bcbb5a20fd1d042bc9c062225759b61cdee744c3a3fae37d1243fe3181fa4808 | Triage

Sharing

General

Target

bcbb5a20fd1d042bc9c062225759b61cdee744c3a3fae37d1243fe3181fa4808
Size

7.6MB
Sample

241121-nc6yxswlhn
MD5

147b519194b63a7473068ace7e56ecb7
SHA1

9983f5c295e3c7b4b39de48b3d948fae06868174
SHA256

bcbb5a20fd1d042bc9c062225759b61cdee744c3a3fae37d1243fe3181fa4808
SHA512

2d3e392ce022a7c8f66d1e19a342181026747a2a86863b8ea5a95e9cdc9612c0c3357b1fe064fb989f5e1a8b9751b701615fe69c5421aa2da7ff6bd4c8b206e0
SSDEEP

196608:4NT9hiEaRXFtlGkwT7gYIXMMM7R8+cch8Q7hyzjusAwDimow:4N1HfT7gYJ7JcsDtyzjsmd

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  Portable_去廣告_C.Psiphon3.184 20241119/App/Psiphon/psiphon3.exe
- Size
  
  7.5MB
- MD5
  
  b9e940d2f686e99c543563fb13959bfd
- SHA1
  
  611d16bc48c5c96c197c19aa19b35f809eafeb48
- SHA256
  
  73620b4018769384f42a46c0b180a6662c90a7a943920a65f8dbe213a65cd809
- SHA512
  
  7c34f24c87f290747b8e520f2c327c8f2f39cb42532615911ce8f9395ec7cc5e9750d3e6c380b77c6c1a6b5127a655548129e0f088f07c428872ea826f157ba7
- SSDEEP
  
  196608:UNBBw8Y3n5tPCaKFtaiIHoMK7nw+SERsQfH4zfEMMol:UvlVFtain7DSazP4zf
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Portable_去廣告_C.Psiphon3.184 20241119/App/Psiphon/version.dll
- Size
  
  9KB
- MD5
  
  f914b2a70ca7e92acf60b631011996b1
- SHA1
  
  cf94de13faade5da312aef875adc44a9b1fb3c3a
- SHA256
  
  6a646bbf2de020edd636c9140726c9f843174be8199de5568cb3ae10ff71cee3
- SHA512
  
  75d83ff6008ab0b645537c8fba67d38c11ab2adb282d067b5a32d85e1d532a67016d6a145432b3c5faa935fe3b0a8aa4955649bea3ccc9ddf4db0d233575f41f
- SSDEEP
  
  192:Zbw+BKv4xIY6JPnWbBmKmckVPxIiTOPX79t+:Zb7IYUqRmckVPxIiTOT9t
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Portable_去廣告_C.Psiphon3.184 20241119/PsiphonPortable.exe
- Size
  
  142KB
- MD5
  
  49bf9dca0c8eaff957f62f0f3cef0ba5
- SHA1
  
  c15ad261cf8e2e33fe36c9b69abfdc29bac3d19d
- SHA256
  
  cc7c4aca06452689cd8be37ab8ba2285f6b977ffa7473812713190bf3f2996d4
- SHA512
  
  ce352f7c82aee9a464d4f452ecafebeaeb7db87bfe5f8818a7e2354fe66208dbdf69c2fbdef197d41fbfeacdb7238b1447c188f24ad6ab03d86f3882ca4b2d64
- SSDEEP
  
  3072:YqeqOYEUXPnDSwPK4u1I0KzpFKFpcVDxCtODy:jEUXP7u1WpF/Dy
Score

7^/10

discovery upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/MoreInfo.dll
- Size
  
  7KB
- MD5
  
  bd393029cc49b415b6c9aeb8a4936516
- SHA1
  
  c67fd92fffd18941bed41bfd6ac4f3b04fd123df
- SHA256
  
  227a4fc9408a44faa5eca608a974bd536814f97b8a4d28b4cac479727167b026
- SHA512
  
  3bb8e5cf4bea7e8adaa62196e58fff9031f49fd4efa78e5bd3e4b9c4e9ba1523864567521793053595d90abec719761a5964ff3abe04b93b24d52e5ffa4c1f96
- SSDEEP
  
  96:LEjAlUFPxXJugoImuaKbkBSEPTpsxKaVQ4Ad:gjAiFPxXJugoImJKQk8yxKaVVe
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  13KB
- MD5
  
  a88baad3461d2e9928a15753b1d93fd7
- SHA1
  
  bb826e35264968bbc3b981d8430ac55df1e6d4a6
- SHA256
  
  c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af
- SHA512
  
  5edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a
- SSDEEP
  
  192:qP6KdXy+Yo7e1J8qC25a5mDFmCLGUCVGpU6uNck87I0S/TDqwyTq+:q/q3Pgd5mx6VkEck87ILCTN
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/execDos.dll
- Size
  
  5KB
- MD5
  
  0deb397ca1e716bb7b15e1754e52b2ac
- SHA1
  
  fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
- SHA256
  
  720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
- SHA512
  
  507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
- SSDEEP
  
  96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  55a723e125afbc9b3a41d46f41749068
- SHA1
  
  01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
- SHA256
  
  0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
- SHA512
  
  559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c
- SSDEEP
  
  96:/VV0Rwtvrm2nQujIvP9dir3UniV/zRzVR3rN3k8Jd18tsPcaqhx:/VV0KtC2yH9d83BzVR53kEQFaq
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/newtextreplace.dll
- Size
  
  11KB
- MD5
  
  b5358341df2cb171876a5f201e31a834
- SHA1
  
  df34750ea5504274be5ff8ddd306b49e302d04f9
- SHA256
  
  156b9b583399faf13c4d46b89339fb0f7f38dc847ac2d7872178d8e3998b9734
- SHA512
  
  821dc42e24fa2d44a1d4d16b26c3da2688dac0fa44a266e38da2aff706c91440d83a87abc74131930e6c38a44a0c5e627db2d045375fde147e0edd3276f4b014
- SSDEEP
  
  192:GGhRfigbU26niqo9m+9k15AA1NrW0QfaDx3nxNLr6s+:GIwgSnhv/IaDx3n6X
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  132e6153717a7f9710dcea4536f364cd
- SHA1
  
  e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
- SHA256
  
  d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
- SHA512
  
  9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1
- SSDEEP
  
  96:M/SspqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LP39sQvM:M/QUG7lhvov36S5FcUjliSEI5LuQ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  29KB
- MD5
  
  2880bf3bbbc8dcaeb4367df8a30f01a8
- SHA1
  
  cb5c65eae4ae923514a67c95ada2d33b0c3f2118
- SHA256
  
  acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973
- SHA512
  
  ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3
- SSDEEP
  
  768:HsKZwhFkGOr0Ga4+8DFFHR4mmw5+64fuKwX13:HLKmGOr0Ga4+8DFFHRrmw5+m
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22