44ecc6a7624b2fdf03cb9b419f111892515fb036fe23f88e51456dce69066046

Sharing

Copy URL

Twitter E-mail

General

Target

Stremio+4.4.168.exe
Size

112.9MB
Sample

241120-rge8jssmbp
MD5

763b10b7a9293ccc9307b650a01db702
SHA1

b033764307a4df6cc81c654467630f2df67297ef
SHA256

44ecc6a7624b2fdf03cb9b419f111892515fb036fe23f88e51456dce69066046
SHA512

f6f8d0a78cfaa2c440567fc0e636ab6129c495991f679c93ae0b7e211d9e290e7d4628891fef35f0383662bc2237e21410dd849f1d6074a8994dfd8deeee5e0c
SSDEEP

3145728:XddpqKUfzM8/I/6Uj2jDxXz8sGd1TiDlSugSbc+cYOsNCO1JTN:tdoK18wiucDZxG7TOlS/SI+JNCO19N

Score

7^/10

Malware Config

Targets

- Target
  
  Stremio+4.4.168.exe
- Size
  
  112.9MB
- MD5
  
  763b10b7a9293ccc9307b650a01db702
- SHA1
  
  b033764307a4df6cc81c654467630f2df67297ef
- SHA256
  
  44ecc6a7624b2fdf03cb9b419f111892515fb036fe23f88e51456dce69066046
- SHA512
  
  f6f8d0a78cfaa2c440567fc0e636ab6129c495991f679c93ae0b7e211d9e290e7d4628891fef35f0383662bc2237e21410dd849f1d6074a8994dfd8deeee5e0c
- SSDEEP
  
  3145728:XddpqKUfzM8/I/6Uj2jDxXz8sGd1TiDlSugSbc+cYOsNCO1JTN:tdoK18wiucDZxG7TOlS/SI+JNCO19N
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  QtQuick/Controls.2/Fusion/qtquickcontrols2fusionstyleplugin.dll
- Size
  
  586KB
- MD5
  
  30d46b7307bfff330ecbb390fa3b5b50
- SHA1
  
  eb91db0e36c0cdf7c6eac2fe59b23eb7bf3d2520
- SHA256
  
  7f674fc7d2b61dbfa632036e811fbf5e46f49d8fa1f35341f6faafd1a9810fc3
- SHA512
  
  0237794607d11182c34449c4cb8d8e45c033d6d9c41e9c77b825394e8ef38f93ca8ee97d0c518572010c8439f74081445caad22c7fa6c7a671bb2fc6727df3ce
- SSDEEP
  
  12288:ivJA/upprpp9pp1ppeppMppnppcppdpp3p3uppOppIppCppPpp6ppvppKppsppnv:ivJqg
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  QtQuick/Controls.2/Imagine/qtquickcontrols2imaginestyleplugin.dll
- Size
  
  1.5MB
- MD5
  
  5282cd3eef6f9fbda9a4b43b13738f2d
- SHA1
  
  3a50f66b153855822c41af99941162098cedda80
- SHA256
  
  a08c3b02dd24c99208d8be394c56a9953d0558d4fa9336b784454ef990e5c777
- SHA512
  
  e81fb261dc1e0ed099565731f1ebd5c0072b5bbe634e3b905e80689fcae5dc377f30915bc422326eef2d2319ed7776d3f9f1c36e57db7369165391fb8cb8425f
- SSDEEP
  
  24576:i2IFT4juIEp1mogpOzH/r1K5JXN/tpyUnJV8DX:u3ICmogeHTcHXltpyUnv8r
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  QtQuick/Controls.2/qtquickcontrols2plugin.dll
- Size
  
  610KB
- MD5
  
  3c7baaa13a17c630d480ea7b414e89c5
- SHA1
  
  f19cfe7958cfc58105e4313e5825970a4f4c1499
- SHA256
  
  f56f162672f212f87f1f99d56cc4fe1b34c46a9c2c525bb3534ce28fbecf424e
- SHA512
  
  e85d5d6c73d868b4fa73fc91f2719025eb1e316b98384279d9a59af8ce645336dda32406a969acbd267e32fe5ae5aecd5feace75d9456746f505be6c66982983
- SSDEEP
  
  12288:zFWuIuJez45XUA0MyWsWaNMje4//vWwFjJLrOFp/pip+pGp6pVpSpFpIpapFpzpp:zFWuIuJez45XUA0MyWsWaNMje4//vWwB
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  QtQuick/Controls/Calendar.qml
- Size
  
  13KB
- MD5
  
  8271ac3d4e6b5e7bf47dae0fcf2b6276
- SHA1
  
  6a7e6a614ebce44a0afc940fccd02c4b8ea6a3f2
- SHA256
  
  d5bc343b79803dbb1f28e2a9e88614f07db92d04abbb2c87df9a83dff47fc021
- SHA512
  
  f807c7e50fd158086737e33dd3c58f2395b0dd789c7a8bb322af4e3a95382cfaae33863b74b8a1d0bcdb6bda246d62b00bc8ee0f0c7a5a17d3174a380bba0921
- SSDEEP
  
  192:KtcGBf2NDPkWGQA/avHUMw42QsxsfwR2RH29hy7k0FXmFNMa:RGIGQA+2owR2RH2jbhD
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  QtQuick/Controls/ComboBox.qml
- Size
  
  25KB
- MD5
  
  14e14d914b7c5acc5afebf0f8278aaf9
- SHA1
  
  d77e16c080ed950cd315490aed12c327af35a16f
- SHA256
  
  ec8d6d62031d1648da0f7cf174e7fd707af73cecad3a7b1d53bb6ff06cee6eed
- SHA512
  
  1e670abcd65dfe438206d4091bf323ae1afda9c2cb1be6a491e4805dbee75b72fdd4915a829b98c35cd11502a905ffc7eff09a1e18545d0bad16a2155b617ba3
- SSDEEP
  
  384:RG7v/WdaFXoAhPF4qPsTsrCUVUQtayvGH29w:RGz26Rw
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  QtQuick/Controls/Menu.qml
- Size
  
  5KB
- MD5
  
  6df072421b299327247e0e4042bcdd19
- SHA1
  
  49dd5b2a1e618fb66b97614d4b43e9afadf5de67
- SHA256
  
  e0df7e7bd642aa535e7ffd5c1b3ea3a1e201c80b554749b05483abe322e623fb
- SHA512
  
  2a75f81acd054516f95395e1a738fb8cf33ae7a15c72ac73d4b0e0eaae2ddbd1813ff7f000735c6bd7b886e926309251351f6ff2a19ba6e9761dabaa663fd6b0
- SSDEEP
  
  96:KogUldGcQWRCCspEXP1hNgqjMbvpZOci9buA4KmFvZ:KtcGLCspEjNgqjwi9AKmFvZ
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  QtQuick/Controls/MenuBar.qml
- Size
  
  12KB
- MD5
  
  5893cd63cd0cf9808a8f0c08ff78b8d9
- SHA1
  
  7c1e9c22af12a79435210f8f3a878a3faca8ffb2
- SHA256
  
  d00319c39c5d8aba32d480e8a7543b7e9b2913951fe24037c5dc89edf7f7b084
- SHA512
  
  a856bd9ebc448067c7607c8cd44f60be4371832277a00d015bf908b4a4feccc2f8424479bfb6165ae28dd2a169b54e93b5433c83d1702a8991bbd33bb0e1a7f9
- SSDEEP
  
  192:KtcGwslIqMINp8BschTZglH52QuxWYgdpChQ6sEz:RG3HQ35GlSbQ6r
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  QtQuick/Controls/Private/BasicTableView.qml
- Size
  
  32KB
- MD5
  
  2a6ff6d69c3c8aebac0577ec495914ab
- SHA1
  
  1f53aa8e32f836d8ee37e9f93ea8c10bebda0ca0
- SHA256
  
  d1c6f040cddc78498d5fc7e2ee3b2a8ae94f1772f04af77e2349f60baf189329
- SHA512
  
  e2ec07742a91fe3e2b4a9133c1fe2b6975975d315f7450a1d87b08d12a6eb092bd6dcce19daa04b809a1a7a1983c8e02725b7e19502f74984c0f989f451027b5
- SSDEEP
  
  384:RGX+HVCDtXjiS0NAiPKBwH5JwGJBZJI0UITLfnNJyXyTHwL5sP:RGX+uYtCLgLTw0
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  QtQuick/Controls/Private/CalendarHeaderModel.qml
- Size
  
  3KB
- MD5
  
  e93df9572c77f934688cb8b498820dd8
- SHA1
  
  cc7f75e4fc6c83f4922ce71708d1a8a1445e0bd7
- SHA256
  
  f4ea2c35462f76b142231dc83b536b1f93f030379be115baa131934cab4d8021
- SHA512
  
  7436fe36d939a9864aa5c9a7604b281202ce51e149e4556d25030b9aea73a3b145f81bfd3cc451a3fbf522708b1ca2efc90e1b5b782b9e66c77f7c5042f439fc
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  QtQuick/Controls/Private/CalendarUtils.js
- Size
  
