industroyer | 30178e750e73839e5c1d60aeecab63d1c1d9059da0be19c7745f28ba06f35869

Sharing

Copy URL

Twitter E-mail

General

Target

windows.zip
Size

406.3MB
Sample

250209-st4bksvngq
MD5

04658cf203835d56e03e19b21a669ad6
SHA1

53de0846c62b10f781936e909fa29796daaee7b4
SHA256

30178e750e73839e5c1d60aeecab63d1c1d9059da0be19c7745f28ba06f35869
SHA512

3ff24f0f1ccb18a4c8ccd23471879a9ba9be23c4ea0832c7c9b42cc5aaaa8e667be9aa6252f01de35674c345f7766bcda5a1352f9aa8d3b7e621dbfbaa8d4b42
SSDEEP

12582912:anPlyqUMyEufTqGCZU/TgwrF24zmm0+E9SrKzPB4hL:4P8qUMyZfTqRfF4h0+koKzg

Score

10^/10

Malware Config

Targets

- Target
  
  windows.zip
- Size
  
  406.3MB
- MD5
  
  04658cf203835d56e03e19b21a669ad6
- SHA1
  
  53de0846c62b10f781936e909fa29796daaee7b4
- SHA256
  
  30178e750e73839e5c1d60aeecab63d1c1d9059da0be19c7745f28ba06f35869
- SHA512
  
  3ff24f0f1ccb18a4c8ccd23471879a9ba9be23c4ea0832c7c9b42cc5aaaa8e667be9aa6252f01de35674c345f7766bcda5a1352f9aa8d3b7e621dbfbaa8d4b42
- SSDEEP
  
  12582912:anPlyqUMyEufTqGCZU/TgwrF24zmm0+E9SrKzPB4hL:4P8qUMyZfTqRfF4h0+koKzg
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Modifies system executable filetype association
  persistence
behavioral1
- Target
  
  windows/cfg/gdb_arch.cfg
- Size
  
  6KB
- MD5
  
  f5d01dfe612f19d41d2619429ae0d1ed
- SHA1
  
  6dd458dbe1cb3dedddedf7b64b9ec331856231be
- SHA256
  
  6dcfc264b8314467607e3a4ccaac094a221bbc0487982e3fd3b5c6c7b3da7c11
- SHA512
  
  66ae39a8684cc1234a1f9dc6ae69cbb0644b2967fab24706ba9b68084fa93577e106977253325335530c30ddbf373ffcc6f679993977ac016cb94580f103f825
- SSDEEP
  
  48:6HB1tSuzSrtyXriIr25QI+cltD69rtfmrd6mrE0rthYrErf3DD0rmrm3ZxXZUZ4D:QI91MI+GDkqhL3mJxXZfVZ8rlrbG
Score

3^/10

discovery
behavioral2
- Target
  
  windows/idc/ida.idc
- Size
  
  2KB
- MD5
  
  203a62f7a68076dc88aecb1d6350ff6b
- SHA1
  
  6ecaa4c371423357f32c6f1f769580555ddb6919
- SHA256
  
  f6f1d46fb35934802d700f693b83b7852c3f68c0a01c025e3154bd245e36d421
- SHA512
  
  d2486f3d845a613e095a467b4901bb6f063b36b9dfe8388f66c16caab9afc8e43ccc28c922927365cb2d11735091aca1af1beacac1a9bca56b0851fe725fa166
Score

3^/10

discovery execution
behavioral3
- Target
  
  windows/libSwiftDemangle.dll
- Size
  
  413KB
- MD5
  
  80016ffb38757c4d5726434ba693035c
- SHA1
  
  6e14c75bda593796d89921a119fc11d6e3cf54ea
- SHA256
  
  0fc2ecd20793f573ca1d3e9d5080f54a856a4706b774231ed736169c3db919c3
- SHA512
  
  285af4ae374750304e4372e42fb930edcd8bd1da832aa88156317d27f1dc6fa76eaa8e7ae36c46739d41093f1ce90d523fda872402abebf43c0d76bea4abf4c2
- SSDEEP
  
