eff920ad73b1bd4d2def6b79a52c4fe0f449902044c8efbbdf65afbdf93ef410 | Triage

Sharing

General

Target

WinRAR Pro 2024 - Full Active.zip
Size

55.8MB
Sample

241119-wnmcnazfkk
MD5

ea081bf71035f4c204696240c1f87469
SHA1

f55949c7871806fbd88b5ac5ea72f7aa742f00ef
SHA256

eff920ad73b1bd4d2def6b79a52c4fe0f449902044c8efbbdf65afbdf93ef410
SHA512

e400548244b8f7294832883d5fb9133e99db16039d63bbb6c931d33aa47bc4dad4cc974bbe05cf9d99c4ac10e62a237859ea4b9a86bf34c8805e9393d07df8c8
SSDEEP

1572864:cg7zo9RW2q1bND/7Hqb2sOgul5mRgD33QsENn:cyIRWf1bNr78cEiD33jg

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  WinRAR Pro 2024 - Full Active.zip
- Size
  
  55.8MB
- MD5
  
  ea081bf71035f4c204696240c1f87469
- SHA1
  
  f55949c7871806fbd88b5ac5ea72f7aa742f00ef
- SHA256
  
  eff920ad73b1bd4d2def6b79a52c4fe0f449902044c8efbbdf65afbdf93ef410
- SHA512
  
  e400548244b8f7294832883d5fb9133e99db16039d63bbb6c931d33aa47bc4dad4cc974bbe05cf9d99c4ac10e62a237859ea4b9a86bf34c8805e9393d07df8c8
- SSDEEP
  
  1572864:cg7zo9RW2q1bND/7Hqb2sOgul5mRgD33QsENn:cyIRWf1bNr78cEiD33jg
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  WinRAR Pro 2024 - Full Active.exe
- Size
  
  68.0MB
- MD5
  
  cb99bf277bf6e71fb3edf8a199f7adc5
- SHA1
  
  a6078f9bf44068575038e69e92f0909e3bf7d865
- SHA256
  
  651a4891b463ac1de513bf3d72375e7dc65edf276f02b10276474df11dae1dca
- SHA512
  
  495cb91b49fcd517b425e59e6289440941e4b105041c26f691257f469b6477f4d97356d07f01b455fb0423da909f6dc7b002843a40f95267c8308245b05a9fd6
- SSDEEP
  
  393216:rgCu0Q3uHpM43Gftr3YXekHkY8WY/wsp6AeSrpXZx4CwWcr+LLHizaCuzLzKoenv:0rb1NrPJzW8DKLtElx7hEjV5P7h5
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
behavioral3 behavioral4
- Target
  
  content_shell.pak
- Size
  
  7.1MB
- MD5
  
  ab9992f3bef24d6ffd8e76ce56f96de5
- SHA1
  
  531cc9767c3d3b4a342516e97326b859b3b3ea5a
- SHA256
  
  8818e8af6a3475e6bb6ebbd9d69bbac67fc156eca73840125987c1e9f9f2c92a
- SHA512
  
  3570882596b5ffef77da8758287a997504664a07926bd639cf01b2ad35e8fbd0ab00de669cf87269a241e073a2038f9f369e8f76d04282c7fe894956b57eb888
- SSDEEP
  
  49152:8t/rH6WCKe6PUJEKN3sVZowS5sl4G1hdAKeiCkefAIDzLFPVA070FR4h70F9Zdu2:8L6xzJEssZou11hGk4XrwqdaUO
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ffmpeg.dll
- Size
  
  1.7MB
- MD5
  
  327c1b74aa4d859b859b1de85036d969
- SHA1
  
  2b3ea047c3b5348a9916ccde4fd3f82355597c5e
- SHA256
  
  da46d37d872f945bae607d9008fa3731aa7e71df72b91c9feb6940475cd26c7c
- SHA512
  
  5e6bc8a8a5b361c5cadcd6230166b659aabb497a5a14c7c5c7723829f128b320205486f5da402f633e2458e83204b3bcb0f8d3edab937fe55f6939870ae394ac
- SSDEEP
  
  24576:J3hOKU8MSn3/o4goEnBB9xpncz52XNziyHe0pOYQ7UkF24UYXM+4nb:QFoEnBB7ZcQPN+FfUWs
Score

1^/10
behavioral7 behavioral8
- Target
  
  icudtl.dat
- Size
  
  9.7MB
- MD5
  
  62ce282dfe0ab8f2a35a529faeb61ac2
- SHA1
  
  c35d6e4db540518263214697f589c54faac87533
- SHA256
  
  c3b6588446b4a48e36dc135f9920ad246f5c84fe59c634b4225b009dd1dace13
- SHA512
  
  a773bf66fcb9a12c1d8f3a760724c8438c7f240617b8099e4e2af979b84676892dbcaa866ca2fad59d2e56493ec3f96f0874e4e6e7fe7ca25e22ea2606e9a853
- SSDEEP
  
