General

  • Target

    virus.zip

  • Size

    127.8MB

  • Sample

    241211-temwqatpfk

  • MD5

    0367250f843e110cb170ce9486227aba

  • SHA1

    3136aa5c200c5eda477d948eb3b1ee390084cfc6

  • SHA256

    8a19e614599148c986d418b262b9c83cf90f791e5dee17ac538e0e05eb595064

  • SHA512

    84a3b6252fee96bece3be53c56296837f9c366a8e0f31edd97a18b52c8048dd2bb81f2c6c10c210445e812447dda1d7977a3becf56c82fa5a08a05875ef1179b

  • SSDEEP

    3145728:O94ybaR4MnaJhpjTzZtffCdTXVfHPtQiPpunlQ2:O93uieaJTZ1ahXVfvtQm12

Malware Config

Targets

    • Target

      virus/FrozenPerm_CRACKED.exe

    • Size

      64.8MB

    • MD5

      26500f10c8ceeae8d462d6a3086ab5d3

    • SHA1

      5a61e0551ff00378c3d633170b67403e50a9d425

    • SHA256

      a8c756a4059a6be18b3a44802403fd388d938ab33677e1a6032d1c6c7741ac0b

    • SHA512

      b1198bd575726753782e85334a1250a1fce770cad303941048801a0ac2e70ae680076535faf0c37e19644d561b3b9cc77407c23a358872e7d1c17893eecfcf09

    • SSDEEP

      786432:BYS6GKaTYIGiYk+KjotgDqanrcHJB5hOq29p2DrhUcVqttPemFt/W:NmijZpgHJnhOdGrKYmFt/W

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      virus/Wireshark-4.4.2-x64.exe

    • Size

      83.2MB

    • MD5

      5753792c3617a96786bf3df591ffafdf

    • SHA1

      20a4304ff7153e38f07121a76a59f442b369cd42

    • SHA256

      69a7f6e94e3744422efbb83528d42dd3ee19c12e253db040c33b75453152dce2

    • SHA512

      68d3504b7c561bd9909ecf593b88fb5faf44951a50dc18dc5926241a5502201ee3a5111a2ce018871bdb0cc24f25d7c8057faf5b98e005a067a057b35d2188b3

    • SSDEEP

      1572864:JEgr3yLzlPfF5kO8l0/z75q5V9STIO1xOi3QOExUmdeiS3Gl1dN2Ohge1n+pB:JJ3WQPC7g0LOHl/LnrdNpbOB

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      d095b082b7c5ba4665d40d9c5042af6d

    • SHA1

      2220277304af105ca6c56219f56f04e894b28d27

    • SHA256

      b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

    • SHA512

      61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

    • SSDEEP

      192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    • Target

      Qt6Gui.dll

    • Size

      7.7MB

    • MD5

      dc0e346ff97220aa334af1c8a9b8d8ce

    • SHA1

      2be851c6d3821c774c83f13eaa37865c42f6ccb8

    • SHA256

      c170b7985cf33960feb2a743f29e3530dcfa6dd6b0d2947f9076aa71daedc2ba

    • SHA512

      92ff185b94251d1e82a119ff2bedc603aa52bc83b536f44a1cc599b4a803affa14cd75d452b9969123a61d18b9b311e6e764933f43fff95e4dd691fff4b6dc99

    • SSDEEP

      49152:8amaceaf9aP9uwwGgyjk/uJRChJRJgsy1vHW1wKJpo4i8uMDG5+m58yFcleGwi9F:Kwwly6hJLy1vwpoCncYsLO3Zq2ckzJZ

    Score
    1/10
    • Target

      Qt6Network.dll

    • Size

      1.3MB

    • MD5

      390f0f061d9fef60b860f8d410c3499b

    • SHA1

      d3df07e02af37f4d5c91261900013cbafe643dfb

    • SHA256

      a0212170b3b6732a5006dfe8ddafcdc476773ff6c5389520df95899c6714ec5b

    • SHA512

      70256d8a0f0165312cd1c4434b39e530c3154cf5ca756c708025ab7207122fe026ec33f9d4bb38d60ab180ca0f89d2a8c51ba45fca1ea4268a56184d2d23873e