  12288:QesiZjWzolGhMEGaw/jujDDOVfiWBBCS7JzrrOI7hGC3ak:QeBZjWzolGhMEGaw/jujDDcfiWBXJzrp
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral4
- Target
  
  windows/libclang.dll
- Size
  
  20.7MB
- MD5
  
  505615009a5c0188ec60db9bc5b55906
- SHA1
  
  315b15a18d37793ffbc48cc8f51e7106c5ed3978
- SHA256
  
  7309a255d501872dfc5a991ebc13e40cda839a3c512837198ef5e1069124ed96
- SHA512
  
  460f592fa8d84292b1907a3a0a1d55811774bd073ed9546e4764aedb1f25aa54fe2edb2bcb18832742df994652566836b2fca932e294fa202b18f2d5d204cc46
- SSDEEP
  
  196608:asBTB4mFLkXpAWBqOKkaS+5FCzy/IAWwsN6hmNbNH4XEYQwq4L7uO:asn4gLkPBqOKkaS+5ExAWWhmNbGUivu
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral5
- Target
  
  windows/libdwarf.dll
- Size
  
  276KB
- MD5
  
  c52f1c57c12424bf36b9a5922653d92f
- SHA1
  
  90b6ff23cf50ea271d0e26deb8f32fae0684d00d
- SHA256
  
  50df0a2c54670fc0a803035cb4a2b25d422e58cc725ff7aecc4683459df7a696
- SHA512
  
  0c7295301d8c155afd23a3d137c62664ceb75e10bb4e2952784f22b02f7cdc79150d8201566d4995b0b4c3eb341a9ff321285011cef703d52877acbac0493013
- SSDEEP
  
  6144:zPIo8cfbsfeMQ9y+t/qcGMbg2QrYCkS+Nhnxk:Eo8c5MEF8nYCE
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral6
- Target
  
  windows/librustdemangle.dll
- Size
  
  29KB
- MD5
  
  e6e6b3d07b8300d6efe038ab38b6ecca
- SHA1
  
  37f23395df0a6f6d8297f1ef3b7ba9834ca60f69
- SHA256
  
  610d6753bf996c982b2bc1c7dfcea40fe7d90645caf504f7132232caa63a01ca
- SHA512
  
  e1dc184e82d59e9338d0a9a3d816f27900d9369e52a80526ddc02fbf2d8b6efcab329c1ecb38dc3ee964a682e51f3dbc9aac4f556464dd98f1abff66f426ecc9
- SSDEEP
  
  768:6vVavHCuKmRFiT9mkUiznwOOlBWsGGaw:6tavC7mRFiT4RMnwOOlBWsDaw
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral7
- Target
  
  windows/libz3.dll
- Size
  
  15.2MB
- MD5
  
  4c585ef161d96cb5b984ce5ee0adc93a
- SHA1
  
  2c44362977e94effe02348c05ea9e00d4baba67d
- SHA256
  
  c9ba88d9117f7b3c303336ba795a81c9c409ab3089976881bc4d2e09b6e6c8a7
- SHA512
  
  1882adaad12aedaad7ac83054072d48f58ab40be1c753149951801baa5f259b907caf7e3e134b681a756296676b4d2ba4d800ef6d81f59e636e3d958456a4474
- SSDEEP
  
  393216:OII/gT+Oj1t4sHKSceOhDgzvuRjT0fDQT6bs45rf:c8HKu4457
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral8
- Target
  
  windows/loaders/aif.dll
- Size
  
  17KB
- MD5
  
  102d0ddcb6b89e7a9399653c5db73c3c
- SHA1
  
  9d7eac2c8ec518fde6f2d6749389fd8d4fccd8c2
- SHA256
  
  ed7fc64bd5a7a5ff54eeb2b6042dfcd028b411d4fd3dc6c2410042021298ef8b
- SHA512
  
  8c9363d2a56d3033a1264f8ed47d423a3c4b823f17e3874fc7060c9d46bef64b57ea7e69a425a5c1cb02c4ea2800d43768cf0baf8720a102e15714cbae6e4aba
- SSDEEP
  
  384:6PecdMSWUj/+UiMOl3NjaeDJ1Gn8HU0dTKfFHZ/BA:6PecmfUeL1NuLn8HU0NQB
Score

3^/10

discovery
behavioral9
- Target
  
  windows/loaders/amiga.dll
- Size
  
  19KB
- MD5
  
  a2e3831f479ad6e2508677b9aee10706
- SHA1
  
  f524ae86efd3a7845fb9fa850cce42d5e896865d
- SHA256
  
  d4ac2bb322d57ca462a5c960f0a89ac9fe97cf1f5efa4b4753292e5d6c6c0488
- SHA512
  
  917ac5a55d7122ac3084068e527bf856cc83c1554e9311537e8d17a8fd7655b8d22e73ef5d7a49d7e03b60fb9f9fbba6ee3bf9dd3489ac34a1f1aa94e6b0ce83
- SSDEEP
  
  384:qjUUgcY3UZyux0zqwpHLUnhqTG8cSQp1cHD/Y:qobTVr2S
Score

3^/10

discovery
behavioral10
- Target
  
  windows/loaders/aof.dll
- Size
  
  19KB
- MD5
  
  aed09a3b6714cf11f4d99926496f032a
- SHA1
  
  3cd41109af93d4ab320642ad3b6ae6c6ca7cbbf8
- SHA256
  
  95143d32cfe44fe3dc8d69b794780cbb2b69e980b64e947648047bf3e71c7ca1
- SHA512
  
  8fa73d4caadbc46b1c4ec22b22a8e245c1398a3c9bc12c6ed50cdb931cf70b48f16944ad8b4b3427a4637313a449538eddfb6bdae181c3a1745b7bb6a14767a9
- SSDEEP
  
  384:r94td79toypmEaRdBlrIV5eMrPCCjIiHHH0:rOboyR1Vrql
Score

3^/10

discovery
behavioral11
- Target
  
  windows/loaders/aout.dll
- Size
  
  19KB
- MD5
  
  3489c18ccd4269416025162ebcf04b2f
- SHA1
  
  f6ccf40a4c9f0f5f46bd5c2c1debee015165909b
- SHA256
  
  ff59003c7dcfa6985f9791bdb6ce96b1e719d4bfc6980470fbbe24c770c91921
- SHA512
  
  012195af6584796ff84cce26a23670b4ec3ddac213c38f3c79ae276f0c63a5e8c8e609fea38abdb868037681b58bbe5c25373dd39f578fe8e4063428e4f1ec6e
- SSDEEP
  
  384:uOAMU+f+cceprjdKPRNIO1EhzQULIW8bA+9L6pYmoBrHV/9A:1BzpnKNsLIVx9aJoP6
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral12
- Target
  
  windows/loaders/archldr_tar.py
- Size
  
  5KB
- MD5
  
  d72eced4c4452ec1693b4aae421333ba
- SHA1
  
  d677ff2f364ffcfd5142bba16f3fcba6799ed877
- SHA256
  
  957647de1a3fb26e3329146f23468cef863a402841b226995202dcff9444b7aa
- SHA512
  
  c55157c9b4781a1d07035bc8365e10dbb017e5045d8b464064468a26b93bbe657bcadb223c03aa8194a6a2561cb3149a38eaf55681a15700477ade3ce01a5e4f
- SSDEEP
  
