General
-
Target
MEGAsyncSetup64.exe
-
Size
57.1MB
-
Sample
241121-xk25davmcw
-
MD5
2ebe2facc9c972b002e7822ad75af42d
-
SHA1
f3890f80e88e574d92f12a40e486430c3ae37546
-
SHA256
493340b6a7247b62c120c17cebec7b9d6027ab56ec4abf809257068311bad309
-
SHA512
be028a4c97d0d9d9012a0cd7e8e81c907d6be18d5efb2ba80c6f252c146b4e651ca139c19db5a566275cf31ce9392ab59c488f8bb2d40367239e6ff75b1f7fa8
-
SSDEEP
1572864:z4qhlwRYRsHRM7htx8sgVVtAK8AjMJsXk:z4qURHKVtx8sgVDnAJsXk
Malware Config
Targets
-
-
Target
MEGAsyncSetup64.exe
-
Size
57.1MB
-
MD5
2ebe2facc9c972b002e7822ad75af42d
-
SHA1
f3890f80e88e574d92f12a40e486430c3ae37546
-
SHA256
493340b6a7247b62c120c17cebec7b9d6027ab56ec4abf809257068311bad309
-
SHA512
be028a4c97d0d9d9012a0cd7e8e81c907d6be18d5efb2ba80c6f252c146b4e651ca139c19db5a566275cf31ce9392ab59c488f8bb2d40367239e6ff75b1f7fa8
-
SSDEEP
1572864:z4qhlwRYRsHRM7htx8sgVVtAK8AjMJsXk:z4qURHKVtx8sgVDnAJsXk
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
MEGAsync.exe
-
Size
73.4MB
-
MD5
6336015b6d228b6c96acf2399529b1b0
-
SHA1
99a7633366b448e47dd5efaa78a24db611d541c4
-
SHA256
06223d2aa372208b8fab2c5d70651f29b90d6bc18e83b9e3225e97367dc0acc2
-
SHA512
ab46bb40bb0088da45fe22df72cff8c3f7c0a03ae561a22a700aedc6aa1e4657bb8bfc92acf267461185f77e4e19096e91554ed274ebe282ecd0013805bf239b
-
SSDEEP
786432:4U9PW1PztyRdnVtztBpTaf1lW03V+cAPzP9gmX3dYc2uzPBWO:4YNFVt1TafX3VMKcdYcVWO
Score3/10 -
-
-
Target
MEGAupdater.exe
-
Size
1.7MB
-
MD5
cdb3b6f0fda76ef4cc6dc5cc90d940cc
-
SHA1
0bece9e5ee7733622d237cefc446f408ce4faa18
-
SHA256
73563430fe3ff13304aa0fc3deb82ab604838fee54d908dc70b8fb7bb50a06ba
-
SHA512
c4dba1c6b60aff5704f5c51555a062f36357b9e07984325fe04b138caaf73e440a8b16e3665fd8fbbfa7289d79658c0b459a7b84e64bf77ad0b9134f102cd750
-
SSDEEP
24576:yWEu00AngkmuQrbIpfVXkqsFdOWP2Ax6h0ld+bJCY:/Ed0AngkzQrbIQpdOWP2Dh0lU
Score1/10 -
-
-
Target
Qt/labs/folderlistmodel/qmlfolderlistmodelplugin.dll
-
Size
69KB
-
MD5
5229121d4a865ba56f8ef00bfa3bc098
-
SHA1
0132db5a479c7ddf646e42876e7a8987f8f12ed0
-
SHA256
cc35ec89de306345494ea2ccf25abbb773f2f48f1f73d3b48c5bf0028a873d0c
-
SHA512
8d9e232705ef7336184cea719164377ef05af65b720f503a220aad70d52dacf5bd05967ed3a8c2aa8a709e4b6245ddbea29c0eeaf6579eb7200cd7e21efa608d
-
SSDEEP
1536:gxM6fK/COs3DhU1ijgj3HzaeZf8HU1HssIrx:9/03D+zaeZfiU1tIN
Score1/10 -
-
-
Target
Qt/labs/settings/qmlsettingsplugin.dll
-
Size
48KB
-
MD5
9203e37f4b872626e4c7f776d5cd6dc3
-
SHA1
356d09879a7c28d3960ba14f4d084dace8681d52
-
SHA256
7c57274570229154fd80f3b09a206b83b81064dea0cffeb8e0babac4d36010f5
-
SHA512
61cdd739fcc934b30d444f4ebcfc9d3bf932aa5b9d079dbad0af1d6700000595f10cdacf804a429e2a052fd2993b8695bc679a9669d54d89349eeb2060a7f82f
-
SSDEEP
768:E0Wp/mLJx0IBHBHzJqj7UVYnHzE9yUGDjr2EHs99KFKcMk1+:ETBmLMIJBcvUVCwgUGDH1HsPIrx+
Score1/10 -
-
-
Target
Qt5Core.dll
-
Size
5.9MB
-
MD5
098ce46c30d002ab3da80cac926f0f9b
-
SHA1
73619954fb819de2a165af43384853e5c2aa1a0e
-
SHA256
0b0b656375c4118fe98666fe8c66cdc52530d1e10470ce22e27ad4286e10203c
-
SHA512
6e56464bba99f44c211b71f8a33f8384e5ef774d0ca57ad81c065ad094217a2701c3e9ef6c7877982c4c5860356cd6a109e7648e52c109acf0fc6b1dac9cfabe
-
SSDEEP
98304:DJYIFXulDdqffn/daJsv6tWKFdu9CUi8Cxqf8fHezd:DJYIFXcDdqffQJsv6tWKFdu9CU4xqfL
Score1/10 -
-
-
Target
Qt5Gui.dll
-
Size
6.5MB
-
MD5
752176a7c9f3596c5c4b5f9b574b7e50
-
SHA1
5b64c4ee3c052b654a54b336e8bf82a1f9287106
-
SHA256
2e91185c4e596fb0b3dff17fed22792d447f96f50ff045c9ffb2bdcf669eeee7
-
SHA512
c05b2c999121321d4de6b1190e41961153153d4a1e050bf1035db932004a4c1a782530b2b13af730ceed546314d9be3d90d51b827c4ea0119b430c132852dd6b
-
SSDEEP
49152:3Oim4ZYPrxcRpwSkVzhCgB4sDk93IPnTjAM14v47Fpyoc033G+zrvlNuyah259A1:Bm4pACQr80/3jahiK/VMKqgM0kbopr
Score1/10 -
-
-
Target
Qt5Network.dll
-
Size
1.2MB
-
MD5
b4acf75809acaf64168561f8d9b61a58
-
SHA1
d7ece8b6b9448bf886014f228f6c3c2577be6000
-
SHA256
cb3701d4dc1010b0a89c7ce06f1cdc2febc484b570ab35897836bfdc94099aee
-
SHA512
1f75e5a420e986ac52c469f0e39d4bbbdd9e0103796b285823257b3c1f5d9ee90d4965f0bfc036dabf01e8b1ce4865df7338a66e7a7aa094f43ef2bc89646fe3
-
SSDEEP
24576:mnfZi5GWtlkUJXMD4muWb1FhdQZD72SE2bx0/QVpBO:IiEWtqURMD4jWb5MQW0/QRO
Score1/10 -
-
-
Target
Qt5Qml.dll
-
Size
3.5MB
-
MD5
cbfe1d3a423995e5c9ea6976926f942d
-
SHA1
aa7cc75267b75dd4cf00a15ef474b72092613de3
-
SHA256
e5b8e16a5bdca2d79b1ad24255e9468b4456e2fcb2f03705b02b46ae41c02cbb
-
SHA512
909e5d1394fe4c2fa4f489c4a1dd0aff6fe719a7b00be7395a5dfb955374b37a37f537d69b18761554234320160e8c6b498404476af7351f427a14c3377f1e3a
-
SSDEEP
98304:h4SNtf96lpC3L8A7mq+NrSdSG779LLLS/o/L4YqoY0Xba+mRRyQUVJ:h48tf918A7mkL
Score1/10 -
-
-
Target
Qt5QmlModels.dll
-
Size
437KB
-
MD5
ff3d09d70f17e94785f1cf8fc0385895
-
SHA1
68aab8f756a45b08c32d0403808d7206d10541c9
-
SHA256
20716ca6f57aa338b64b8c76778ff608aa6a0448faadc426ddaa716204bf99ac
-
SHA512
7bb3418019bba111d63e34093735c2c21f5c9e7197d74d75124dcc9984931d9c9d232f763cadd6cdf8c87007f2cccdd29aece68cadbe9e7fc476ba52bad1350f
-
SSDEEP
6144:ueyNFRATgJut1rrc7YcgdGEZvWT+46zaHnP+YXy4gYfF:ueyNFRAgut1rrc7YvdGIWT+tzcUU
Score1/10 -
-
-
Target
Qt5QmlWorkerScript.dll
-
Size
61KB
-
MD5
4d99bb4afbd65fc09134e2605ceb99be
-
SHA1
df5352df102acc9027156f80708cee7ffc24e544
-
SHA256
