f838f4d9756a55960101126cf89439aceec923056e98e20e88240becdace8001

Sharing

Copy URL

Twitter E-mail

General

Target

f838f4d9756a55960101126cf89439aceec923056e98e20e88240becdace8001.zip
Size

43.1MB
Sample

241121-kt5kmsvncn
MD5

b95a52e2e99e3a69c8fd552ee485526d
SHA1

0951e5b829704df6374d241386677bf1944380d2
SHA256

f838f4d9756a55960101126cf89439aceec923056e98e20e88240becdace8001
SHA512

6bc65b149a7414f55c4279b79f17ffd0f0e8bcfe0cc756aeb4165338e9b48e66f0a76ca3c8b2fccc54ac804532b998910f84bdbacecf7a8456a353491bd35566
SSDEEP

786432:egDXXuC128LqnEy1iG38+7GT5JeMPwS4MzO48mOTtwu:9DnI8LqnzhMDdJJ4StzYt2u

Score

5^/10

Malware Config

Targets

- Target
  
  Python/Launcher/py.exe
- Size
  
  748KB
- MD5
  
  79eae4fa8dd7e1ca489e59ab19b4fbed
- SHA1
  
  48eb42d40490ac4ce6c30245c631cc24718601c9
- SHA256
  
  e52553f941ceb9e715d239e7a211501ce5d6096eeeb90fb161b7bfedf6a61dab
- SHA512
  
  f8ae33f15f9fa00c7b5786119c452722edeb9fa39350e7087cd86ce732bbd0571dbe2c9b96ed813770e9401bf4bed53362659d763be66c85a68fa912dcb3c625
- SSDEEP
  
  12288:6qUR/MYcpGWYG/UB7v14t677Vut+XG1ykwM+hGxkCe8qx:6qQcXX8Bx4tSVuUXG4fM+hGYFx
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Python/Launcher/pyshellext.amd64.dll
- Size
  
  49KB
- MD5
  
  740dcc24ba59f6205de3d5c5575a19a7
- SHA1
  
  2a911e51bb2571f5792c49008a2a2103fc0ed0ad
- SHA256
  
  6a4a987548a8fa13c8678fdae921c2084a92048e6002400d5c48d695c502e0bd
- SHA512
  
  e652043da39b4fe631e428d8422b642cf3bcab0b2068befa7056cfc8c601cfa95f7c6faa552f53dc3f773834d192b3eda7f69bdb78ece6bb0cb9278779cd8d24
- SSDEEP
  
  1536:nDkRbNy163+jd/Coq/JPY7DxIsbmdMHXVMYuYJsZ56obHKG60WogRjNfuZdRzAHo:D6bM163+jd/Coq/JPY7DxIsbmdMHXVMP
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral3 behavioral4
- Target
  
  Python/Launcher/pyw.exe
- Size
  
  746KB
- MD5
  
  789952f58d76b2f41e8eadd9fae66906
- SHA1
  
  ab0324a701404a1818fd0c3e49f0706108f3c5ae
- SHA256
  
  3c92d3e88c5b9db5d0e655f72e20682b43c5e96cb939c0c7576883a10ade18fd
- SHA512
  
  fd380ff7c64576a112b994bdcb7e645c34d5d6378f1a921b2342ad7a00f57d7e8c485bba03c20a6e7b143493e83df7ea0cc31b31c763571ba7f0268d660d391a
- SSDEEP
  
  12288:8uLMY5QIJhZz7O/UB7v14t677Vut+XG1ykwM+hGxwtCo:87Y5QSbz7O8Bx4tSVuUXG4fM+hGKd
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Python/Python312/DLLs/_asyncio.pyd
- Size
  
  69KB
- MD5
  
  28d2a0405be6de3d168f28109030130c
- SHA1
  
  7151eccbd204b7503f34088a279d654cfe2260c9
- SHA256
  
  2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d
- SHA512
  
  b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0
- SSDEEP
  
  1536:l7YaUr1ArXgA0dfKC0TIL1nOBC3QHVIjOn+7SyZx7:l7YaU1Arp0NKC0TIL1nKyYVIjOn+p
Score

