General
-
Target
OBS-Studio-30.2.3-Windows-Installer.exe
-
Size
133.3MB
-
Sample
241119-xzcs2azhnf
-
MD5
c4df60192a41f79bc34a8a5d164a3954
-
SHA1
468ead0d65ca44239a3b197071af93f90e1e9c8e
-
SHA256
b87b4a52420908ca443b973a854c650b1a0b2ef436854ceeed320bd0357aff43
-
SHA512
02423ae208cf53d9404d99a9ac3401e785b0a8ba080cb036abac705826dd1bb85a1ec0b7a9a1763c1d9e5251d0b08f1948c072a30161fd6cc9d8c6fddcc3fa27
-
SSDEEP
3145728:n+A6RF9hn5HO/2V2uHg8ctdzfOpuy2oEQNxf7TDl5BIh7/Ayr6KzyC+h8yzz:+AMFPnywKfzfOprDx9IB/AY6KzyC+h33
Malware Config
Targets
-
-
Target
OBS-Studio-30.2.3-Windows-Installer.exe
-
Size
133.3MB
-
MD5
c4df60192a41f79bc34a8a5d164a3954
-
SHA1
468ead0d65ca44239a3b197071af93f90e1e9c8e
-
SHA256
b87b4a52420908ca443b973a854c650b1a0b2ef436854ceeed320bd0357aff43
-
SHA512
02423ae208cf53d9404d99a9ac3401e785b0a8ba080cb036abac705826dd1bb85a1ec0b7a9a1763c1d9e5251d0b08f1948c072a30161fd6cc9d8c6fddcc3fa27
-
SSDEEP
3145728:n+A6RF9hn5HO/2V2uHg8ctdzfOpuy2oEQNxf7TDl5BIh7/Ayr6KzyC+h8yzz:+AMFPnywKfzfOprDx9IB/AY6KzyC+h33
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
data/obs-plugins/win-capture/inject-helper64.pdb
-
Size
428KB
-
MD5
7aafb78fc0dbd076c9f321ae02852dc6
-
SHA1
fd720fad8b076985e8f6ebf32ccc8983056b0b15
-
SHA256
01d7ac865b08cf9ed1a5d2f265e3328cd6532bd648115978c5bd1b7f790690db
-
SHA512
6d31acc9f52de7547aaf0e323cc35ad1a87fcf7a20db7518fcbb7843d293c0cc7f44d513918a75900bcd671a0c6ec5cb5b12ca2c626345343dead06de6f1553c
-
SSDEEP
3072:MXEVrOAM0t8k69CAaPBQjeW17GGAkxlRHieGC2Rw8vkOjzOAa:6ExYvALg7Gy3ieGC2Rw+knn
Score3/10 -
-
-
Target
data/obs-plugins/win-capture/locale/az-AZ.ini
-
Size
53B
-
MD5
199554667964f06cef43c4ac40b9c5db
-
SHA1
a1dd27c2cf643bee57e73989592768d80104e27c
-
SHA256
a75e04dfe6302b644ba87a2ff9c232a2ed3c903563a66c2611142b25384cb078
-
SHA512
7689c74174cc18c995e69462aec48ede2e24494238df873965163caede8df61d6f793962f3d585084443215c21135d7c7f5a7987871ff2aa26d12cb5571b1cf4
Score1/10 -
-
-
Target
data/obs-plugins/win-capture/locale/be-BY.ini
-
Size
5KB
-
MD5
cc9dfa03b79628e7c1590e97885fde6c
-
SHA1
e9e2899ec0ab1f4049d0ce722eb235b4cb4cd29e
-
SHA256
085c8c3882e0486d4e4918cc4c3b1a55682bac1dd0d670ad6b2026baf82974e7
-
SHA512
fa931f239471779c77791d98f25be0c86f99943603bf0a0be5b3d90f850d2dcc61f9632204333ea95f2f638c03946c1bb6fae6d8fb7b7ec02540218c44391c58
-
SSDEEP
96:XRnR3Odg/J41u+Q+StRBc5K5AiqxEfu7kJmXubkhhukX+VCtpJCapMp:XxR+dg/21wPmK5VqwrJmXVukXwWJlpMp
Score1/10 -
-
-
Target
data/obs-plugins/win-capture/locale/en-GB.ini
-
Size
347B
-
MD5
a511378ed6a91b40a9f9a8e547a8f1a8
