Overview

overview

10

Static

static

3

LiquidLaun...up.exe

windows11-21h2-x64

10

$PLUGINSDI...nu.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$TEMP/Micr...up.exe

windows11-21h2-x64

6

liquidlauncher.exe

windows11-21h2-x64

6

uninstall.exe

windows11-21h2-x64

7

$PLUGINSDI...LL.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

Resubmissions

08-01-2025 19:36

250108-ybrgyszpgt 8

08-01-2025 16:43

250108-t8jq6awlaw 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LiquidLauncher_0.4.0_x64-setup.exe

  • Size

    7.7MB

  • Sample

    250108-t8jq6awlaw

  • MD5

    3d848a03ca3bad3d3fe6e034991dacbc

  • SHA1

    a6d799e8238177459e71e1f632ab98ebcd5209f5

  • SHA256

    d3cc5214c2a268ca00cb3a888ddb66de38f5cf770618e4bbc7ce84a8733c859c

  • SHA512

    460a34e48b3f4e8d6d4107365b044773db7db6afdf6bde63afa69544d2b4420df88990b0bc78fcf3105a171d405d320b92c4535cc6ce527b10900284e47e813e

  • SSDEEP

    196608:tz2Zo+rUZ2BUI96CtHp9spuxoOlkds+/1tybxNY1ZPTI:tzuUZ2BUI9THp0uxNlkds5lNY1FI

Score
10/10
adwarediscoverypersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      LiquidLauncher_0.4.0_x64-setup.exe

    • Size

      7.7MB

    • MD5

      3d848a03ca3bad3d3fe6e034991dacbc

    • SHA1

      a6d799e8238177459e71e1f632ab98ebcd5209f5

    • SHA256

      d3cc5214c2a268ca00cb3a888ddb66de38f5cf770618e4bbc7ce84a8733c859c

    • SHA512

      460a34e48b3f4e8d6d4107365b044773db7db6afdf6bde63afa69544d2b4420df88990b0bc78fcf3105a171d405d320b92c4535cc6ce527b10900284e47e813e

    • SSDEEP

      196608:tz2Zo+rUZ2BUI96CtHp9spuxoOlkds+/1tybxNY1ZPTI:tzuUZ2BUI9THp0uxNlkds5lNY1FI

    Score
    10/10
    discovery

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral1

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      d070f3275df715bf3708beff2c6c307d

    • SHA1

      93d3725801e07303e9727c4369e19fd139e69023

    • SHA256

      42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

    • SHA512

      fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

    • SSDEEP

      96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI

    Score
    3/10
    discovery
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral3

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    discovery
    behavioral4

    • Target

      $PLUGINSDIR/nsis_tauri_utils.dll

    • Size

      29KB

    • MD5

      c5bd51b72a0de24a183585da36a160c7

    • SHA1

      f99a50209a345185a84d34d0e5f66d04c75ff52f

    • SHA256

      5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266

    • SHA512

      1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc

    • SSDEEP

      768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/

    Score
    3/10
    discovery
    behavioral5

    • Target

      $TEMP/MicrosoftEdgeWebview2Setup.exe

    • Size

      1.6MB

    • MD5

      b49d269a231bcf719d6de10f6dcf0692

    • SHA1

      5de6eb9c7091df08529692650224d89cae8695c3

    • SHA256

      bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e

    • SHA512

      8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f

    • SSDEEP

      49152:2iEx3ZsKgbBPetIhztPqpP0NxVjRLhlcoRZ:2issKgbBOIhzV3RhlcoRZ

    Score
    6/10
    adwarediscoverypersistenceprivilege_escalationstealer

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral6

    • Target

      liquidlauncher.exe

    • Size

      19.1MB

    • MD5

      24eacd0be82c0f92a3a6955f5072ae4d

    • SHA1

      fcdb95b88ae026603fe31d78fec06cd49ba896b4

    • SHA256

      4a0efca2b8bc9aef61ba50dacfd263ee2e2fbe94df730236dc1b831b1b5ad70b

    • SHA512

      2e51dc8f01680d1ac1d2054a4ac1ebd84333ddc6a72b32adfb68267655796019cad13ca2c0d4b9cb42c2d0425b05265a3ee37f6d56173952db8824859b1036fa

    • SSDEEP

      196608:LPodHZTm+t4A4H8TKtnFkYk50z/0pYOpqe2tOHCqvQ/M5JfN:2AftFkT50T0pNpqe20HCqY/M5J

    Score
    6/10
    discovery

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral7

    • Target

      uninstall.exe

    • Size

      75KB

    • MD5

      6bc0e74cd77f4f7dbe99e8c24919abe8

    • SHA1

      6415cd94196e1053181c78be7e3aecc0729f2234

    • SHA256

      36d6a82f046bfa4ca72791548952278d840dcb2ed104307d55336589991b97ed

    • SHA512

      c359a367f4e3dc81e2a07b1ef470d5d8581fc810691a6b5576021be2a30a88664cda92fa074609bbd7fd5442a7ab246efa0c3211640f77632f58bb6055b3d635

    • SSDEEP

      1536:DmsAYBdTU9fEAIS2PEtuggdLeAyNZLMbWxDXKAGN14tR+19tTgGq8A3zO:SfY/TU9fE9PEtugceAWMbADXNGN4R+US

    Score
    7/10
    discovery

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral8

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      68b287f4067ba013e34a1339afdb1ea8

    • SHA1

      45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    • SHA256

      18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    • SHA512

      06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    • SSDEEP

      48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L

    Score
    3/10
    discovery
    behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral10

    • Target

      $PLUGINSDIR/nsis_tauri_utils.dll

    • Size

      29KB

    • MD5

      c5bd51b72a0de24a183585da36a160c7

    • SHA1

      f99a50209a345185a84d34d0e5f66d04c75ff52f

    • SHA256

      5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266

    • SHA512

      1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc

    • SSDEEP

      768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/

    Score
    3/10
    discovery
    behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Browser Extensions

1
T1176

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Network Share Discovery

1
T1135

Query Registry

5
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks