fafbe4af1366a18fb15be35afa7db39ded10c6a5188c290ffe794e0ae1aed05e

Sharing

Copy URL

Twitter E-mail

General

Target

virus.zip
Size

22.3MB
Sample

241125-gqjl8aykak
MD5

507d9ee335e77df6f3324096c52c242b
SHA1

4137e40492668b0f0b837484590c0714d3bc83a9
SHA256

fafbe4af1366a18fb15be35afa7db39ded10c6a5188c290ffe794e0ae1aed05e
SHA512

ddaeeb8f24c7d3221c67a447b5756c625f77f359f4a638f9a43d56abe051e3bd68d9af44e1ac40f871f75117ce542fd014e7dcbeb5298fa59b1c188b6f016caf
SSDEEP

393216:mclI7ub4i1TgEg96a+njJpzwcjIU0TJpfVCtjvxsixXiISDyrnjSKlfCcO2GJakz:mT7ubv1T6wJpRIU0TJhVKjvJQR8jdlfg

Score

6^/10

discovery execution

Malware Config

Targets

- Target
  
  Data/Updater.exe
- Size
  
  414KB
- MD5
  
  a341d9bfaae6a784cb9e2ea49c183fb4
- SHA1
  
  d061c12dffa6a725f649dae49c99f157e93bb175
- SHA256
  
  52416bb8275988aa5145be6359b6c6a92e3c20817544682c2c1978b50ff2052c
- SHA512
  
  9dff4ba2abf889c9f9e71da1f91abdde1742a542b53e8c289e011113e1bcb86d4b1aaf5e7aadf97aa5ed36ab50227295e27ce700d30524f7198fd8f3928c36a2
- SSDEEP
  
  3072:bebeJQsqiaJnFdHfQoB9bls1YxRz5QZ1y+ymaQfA30KQBhYJXv4M4Mz07ROZH1pH:jh+nf4+tG/vyohq4M4M4gl7T
Score

1^/10
behavioral1
- Target
  
  Data/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  b37cc24fcfdcca9dead17a498e66db9c
- SHA1
  
  c959ab27ce476dcb0c7312c30c613fe3307bb877
- SHA256
  
  9f5b1ad41183ba50896eb09be917b1382980224e212a97080d33c0bf3dee40dd
- SHA512
  
  e62e1b985939688aa2eb920f5cfa50377934a8256d7aaa8a1def705de1d47e5cd15515d043622553bbe512469f5c2ed05a7bdedd4f5d17e99109274f9bffe95c
- SSDEEP
  
  49152:+CZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRNZ:tG2QCwmHjnog/pzHAo/Ay
Score

1^/10
behavioral2
- Target
  
  Data/devtools_resources.pak
- Size
  
  5.9MB
- MD5
  
  731a70d555b49a74607efa43d407948f
- SHA1
  
  01b9d0cf34eab6d171a819c0a6a694b8b499702e
- SHA256
  
  94b15729530fcf90d11156d38ffd0152ace21182ee44e63c51dc5e2af25345d2
- SHA512
  
  4d8eb837ba3ff475f42d72df0375ca4cc0ca18b4e3702ff39e910d67686afb81234c457c61bdd36c8927ff73695bb19017423cda2787242273e0baa398ddabb0
- SSDEEP
  
  49152:sLFPZAKkA/koZdvvVqdkTZdvvVqwkF/yWzmJUTvU8ZaTG2os1y3JkkaXSqDJMuXR:WLwW
Score

3^/10

execution
behavioral3
- Target
  
  Data/en-US/PowerShellExecutionPolicy.adml
- Size
  
  8KB
- MD5
  
  6e1645beeb36b67e2486df156ad73713
- SHA1
  
  96bf04c94854cba227b3e3518a5bf6eeeeffca64
- SHA256
  
  1963de8a3d77000a3dcf16b751132920f2f8ed0274905285c914469d1597f11d
- SHA512
  
  5a6d2daee84146d94a7d93640c92b14792c759d1e778c25ba3ca3b892628b87848ec414ec6db709f6912b3e38397c608a343d719af8b26169022fadbcf35db79
- SSDEEP
  
  96:wB3f/vzRzuppcRzhl5tWSLh2xwqmHfc9Ka7yOUpJD4mUQfStlm8hOE9m7pqHXSp3:ozRzu0P+uIxrmpn8mgtlm8B9mgc3
Score

3^/10

discovery
behavioral4
- Target
  
  Data/en-US/Shell-CommandPrompt-RegEditTools.adml
- Size
  
  5KB
- MD5
  
  3925d35054ab425a8f3690c2fa33bdfc
- SHA1
  
  a2dfc384b4f8351b40b9406a94adefb1b85f9c7b
- SHA256
  
  bec7cf7ec0cdfd01bb8677c20c887988a642742f136c0437d49a67f218087842
- SHA512
  
  ae7cabbe1c4e7618e787f9d3bdb621cb32e99f5802114a20bcf6ada2e7b52f7ee12556e8023b38142ff42ea580624dab40d988b23aee4bb4bb9e2a8905b175d1
- SSDEEP
  
  96:LeD5pmrH1U680U30fNS57tc/Ja80+fgT9lsc/osa80+fVxV:EYU6xU3RtckQ0zscCQVT
Score

3^/10

discovery
behavioral5
- Target
  
  Data/ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  449bf7a46490fa07881d969b6d52c0f1
- SHA1
  
  e520a8318e867c7840e6deadef36abcdf2894417
- SHA256
  
  5883d041c5f5020ac4b66314d5f89cb6331db3c4ec1c912f72b3ebb9aa8c41e2
- SHA512
  
  eabaa33b037ba9f1ee874c534d85ad281985e85e1dd2c115a2693f56381a9a596f22b16938916fd34804a3d490cd0ac53a2969c5f73a923b163c5474fea91b91
- SSDEEP
  
  49152:ImBYJtMTl/GuTvOCnCaYXWRTDF8fLen6yfZ0rO43PSGgt2:9OC9YXeTDFWD5PZ
Score

1^/10
behavioral6
- Target
  
  Data/icudtl.dat
- Size
  
  10.2MB
- MD5
  
  74bded81ce10a426df54da39cfa132ff
- SHA1
  
  eb26bcc7d24be42bd8cfbded53bd62d605989bbf
- SHA256
  
  7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9
- SHA512
  
  bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a
- SSDEEP
  
  196608:WgPBhORiuQwCliXUxbblHa93Whli6Z26wO+:W8wkDliXUxbblHa93Whli6ZUF
Score

3^/10
behavioral7
- Target
  
  Data/v8_context_snapshot.bin
- Size
  
  599KB
- MD5
  
  753be41d649d31812067ec2b85c10f0e
- SHA1
  
  769531cc83b6d5dd9abfecfa4c2d0c4128bf42f2
- SHA256
  
  169fc7f80834acf1d59b62c2adbe6d1ad477cf2564ee84150dfffd36caa1ca33
- SHA512
  
  86d76228fd82b09529d15d35b9bd45f7e0ea7328ea984ff9e0414a05746b7853ddb2ac8537a1d46b59f4a13f471120c3a428df28fb51fc9facc51c5f9ef6d497
- SSDEEP
  
  6144:ti2Cr/XgXBS/YKiMpN5zzivVsTRlWxYZbAIf+jL/k5nnPo7p1KFqUg/J6:tZCr/BzOvrYs1KgJ6
Score

3^/10
behavioral8
- Target
  
  NAudio.dll
- Size
  
  507KB
- MD5
  
  65839a5c28a0dee380c4eba54e2d941f
- SHA1
  
  ac609ea7f86fe533820b801cfe40b22f8a7a3f1b
- SHA256
  
  c7a4c035d89716b027f69c2cc98eaf5c44fb15b08c2ea162d793466356a35a2a
- SHA512
  
  e6853ff5d10d11b5333f0697dcb660a042ebeae12eebc84427d0b9f896cf100258e7e6d18f531aae700c0f476f91f11da0272e7809728df68da80ee560136aeb
- SSDEEP
  
  12288:rnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6CU:78lrT+r5ADakP4i9gsc
Score

1^/10
behavioral9
- Target
  
  QtCore4.dll
- Size
  
  2.5MB
- MD5
  
  17d26d22913c19d7a93f7f6af7ec5d95
- SHA1
  
  0bbc1e108af53990e4b9f2c34cbf7efbe442bc92
- SHA256
  
  e18684e62b3c076b91a776b71539a8b7640932055ae0831b73ad5fee7c5dd4e7
- SHA512
  
  fb2a4288be915d7e62e6dcd1a4425a77c5da69cc58daa7f175b921fd017cddb07f0d76c9016eb40475dead5dc7984b32b988ad6f5c5d14813b5a9e2867eb629a
- SSDEEP
  
  49152:5TFgiFpGXOENKRgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07M:5+iDaljxJsv6tWKFdu9CZgfn
Score

3^/10

discovery
behavioral10
- Target
  
  QtGui4.dll
- Size
  
  8.2MB
- MD5
  
  831ba3a8c9d9916bdf82e07a3e8338cc
- SHA1
  
  6c89fd258937427d14d5042736fdfccd0049f042
- SHA256
  
  d2c8c8b6cc783e4c00a5ef3365457d776dfc1205a346b676915e39d434f5a52d
- SHA512
  
  beda57851e0e3781ece1d0ee53a3f86c52ba99cb045943227b6c8fc1848a452269f2768bf4c661e27ddfbe436df82cfd1de54706d814f81797a13fefec4602c5
- SSDEEP
  
  98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
Score

3^/10

discovery
behavioral11
- Target
  
  QtNetwork4.dll
- Size
  
  1.0MB
- MD5
  
  8a2e025fd3ddd56c8e4f63416e46e2ec
- SHA1
  
  5f58feb11e84aa41d5548f5a30fc758221e9dd64
- SHA256
  
  52ae07d1d6a467283055a3512d655b6a43a42767024e57279784701206d97003
- SHA512
  
  8e3a449163e775dc000e9674bca81ffabc7fecd9278da5a40659620cfc9cc07f50cc29341e74176fe10717b2a12ea3d5148d1ffc906bc809b1cd5c8c59de7ba1
- SSDEEP
  
  12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
Score

3^/10

discovery
behavioral12
- Target
  
  QtXml4.dll
- Size
  
  348KB
- MD5
  
  e9a9411d6f4c71095c996a406c56129d
- SHA1
  
  80b6eefc488a1bf983919b440a83d3c02f0319dd
- SHA256
  
  c9b2a31bfe75d1b25efcc44e1df773ab62d6d5c85ec5d0bc2dfe64129f8eab5e
- SHA512
  
  93bb3dd16de56e8bed5ac8da125681391c4e22f4941c538819ad4849913041f2e9bb807eb5570ee13da167cfecd7a08d16ad133c244eb6d25f596073626ce8a2
- SSDEEP
  
  6144:6gdDO1NTI8ew+Rh9CY8gjvXQ0AObEL9gqIL:6gda1FI8V+f9FFzA1IL
Score

3^/10

discovery
behavioral13
- Target
  
  RcClientBase.dll
- Size
  
  29KB
- MD5
  
  f0739e1db958fde4dc6bab9d75865191
- SHA1
  
  fedadbf79b594995e6c44108d6b25cdbbf05eb65
- SHA256
  
  27faac58c4edc8fb147c9947fc9567afd2f785b11252c2963788fd0f64f7ca42
- SHA512
  
  adbf2a0b42c6043ee5c984c02fcc8815b143117fa2ee0286b048f9e90d695f74f0129240e1de36dea2915f1e3d31359953095e6e5497337d01f0004d443aad10
- SSDEEP
  
  384:37VPSe+T3KkTRIjjzi3WbR1zQnSyGUvXU7Ex3dVOSRZYNyb8E9VF6IYinAM+oaua:37VPSFTamMRbzCfzZQEpYinAMxJH4
Score

