General

  • Target

    app-0.89.2.zip

  • Size

    13.8MB

  • Sample

    241209-hp8qdsvqek

  • MD5

    31aadde146578aca7978753077095efa

  • SHA1

    91440dab7c232b4ee87912e24d4fb39276b374b0

  • SHA256

    d865eb22b01c9efa2d3d48f2df807fbd89783cfc06e7377635415c97be1f021e

  • SHA512

    342170ff72c03e5b7820104c099a17608993a979afd5ee35c4f33c13d9c5b6d18e483ee8fed171925f7ef092cebd6dde141bfd25fe9b85fe408eee72c0122530

  • SSDEEP

    196608:j9ltbMUcjY1xMfOvb0wnbo7ebSDRoLyU9hglEdnid9zP4ua7R6G9yP/Z3VuB:1bMUuY1OEJnboDDROeF9zba99ynZEB

Score
10/10

Malware Config

Targets

    • Target

      app-0.89.2/app-0.89.2/libcurl.dll

    • Size

      556KB

    • MD5

      6b2548cc404f3dd55634efa291fa98d0

    • SHA1

      a076a60d99d70fd8aa7664a2534445a502febe27

    • SHA256

      7ae384b8695d7a9c2b6640927cb6ac592229aef9ebeeb80b91d556777c6dfb5d

    • SHA512

      14068e9e7d5f7e4494ffa75d369068234cdb050286d3356298e0387cf13d7681c0d68b57b6b299958c86ee3ae1dc3e54adc4c376e7b869d7d76fc2e91ed95009

    • SSDEEP

      12288:MoLVDsDp3Sx8rKASzlbMZO/IR+nyu20jlTov3+:35DEsxl6O/IRUT6

    Score
    1/10
    • Target

      app-0.89.2/app-0.89.2/svrcderll.exe

    • Size

      2.2MB

    • MD5

      6cf29dbf1fa710cccf6ba1c4c01f6b85

    • SHA1

      a1debdb076c8c655e3d78c6ae82f1beba386a2ba

    • SHA256

      f85ce4492e1354f8310027c5f70ef73aae654fcd8fd9a58034e4f82a41a9826b

    • SHA512

      ebcc6599c33a80bb3e5c627a5f861fc9742d8558c4551544109288f80155885791a3f701af1aa7a4513cc5d121b77678a4cd46ca38a7bdd3cf7288e58e01f4f5

    • SSDEEP

      24576:GmKWcYmmUMlLklbOEyeeQaSpRnO9xGboTOLFI78hqT3tiBco21c6D5mHK+iwu7:Gm/mmUiLklb6e+YMDGaAhIt5o2WqmFXM

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Deletes itself

    • Target

      app-0.89.2/app-0.89.2/zlibwapi.dll

    • Size

      324KB

    • MD5

      b75a201484fe177e6460c08a1f2be3ca

    • SHA1

      44eedc44deb82c77e82483dadd0575915b47a4b7

    • SHA256

      fdd525739c5f4d55d3a65271c3389b34c79c236342ccedf31b34c539acea08d0

    • SHA512

      f922f1c5fc876a2fcc1c14d8c1665d2172dbd5fbea53e964e0229f07da449fbea72c9509a532f37c48dd1faec2df4271561191bfb9aa62495104f5828c69b07f

    • SSDEEP

      6144:Jizgh97llCQHIJvLxR7ChPcFDuv2KXONh8pgMwuNFR/i:Ji8h9iQHKvjOhkFDuGHHMrNzi

    Score
    1/10
    • Target

      app-0.89.2/svrcderll.exe

    • Size

      586KB

    • MD5

      f6f6ff4e9b359bc005a25fadb3a0aa61

    • SHA1

      831fe06ce2015e2d66467d04f2d46ec3e96524d3

    • SHA256

      6eb2a5f8ba7b7e2438a9608b7a2d5eefa1f8b66aaf7060c208678e47c3565324

    • SHA512

      db29271f28a3bff4bd3f4073b522c662f70865cc1067e0de2c11ef284d8d88fe9ca165485da6fe52372bf3db33764f195853b883d8fdab1b502e960b0915da14

    • SSDEEP

      6144:xc2XFRJ3DNuzAOS9FOU6CNmKQEiispigdlDAlZVl49q7r+:7FvYzU9QU6CNmKsPtdsXl49qX+

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks