a9cca6ba81cbc7cf1d06774fde889d9f6ad094ce7c89d7217f22afa7c54efbc3

Sharing

Copy URL

Twitter E-mail

General

Target

a9cca6ba81cbc7cf1d06774fde889d9f6ad094ce7c89d7217f22afa7c54efbc3
Size

9.4MB
Sample

250111-ldxqjavkdw
MD5

ea47eb1d70913e5a1825d4f4617ae697
SHA1

98dbf3791c5199cfee9a88cc2f34b24e4fbeae5f
SHA256

a9cca6ba81cbc7cf1d06774fde889d9f6ad094ce7c89d7217f22afa7c54efbc3
SHA512

3b79a7536df417e292371a0461ba5416c2fc2e8732949421ca89db400c4893e5670ef51f17c009b867ce98f81640fee9ebc3014bb222cceb6b2b9c3e62af7542
SSDEEP

196608:nPwTcPiGDknPxB+HEvd/s9A7X4xD04x82Ieok+zmx3:nPdPiGM/d/+A0Rnx9+ix3

Score

8^/10

Malware Config

Targets

- Target
  
  a9cca6ba81cbc7cf1d06774fde889d9f6ad094ce7c89d7217f22afa7c54efbc3
- Size
  
  9.4MB
- MD5
  
  ea47eb1d70913e5a1825d4f4617ae697
- SHA1
  
  98dbf3791c5199cfee9a88cc2f34b24e4fbeae5f
- SHA256
  
  a9cca6ba81cbc7cf1d06774fde889d9f6ad094ce7c89d7217f22afa7c54efbc3
- SHA512
  
  3b79a7536df417e292371a0461ba5416c2fc2e8732949421ca89db400c4893e5670ef51f17c009b867ce98f81640fee9ebc3014bb222cceb6b2b9c3e62af7542
- SSDEEP
  
  196608:nPwTcPiGDknPxB+HEvd/s9A7X4xD04x82Ieok+zmx3:nPdPiGM/d/+A0Rnx9+ix3
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  d070f3275df715bf3708beff2c6c307d
- SHA1
  
  93d3725801e07303e9727c4369e19fd139e69023
- SHA256
  
  42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
- SHA512
  
  fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
- SSDEEP
  
  96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsis_tauri_utils.dll
- Size
  
  29KB
- MD5
  
  c5bd51b72a0de24a183585da36a160c7
- SHA1
  
  f99a50209a345185a84d34d0e5f66d04c75ff52f
- SHA256
  
  5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266
- SHA512
  
  1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc
- SSDEEP
  
  768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/MicrosoftEdgeWebview2Setup.exe
- Size
  
  1.6MB
- MD5
  
  b49d269a231bcf719d6de10f6dcf0692
- SHA1
  
  5de6eb9c7091df08529692650224d89cae8695c3
- SHA256
  
  bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e
- SHA512
  
  8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f
- SSDEEP
  
  49152:2iEx3ZsKgbBPetIhztPqpP0NxVjRLhlcoRZ:2issKgbBOIhzV3RhlcoRZ
Score

6^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral11 behavioral12
- Target
  
  readest.exe
- Size
  
  24.1MB
- MD5
  
  6916f29d06d7894303be501b0cca9cf8
- SHA1
  
  3d2fbf381b0d2f34e37944f4913c652612bee20e
- SHA256
  
  0ad1567c3036d196fcb56d689f3c2c8806ae76901831e19116ff01c064531f14
- SHA512
  
  acf39606eff12654713ef3a8b31c6d9aa1059deee57d41c920e5c9e466233e2acb7372c7163038f8af2a49c22f5727f3eb4e7b484bbfa648d2aa9a206362349d
- SSDEEP
  
  196608:rQ/mv8sWGUp39ErvC1npl5xeR+ArcH6sE8qpDRVUGyURqfmgmpx0:M/7sWGHvC1nDeQeQ6sNqVUGhRqfmgm/
Score

1^/10
behavioral13 behavioral14
- Target
  
  uninstall.exe
- Size
  
  75KB
- MD5
  
  ba5b85321a0fa7cc488eebbb1f824bbe
- SHA1
  
  58db4df901f3d7c1bbc98f3223d9a228a8cb90be
- SHA256
  
  8759f12ef58cccdafab59abb6a19de62604f12b4e498deaafff6c32a7e578594
- SHA512
  
  4a33b9b823bf1a21547b91240cf848ddbeb26f37996484b4798836e075ddc197caa56018ddc683166bc97c3eaf5299c049932d6f665c07082f5d144bfb4ce7c0
- SSDEEP
  
  1536:tmsAYBdTU9fEAIS2PEtuOgdLeAyNx2+ZBb6kZANHzxFobK0qE6qwbD:sfY/TU9fE9PEtuOceA38rUzxFobK016P
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  68b287f4067ba013e34a1339afdb1ea8
- SHA1
  
  45ad585b3cc8e5a6af7b68f5d8269c97992130b3
- SHA256
  
  18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
- SHA512
  
  06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
- SSDEEP
  
  48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/nsis_tauri_utils.dll
- Size
  
  29KB
- MD5
  
  c5bd51b72a0de24a183585da36a160c7
- SHA1
  
  f99a50209a345185a84d34d0e5f66d04c75ff52f
- SHA256
  
  5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266
- SHA512
  
  1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc
- SSDEEP
  
  768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks system information in the registry

Drops file in System32 directory

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22