  196608:oEUPty2AZfCHliXUxR0jvzl3Whl/dlTNRq:+12ZGliXUxR0jvzl3Whl/dlZRq
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  natives_blob.bin
- Size
  
  170KB
- MD5
  
  7f20917d39abdc8ccac48f8cce93bf09
- SHA1
  
  93c804ac74ce32c17538f04d175f775550946826
- SHA256
  
  a23d9b8422322157c7900b2cc35bf9a8129c08e4b9807dae26f412981b9c1b78
- SHA512
  
  183c4d606af1bc57a5d958d4ff34d9633a23493d18317544e8dd4b05dff010fce249d4ceee646b8f14c9367f509890292df1cd85957a0d2a0ea9f82045559f34
- SSDEEP
  
  3072:YUWt8rxNpyXcsR/H/UxRjh7oSzA/3BWypHEm9bgrluv:YUWOrxNpyXcsRf/UxRjhPzAsmtgi
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  node.dll
- Size
  
  17.7MB
- MD5
  
  eff754c2e27e951a51b2e480b0a82489
- SHA1
  
  a22fce626b90ce6870abf61a4fd14c82c9982bb6
- SHA256
  
  342b0cf35b6625929542c88cfce7419e1578603693c40866b3e09c46329833f0
- SHA512
  
  bef23f7346ab695ddec647ad5520e1bc311d831ba5dcd9bd223276d7f69fc483ab5f707cbf9b46bc3191e660bb3de34e7ac4686deb71e9bf86456584ba970e46
- SSDEEP
  
  393216:qyDDmLaVxvK+T7nc4fI9EyhrdnZCf8cEQPuUev/QY+Xqd6tYLSugwqtMCGDLAI:3DDmLV+T7ncZTnZzcxqAI
Score

1^/10
behavioral13 behavioral14
- Target
  
  resources/app.asar
- Size
  
  10.5MB
- MD5
  
  089412648f9eabd87ba7b83adf284b0a
- SHA1
  
  65a663421ee4f95d317008dd20c89c90cabda2b2
- SHA256
  
  c2a6d3a841a68c9d75b92321d60465bc66545b47fb9d0b303ef7811d68f108f9
- SHA512
  
  f4f35d282ccc83476ba954af398d11d79a5a6f1043813d8ad96be3135d7df474eb09f281d67662060a4355af469dc41a832d1802e967aefc7c9022e502cbe64e
- SSDEEP
  
  196608:8vf8i56uOUDT/3JklYDfEUnqviLIL3N/X3wQSUP9U4vRj/4Wv7AUGWuoJJqHaN:8vUi5vWYDfEUqvYISiUgj/pS6JqO
Score

3^/10

execution discovery
behavioral15 behavioral16
- Target
  
  resources/electron.asar
- Size
  
  256KB
- MD5
  
  b7bad86a92506aa7af9e66ca86ff2fab
- SHA1
  
  c0fcd1b819295558f537bde162b5c3013141f8f4
- SHA256
  
  e5a427c138a24f41ed422bd8c8ec2aa0cb84d7da25bfc745466efecb807b92e3
- SHA512
  
  d8a63edc7c18d48662cda9549fe4888ccfe221a6d22096e0c30696a4c77f029a70d4bd88006cb3f01edc3b58d10d0730bb23ea3a6a4feb57f10ab8e7a113d556
- SSDEEP
  
  6144:L2PumFpX8cron3hU9EW+w8757tfJ1bxZLAA/Rkc99FZ:OgnjJ1b51993
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  v8_context_snapshot.bin
- Size
  
  1.7MB
- MD5
  
  9f155b6775dd15d10091de0ae97ae246
- SHA1
  
  0b26abdd21d6b624e27f1c43badc558e78361cd6
- SHA256
  
  1a47ef6cc2b67e22a39f9d879bd2a4e22bc8a33bc560c93f6d7b167b2b8ce5d8
- SHA512
  
  0c5290eb33f88456e62caaa8af90f3fc6a5632ed009f610cdd0443fcba62b30401e943d1fd2931323ba306316074796423413c393efaf8632a07d38859ff5b0d
- SSDEEP
  
  49152:dnvhCK+IJp82Q7t0uUbhX3YUAGu90FOiv642BbN:d5qB
Score

3^/10

discovery
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecution

behavioral3

discoveryexecution

behavioral4

discoveryexecution

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

discoveryexecution

behavioral17

behavioral18

behavioral19

behavioral20