1^/10
behavioral7 behavioral8
- Target
  
  Python/Python312/DLLs/_bz2.pyd
- Size
  
  83KB
- MD5
  
  223fd6748cae86e8c2d5618085c768ac
- SHA1
  
  dcb589f2265728fe97156814cbe6ff3303cd05d3
- SHA256
  
  f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
- SHA512
  
  9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6
- SSDEEP
  
  1536:Va1z78QpNWk5qkCFM7Q4SPogYzR8WkiHH9IjCVz7SyqxJ:Va1zg5kWFqQ4Xz+Wkq9IjCVze
Score

1^/10
behavioral10 behavioral9
- Target
  
  Python/Python312/DLLs/_ctypes.pyd
- Size
  
  122KB
- MD5
  
  bbd5533fc875a4a075097a7c6aba865e
- SHA1
  
  ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00
- SHA256
  
  be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570
- SHA512
  
  23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e
- SSDEEP
  
  3072:pmHf1MbO+o9/RZYMf/E2ZzKIyPFzqprhIjLPs6U:0uO+4/nLf/ET9qprGU
Score

1^/10
behavioral11 behavioral12
- Target
  
  Python/Python312/DLLs/_ctypes_test.pyd
- Size
  
  36KB
- MD5
  
  de7f1806f2b9154850c69a7d91131f44
- SHA1
  
  8b1d3657742b455a67b10520742dbafab57548b6
- SHA256
  
  f24a4a747d4384af7d7716cef4de8b161f905fee65d473828d66e97adc7a92c4
- SHA512
  
  2904ec99ccfcabf2154a113ab5bb3bb42611f05f8cdcc3dddfa037390b188aca4d27b2efdc23844547f26683fc71caf7300164931e43056422e8ecf4f3066607
- SSDEEP
  
  768:ams9jj7Wnm+noj3TzntIj6k35YiSyvQmSAMxkEbt9L:2H7Gm+4TzntIj6kp7Syvwx99L
Score

1^/10
behavioral13 behavioral14
- Target
  
  Python/Python312/DLLs/_decimal.pyd
- Size
  
  245KB
- MD5
  
  3055edf761508190b576e9bf904003aa
- SHA1
  
  f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
- SHA256
  
  e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
- SHA512
  
  87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248
- SSDEEP
  
  6144:1pR/rTVB5s99Rvft6yrsIzepnbux9qWM53pLW1Ad+ppp39PPPF8Sstvt:djLyvftDFzZUTK8SUvt
Score

1^/10
behavioral15 behavioral16
- Target
  
  Python/Python312/DLLs/_elementtree.pyd
- Size
  
  130KB
- MD5
  
  b479ed301e990690a30fc855e6b45f94
- SHA1
  
  177b508a602c5662350dae853b5e9db1475908a7
- SHA256
  
  0c488e6883a70cd54a71a9e28796f87ef6cc0d288260a965cbb24bf1d7309a20
- SHA512
  
  d410355bfe39a7666e7297d3654b0b8dd3919d4ae3bbf7d258acdf76276ecc3ba3718f09ba708e3103d367ea6d352e98b6de265e3746b973b421e0a68b8d37a8
- SSDEEP
  
  3072:2Yk2EZO7RNInHHgsyjub0ld2GugSdWp7dbbhqz632CwV2EtIj6fWm:2n8InHH9db0ldxYopphLGCwVVh
Score