    • SSDEEP

      24576:Vl5NRPoIzKWasEM9okn0WvvD+ffc1yR4Trs:VzkUKtsrx77U4c

    Score
    1/10
    • Target

      Qt6Svg.dll

    • Size

      355KB

    • MD5

      8cd86c9174f9ecbf3dd724b63814e7bb

    • SHA1

      bb3d449ce214117a450807d21cfdec91a7006e3c

    • SHA256

      8508a0309bbb2cb422e104bd9c6ed0b16b11dd6bb5c9277bf2efcf18745d68f5

    • SHA512

      2223049b07c67bd8b22d6c147c432280c79e5cd5e6391952cf9fcd9e3092f6b36ea98cedc5f2cc006d863489a93f101422bf07da372919a075081b6679f25dc2

    • SSDEEP

      6144:dC6FC49+ZwIK9wZrQ4uEaf4XPCfLfBAF73J10+KxBz2QSOhpSgq:lAZswZsJScCkh3q

    Score
    1/10
    • Target

      USBPcapSetup-1.5.4.0.exe

    • Size

      190KB

    • MD5

      93c9b5098b1d42c53c7bdd68fe9cd6cf

    • SHA1

      ccfb1497abed432844ad972dea65853dd0e7cba1

    • SHA256

      87a7edf9bbbcf07b5f4373d9a192a6770d2ff3add7aa1e276e82e38582ccb622

    • SHA512

      dc6b84d0784ae36941615565ff21e8634bf36e3efdaff598d470035157a2f148cd1f10031504476f821cd0ce0180c61ee9fe6a7bd0beb3721c4b1c738f61fef1

    • SSDEEP

      3072:PQZmPYFFiorvcQNpDjrc5nMDi93g6HC+0vaiFxMv6mwSARrwPKVvbygEXoHApLG6:PQLFhJXrcVMDcgoCtswShkTAoRA9

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Target

      WinSparkle.dll

    • Size

      2.3MB

    • MD5

      22b50ea2cc218122d5045e44dfc56146

    • SHA1

      5b8f505770546bdd7e0f9bf038801dcd3059632f

    • SHA256

      ec00ca430c363dc08dc937e729be7fc71f2c1b91c63a11d97cbb9c15e7b9e0b1

    • SHA512

      624ead313209ccf719902ddbe760dd4ceb301dca352a7ced1e8fb0bccde09630f98ff8c0b8179d95286f200142a9612527bdbd0c46c659938c98d86e0a302602

    • SSDEEP

      49152:yFrJVyRDJBNHBlVQNZLjOlBxj8uoGGH+63:yIflWk8uoGGHX3

    Score
    1/10
    • Target

      Wireshark.exe

    • Size

      9.6MB

    • MD5

      a6e536a1bfda8f0c8e8e5b1d79ea7845

    • SHA1

      dd92b8145a85d8c73b3aefb8f8dc9b30c924b162

    • SHA256

      0c6e98e7449f34467d0287baddee200be141828bc047cf78ced82459d7a5bf3e

    • SHA512

      37b02444f59efdea8db93ea250865ad32257bd9dc781d918be4083d5be4a4bac990b1ef9b935e0157a87a1043ee89a0ccf5827d1e8606dc5ea55fd5128a5d58e

    • SSDEEP

      196608:2n1KwIBQG4P/JAVRCjjCkjGQ5BbU5UjLwM35MzLRBG:2n1KwI7o/JUCjjCkjH5dU5lPRM

    Score
    3/10
    • Target

      brotlicommon.dll

    • Size

      145KB

    • MD5

      27a57a4f729a32cfbc022101abee7b13

    • SHA1

      b45f2d7cab21afe84a63b8622b4b15eb5e7dbd66

    • SHA256

      e01a2231218f4f86b4be7ffc59426ea4aba06933d52391e288fae1922954ee9e

    • SHA512

      9a5b9c51526032f6a4fb571d702391afe3c7efbd62978d6d07b9dad90846b14f31716eacaab68bffb83892180488466df17c974df71d2fcdd52a4ca35814e54f

    • SSDEEP

      3072:8z4lzbWhNbNL8DXGvVh73pbi0tdpvGJaoZB7PxB6wFgCC:U4AhdNorGvHdbi09GJYwFgD

    Score
    1/10
    • Target

      bz2.dll

    • Size

      84KB

    • MD5

      3843d7c9b73a51e7fd1a705f63ec1b81

    • SHA1

      e93e3dc4d5bfdabb56bba58266c5de9acdfb16fa

    • SHA256

      5fb74ab4708aa86500f50829dd486c8f0fca32d3fcffce4f254a676a487f7981

    • SHA512

      874a9b022a8686e18ec2278e1c02fcd44a110b141e7df9229b0298a0970fd4427f4a795df4c9ab81f01eecb6f9b84cbd9d09f0d293172e13961f6db6034401a3

