d3cc5214c2a268ca00cb3a888ddb66de38f5cf770618e4bbc7ce84a8733c859c

Resubmissions

08-01-2025 19:36

250108-ybrgyszpgt 8

08-01-2025 16:43

250108-t8jq6awlaw 10

Sharing

Copy URL

Twitter E-mail

General

Target

LiquidLauncher_0.4.0_x64-setup.exe
Size

7.7MB
Sample

250108-ybrgyszpgt
MD5

3d848a03ca3bad3d3fe6e034991dacbc
SHA1

a6d799e8238177459e71e1f632ab98ebcd5209f5
SHA256

d3cc5214c2a268ca00cb3a888ddb66de38f5cf770618e4bbc7ce84a8733c859c
SHA512

460a34e48b3f4e8d6d4107365b044773db7db6afdf6bde63afa69544d2b4420df88990b0bc78fcf3105a171d405d320b92c4535cc6ce527b10900284e47e813e
SSDEEP

196608:tz2Zo+rUZ2BUI96CtHp9spuxoOlkds+/1tybxNY1ZPTI:tzuUZ2BUI9THp0uxNlkds5lNY1FI

Score

8^/10

Malware Config

Targets

- Target
  
  LiquidLauncher_0.4.0_x64-setup.exe
- Size
  
  7.7MB
- MD5
  
  3d848a03ca3bad3d3fe6e034991dacbc
- SHA1
  
  a6d799e8238177459e71e1f632ab98ebcd5209f5
- SHA256
  
  d3cc5214c2a268ca00cb3a888ddb66de38f5cf770618e4bbc7ce84a8733c859c
- SHA512
  
  460a34e48b3f4e8d6d4107365b044773db7db6afdf6bde63afa69544d2b4420df88990b0bc78fcf3105a171d405d320b92c4535cc6ce527b10900284e47e813e
- SSDEEP
  
  196608:tz2Zo+rUZ2BUI96CtHp9spuxoOlkds+/1tybxNY1ZPTI:tzuUZ2BUI9THp0uxNlkds5lNY1FI
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  d070f3275df715bf3708beff2c6c307d
- SHA1
  
  93d3725801e07303e9727c4369e19fd139e69023
- SHA256
  
  42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
- SHA512
  
  fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
- SSDEEP
  
  96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/nsis_tauri_utils.dll
- Size
  
  29KB
- MD5
  
  c5bd51b72a0de24a183585da36a160c7
- SHA1
  
  f99a50209a345185a84d34d0e5f66d04c75ff52f
- SHA256
  
  5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266
- SHA512
  
  1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc
- SSDEEP
  
  768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/
Score

3^/10

discovery
behavioral6
- Target
  
  $TEMP/MicrosoftEdgeWebview2Setup.exe
- Size
  
  1.6MB
- MD5
  
  b49d269a231bcf719d6de10f6dcf0692
- SHA1
  
  5de6eb9c7091df08529692650224d89cae8695c3
- SHA256
  
  bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e
- SHA512
  
  8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f
- SSDEEP
  
  49152:2iEx3ZsKgbBPetIhztPqpP0NxVjRLhlcoRZ:2issKgbBOIhzV3RhlcoRZ
Score

6^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral7
- Target
  
  liquidlauncher.exe
- Size
  
  19.1MB
- MD5
  
  24eacd0be82c0f92a3a6955f5072ae4d
- SHA1
  
  fcdb95b88ae026603fe31d78fec06cd49ba896b4
- SHA256
  
  4a0efca2b8bc9aef61ba50dacfd263ee2e2fbe94df730236dc1b831b1b5ad70b
- SHA512
  
  2e51dc8f01680d1ac1d2054a4ac1ebd84333ddc6a72b32adfb68267655796019cad13ca2c0d4b9cb42c2d0425b05265a3ee37f6d56173952db8824859b1036fa
- SSDEEP
  
  196608:LPodHZTm+t4A4H8TKtnFkYk50z/0pYOpqe2tOHCqvQ/M5JfN:2AftFkT50T0pNpqe20HCqY/M5J
Score

1^/10
behavioral8
- Target
  
  uninstall.exe
- Size
  
  75KB
- MD5
  
  6bc0e74cd77f4f7dbe99e8c24919abe8
- SHA1
  
  6415cd94196e1053181c78be7e3aecc0729f2234
- SHA256
  
  36d6a82f046bfa4ca72791548952278d840dcb2ed104307d55336589991b97ed
- SHA512
  
  c359a367f4e3dc81e2a07b1ef470d5d8581fc810691a6b5576021be2a30a88664cda92fa074609bbd7fd5442a7ab246efa0c3211640f77632f58bb6055b3d635
- SSDEEP
  
  1536:DmsAYBdTU9fEAIS2PEtuggdLeAyNZLMbWxDXKAGN14tR+19tTgGq8A3zO:SfY/TU9fE9PEtugceAWMbADXNGN4R+US
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral9
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  68b287f4067ba013e34a1339afdb1ea8
- SHA1
  
  45ad585b3cc8e5a6af7b68f5d8269c97992130b3
- SHA256
  
  18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
- SHA512
  
  06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
- SSDEEP
  
  48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score

3^/10

discovery
behavioral10
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral11
- Target
  
  $PLUGINSDIR/nsis_tauri_utils.dll
- Size
  
  29KB
- MD5
  
  c5bd51b72a0de24a183585da36a160c7
- SHA1
  
  f99a50209a345185a84d34d0e5f66d04c75ff52f
- SHA256
  
  5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266
- SHA512
  
  1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc
- SSDEEP
  
  768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/
Score

3^/10

discovery
behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks system information in the registry

Checks computer location settings

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12