  96:hwx6cbLifX7G304K46MwCkM9GQlmMFG30bfbthX6Bbta3S:hwtOf7G7/6MfRFGEbTthXEIS
Score

3^/10

discovery
behavioral13
- Target
  
  windows/loaders/archldr_zip.dll
- Size
  
  26KB
- MD5
  
  8917edc50546d0d10d9deff1544c80eb
- SHA1
  
  aba44f14afc90960ecce8f98f6f6ccbc00a92469
- SHA256
  
  7792fbd84dd252e595ba8f6ffe31b5e32ead3d77fe154b716be10bab44dece68
- SHA512
  
  dd5021cb26e0c8cf012ee3e7dd4234633dd1e459b6bd8139c2b985d577f27265e2d4dc5c3b3534f0bac838b3a5291f4a40e3633ee1437f6d01537a3f541e406e
- SSDEEP
  
  384:JRXL3DyhJ9Ii4jchPFcQn6WIeXh4U+EKTeukQJXK0ILhD8oQqC24toYiFhNHhNac:JBLw44YU3Ja5kQERpQqC24aYqHaBd
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral14
- Target
  
  windows/loaders/bfltldr.py
- Size
  
  7KB
- MD5
  
  3f48512a8d7dfee6435d2b20272285a7
- SHA1
  
  dcdb773c4ae50d170be74d471e0c924a93b1e3e0
- SHA256
  
  0ac8de46ee753db52f2a9433a3431e64642afef1838c95d6745270d93eb3dd40
- SHA512
  
  ee3fce70b88444ec216b478647eac8c801323f56251598d2819599c11beabffbdbfdc0fe3f56cd23a04ec086c08e2f733947f79d9603ed7e652e454bbf604cc0
- SSDEEP
  
  96:ZwwmmupkfqCz/vmyZR//ITjmzjKfhfv55gnZECXlkBqInp:BupWTzvHIkjKZfvazlkBqKp
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral15
- Target
  
  windows/loaders/bios_image.py
- Size
  
  3KB
- MD5
  
  385d6d2a1cacdcd44af61753d3153a76
- SHA1
  
  11656e60f663e28a17f33007cf8d09ee42132260
- SHA256
  
  e453765fa402cc913e45e968092961394ed2b771358b2780faa554c0b5e6c178
- SHA512
  
  9784bc5d5a33873edbc14606beb420650f15d716869fa072a5ec76a5f5b42e1ea2241895793ec6edabcc1e4a295ad2a802bb7bd0e537fc4cc1315e40578c468b
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral16
- Target
  
  windows/loaders/bochsrc.dll
- Size
  
  13KB
- MD5
  
  69b96b6a999b5442dfe6ed77c2c3a7fd
- SHA1
  
  c9744e514d563c9267a10a93f4cea24a0b47be38
- SHA256
  
  07277108bc30485c65490b37d14817289e196f2110c41f54f3b06fd1d420db24
- SHA512
  
  6b96ecfeb8517e36811215eebabf5bf3b0faf53b65943a55c9425fde9564aa4459420b3e09fc42b94fbc795e145cb61be68d45795d4528f2a2a8aba5df1770bc
- SSDEEP
  
  192:8WMP+rOgbMQH9ODIVEUUs4jYuDqfnWpO+SJn+AHl/N8+:8h+rOGH9ODU4TDAnWp8JtHl/6
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral17
- Target
  
  windows/loaders/coff.dll
- Size
  
  115KB
- MD5
  
  0a8baf9085f2e83157d9f31573b3846c
- SHA1
  
  994e968b28f98b278412c7aa443c5edd96a8afea
- SHA256
  
  7bddc1960bc614bb40eb174d70623f768df07d0b58137856027d4036af61aa9d
- SHA512
  
  a7b20a7d530fe346c56c0cffc02f047578d05a623aeb2a4d43cffa46355940c66a1cf2c3f2c80b949475493a7bb0277d275216070cfd240d7e3253f850747f9b
- SSDEEP
  
  1536:2t6YtSFte3gwssTFV56dedf+zeXBd6Loav9AiVc2imw0sX3TZ2:2gYl3gws69mLo29L5TA3F2
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral18
- Target
  
  windows/loaders/cortex_m.py
- Size
  
  9KB
- MD5
  
  5236901674a21e639ea94d2215501e69
- SHA1
  
  4c8880f5387739fe139a44781b531a29d9d61878
- SHA256
  
  a1e5bd9d5fd35f752edbcf9e9688ebdba04440c09a84dbd881725d73e11c709f
- SHA512
  
  7f161173fad7676fb3ebfe161b95b221dda12856ac2a10f0b0687f65afc6cd28c6cda495a23cc0b242a36284f7e29a8263901a8126fbefed61149af5b45ca6c7
- SSDEEP
  
  192:oIEMssqWEp8zT4qrUfwDKrqN2R7s6Jk3w/XDlyJ9lt:mOk5qMg
Score

3^/10

discovery
behavioral19
- Target
  
  windows/loaders/dex.dll
- Size
  
  138KB
- MD5
  
  b0d3effd69e9fa5fb68ef781b7ef6812
- SHA1
  
  496d7aaaaa5d814dbd8aceaaf3d5e129fec8fb83
- SHA256
  
  c089a8a6b13bcd8e163559a8f7be3eb9eb20ff2e52352faa952a74d674c153f6
- SHA512
  
  4614522ee5bd0ebe38102167f8b753ca900733b628c24aad9974e641e593bce3ede5de5099504126fadc9e02bcc22151b2558d40242f23b20ac272602adf30c8
- SSDEEP
  
  3072:vsnDYTIdl/vw49W6TMxtVtEzYks3lXw8bakxN2Ulg:voYEdl/vw3tszYkPyakxN2Ul
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral20
- Target
  
  windows/loaders/dos.dll
- Size
  
  39KB
- MD5
  
  2c64fadc5893f9f730ef36ee2552702d
- SHA1
  
  ed435f79cbca422fb016512a497e5cdad9b803b1
- SHA256
  
  e40cf852b5219562b6e7b1ca998d23edb6bbef0e838ab33a75b1bd5136b908df
- SHA512
  
  1cf545880fb0f0e31c044db2903d8e8a6f7224f518fca2f63bb5438f8455bd7ac1d483a03f37b9213c720daa228a61d82f7bbd21c8d7bf4f91fefa9a1946f323
- SSDEEP
  
  768:r1viY6Uh3ggYOnUmGQ/oBw9z5XEchlnKCQ4:BKYVFggemZtz5XE1CQ
Score

3^/10

discovery
behavioral21
- Target
  
  windows/loaders/dsp_lod.py
- Size
  
  8KB
- MD5
  
  4750d03129bc4969201f94f4251dac90
- SHA1
  
  c4f04bc90e43d50cfd98d9daf6952f1bb830f044
- SHA256
  
  06242cb504951a7ac2bd52ebb739c6e4df41ea5e832f3560ce32c8df1fc80f0f
- SHA512
  
  726bfdfe7f6aa7e1cceee4b0195b28547fdb3526461c032fcf0d6a733144bd6652850e8bb36ca9ea7cd75402125c4b1a3d64e88fccf7a3266d52aa640545c2f6
- SSDEEP
  
  192:aBzgh6OgBIjEcZMNajOkfRmdrM2rM7k4xCMIX6kp6pt2n1lQ:oObZQvYR2rM7CMgp6L
Score

3^/10

discovery
behavioral22
- Target
  
  windows/loaders/dump.dll
- Size
  
  14KB
- MD5
  
  f4faa4b31e4f3ca357b457fa3468fc86
- SHA1
  
  de3d3558e4ec597fb15b63c66bbe99cece70ba24
- SHA256
  
  41dbf0dcb16d3891b5d143a6c339173b227e9933b9553e00a9a7e74b4614638c
- SHA512
  
  3f134d8ac3e8b9d107fd93db94e0ae5e6d06f4fc3cdf775ca917b887290327876472bf0447b61f12e30a8973f311279808cac6303cd5df4217c061235e7082d9
- SSDEEP
  
  192:gTXz2JWd8PGRxO8DlHpX/NpI5Qax/4IIo7MGqXVle+bpws+AHF/:gTjV8PoO8BHpXManK7k3b24HF/
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral23
- Target
  
  windows/loaders/elf.dll
- Size
  
  400KB
- MD5
  
  16521ad5779051adf1d56e2889984f14
- SHA1
  
  71f787ab05bc7b2ad1f4fe668fcf355f6ec9c73c
- SHA256
  
  a312ddbd88e73d6215059d32d8a5d1e034fd34da97a580209df08b5a6eaecf70
- SHA512
  
  0cd368044604d92a6af60be5a04286d144dcc1559d86101e70a71a7655b1228df9f68ecde28508230190e6391efe4a74af5b97a129a930b8082c668f8e61fdfd
- SSDEEP
  
  6144:vT+1nL9Q0FyLyAnYhLCRFO3wHQq1u7Vk5OuMSRrMKAN:vT2nO0FyLy+YhLCDONh7puMSWT
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral24
- Target
  
  windows/loaders/epoc.dll
- Size
  
  57KB
- MD5
  
  83a6e0a401bb30aa8d34709bae474718
- SHA1
  
  cb2986e26b2935d17e5a0c06caa39c21c7f0b5d1
- SHA256
  
  3647804925bf89d550f222fb49e6da7a4e74eddd414a93a3a2a28c9cc26d70d5
- SHA512
  
  5ba48c6846a3d1b22500be5742b2a6335c1e700010b10362decf21977c01145267fc643cdca6c98fee35c5fe0c69d648570e7e71aeecadebada770c15d3b8194
- SSDEEP
  
  768:Jvs4IvgNqoU8URyw1Qe5uInfy+fAYJeydjkkZldvRg9dn/HtfT7pmNL0g/WdXaZB:JvZUAMQWnplJ1XbUdn/tfT9Tg+dqZYu
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral25
- Target
  
  windows/loaders/esp.py
- Size
  
  12KB
- MD5
  
  cf533857373ac8ff17907991ae6e8292
- SHA1
  
  7fe43f8f119336fed8fdd8c71111fd629a073c9f
- SHA256
  
  02233ec57a404965f82f9459a2e3e3d4b69fe21694f4de9525e858ce371f2878
- SHA512
  
  17ccabeb867ab249f50948784594341073c807215ab8f31c9fd32a34287107b57fb3c45943ba1ab5dc0f03fd642a341a9f0cf3763913f5ddbb46c24c192c4539
- SSDEEP
  
  192:0IX3MsQ6tFj6HEGekeBDvBENHP3f/qmTRxyvBIWUgzjcuj9ev0KR8aOkn:CMjEHGZpUoexR8aOi
Score

3^/10

discovery
behavioral26
- Target
  
  windows/loaders/expload.dll
- Size
  
  15KB
- MD5
  
  40e247ff56b27754b28bca8f7f2bb77c
- SHA1
  
  1b72b934616f8ffc3aeba5e117c23cd7e54be6d3
- SHA256
  
  bcee5f7d9f4e075791cac67d668cfad87bd04aede87321b25d197eb81d58a1f9
- SHA512
  
  848d79a997b337141983daca6f064718301e121b874ed360b1e67db9502b6eb309bd5703911ca0c8154df4fbf94924d38bf11c90776bfd342345fe973ecccab5
- SSDEEP
  
  384:k+Wd3S9a+hEFLULPduyDknLXC20zvHV0:kXhS9a5kYyDsXk+
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral27
- Target
  
  windows/loaders/geos.dll
- Size
  
  26KB
- MD5
  
  c90dfb7490a6e7983dd9b393d94d96a8
- SHA1
  
  be2d48c059c65dcd67f6225319b7d7e5638a344c
- SHA256
  
  2c14904edcb439d2ac0465c60dab1ac77d2e74c8ee9faae4755bbc0e850da4c0
- SHA512
  
  b1bd32ee7832479adb33ed0f85a417b259a0c34bf1b70b6425dc3197498060e4470bd5d3c10a82ec92bc456d49e091d431535ff3d26d0e0da06ab26d181f98ed
- SSDEEP
  
  384:aLmXqv4L6Fz6foG7JbE1Bf78t6DzVW1k+Cac/lvVwAWCyuZjJUHV/lBi:abrSV7Jb/t6DBb+CaMlveCy2JQn
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral28
- Target
  
  windows/loaders/hex.dll
- Size
  
  18KB
- MD5
  
  128bb840a9a3b7194bbe39bb34b0c7f7
- SHA1
  
  4112996072941c6dd9ded8d6c86c34eb54f7c54b
- SHA256
  
  09ac6051dce24dbbfe5f2f8214d4a73804056b02533cc873e6489f0ed2a22d52
- SHA512
  
  065989308bcc52b94c92780c7d6e69759461e5e1bf5e99c6c196df4639d095d74c9695f1dde1037d0dad72ccdefb129d7149f925f39822f949aab327d2c3c106
- SSDEEP
  
  192:cBLnaRapK6JT1wbvFG9p3DTLqECM91ZbVqzeM8G/psDvjCAFXpca/nTEz/+AHq/m:mLZlwMnaEZ91eKG8vjCAFPfTUFHq/X
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral29
- Target
  
  windows/loaders/hpsom.dll
- Size
  
  19KB
- MD5
  
  b6af53cb199536cb6760bc9488ccdf71
- SHA1
  
  b24051820c2dc7eecb18258674f496ba0ffacf58
- SHA256
  
  d27e5401eaccd236c6c9dad3bc9276e97124c08d5556e9a238f0f24050d2040f
- SHA512
  
  165d05f4e27764b0fdbf956266c6bd57cf3315b3eca046ae6d4336ef7eeb0d041e06c34691b0a47deec22f07f4b6b6cafc48804df45fc2f04065ec92e42b4cb1
- SSDEEP
  
  384:7H6aHcGsseO31M73PZ/CHv3yE46Vg0wNK5T3NKKrunoHH/7:TD8Xh73PZ/GyVi/2K
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral30
- Target
  
  windows/loaders/intelomf.dll
- Size
  
  17KB
- MD5
  
  4fc1cce7819e48ce2dcf9aea23fbb122
- SHA1
  
  d592c742f2012c80bd9c3dba47a5ea40b11a1d71
- SHA256
  
  1703ce5944f5ea9bc7d5b9bec985e04157c36847dee5f598daf789ec8e8ea629
- SHA512
  
  a6d78985502fac642180a23f69e3cf333fa59cedfa01d4279b116e5a13f813992ad2fe53d34fad8d84359d59e8b3962fe908b7fe595db039e867f4ee0f3f7880
- SSDEEP
  
  384:CbmHfrCNkuha4EeAYUGySJX+MN/t0P6bKVuVnGO8+HF/pq:sQfrweeAXGPJXRt0+VGO8mk
Score

3^/10

discovery
behavioral31
- Target
  
  windows/loaders/javaldr.dll
- Size
  
  10KB
- MD5
  
  d1d738fec2375887437bd822292cd9a3
- SHA1
  
  088512620167ba67059c8a7bc388a5918eeebad4
- SHA256
  
  0bbb6ae05eba71a4d6884ad0b7d9130b71171263540ffb3ec6ade9584b58cca5
- SHA512
  
  4e3af632b79483a67d6408e0024f4db3d2b290b1e645342d9879d28249f0e7253f365a80830acd717fa575df087db08898c8205ea46043f66dc1e71849980c93
- SSDEEP
  
  192:CSQheyKFuCEsiKUIdHyG08eVX++/Pyu6:CSxqGUIdpYVv/P6
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Modifies system executable filetype association

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26