1^/10
behavioral17 behavioral18
- Target
  
  Python/Python312/DLLs/_hashlib.pyd
- Size
  
  64KB
- MD5
  
  eedb6d834d96a3dffffb1f65b5f7e5be
- SHA1
  
  ed6735cfdd0d1ec21c7568a9923eb377e54b308d
- SHA256
  
  79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
- SHA512
  
  527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad
- SSDEEP
  
  1536:6PSs3+S7z1FBV8HEmFRqeVIjOIf7Sy0xs:7szBVWEm/fVIjOIft
Score

1^/10
behavioral19 behavioral20
- Target
  
  Python/Python312/DLLs/_lzma.pyd
- Size
  
  156KB
- MD5
  
  05e8b2c429aff98b3ae6adc842fb56a3
- SHA1
  
  834ddbced68db4fe17c283ab63b2faa2e4163824
- SHA256
  
  a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
- SHA512
  
  badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3
- SSDEEP
  
  3072:EwpwQ7a8+OsGqtCXJznfF9mNo+pxAbm19IjZ1Tv:EwpV7a8FdNYO+pmC1i
Score

1^/10
behavioral21 behavioral22
- Target
  
  Python/Python312/DLLs/_msi.pyd
- Size
  
  43KB
- MD5
  
  88d20e77e718ff62ce5f01bc6cbceb88
- SHA1
  
  8fe2a1feed9a7d16dc61e7ded17f16080e43393f
- SHA256
  
  003f06b975e311a9725dbd53b199d42dff25df7f8b3ab93bb1af56c321865fe0
- SHA512
  
  133dfbb4936caaa3da63ec515ce7431dbd3aaf81c405e86ee4ffda23b6526287f71e5db8914152110e1f8557b408497013905be0b200baa7cea3f1e5359d623a
- SSDEEP
  
  768:pbOF2BJ/zpEZ0mQuJKfPxoUAIZdeoLuM3mdYV9V50R+ya9IjCGhy5YiSyv49AMx/:FtdhRuJKfpmGV9V50RY9IjCGhw7SyOx/
Score

1^/10
behavioral23 behavioral24
- Target
  
  Python/Python312/DLLs/_multiprocessing.pyd
- Size
  
  34KB
- MD5
  
  a4281e383ef82c482c8bda50504be04a
- SHA1
  
  4945a2998f9c9f8ce1c078395ffbedb29c715d5d
- SHA256
  
  467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c
- SHA512
  
  661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683
- SSDEEP
  
  768:eovdQkOU3QzbxQ0zTdFIjWtJ5YiSyv3ORAMxkEW:3lNynxQ0zTdFIjWtX7Sy25xS
Score

1^/10
behavioral25 behavioral26
- Target
  
  Python/Python312/DLLs/_overlapped.pyd
- Size
  
  54KB
- MD5
  
  ba368245d104b1e016d45e96a54dd9ce
- SHA1
  
  b79ef0eb9557a0c7fa78b11997de0bb057ab0c52
- SHA256
  
  67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615
- SHA512
  
  429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b
- SSDEEP
  
  768:uQhEhW1pnYGdvTn9gwxevWdmS5oZdCzZIjXtn5YiSyv3AMxkEDJ:JKhmnT9gwxeMuZdqZIjXt57SyfxR
Score

1^/10
behavioral27 behavioral28
- Target
  
  Python/Python312/DLLs/_queue.pyd
- Size
  
  31KB
- MD5
  
  6e0cb85dc94e351474d7625f63e49b22
- SHA1
  
  66737402f76862eb2278e822b94e0d12dcb063c5
- SHA256
  
  3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b
- SHA512
  
  1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a
- SSDEEP
  
  768:DJ2Y6rwM5MoOhIjQUl5YiSyvwSAMxkEBo:DmwDoOhIjQUr7Syrxm
Score

1^/10
behavioral29 behavioral30
- Target
  
  Python/Python312/DLLs/_sqlite3.pyd
- Size
  
  121KB
- MD5
  
  29464d52ba96bb11dbdccbb7d1e067b4
- SHA1
  
  d6a288e68f54fb3f3b38769f271bf885fd30cbf6
- SHA256
  
  3e96cd9e8abbea5c6b11ee91301d147f3e416ac6c22eb53123eaeae51592d2fe
- SHA512
  
  3191980cdf4ab34e0d53ba18e609804c312348da5b79b7242366b9e3be7299564bc1ec08f549598041d434c9c5d27684349eff0eaa45f8fa66a02dd02f97862b
- SSDEEP
  
  3072:FjIi9Hn059jiS4QzmCO4w5ybxNfgyjU8URVIjOQuU:HHfQz5C5udgZ8URo
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32