13a2585fbdc62ba1df6b4f64a77d98c8bb6fde019ba9cb67f41ffe0536c99e2b
-
SHA512
ba09066972506aba45e55d5b3e2004387a7b4a89e99092220fe38c0caf655cb9c05885ec9d9db0a32cbed38ade61a3a7f26a5175e246dbc3d48f40a72bd6e955
-
SSDEEP
768:Di4LxgRoJPl9DzF1/Dy50lRw63APEwbwvyMWFERnr2EHszvKFKcMks:Di4iMPlFyIRf3APEseyMWar1Hs7Irg
Score1/10 -
-
-
Target
Qt5Quick.dll
-
Size
4.0MB
-
MD5
09f026122af189d2f24c0a4afa9d33f3
-
SHA1
f07e7863ad77e7eaec0dafcb8cfd477fed8cd8b5
-
SHA256
0ec9d0fe37e17c604fff67646629f728513d2bd5ce2feef3870e4d0c1719c1c4
-
SHA512
0626efaca8c86e34b5860db9293ef5a3519b28a91a9dbeef2d5dda374bfcf4f096cd68fcb36da13bef11491a95fe8fcf49a00bc65ba40d5acc71445414d61be4
-
SSDEEP
49152:a1St7oR7ZfQkcBU4O/Y1cdmciybmS+qrPxZJAWK83Mn5DCmZNffQqU6kf8:a1coRWkpYlyb9zhKu9mbQF6kf8
Score1/10 -
-
-
Target
Qt5QuickControls2.dll
-
Size
175KB
-
MD5
d348e53aad60d14b43a89f60fda35bfe
-
SHA1
4545989f9178567ea4b79b380aa64cfd65ae5d4e
-
SHA256
dc056d1a8a6a89225b6c8a6dbeff7adfd6d5dfab6b8c4fd879f1df5008285405
-
SHA512
c6c380531233d7dd44580f239d8945ac298da5e1e6931274b168e0e84af4d45d08bf0c938d817886a5ef3177188203c533bf258ead9e03b5c0befa684877b22c
-
SSDEEP
3072:NJRjQE3P5L3OdBg5RgMzekGG4gzENQHd1fIf:NJRjQE3xzOTgsW4wENQ9m
Score1/10 -
-
-
Target
Qt5QuickTemplates2.dll
-
Size
1.1MB
-
MD5
ecec0e6e8a52278c07f84ace9f8ace9e
-
SHA1
c025943f89c42fcadfc1d796b528b4a0b70dff1a
-
SHA256
1b340b883df7d11cf6a8e8274b5d7f22c7ee7884e33f6d11e99238bc734c2fc3
-
SHA512
7c2fddf9ff6302e20d48d1a025d5dd27246ca07eebc97830af14cb7e0231f62a803f227f8e6504925cbf052fe95d956a7a6b903e9db72f74468884d8faf9f975
-
SSDEEP
24576:IijC0N2i2+P8P2Zf8QJ7zyz4dgEmERa4nAHhRLg5:4UQygEbghRA
Score1/10 -
-
-
Target
Qt5Svg.dll
-
Size
331KB
-
MD5
a2368bffaacd4f99dbeb828b78c20bc1
-
SHA1
33511e80f5e918bcb1df41e9011613e356d929d5
-
SHA256
cb344b0fa25f8e1b4057e1848c45266bc69f1dab9c5ecd71ecd5d5bc38ddef93
-
SHA512
be56834f3ea660cd220f7143b246c46d631104fc836fa606a3cdcf78e79a66fbf36a01cc45d830afec299fac7d515d7ff78836acf94b67f2761006dc96eb6f00
-
SSDEEP
6144:fznt6nKOHBm+RyXyRTlL0hq+S3p/oGr9YpV/T:bnAaXyRy
Score1/10 -
-
-
Target
Qt5Widgets.dll
-
Size
5.3MB
-
MD5
7413e00bfa048e1c8c99e8a45a771092
-
SHA1
5f59a856e1f678778f09f35b87f02bedbdada03d
-
SHA256
e28758fe46c69b462b0505aa339a6870865bacd121f14ecec04be0d8c9156210
-
SHA512
bf6dabe960f67a6d18f95b93dc839aeaafe8c38994dcb859e4729f77001a3109a694bf1e1d06c04982bcc0f5b7b88131b23b86f49642d66bd895ee8101aae86e
-
SSDEEP
49152:REeDF4qZrQShJQpr/dgJoLIIIagZKuvIOxvxUHWzR+Ve93unCV9Vzshqy1jMuRfY:F5n7uLI1xSAVbshqy1jMuR74iKjrtTzJ
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1