-
SHA1
1f873b120759faa513b5c54bacb75c1b9f74ba8d
-
SHA256
80789bc1d55ef83e17d52d661cc5c9bbf6336105ede44229d1354e0698a347ab
-
SHA512
b87012e2f444089d416861efe81612a5d7e3d4804ae0532d3287275626ee85c191a998bdea79dacea21e410eb3ddb574d3bcc6d74660dd555fd176d687544b86
Score1/10 -
-
-
Target
data/obs-plugins/win-capture/locale/fr-FR.ini
-
Size
3KB
-
MD5
47bf1693dfbd0b3073e1177b0118c3c0
-
SHA1
7ac9d9f5315384242d27ccc4fa15a4bb07b1fa51
-
SHA256
aa36ba337e629cf900ef0b9052d4d458ab989a0840e5224af0a56daacfc282ab
-
SHA512
1dcc1553842cd1d2c1e0eae46994f513d43455aceb242528fd6ee09713e18510193a9585981669b5229b0a8f5385cc04088a310a08161adcffe9c96977e166aa
Score1/10 -
-
-
Target
data/obs-plugins/win-capture/locale/id-ID.ini
-
Size
3KB
-
MD5
b43cb6c063d9f01fa4d6ab231cc7cbe2
-
SHA1
6feee085215d388e289abaf62eddfd450cc51c50
-
SHA256
a16fd35f581899f9ff57644bfba5b62c574633c89511c66c409bf8d6fe98861a
-
SHA512
4d9fe2c19ea7227b840fb4ad6cca7c9807a3e7ae44aaa26d696c773ece2f8258c07886fea9dcf73938676a9d949ef106df8ba01282a551910e53435604f70421
Score1/10 -
-
-
Target
data/obs-plugins/win-capture/locale/ko-KR.ini
-
Size
3KB
-
MD5
9f5c0e4733ad828f86900d53e437f9e3
-
SHA1
78904f566ee9b068d18f432ddc529f44e762ac76
-
SHA256
16cdfe22e47e328db8a999e80582b376b379fb2e0d694cf38ccd36e15266db12
-
SHA512
361ba53ffbd0372d188a59c96f9c542af0fb3bf3817bf8f37b8c38ec618bc3f40a9f5a291bbee3ade5c6180467db2e20158b7588c1452ec3cc954e239e861031
Score1/10 -
-
-
Target
data/obs-plugins/win-capture/locale/pl-PL.ini
-
Size
3KB
-
MD5
3576b2bf03d5b8bcfebdb6c58fe469cd
-
SHA1
2c14e233bee247e4738165078d8c38764afa1f13
-
SHA256
b4e4c407af748a71e0e4199c693ae2e06d608c64290e10d1e4eefe33611a550d
-
SHA512
5e49a20fa11f8a5d721e22ba618fa80740c6d1fe95cda56e9d34f2d6cd29848882cf7c9f39713638c2b308fa1065104f6c16b4370c98087904590af9965cc949
Score1/10 -
-
-
Target
data/obs-scripting/64bit/_obspython.pyd
-
Size
2.1MB
-
MD5
501911792a1a946d740dde0ed9095af3
-
SHA1
c874b606d5e5007ba92e82fe4e38d11112553f7a
-
SHA256
1b9d35534b0f5289d862e1e178ffe77f2119e2df693fdd119ea8e6699eaa4b11
-
SHA512
d65309269e1abe976712f4542f13833fdff8518b0eb67921f74945e28e0bf9ae9082350cd18cf145ae7debd95233ec7a499a0b73ffa5aeb99ecfffffe6393be4
-
SSDEEP
24576:ykfyIiKS3I+uuLf7L0TTDsPPjqV1HVBtl:ykKIa3I+PgTTDsnjoBVBf
Score1/10 -
-
-
Target
data/obs-scripting/64bit/obslua.dll
-
Size
1.5MB
-
MD5
a018add52940b9f3fe15281af380691b
-
SHA1
8dbfbd9100c696bd525ea76c2139fad249d349a2
-
SHA256
d1b95e5b39f2c59f97ccf6f0b863a94ee2438cadcc7d451adcc1c4f513e36693
-
SHA512
acbcb160e25268e09527bd7b8dab37574f05602e100692b70226b8e4b1aac6600ba936e919a14d60f6fafadccd502522892c5df924c41a53d3d6a756eb8bfc16
-
SSDEEP
12288:AnRQVZQ3KXwXnjGtsnLZqwccl5Yu/yRUJr2c1fRGPbI1JGyxHPZM9VqM5S:Sw2KX2CQLZ/c2YRRUJr7fRLJf05S
Score1/10 -
-
-
Target
data/obs-scripting/64bit/obspython.py
-
Size
494KB
-
MD5
2f2464d537b6fc8b5d8a475d6375b07f
-
SHA1
f2eb25da5faddc60b90fcc1e67ba106c86ac6d41
-
SHA256
f145f9857948416f88c5d6c6cd83527bc406e94b95eeeff4bbd504e56295dcb3
-
SHA512
ef967bf7b8e9f9fe847c25eafd8ef00906caaf1774d355f5ba6f58d73311b1a4df6ef9a5ebda79b50a1984aaa018f03accf964a5d475144e58038378857abb66
-
SSDEEP
6144:zKRSQKN11kOapA26A8cJI60Qyh1GxOcwQ4NqHr4L4FTh11l8qYLL430SmCAS8Til:TTPAf
Score3/10 -
-
-
Target
obs-plugins/64bit/aja.pdb
-
Size
1.8MB
-
MD5
31ae4bda93904f320b2d76471c2dbf9b
-
SHA1
c4312951237701bc28a4dc97683de2b4bf1121a2
-
SHA256
0104e3a1a5408b31042d3b00b85cbdf040382f4441bcf27de3dcf0917c343976
-
SHA512
14b4b2b6e4d0004c32057a33c3bf1fcb074331fbe7e50661157cdda11aa5f9972ab8373340526f7d99bf15d7a39db8def40c08551a691d53ff3497767cd0b0c3
-
SSDEEP
24576:MOs8B0+0AjgSvJFA0a0O7R/6NbujaKrVQyMR:MOHB0+0gvJFA0a0CMuuKgR
Score3/10 -
-
-
Target
obs-plugins/64bit/locales/af.pak
-
Size
355KB
-
MD5
5c804b81984ff0807b8aaab6583f20a8
-
SHA1
f015b2280ba837205704b69a4cd39a2f0a22e417
-
SHA256
cb2003c9630f46daf0253b8d655eed332121c12cdc8114881e050ad2249d9f53
-
SHA512
113595986ba3b7e10365cb86885c5e3d47bb838c650bb0fb59453887e11cc8eca5622659e43fbb4891a88922962c6c856036b26b60270742386746f8ba308e1a
-
SSDEEP
6144:8NcIoSUWPYSC1cll2fNlx6MV85D4uEh/kQjB6KAxuIfgayoxzsB+xSD1yMYi5V3f:nIoCYSUvlx6Mt/h8QjB6KAxuIfgayoRe
Score3/10 -
-
-
Target
obs-plugins/64bit/obs-browser-page.exe
-
Size
537KB
-
MD5
7d888e828d846da738ba0b2ebba6f821
-
SHA1
4a2b886525922fc5e46ed5fbcb47514e796027d6
-
SHA256
b9bef61001c4860b4bb1697e873176219fffe215b0cecb612b14d504312809cb
-
SHA512
15be656f719d8fb29f09fda2575effcb9dcf76c8aa55823a30be64b58e0a60ad9ec63777c5b5a8b51546779ac69b4cf09e61775c3158deeccf47e52efc380773
-
SSDEEP
12288:t0v2TsznfcMtsP9Sv8H/QjC+08ahMN09AQLiVAs7306Cyi:m2TsznfcMtsP9Sv8H/QjC+0LhO09OmkU
Score1/10 -
-
-
Target
obs-plugins/64bit/obs-browser.dll
-
Size
772KB
-
MD5
09cee9b77740776cf34227922a95d5d7
-
SHA1
a2134c825e25a4c6bc7606b72aff11a89ffb4c7b
-
SHA256
c9c7e8d34842796b50524f76d3d9248d9a856c1a14a34501f1113e3c62cbe6b4
-
SHA512
aeb9ec5a6e9cc395983bb8c7a5bc7d40dfdce1ef52c2be5dffc32b9c08178cacd58aee463585af58a63fb4a4aaf08157693bc2cc4e3166e46626b14fab2ac2a0
-
SSDEEP
24576:3MVB3vqZ881VXF6nFY3YjHylXuxQuU336A4YUz:6BFU3qBYs
Score1/10 -