591c976dfefbffca8c6cbabe28f81e78c3
-
SSDEEP
1536:ET2xnGrpBkhdFk3ffx9z7yEzONPf1GMn8cmu516pgTcHbm2iIr:EqFGPaFkvZF/zIf1GMn89u516pgY7mnI
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1