    • SSDEEP

      1536:VEffjEkCmKvsNuVJOSi63icaDNg8kFPKdELCE8QCOVgj6:UucubGvcaJgrPKdELCXQfgO

    Score
    1/10
    • Target

      charset-1.dll

    • Size

      22KB

    • MD5

      9b8e6332650699f06ca0bc0343293479

    • SHA1

      58761e134cbbda32ce3a20c58a085826fcb70f40

    • SHA256

      ea3191e3fec618a5b7601880122a4dbe5be1315fcd3a75f95d7e60d036a9949d

    • SHA512

      defa453cafe112cc96d21d89283b8f76fa1c57e2fa2ac3cf7c6c75c2045103ec923e324433be0d2a3c4c6b679f90589421d3c57b55023e1f2375c623ad5bb2ca

    • SSDEEP

      384:n+ztciVY5LQ/pSpwKNsgxTM9KSJIVE8E9VF0Nyuisv/:+rG5LUHgx82Ei/

    Score
    1/10
    • Target

      comerr64.dll

    • Size

      26KB

    • MD5

      85bdb624ab650235defc956221c625b7

    • SHA1

      01caf52e73ebc52829fd2644a63038f8fc824615

    • SHA256

      b2d940aa1d12b8da7ae342243b7f6d7db6aa51cc7be0b891368845bc6113d1b0

    • SHA512

      67708568fc0ea9b8fd7c41f726814af6d7955e1a88e557df94b9070bb0549eaad5faf5d05f6f2e2e888eca226c36c480237be6c304133cbe1fe141cbce8e7cf2

    • SSDEEP

      384:08dzT3pxkI5fot8Gvb5H8gxLPPL78/Pf2pwKNsgxsBGSJIVE8E9VF0NyTT:LdneVx3xDU/3TgxYf2EJ

    Score
    1/10
    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      682eaada82b934090af0bcd595aad75e

    • SHA1

      e68e5e8a4b6c4989f3aa029eb695b7a1087fa684

    • SHA256

      649bae9058fa157b39565b56bd6ed9b3d5bb92cdfecac7ee50c7f2cf501d0f3f

    • SHA512

      d07db0958acd6762f47b2fcac94468aa1c1dfb0970f88ee4d0efbab2d22e52106be906108710fcb490d4b99c420e7f30e32d0c8cc96a28d994ac5efa0fc15311

    • SSDEEP

      49152:iCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRN2:ZG2QCwmHXnog/pzHAo/A2n

    Score
    1/10
    • Target

      snappy.dll

    • Size

      85KB

    • MD5

      5dad5058d82ba96c5ee6cf4e01b69b47

    • SHA1

      9b24d94e97afdea19d18353e58a85d58cadde1d2

    • SHA256

      cc5dceeb72651053f48cf40ab57eb4da715d1197571ec5fefc04ce34bd68d05a

    • SHA512

      a3de5920443c730d4156ce1cbdef712002fdb8aea7fafdb13c1dadcf220ab47f121a06fd3fb81c17deda26d264444b221ad9a56e6f868b4a2f6c42a71c644cae

    • SSDEEP

      1536:i0a/k4kDs7WSMazGK9K5Urk0iUEHohdvX7y66f+MgTF:3AEha0f+Mgp

    Score
    1/10
    • Target

      snmp/mibs/AGGREGATE-MIB

    • Size

      16KB

    • MD5

      a24562547ba795c96dec25f7b08217b7

    • SHA1

      33c7217f1f5fd3263b17aa167b49d9470b26115f

    • SHA256

      6f34f057e82fb6874cf5d93d5f0ffde765e77e706a7eb80d37ae76fd58df803f

    • SHA512

      fe2ce35a70f1fbe6c6580f95524e37a5ef00aad4c68fae209589fe43416e0587b0e463554bd93c3ef92e55435ebba39f6066a0d9186405715691b834e436451b

    • SSDEEP

      192:/qfAWLdaE4RJuH4stgGRq0XQgrDfsu29Wev/grabpsW++XUO9Go6j:/qfAWCUXgGRDgaf+8ev//VqhO0x

    Score
    1/10
    • Target

      snmp/mibs/DISMAN-EVENT-MIB

    • Size

      66KB

    • MD5

      6c7bf2eb8aef70b616ed89424e908e6f

    • SHA1

      a50ed173ee70103641a804b160a3f8da2d50e0e4

    • SHA256

      095bf95ad1000b3e97f2eb605f980c58ef1c9881e8be01047ade616b09073365

    • SHA512

      efc75599aca2a12473c2a948627cc51b48eb8e55c5595528b1fd4b19e02042f6c6a82ae5c3b8adfc881d268291b9991890d8cf1007e15ed935a019612573e6d4

    • SSDEEP

      768:U+nF3As7M/xAoiZovDouCwcmTtojoBUuo4TUy:UEVA/nD3o4TUy

    Score
    1/10
    • Target

      snmp/mibs/DISMAN-EXPRESSION-MIB

    • Size

      41KB

    • MD5

      362689166c52ae7fcea208ab537dc442

    • SHA1

      84f0489a6ce458e87c7477ce1ed56b74405a0d76

    • SHA256

      4c379e2b6acec5f523aa70c1c7b5a8d6cc5688daff06d7385f34357bcc96d751

    • SHA512

      1ff08451b45e0cd5943bae4fae5b6601fbc0cb346c0c6f11411096a5d511b5af317605cdd0baee9816af23f1ed7b5c4fbdc06c98c096ade4ba4b8405ab2297e2

    • SSDEEP

      768:IUji4lYvGXAprQOgBZD9hH4GuPqeKReUZFWHpRK+FMba12j6Pr:IL4wGXAiOgBZDz5heKhZopRK+eba12j4

    Score
    1/10
    • Target

      snmp/mibs/FRAME-RELAY-DTE-MIB

    • Size

      32KB

    • MD5

      7aa196b72b4161c6ff37dfa752e089aa

    • SHA1

      b0a1125d499c5070a4980e527adfce76da6dc169

    • SHA256

      7df9f822131b2bce72072e62b47d99a69fd7f844be295e49882e7247012fb9e4

    • SHA512

      c91799625e42eec9cf86814ce5901ce33b6ffc7e5c2f6671c81b4446484d4170f076706901fe9bef23d0dcd70c4261312f19a52d2c1f314b94ff7cb4d815b902

    • SSDEEP

      384:T8zrqLq3HFK+JCgvZw1xttp/ZwfF9fiU9qjlluf:TEkIKOCAw1xbKvlcjKf

    Score
    1/10
    • Target

      styles/qwindowsvistastyle.dll

    • Size

      138KB

    • MD5

      18960af5ccff27b730eb0d5ed49e8154

    • SHA1

      ee9e4feb82933e77e53b01ae5cdcc2b667eef32e

    • SHA256

      4a82a4e1dcc636f40bdd098e7f9456cf83dc39db64b88366c6d43f024539b35d

    • SHA512

      1070449c9125abfbb0ff993d89d84a31ecf806495015ddf768375a98d70339da70019491bc4ffcecf1f51a2c30434bdc24ca92b57574fc9a454f13c917a498b2

    • SSDEEP

      3072:acKd1HYMSZAcTrvt4www2OmPBxshbge20NMyKsbyrUmVst7sVpgkNk:acKdGCcTJpXhf20NVKsOrUmVstKgAk

    Score
    1/10
    • Target

      tls/qcertonlybackend.dll

    • Size

      95KB

    • MD5

      173417f2bc69a3df7ec7f836dc3e1c56

    • SHA1

      0be68d947013c066069402cce34be35236b88b51

    • SHA256

      2b6e3ef7e1b95f346baf553c6ee963344bd3b96982610fbcc65c18f4f020c08a

    • SHA512

      cb314e2af90ee1802bdfbd3ccbdfd5860e068f11b3f5c7fc81c15396d0f93f510693bc5256eb7cad5213fc573769ff3a82bfbc065ca19e87e07330d2da475ca2

    • SSDEEP

      1536:ElXjWRvE58Cy2DoYLaCu1V266s+MwWXFnvXx08rT9hI/TU8gYQPs:EtC25v6bKM5FnvSIhI/TU8g/E

