General

  • Target

    Gajim-1.9.5-64bit.exe

  • Size

    105.7MB

  • Sample

    241117-tdz5natbrg

  • MD5

    800cf22da2b528fda75063d486cd082a

  • SHA1

    2cbf61ecd2e774a4df2769e0c6ed950ed2acc2ee

  • SHA256

    522c14353d8028a0ac8e896aad88b101ad83ca8218731399ef9175e90d24cc30

  • SHA512

    6f439b5f5b756ef6e5802985f3fe63e6a8ea1d121a7a43b3d700de4a65a6a42469562031163d5341d9fd05e87e83f1ee2caef0b5a2a01cc696bdf844af52cd07

  • SSDEEP

    3145728:aCTom585UHuf+EllgWSb7GpwCK1CpwaSyXnf8xvwJ8a:ag8adEliWSuLKsnSyXfnJp

Score
7/10

Malware Config

Targets

    • Target

      Gajim-1.9.5-64bit.exe

    • Size

      105.7MB

    • MD5

      800cf22da2b528fda75063d486cd082a

    • SHA1

      2cbf61ecd2e774a4df2769e0c6ed950ed2acc2ee

    • SHA256

      522c14353d8028a0ac8e896aad88b101ad83ca8218731399ef9175e90d24cc30

    • SHA512

      6f439b5f5b756ef6e5802985f3fe63e6a8ea1d121a7a43b3d700de4a65a6a42469562031163d5341d9fd05e87e83f1ee2caef0b5a2a01cc696bdf844af52cd07

    • SSDEEP

      3145728:aCTom585UHuf+EllgWSb7GpwCK1CpwaSyXnf8xvwJ8a:ag8adEliWSuLKsnSyXfnJp

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      share/sqlite/extensions/nextchar.dll

    • Size

      17KB

    • MD5

      cdb4c7932d557b69e3e47bcb5f2372cf

    • SHA1

      a54b6e842564a5e2e70a34cd0f1c41dd360da5ec

    • SHA256

      7023be3e5ece85c52ffb0fb489c16ab4e6e14bec0b04a2eb90793d53799b6e73

    • SHA512

      117fb3421ee82e1713fb9c0e1b8e0c0fa8a06ae2491542097fa9dbdeb419d635d341b733905f49ba40a4bfbd2770723153d7ef7924c53a67b983e623113a4e88

    • SSDEEP

      384:WYzWLA+iCXooX1FmSOku8nbAIaH5tayYEuevGP:PijXyVkkIkOyRGP

    Score
    1/10
    • Target

      share/sqlite/extensions/noop.dll

    • Size

      14KB

    • MD5

      2541749abac60461230c569d887b901f

    • SHA1

      51df7cc76e720bd1c8176b3a7898eca030352e29

    • SHA256

      09b432c4c9c72d3dc939b1ef522c0745040932559ea7206e8b3cd0fc0ffb3391

    • SHA512

      01ea25e4e7f16ef24d2c9f5506757782dcec0c5abd4c61a0aee6be21609249ab7de2df8638e320a095b6a5ef50e1341ddcf2ca2c612177dcfcd0836517152842

    • SSDEEP

      192:GHhWis7HhsrQzF8yWIJK0IPu8/ZLMf1w8F7p:GHhW3By6FXRnku8/ZofO8Ft

    Score
    1/10
    • Target

      share/sqlite/extensions/normalize.dll

    • Size

      19KB

    • MD5

      ca70b3cdbc93a914072b11ad1bfa8b38

    • SHA1

      2a4468bcf218e2efb44d27488f6383516a86eb1e

    • SHA256

      ca62c8b4ec2f979d59d1cc1f87cada0998f6b487b268f95c050650859784006c

    • SHA512

      aca8ba640187d412618d82fbe9f625f51db5fcb9ce57aa132a6e065f5611b045a12caa38da75326eb8baf531e0130625a7df0489b73c4f7c97eccb0b476db6e0

    • SSDEEP

      192:ydB83UT8KbCxGLbazslUsQOcIB/RcqB9VDBQFuOwngFK3IPuEnbIfnnnreEnR++b:yT8m8GF2MKFuvIEkuEnbseEnRTek43ny

    Score
    1/10
    • Target

      share/sqlite/extensions/pcachetrace.dll

    • Size

      43KB

    • MD5

      4cabe6a966c9625f70362af2d75d4889

    • SHA1

      98275cdcd252f79e9c75262e5a0b9c0fdd0479c4

    • SHA256

      7d23bac41895c8b3da14f8b65e433c7d411d4ce0ef86b77239a7231717046c3a

    • SHA512

      a4acb976e163241fad25382be4fc513c582a99fc85e45898ff6c22eddb7deae34638862c2488c8d8890f76acffd537c20d71a444565b02e9d548d471f98d5e1d

    • SSDEEP

      768:SNuAMupksme/c7tRP5yuXL9s4u/MLpFcq+Cr8YQBwaM+PZcPaFD:mfpkaSxyItuE1FcnCr8NCaDP6aFD

    Score
    1/10
    • Target

      share/sqlite/extensions/percentile.dll

    • Size

      16KB

    • MD5

      da297155d70a7f72b48cfc2d8460124c

    • SHA1

      ec2dce074a1d9ccb45b2ca61f74211cd1fb1c392

    • SHA256

      ae73d57b1cc944e7b74f5294347b2da317cdafb68b0a31440e27eaaa7d83d84e

    • SHA512

      08f81133797cb5576509c7421b1951f50cbc3dd136e2c8a23dba483a66eb847fb4744b77596d62ec5ea31e8b2bb4c99b2ebc90247be7274d91d14d090b5f4d4e

    • SSDEEP

      192:NIjsKnWSjYj6FCK2T3C12By5gj1ktKZIPuM/ZjZubY+pn54kz3X:NIjsH6xCK2L3By5S+ykuM/5Zuk+9BbX

    Score
    1/10
    • Target

      share/sqlite/extensions/prefixes.dll

    • Size

      16KB

    • MD5

      057d77c22226a4e250a3d7f7ccb591d4

    • SHA1

      4c0ef973b17a542f00f83ab82e8c185c7da37281

    • SHA256

      0ec31cc021e3188bed834af0008ea04f74596774043226af838986b3df1a465c

    • SHA512

      76e966286c5deeaf4ae32ac2c35eba717d62428eb2a15c8d90cecc5dd169d94c7bfb9099fa11db8f32f5a6b7ed08a21144bd2399070fe0a21d055c53a2de84fb

    • SSDEEP

      192:OIJFWeoIsfsVP4w4voFzSgWhWZD0WlIgK5IPu8nbFnuuFmBEufys3P:OIXW3ECoFzqhWVjLSku8nbYuqEu6GP

    Score
    1/10
    • Target

      share/sqlite/extensions/qpvtab.dll

    • Size

      18KB

    • MD5

      8e76c6cccae28be47a0cbc420203b2c6

    • SHA1

      c7f2af7757f625a1e40f035e3a757e4fd8ac6c53

    • SHA256

      97e3d46986f37069d6312eacb6ed88eee15340b0cd32a13b1bd1b039ae7c11cb

    • SHA512

      2b2e4404ec26db5099a511e771ff30ccc22fb085887689a1a8732647976facfd3a72ea62dffef312def440397d7bae48c87cdff760d671393945fce99660b17d

    • SSDEEP

      384:NIPT7uXbDEXNitmp9fkkuMXgDxmqXnDgu:Nim4nMkExmqcu

    Score
    1/10
    • Target

      share/sqlite/extensions/randomjson.dll

    • Size

      18KB

    • MD5

      4e00e0323ed5d219dd338d33d305787d

    • SHA1

      0444c55436fb56a7ba8b4ecf407d5f6838016fcc

    • SHA256

      b7587b210b5afb3bdec9929442c092493264a72269f90cbf5d5c30501fea8897

    • SHA512

      43913b89380091aa7ca654140aeba55b043b8d793d535cffbc4ddb03a43a03d20143ea767aa2c743dbf77a13278f77a1add754d7511d3c6c82acf703ee5f8c6d

    • SSDEEP

      192:W8E40nFF4ZfuRHwBDQebMkeKOIPuE/XOaZebZLoMRxdavrPdhkva:W8E4MFyfu94EUslkuE/eaYZJRr+PdAa

    Score
    1/10
    • Target

      share/sqlite/extensions/remember.dll

    • Size

      14KB

    • MD5

      fff6e866d7d5556f3f74062ff732c211

    • SHA1

      e37c946eb72631b50d28560a3617cf334543185d

    • SHA256

      e4f20e860320ca0c1848793732c33d969018496a6b5680447c033ebe8c84691e

    • SHA512

      fd17367a08931a5256ab17e67b3a82cbb563377b2b4f962cbb6f79ca157bb77115a15086adb154599c1bf257c5bd9ad7ddb9082e107daf48e7a02be1dbaf4103

    • SSDEEP

      192:io4W1evByzxFG1g8w2yNKCIPu8/2Br+IFAp:io4WCILG1J3upku8/Ur+IFq

    Score
    1/10
    • Target

      share/sqlite/extensions/rot13.dll

    • Size

      14KB

    • MD5

      fa4eb85ceb32ef5c7ff7a231c4f5d71a

    • SHA1

      266523809bf80517319702380ecb6497448e0bb1

    • SHA256

      1ba8d68f55e51f58da2550420cd710fec89e5bdecaf08b8ab1ce03e4ffa3eb94

    • SHA512

      0bb23f6b63786e5110dbf38711f63135e6c36cf39639a88da081c831dd5c298c34aecffc00264445127fb90ab91135231414ae5aed75f51b455bc3dbd73ff4b3

    • SSDEEP

      192:okWrs0xZTrmTD/6yW8SK0IPu8/wARiMITFIp:okWprTrADlmnku8/3RTQFy

    Score
    1/10
    • Target

      share/sqlite/extensions/scrub.dll

    • Size

      21KB

    • MD5

      02beaaac0ec7d4272b9fa87d01bd1f3e

    • SHA1

      d05b6911f12a31a39c3389946adb27b508f91f74

    • SHA256

      7893a17b4579eadee26cdb72c0972bb61b76c1b93040c3f328645e6c1c5c8e93

    • SHA512

      fc7295074e2a1aca3236364e5a129bbe948c98fde4276f53fc1c70f1759f39e142fe33ef52cfa2f1a58cc415daff2d665101d2b2cfc417be6e6e88b79e52479b

    • SSDEEP

      384:YrTBhpYUGFn/d/0UH+TH7J3Jku8nbkO2SrRWD9bhPNEuOwW:YJ/YTH+HJ5kYO2SrR+9b+wW

    Score
    1/10
    • Target

      share/sqlite/extensions/series.dll

    • Size

      17KB

    • MD5

      3d8568dbcb41275bd1c8afe06a2db77f

    • SHA1

      100c5a55139a87189fb3f26d1c08516d55331181

    • SHA256

      079f743b8941f1cdde3d97a5edff0aa142294e6b6df6481d9ed0d7aed482d6a2

    • SHA512

      ab90a0ff36c887d4159e515c6f7e92c9d0cadca376c96e0c72e25748dd4beff12d8c4c1d1c21932c09d3904d03d6309476329a35cb6a65dd4ad62f37f8f9ef08

    • SSDEEP

      192:WNNFZmDD15IaO5kWiTG/VxHJR2T6ln2JQHgFKXIPuE/HKECrgYDOH86poS+u1t3P:WvrwhNDG/rJRLl2+okkuE/OCoS+u/P

    Score
    1/10
    • Target

      share/sqlite/extensions/sha1.dll

    • Size

      24KB

    • MD5

      a68ff9a4c1e376dcfca446672555774b

    • SHA1

      c2173b6c2fdbec3c1dfbaacc95a5aae2a70a1f28

    • SHA256

      0458065155ca7959c9fda1c2ac6647cb8a2e1c75680e31549ec08820a050e224

    • SHA512

      e13fc705ebcd7b41fe1b11a81ddd6f0c3b2c7132756f069848850938a9b1bc1cd499e4b75f92011c5a6130b0c2072a0879cfbd269d7b96b608c4be81f7a5f47e

    • SSDEEP

      384:zaev7Dc7rvz0+nEMJuyiI4j8YUYkuE/k9qyWVbGx:zzMViI4lxk2qcx

    Score
    1/10
    • Target

      share/sqlite/extensions/shathree.dll

    • Size

      24KB

    • MD5

      f47c2cd2c68860dd9e83a62c74a3e245

    • SHA1

      9f81ecc1b16e3b4e1200a249853e4800177e1dcc

    • SHA256

      eebcb9f1497ed6b2e597740be80a97b404fe04cabb27bc88adc4f04aecdf809e

    • SHA512

      56032e3e6e7e7c19806eeb3f5026994d59bbb33a20f318cf1d5e4e354152ad1cda7ce479c5898144ebfdbae69163085dbb53b77a9e87a1fdb37161afe931b657

    • SSDEEP

      384:fTiWV34oVTAEc6VUlgKjOCjY+umKEhyh+RgfLSku8nbuziEuRGP:fV3p5zUzO/+udEhyh+Cfmk6zqGP

    Score
    1/10
    • Target

      share/sqlite/extensions/showauth.dll

    • Size

      42KB

    • MD5

      46a61119eed4f7d5c6442ed0238ec3dc

    • SHA1

      6611beb5c5bf3cf127a12b8273321dc1511c597c

    • SHA256

      4b4a21b866f56e8e693bad4082c796a2a15affeb7b3138ec469fd967129184aa

    • SHA512

      7f3de9291a5d8050e8ad1a381d8a534080ef9ba6317f4ea5b1e3ff20cb5c0aade29ab78cac7ffb697d725b99192f5f2b52ab7467f2e9af5c367adf3725db1014

    • SSDEEP

      768:OxXUKkCEe/c7tRP5yuWE9hmxHMXqXc+j1r89pX7lLoFT:0UKkCSxyIcxs6XcS1r8R0FT

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks