General
-
Target
cb7820a243e6d944c6a97d267397d6d1060ae05b439ee0a97af14edc7033e398.zip
-
Size
17.8MB
-
Sample
241220-d6fzgsyjhs
-
MD5
695c13c40f32b2ce7e1510568bf5f12d
-
SHA1
27f01df2955167f13788eba91a9a463e411934e5
-
SHA256
cb7820a243e6d944c6a97d267397d6d1060ae05b439ee0a97af14edc7033e398
-
SHA512
f811d73857b38def636def1d66347f0b9380b1c45a3d63b36aeddfcce652d2c45109e4b05896dc3a98dc2ef9a7d623fc1d68ce67fd7666b198db55c38c29f0b7
-
SSDEEP
393216:649ON9Vu2cWPAP8t4gK2JOfqSkg52aKLAJaTjV3IMyNn4iUkgqK:6CQAUtO2ZXggkJCV4fNUkxK
Malware Config
Targets
-
-
Target
1028/VisualStudioSetup.exe
-
Size
4.2MB
-
MD5
ff57882794bc0ba7e6c71fe3a6d98ba4
-
SHA1
924d4dd44765f0711140a90d498f3bc9c4e6344d
-
SHA256
d448c1792d67d14755dcfab8922e6f5a4d1caf4ff9b66545e85181c03b8d1f39
-
SHA512
1daee073d8b677c705228684cc0cedcccad9621877b5a062f0de65900ec521ac03cc4e8b496f26d475c1eac730f3bccf97499d4d8633bf97b4a89493b0b6b08d
-
SSDEEP
98304:pEbiEkJL7F31bTfXC6K17PJ5fSq7U6+1HUTNU8zsQok4+HrB:QkJtFHfW5PJ5Z7U6eUTNDdnLB
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
1028/VsGraphicsResources.dll
-
Size
69KB
-
MD5
2f18a046861c6485eec47d8d371ed23b
-
SHA1
a95f8c4cfaf44bf94eff1310d26e24f04d392af5
-
SHA256
7e4c0df81c7bdacfc2c16cb9c422b53708263f26a52c2fdb50ad081c1999d098
-
SHA512
5b3be82e5f87e8081c0b6d22886f48393ed89bee4c22de68c8fdd05c658ad0d85bda0bff47c8da9b3561e43a8719970f9fac4aa9db2ddc0190dddbeff0749950
-
SSDEEP
1536:WgtHttMWXZiodBHMtMWCZDHXtMWXZRr3tgH2tMWCZsCHBtFwTFok8zAAHrtC/wWr:rtHttMWXZiodBHMtMWCZDHXtMWXZRr3r
Score1/10 -
-
-
Target
1028/vsjitdebuggerui.dll
-
Size
17KB
-
MD5
fe984b20c6a55a473737d7bbf13b17bb
-
SHA1
f550c7736a2bb430eb5443cd103ca0a2b0d7a0f2
-
SHA256
b4651774a6f331e1173b0ed99c33f76e965a22dc37c65d001d3edfda68c934ca
-
SHA512
afe5639602e8eb6b24f3951d509abe2e3b3d0829162ad029b72beba95cced297a11ac8abb49746f2d694fe7aad72b0478962b3fdf948ea2137954ddbbe42363a
-
SSDEEP
384:Yf8uLaJxgUdDIdW0HWxa2HRN7sDX+iR9zhvhS:Y0xVdmmaisDuO9znS
Score1/10 -
-
-
Target
1028/winrar-x64-701.exe
-
Size
3.8MB
-
MD5
46c17c999744470b689331f41eab7df1
-
SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c
-
SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
-
SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
-
SSDEEP
98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB
Score5/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
1029/VsGraphicsResources.dll
-
Size
76KB
-
MD5
21e1f742d6994f55496617cd1d920bb1
-
SHA1
696e9c5722c4ae98080113e57ba628d0bc8835a6
-
SHA256
18df371ddd62edfb5673335d07abc1328196e879cfc6da5c7b206c8fcb32df40
-
SHA512
ad7316b216430aa490d2ba7693a3b770864b8366c25e5a2d6e26abc50863d48e93dab73ac984f12da655994c5f0df794f37de5c72a0a7bc73fca9609b601ec63
-
SSDEEP
1536:+GtHttMWXZiodBHMtMWCZDHXtMWXZRr3tgH2tMWCZsCHBtFwTFok8zAAHrtC/wWH:9tHttMWXZiodBHMtMWCZDHXtMWXZRr3H
Score1/10 -
-
-
Target
1029/vsjitdebuggerui.dll
-
Size
22KB
-
MD5
52686a7f3f8ba74a55b22526b04b33d9
-
SHA1
a09a84ad2fb7a292512cb736f59f7e1c954cae53
-
SHA256
96ad07d99bac884f3b0785a610c17763b98a453a13ebe42d173bafc99a31788d
-
SHA512
49b88ac87249d603caa685865b60f68411ae20c8e1e8af28295a55058cbafef1319a8ffb6cb1613447754d0786a840918424249641696e3887a8b1e3265c1bfa
-
SSDEEP
384:cfTIUwRhxcN8ym8/BRsVH/z/gWT5GWHHWH2HRN72O26R9zfbpT:csUBRs8iE29zTB
Score1/10 -
-
-
Target
1031/VsGraphicsResources.dll
-
Size
77KB
-
MD5
674bd1433ef0ba4a04a06caff8bfdf60
-
SHA1
b848c90c97b73008d5ac79b351720447841021a7
-
SHA256
1c12face5f64c3dad901ca217d01bfb78d4848a8814c28e6fc6fffdf8918c43b
-
SHA512
905cd59d2ee080048cd13d4dcda6fd9a8d284243a9072bfd928bc2a7242c9d737e9bbb9bc75d92a82796c9dea457f0ba5c49a6e6b7daa34d49b197172abe4605
-
SSDEEP
1536:stVtHttMWXZiodBHMtMWCZDHXtMWXZRr3tgH2tMWCZsCHBtFwTFok8zAAHrtC/wX:aVtHttMWXZiodBHMtMWCZDHXtMWXZRru
Score1/10 -
-
-
Target
1031/vsjitdebuggerui.dll
-
Size
23KB
-
MD5
71a11d260818026665a4556d8da8de94
-
SHA1
324d4f20d9c1d6e766b1732454eff15d56a3799c
-
SHA256
73fe30aa4e92a0bf775a4c626cf9ebaba7e2b0990c2abc752ceabe0da6d7a6d9
-
SHA512
15b0cea38a932b1b91485290c1b34e327c4a9b6d138b9328eec1cea9ad02284e114ffa229adc083f6b003612affc4c27dc7568a2a0fe93804a3cb3f27e3c89fb
-
SSDEEP
384:SfdY7FAfrl0noLfWT9HWNsLBiHRN7GqqDX+iR9zhVtV:SlYBAfr6noL2KyBeMDuO9zn
Score1/10 -
-
-
Target
1033/VsGraphicsResources.dll
-
Size
75KB
-
MD5
8a740cc574ae700a00fafb219e28843a
-
SHA1
a8fd2c6f0f97c23b9d5c9fc4591509326065d622
-
SHA256
83921a480aae49ee825310ccce571e070edf36d69996c66571aaf26cb0761549
-
SHA512
5dc2ae8691791d078bbf84f65c8e6b634860cef07000ebcd203942a035838194130e8da51df445e49816faffeb5f48763766faf29919d991957e14d4f73d027b
-
SSDEEP
1536:vKjktHttMWXZiodBHMtMWCZDHXtMWXZRr3tgH2tMWCZsCHBtFwTFok8zAAHrtC/L:yAtHttMWXZiodBHMtMWCZDHXtMWXZRrt
Score1/10 -
-
-
Target
1033/vsjitdebuggerui.dll
-
Size
22KB
-
MD5
95e9c1a150f5f455c1ec50209962462a
-
SHA1
1907f8c3de0921524753832419d819533684f3e7
-
SHA256
7fa1fa0f8d705428bfe0c7ccb2429017dad9ddac29c915cb738a0b336043403e
-
SHA512
6059ed04a4b8996b559e7ae88de9f6b0a6012d9e3f650be87db41f18dc8ec14062955e4047453176357bafe0d7a248c171d384a83f98daed57d9560b069ddd0a
-
SSDEEP
384:iTkW4HWt0yqIiCQcpxSv/RjIZdL2HRN74V49R9z+p:iiyxusdLi4V69zW
Score1/10 -
-
-
Target
1036/VsGraphicsResources.dll
-
Size
78KB
-
MD5
411dcb16fb23334b9e40dea2914b91b9
-
SHA1
8b93d561865caa401bbd83d26183992357f97fbc
-
SHA256
d9ad33f56be7ca15619286e064731a0fb758ec86ab0e62cf8b28aa27c2580942
-
SHA512
059414183bd05a10877bcc5ab0871543dee3576cdf51c5125d5c016cf83911acbf4ecc52bf6cfe5718082e2dff29b9b9b4429299762ab86fae44ddba465cc6c6
-
SSDEEP
1536:oKwtHttMWXZiodBHMtMWCZDHXtMWXZRr3tgH2tMWCZsCHBtFwTFok8zAAHrtC/ww:9wtHttMWXZiodBHMtMWCZDHXtMWXZRrB
Score1/10 -
-
-
Target
1036/vsjitdebuggerui.dll
-
Size
23KB
-
MD5
3a28ee3fb421dae0439860c3d174b374
-
SHA1
1c1374f25ca89fd47ed77712443729df5c6ca7b6
-
SHA256
dd25a49f8be69e8a94fab3378b2f86639f62c2e99006ffbabf52b6f102cc1b87
-
SHA512
783bcffcef1ff5168b02a941e809efab3cbf68da13f34765c06d47679840810dda5c58af5c61a3c870cd34b5ec8359cfb065dde5b1ce0cc21d1b1fe7b8fd9d78
-
SSDEEP
384:WfgGXng5zwI/oo2PyHlwosCHdQkQJgBWvHWKNsLBiHRN72qe/6fR9zOYs:WhglMkgXyBeH9zs
Score1/10 -
-
-
Target
1040/VsGraphicsResources.dll
-
Size
77KB
-
MD5
468acdb2489f415a3842d7eab0a2efc0
-
SHA1
6a3d7a8953bbfe0c2dd4b5d5af13e27236edf756
-
SHA256
91478798b6fcc14c7bd17d4459b5aafd1f57de4c41cb6162a61e32a9e30fbec0
-
SHA512
4fe57bd30009547237fcdab6c9384ef31cd73834c399371bc9f1c3ab974cd180f13e66233e4a258e5921ddeca9efe9b4f2a652c67577e07da94579e7e58faa35
-
SSDEEP
1536:2VtHttMWXZiodBHMtMWCZDHXtMWXZRr3tgH2tMWCZsCHBtFwTFok8zAAHrtC/wWK:2tHttMWXZiodBHMtMWCZDHXtMWXZRr3K
Score1/10 -
-
-
Target
1040/vsjitdebuggerui.dll
-
Size
22KB
-
MD5
83fd2727029e376c317260befea33fa7
-
SHA1
99759b1c590e3047262f72ff266f6711af8a78de
-
SHA256
2a02682e2c255113c3fa161a6ace768fcef9e5f52b42fb6da4ddd7afb5dd6d61
-
SHA512
4109bc8998c74d08384c30d2f8c799fe0859d128a480156907f8b15d750ba6bce9ff0d525221a677089d792ef1b24e33c4174a7753a1ccfcaf23b1a13df5d39f
-
SSDEEP
384:gfNscODLpArRCkqgdk4WzHWUsLBiHRN7GA/6fR9zOYLa2:gg99ryBeu9zla2
Score1/10 -
-
-
Target
1041/VsGraphicsResources.dll
-
Size
71KB
-
MD5
f454ee9b6d37ea4373ec7c63a0a159c6
-
SHA1
6615a513901f20d553d71c9f7bd8defe3cdc9b48
-
SHA256
3147ccc05f7bb43a9d6e7b7b3abcac50fffb1139cb0205800c40119068e8934e
-
SHA512
71555363ddb6ee590f1dcd583f9f9907ccad300a780a13155ef2aecf98d2f28fa498b897d326a1998a085cbc26e0d37e2c5a2d8a8c60b6ab34ec8b3921d16229
-
SSDEEP
1536:1ntHttMWXZiodBHMtMWCZDHXtMWXZRr3tgH2tMWCZsCHBtFwTFok8zAAHrtC/wWK:JtHttMWXZiodBHMtMWCZDHXtMWXZRr3K
Score1/10 -
-
-
Target
1041/vsjitdebuggerui.dll
-
Size
19KB
-
MD5
86904908700a82a05d7dad5101a1ebf2
-
SHA1
ee7a6831ebcfe315dc1431a5b7ab09c3394de53f
-
SHA256
0228dfe5b27a89443e8a8e1efd3d4b8dd918b439239817e2ba5a68dff52e85e7
-
SHA512
636e60103865bf09301ec8f3a852e4cde6d663572b85fa6eec4752e3f370c52585d1314f1f76eba2751f68b0d0f356c9cbca690de7a8c5510293fd7c1b123681
-
SSDEEP
384:Qf+nQq7q+XvUgymWLHWr2HRN7Q6S49R9z+zA:QW8+XvUZ4ik69z
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1