    Score
    1/10
    • Target

      tls/qopensslbackend.dll

    • Size

      297KB

    • MD5

      4f6a0864ae9adbb765294eef8631006e

    • SHA1

      ebb05db00b970b9ae249e818cf5939114f2b316d

    • SHA256

      7b6dd591609d56b94cc6e12ebc21dec8111973836eb1e5870cbef193ab5c8179

    • SHA512

      65f890f211eeb4d02f13248eef2169e8d80e98edcca6a985f1656b80500bcf1b2d3fb42be395019358e988adbf9a2814efc4cc95f0c4f1210b5f49425fd030cf

    • SSDEEP

      3072:zuhWIJop9PbsCpoBfdWvtYt/DbxqMRMLqDZMVT8PX5bu5hJrze6N8UU28Ik+cDEE:0Obsdcvk/fxqSgqOo5KZr66xT8Iu44gI

    Score
    1/10
    • Target

      tls/qschannelbackend.dll

    • Size

      212KB

    • MD5

      1162da012abd78eb60dab47e180e5709

    • SHA1

      f1df351a0fb8e77e980cc49494011ec9f8de591e

    • SHA256

      0899209073cf2e498bd0047c8599a99fc76c0f3b16d83d78e04d96932080ad17

    • SHA512

      76f858d9efff9db5aca688ac5d200932f68d96d702f05e6cc4746a027bd949305b3a5485f9bdebb604d3fabe8900f1c4ca45b0fd77b8f5acb098489732994832

    • SSDEEP

      3072:uzULkZWS3lsIY4TuAYS8npM3TnHSdSmtebGPc39rpri0hZ1NL8sZDJxfKkgM:uYapIZM3TnHAmHrdNZDJxxgM

    Score
    1/10
    • Target

      tshark.exe

    • Size

      592KB

    • MD5

      2ea08963d7c33cfd032ac38a5106e031

    • SHA1

      9b82dc9392024da18ba7e8833063ac1fbfd85373

    • SHA256

      c711d53933f2cb330fa29fd7e3fbb2b3c7495e289d1145ac3568440ac857335d

    • SHA512

      45c80108fc25912ef192cfb83d6c0ff60b4ed97184db69deb376c6d7014f5d39cf1dcde23c3096ea3748436e3def362a1c49995826dd6791b031e53f79aa263b

    • SSDEEP

      12288:GubLQqrR8vTbWIVz421upKOlnf/jkBCiwtmBjFP9ld:hXQqrRkXzCpKOxf/jkBy0Bbd

    Score
    1/10
    • Target

      tshark.html

    • Size

      170KB

    • MD5

      b5e344abcdf0677575e8be2606dd2fc3

    • SHA1

      3d5efe0b6ccfb468ce2d0422488f26a798a64c2e

    • SHA256

      b3d26fed35b6396a88df15ebddb4d734c80f71c85ccb27ff15972c1db50ba05a

    • SHA512

      676ebebaa091f60f1c0f910878d5a2ac04c032aa416f80637d6fcc2537a48af78b1775acde4875542737178e199b25537c0927781adc0656dbb09bfbe8a8cc9c

    • SSDEEP

      1536:8qrDFUCzqjDytjei8hec3Ac6aZBGn75Lihffs+uxNQ9idHWML2eg21IIx1+hQYKE:fFnBINAPk3g1l6c5cxbEOIs8l6

    Score
    4/10
    • Target

      vc_redist.x64.exe

    • Size

      24.3MB

    • MD5

      689d09bce45c75db883db7e78b6f4e9b

    • SHA1

      ba92a00f0f55dcae85c1bbd098efe606bd080b3c

    • SHA256

      814e9da5ec5e5d6a8fa701999d1fc3baddf7f3adc528e202590e9b1cb73e4a11

    • SHA512

      4db5078fdd9eb9ce00a1b6195a67c779a1d3c719de0fbd4729adbdac2d8ca442cf4e0a31aa40d213f29617ec073f1a7e42570dcc2f931eb9534c45f1ec6de253

    • SSDEEP

      786432:moKpx5hYBug51MMlQi7PZdJXiq1+N76JupzS:Upx56Bu61FZPZdxQcUzS

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      wireshark-filter.html

    • Size

      40KB

    • MD5

      645384995a7b92472d037230ca6deba3

    • SHA1

      69749ffbf8d3944cd9dfef3676f4d6eb176ba502

    • SHA256

      6a5d0dc67590fb71dca2656bf6a3231567811dc54f25dfd1969978eb8dbba2c1

    • SHA512

      ca0f3d84be3e91a0290eedde4c3b01951eb29d3d63bc4bcbdd2d04b3b5f9d4cc0b934def66eb48ab86beba1ace4c81285d4332e16419e6c71a5b13ca2b234d4a