3^/10

discovery
behavioral14
- Target
  
  Resource.ct
- Size
  
  3.0MB
- MD5
  
  cf83372ce8462708f58817b1560e7006
- SHA1
  
  6484fdc351661e0ec40ff6d8ef2d9c1df2b05f1a
- SHA256
  
  37a5a53b7d95439b05b5e4f394de8b931a500f6df97aaf1a82cb8a66c11478f2
- SHA512
  
  d4d24cfe4819343a98d2c83f62b456e922ff88215015d6a76d230d4034b68afbef45e3fad2b92b6d2dbfc2772b65c0bb91545b61bd0231c8a75c03a4146352d6
- SSDEEP
  
  49152:KQ96YdG5LJ3Z3k0jbdHMsChIiv1o/spNM:FqBkMGsCJe
Score

1^/10
behavioral15
- Target
  
  Set-up.exe
- Size
  
  6.2MB
- MD5
  
  11c8962675b6d535c018a63be0821e4c
- SHA1
  
  a150fa871e10919a1d626ffe37b1a400142f452b
- SHA256
  
  421e36788bfcb4433178c657d49aa711446b3a783f7697a4d7d402a503c1f273
- SHA512
  
  3973c23fc652e82f2415ff81f2756b55e46c6807cc4a8c37e5e31009cec45ab47c5d4228c03b5e3a972cacd6547cf0d3273965f263b1b2d608af89f5be6e459a
- SSDEEP
  
  98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X
Score

6^/10

discovery
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral16
- Target
  
  StarBurn.dll
- Size
  
  654KB
- MD5
  
  f75225db13e3b86477dc8658c63f9b99
- SHA1
  
  6ffd5596fd69e161b788001abab195cc609476cf
- SHA256
  
  4286cf3c1ed10b8d6e2794ab4ed1cfcded0ea40d6794016ce926cd9b547c6a00
- SHA512
  
  07dee210de39e9f303bb72558c4b2aeb5de597638f0a5bfdcbe8f8badfb46a45f7a1518726d543f18682214668d22586299159e2c3947a9285990867bc457327
- SSDEEP
  
  12288:1/gzbnbASodCXNn5FJX5KrN9VmoBBDFDn8j:FRSoSn5FJX5KZ9VmoDKj
Score

3^/10

discovery
behavioral17
- Target
  
  UpdateClient.dll
- Size
  
  64KB
- MD5
  
  760f24f0150a6e8dc15ac793c3172387
- SHA1
  
  920d5aafb4b460efc37b99564bd281e63c7eb647
- SHA256
  
  e113f8593244c1bb5bcc73fef0f93303c783714162cbd9ef93ddff5709c037ce
- SHA512
  
  e5251075164f9cdb154b0b5bf7b775c9720b0744d004b68ce6501a980342f45398505bc26f7cca982bd23a03609b3c78510a5778a93041e7614e17b369a7209f
- SSDEEP
  
  1536:DyvHa8En7WFlzobIrmKD8owRaggg5TIcO3YDmj7Hx4:DyvHa8EnKFqKD8aK0jj6
Score

3^/10

discovery
behavioral18
- Target
  
  UpdateCommon.dll
- Size
  
  143KB
- MD5
  
  985f25c1d3144f37f046bc8f3e2b0c83
- SHA1
  
  c0b551c51317891d8220ab5a634c15acf8223e88
- SHA256
  
  3f71fa4c64376e85486b22de926f61c3e3cde3de6c1d484e041f265534ccd623
- SHA512
  
  b0db2c878948922243cc80ab015a954b11c5e08fce7dbe767722bc5082b150f277690acf9da1c657837e7a66059cafa7ba76c3695bba51b44467979f5a9c053b
- SSDEEP
  
  3072:8zWwFkpFMOKq9hC3ZWU+Oq1hZ+fVztxQ0rzc0to734o:s/zq9huqrZ+dbQIz1o
Score

3^/10

discovery
behavioral19
- Target
  
  msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10

discovery
behavioral20
- Target
  
  msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10

discovery
behavioral21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21