4436cc18ef65dd284e717474b86a3a00574f41c8adf41aa04b108c8324597947 | Triage

Sharing

General

Target

4436cc18ef65dd284e717474b86a3a00574f41c8adf41aa04b108c8324597947.zip
Size

72.8MB
Sample

250126-dw9h2szncz
MD5

b3f8f996f948791e521ac08587039d37
SHA1

3b96fa8b17fa4c72a6797fc1c80f3032fbed48cd
SHA256

4436cc18ef65dd284e717474b86a3a00574f41c8adf41aa04b108c8324597947
SHA512

1abd50442e118f7c80db136283017541a6beffdf35771f7f36155e57667bc2d738abf27846897da9bf2ca68975556a338ddda723197e2e328be2badc201342b6
SSDEEP

1572864:GXukFzve9l9/3oA92WPTWyI+XERsvpRQKM2/IQFcjyu:Gj07F3fVPTWjRsvg9QF8b

Score

7^/10

discovery execution linux

Malware Config

Targets

- Target
  
  SephioneRPG-Setup.exe
- Size
  
  72.8MB
- MD5
  
  dced1ca040f46bd57293698a4924e866
- SHA1
  
  9104ba6c803644caea26475922646db6d4266611
- SHA256
  
  23115d7b6f50955145a73ae7e56ab9c2a2c40b7f83e875470a8dba516d4c1e31
- SHA512
  
  72a341b4dc10abbf17d3d84f196ab72adc60057f1bf4c72418d2b1177429d5e341d092516b9c54874d1ac4ae2feb821252f6d23269f1dad63132a8cdce13b64c
- SSDEEP
  
  1572864:wXukFzve9l9/3oA92WPTWyI+XERsvpRQKM2/IQFcjyf:wj07F3fVPTWjRsvg9QF8U
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  ab1db56369412fe8476fefffd11e4cc0
- SHA1
  
  daad036a83b2ee2fa86d840a34a341100552e723
- SHA256
  
  6f14c8f01f50a30743dac68c5ac813451463dfb427eb4e35fcdfe2410e1a913b
- SHA512
  
  8d886643b4fc24adf78f76b663227d6e61863f89e0cbd49548f40dd040666ca94ea46bec9e336850e4f300995d56e6dc85b689c8e09ff46758822d280f06b03d
- SSDEEP
  
  48:S46+/zTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mxofjLl:z5uPbOBtWZBV8jAWiAJCdv2CmAL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  LICENSES.chromium.html
- Size
  
  6.4MB
- MD5
  
  c3528648bedbde1223a2faab1a3f9af3
- SHA1
  
  934d3c8f184258338ff380964ed89053ce69ac5b
- SHA256
  
  57b8e5a3f2cd62805001aefca035c7348b4d1abac157e6df3d798bb31f2ec3d2
- SHA512
  
  3e3cc0fd7a55f67ee0afff9696beef33bdc9524375bbe9d8e8f7660fd408c756c1156ca0b02ecccdc22799c7b8e74dbde012732ad6b3ebe0a3cfc54ff5132b35
- SSDEEP
  
  24576:d7t05kvWS99LVoFIUmf2p6y6E6c666r8HHdE/pG6:RI8j
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  SephioneRPG.exe
- Size
  
  154.6MB
- MD5
  
  a8714aaed9bef4935304f76fe70cd0e3
- SHA1
  
  22c57cc9c1e88dc574ca3a3447cfbd8e83035cd7
- SHA256
  
  8b95cc3a1feca13a650788851e1ed15d057fe610ca78454685df9eb079ce52e8
- SHA512
  
  ff87fe39221580fab6b5029260959d4a9a4093883c58bc512228d11d4a16417ebda6a7436e3e120c3585c6061944d62add2339a27ce342d195efb4b2008288ec
- SSDEEP
  
  1572864:wQLTsMunuCM2/w9Asn6xzIEhw3JvqzPd24cwT3tIDvvEO/TZidNoyiMhOab0XLHE:UA8g5vu
Score

1^/10
behavioral15 behavioral16
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  cb9807f6cf55ad799e920b7e0f97df99
- SHA1
  
  bb76012ded5acd103adad49436612d073d159b29
- SHA256
  
  5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
- SHA512
  
  f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62
- SSDEEP
  
  49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI
Score

1^/10
behavioral17
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  6418dfc9980cc0416a327961dacd41df
- SHA1
  
  2e32ab8ea0059606dfe66e978c271e0852406215
- SHA256
  
  04bd8ee92194f076686eab2a94a119629b6d61e554782a0d4520359f1ceb24a9
- SHA512
  
  d3e98fe91bfa4f7b9363d8fbb6997f20f76a638bcb5345d9280f919a4bf13dfa02d190534d1965eccd95f2300f6b4d29b6eaec5d544e5428377d1e26daf501a1
- SSDEEP
  
  49152:PmDNlF2B3JHEM5tPtnOK5RQAvChpC6ethyVS6NO8pyJegiUWmhbvvWSqgN3lzl3a:PuyHlvRQASPHUWmBvvWvKa
Score

1^/10
behavioral18 behavioral19
- Target
  
  libEGL.dll
- Size
  
  468KB
- MD5
  
  13318cb90b385fb918ba6e07f1fd8d83
- SHA1
  
  899985a7608268893c7fc1c9810568bdd8294b81
- SHA256
  
  53a2d4c5ae582f15aad481e75e516ddabce9b756e553bed33720a66d2c5f736d
- SHA512
  
  b5418f6bd2ab883dc1ef4d9f2c0a976296d06fe1309c6db7331a3470f198505561cabd41ecd05e675b90076196b4f82e8a9ef0574cfe96869bfb24d07cc82450
- SSDEEP
  
  12288:cu0LAjbIkyVVR8O9v/6TiT5eU3axzvVwo:cub49/6TiQzvVX
Score

1^/10
behavioral20 behavioral21
- Target
  
  libGLESv2.dll
- Size
  
  7.2MB
- MD5
  
  ad3edee84b49923e4847119eb4d6c6b7
- SHA1
  
  8649be26571d3fa645c416f36c1bdc0b27f1d478
- SHA256
  
  51c9f2e9aecf5745ad343185cd39a05f581c2062d644bedcb25a5ef4b9624591
- SHA512
  
  e504996b8371f294fa8a5173da48256e9070156249bdd7431e3adeacbd99f7cf39dc3c0876c4aa11da8d1932147cfaff91764c517a70d69d8c8e4876abbeea56
- SSDEEP
  
  98304:X5zAgO5fjnoTdA8gtJru3xChd2FgJCnwgsOMZ:XJMoT8rDhdQfsb
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/app.asar.unpacked/node_modules/@primno/dpapi/dist/index.js
- Size
  
  412B
- MD5
  
  0b33e83d33b01a51625a0fdcbef42ce3
- SHA1
  
  1c29d999ff7da39426b97f2eb31a3d83db8f5fc7
- SHA256
  
  a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2
- SHA512
  
  1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c
Score

3^/10

execution
behavioral24 behavioral25
- Target
  
  resources/app.asar.unpacked/node_modules/@primno/dpapi/prebuilds/win32-x64/node.napi.node
- Size
  
  137KB
- MD5
  
  04bfbfec8db966420fe4c7b85ebb506a
- SHA1
  
  939bb742a354a92e1dcd3661a62d69e48030a335
- SHA256
  
  da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
- SHA512
  
  4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65
- SSDEEP
  
  3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
Score

1^/10
behavioral26 behavioral27
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/build/Release/node_sqlite3.node
- Size
  
  1.8MB
- MD5
  
  66a65322c9d362a23cf3d3f7735d5430
- SHA1
  
  ed59f3e4b0b16b759b866ef7293d26a1512b952e
- SHA256
  
  f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c
- SHA512
  
  0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21
- SSDEEP
  
  49152:lVtIA1xRrGLYLn9M+BMPPivsICK9rzoNEqt:7tH4X3inMZt
Score

1^/10
behavioral28 behavioral29
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/deps/extract.js
- Size
  
  224B
- MD5
  
  f0a82a6a6043bf87899114337c67df6c
- SHA1
  
  a906c146eb0a359742ff85c1d96a095bd0dd95fd
- SHA256
  
  5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74
- SHA512
  
  d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240
Score

3^/10

execution
behavioral30 behavioral31
- Target
  
  sqlite-autoconf-3440200/Makefile.fallback
- Size
  
  547B
- MD5
  
  8ff4cdbeec29d794549a0aa48da06bc3
- SHA1
  
  7fd897fc720b6c9c6f760867c97a95431fa4693e
- SHA256
  
  67d473327dd92f5cad68fddb78b8bb3e8745aba851147945893e4db5a2b59892
- SHA512
  
  9871a654d8b140ad5d6768d385b86ba7f32927f8ed6374e62c93db99be4a40841f6900d648f33d07dc118b6ea93f00c45f53e4b675643b2b487c9c0df1ea1474
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32