    • SSDEEP

      768:iTAC3SIM7p5Pqn5P5IBcNX3DJcTh7KgCndd4nJrRwgK:iTAOSIM7p5uZdOTh7Y+J9C

    Score
    4/10
    • Target

      wireshark.html

    • Size

      90KB

    • MD5

      b1b577aa72a5ce09e1f55430a5c1d5e5

    • SHA1

      3e382d61fb495972fe1c6703462fa2fcf11f85c6

    • SHA256

      f240ad9e0bc57b0a9fcea77ce3d97edba3419f796b11d30bbb9928cfaef48a94

    • SHA512

      0348479682d6d8907d161e8363ec8fbbb5b484b7befde2a1c438d3a72d6cb54fe9d55b4a4e64d557efa3946732c075eaa821164c27b0e47570fa1c65d8fce17d

    • SSDEEP

      1536:cJ3xciRYuumMQjI3ijGCMHjQgBmR1R1cqgvgx2Z+FJlw5K0erDaH/soJBZ3iEZsJ:BBzQycJ3gQK+1Rc0

    Score
    4/10
    • Target

      zlib-ng2.dll

    • Size

      141KB

    • MD5

      98a0411ccef95e43f6d0b1cf8f7fee03

    • SHA1

      7bf8ef64c53c3febc30e025594831f4946ed9f98

    • SHA256

      a8707289e20817b09d660ff6747443ba268ccb3c38ea6194710dc95a38370ffc

    • SHA512

      11b26453636042606f8baf108d33301194c6c0a7d30203b55848fff6565133e99701b879af332d40c28f51f0d90df73e36db6c5b861295a60a0a71966018c8e9

    • SSDEEP

      3072:p2+sAq1ab1FCzfmc6FTd1PHcvPa40/jmOYKfap/wgYC:p28qa/CzfmD1DPHgPa4ojmOYKfapogh

    Score
    1/10
    • Target

      zlib1.dll

    • Size

      98KB

    • MD5

      51c05bd6859085855f3d2d6ef29eb237

    • SHA1

      9765455c5c3b27c761521e0ebc961d4f8d713960

    • SHA256

      f71ff462c590a6530bbc557a1e89c22e2224024c71c80560d0a19a6bd2d84a27

    • SHA512

      3a66c86460d19745726c3e008121af8e7bd11d762365af0d494051990c6a30715cb78c6569c5f3d4b06e68b89fe467abc55b9cdab7b0674774a8905a450d2189

    • SSDEEP

      1536:abwDHM2gn1rhkWUpqk0CmJ3lz4bqIOcIOZ8dmkGn6bygdL:a8DH/g1hUpC3Kb4SZ8dmfn6bygB

    Score
    1/10
    • Target

      zstd.dll

    • Size

      651KB

    • MD5

      616226acc2772ca42a4e7dd6b3881965

    • SHA1

      0a9d6f57c3e2c65f678e41d9aab6afcfbb708652

    • SHA256

      c67bd3e7555abbd3c32f9bfa1307f47cb682f6e1045ad5da09e03c3dfa34f6bb

    • SHA512

      495305f808c554e092134f51d823f6ef22346f8f3991d6ddccb0d39efdd961bdc8faff820e6cfa8736879e19bbc4b3a478e934283bec99189643a0196ddb8eb4

    • SSDEEP

      12288:PJwehitzeWqU0Kp4RZpAoEyiFssTNVrfLzsyt2RiD:PJ/2ERZpAodi2sTNVrfLzsS2RiD

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

blankgrabber
Score
10/10

behavioral1

xmrigcollectioncredential_accessdefense_evasiondiscoveryevasionexecutionminerpersistenceprivilege_escalationspywarestealerupx
Score
10/10

behavioral2

discoveryevasionexecutionpersistence
Score
9/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

discoverypersistence
Score
8/10

behavioral9

Score
1/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

discovery
Score
4/10

behavioral27

discovery
Score
7/10

behavioral28

discovery
Score
4/10

behavioral29

discovery
Score
4/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10