  5KB
- MD5
  
  8ef9d96911e8b0ae9e2562662a516405
- SHA1
  
  2e98d524fb217a7a9e2fa97ebe1eea6a2dc013a8
- SHA256
  
  71e7b220af9b62b2ebcaee5b93d435c5a33bc6848cf29f785bce082858c100ab
- SHA512
  
  d9e2f57512ed2134ecfa8eaf4b6b5128546c15b099db1480235853364edb90e6a4b63bd3620535b94aa927b8b6009772c60a75672a30375b55c0897c8d38e701
- SSDEEP
  
  96:KogUldGcQWa2gOIZIk5Dfp/zHHAH9/581tht7UgrO4WSClyx8czs9n/OIvR+:KtcGhnlgH9581t7UgXWSClyxW9/T5+
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  QtQuick/Controls/Private/ColumnMenuContent.qml
- Size
  
  9KB
- MD5
  
  7c237bff401c547dc20defd84cd178b8
- SHA1
  
  35827c05c85da283060d76f9f6531c3f418f574a
- SHA256
  
  975bbc80da2f1bd057f0febc8f4f2f4cba730875f24f1dd1ab19ab9c1424144c
- SHA512
  
  a60b8ab4c343b2f07db426f6bb2085ef2d3cd5dffdd35f6a6a7f25fcfc885b823b517fb32c841db1ace819ec245955ace286d22f5baa0fb338664be332161830
- SSDEEP
  
  192:KtcGzp/zjz+D0MUSYbV9fklFtgY0skwhmiWWJ5nU1yZcyc1TJh1fGTr:RGas7T+UACztKr
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  QtQuick/Controls/Private/ContentItem.qml
- Size
  
  4KB
- MD5
  
  b6b8f57d8db0f00aa169dceaff7496e2
- SHA1
  
  9cbfc0a49df3bf1b5d0fa4f19c085702a4730096
- SHA256
  
  eabc8322be26364621abb055c8fc60567496f03283ccb29df52282e5a9fc1cb2
- SHA512
  
  70f59759bef5c357b80d60cd0b0276a7e2168b939549b71eacc4a092ef20fa22fb957a1b248e5662d5e5324437d1f1b1aff12d734d40bf503dc672094824154f
- SSDEEP
  
  96:KogUldGcQWL9DiQOOWOaphP1+JIShNUtvme:KtcG8DIOWOQ9EeVV
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  QtQuick/Controls/Private/EditMenu.qml
- Size
  
  3KB
- MD5
  
  b48053c0e232fde426daf51151b93da9
- SHA1
  
  b981463d498e35d158630c2cf5def039f3d12621
- SHA256
  
  46b63d90ff343644506d788c6eeeb99956f55a6cbe297ddd998fc7438196b968
- SHA512
  
  6e7e9bbb3d4c5b4ac10bd188dcc9463e1a60a3617ded2db0c808a68464c63f1a63b62ebf94bfb3bac60de58c55f3d903d3ef672e95a4769ca670f597ff94ff4a
Score

1^/10
behavioral27 behavioral28
- Target
  
  QtQuick/Controls/Private/EditMenu_base.qml
- Size
  
  5KB
- MD5
  
  f65418d60c05cf3322abafc6fa1412cf
- SHA1
  
  e87102845baf8ffc20c44c9f34ca2a5da2e61735
- SHA256
  
  076e471444b7a512d0d19f39b6dc836f7a50d5049059cb26a0aeccccdef55439
- SHA512
  
  917bee82351c03538a9afc47c259ff84a3d93fc0114fe9002a62b65eb7acad1abe50713d656231b65273114bae5359c311ccc0894e0a1dc5c8824febe0f73e06
- SSDEEP
  
  96:KogUldGcQWa40S3uK3eVoqtWo+DPLrHQLhFAP06iM1p8:KtcGBbF2MWT3HADAdiM1G
Score

1^/10
behavioral29 behavioral30
- Target
  
  QtQuick/Controls/Private/FastGlow.qml
- Size
  
  9KB
- MD5
  
  aedfa8ae1834bdae1d4cf32ba070ffbf
- SHA1
  
  07c477570f131a70d1543c9e1d512b698bb05308
- SHA256
  
  545de8f164ca5f49ea73f7a08305fb12806bc7b2654fdd9b0b14c275bf743cf5
- SHA512
  
  3fe310861519da2c322f89b5d8c0b9a30f3fb52cb078506b156b9556e93b94cc89707be6cc9393d6542d51971ad8d46e9b64980f6a72738ffda168529e1d54c3
- SSDEEP
  
  192:KtcG4zlGrTY9cNJGBRNaTiN/spNYZ4N1/WbMXyJA/M:RG4xxmPcu/byB
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32