ailurophile | 901884e985e590851ff222852431adae8373029c703ef7587186fd961ad83be6

Resubmissions

13-02-2025 00:07

250213-aetjqazndp 10

13-02-2025 00:06

250213-adthbs1jbt 10

13-02-2025 00:02

250213-abyn9szrhw 10

Sharing

Copy URL

Twitter E-mail

General

Target

𝘾𝙤𝙢𝙥𝙡𝙚𝙩𝙚📀𝘿𝙤𝙬𝙣𝙡𝙤𝙖𝙙+𝙎𝙚𝙩𝙪𝙥_(𝟸𝟶𝟸𝟻).zip
Size

44.6MB
Sample

250213-adthbs1jbt
MD5

eae56879fdf409a70b0bf4e0730e99d9
SHA1

9da60aaed3bb7b2150dae7be1fe954ff3d79d6cf
SHA256

901884e985e590851ff222852431adae8373029c703ef7587186fd961ad83be6
SHA512

5577f298f601820e6bd91874c5fd00d810507c261dd03498b9db352cbfdcc842190e4e3ddcaef1798150a7ecced6a24a1be47a3ef8700e8606e50ad0738828fb
SSDEEP

786432:A/lDESg/aC+n09Tzef95bXRqE9qz2ABF4wD6VpFbTrKrOz1N:KmS2SQzgQ6tfOyL

Score

10^/10

Malware Config

Targets

- Target
  
  𝙄𝙉𝙎𝙏𝘼𝙇𝙇💾𝙁𝙍𝙀𝙀+𝙋𝘾_𝙎𝙀𝙏𝙐𝙋_(𝟸𝟶𝟸𝟻).7z
- Size
  
  44.4MB
- MD5
  
  7da0277ee99475887edbb62a43a760ca
- SHA1
  
  4ebd6df5620a6c8d92f695af85df7c0623c21aeb
- SHA256
  
  d4c2d2ff11563416c5eb7a456af7ff1b7ac9d8ae6bcb668e969b9027c4844c41
- SHA512
  
  fce720c5d51d962599e1976fe920a48289ca7ad5c982d8b7a5bff1e98ba3bd50d383ebc18bd4ca3e0c9039ffc8b4d27ed1fe4d5caa6788f542b45db14e47ae83
- SSDEEP
  
  786432:S/lDESg/aC+n09Tzef95bXRqE9qz2ABF4wD6VpFbTrKrOz1w:4mS2SQzgQ6tfOy6
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1
- Target
  
  All Files/Assets/Backup/ICQLiteShell.dll
- Size
  
  56KB
- MD5
  
  05e61539b8917fca37c03756bbdd043d
- SHA1
  
  5a72e0e528260de0ea5b34badb9e5f9873cb4245
- SHA256
  
  515c8e0b93f0fef15da3e2573ad92b7e7840374140e65e5d73df63d8e22cb3e8
- SHA512
  
  565d57783e6044d6e7e2026c79dbd897e637c5e1d96e7930dc704ef2b6d801669b38f0c26382f00e67e26668439274941e937a0ade54666de50b5d84f6da7e97
- SSDEEP
  
  768:YEGJ9blT7XZBSbHwJU+tGR0KZUyGKZ0ZgwmF1+3UVambg:YEGJ9bln5o0KZjGKZ0Z1mF1+3UVayg
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral2
- Target
  
  All Files/Assets/Backup/ICQRT.dll
- Size
  
  32KB
- MD5
  
  1aedcb8994d6ad63ef9dcb87016e028f
- SHA1
  
  f5b891aa15c6353b681bdb7e2d96c6ac8a5f02d7
- SHA256
  
  53e1f40144bab532f9700ff25ec3d5c6a39784a98e17fada583b4ee6d9dd5dbc
- SHA512
  
  89c0f408797c4d78afc52335a9e162345c614e1e419f55487cb358c14f7a69ec82138a7e6250be3133233386ba3659d241e80ab63c9b972b6c8b26b0424cb0c8
- SSDEEP
  
  384:+qtTeds1tkMAp4TxCW9su5UcSu93ggoXUQQIPGEANHl:FTedukelF95RjQUUPpANHl
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral3
- Target
  
  All Files/Assets/Backup/Language/LiteRes.dll
- Size
  
  735KB
- MD5
  
  88962410244bc5c03482b82a7e3cb5e1
- SHA1
  
  4622be2d3deda305bf0a16c0e01bc2ecf9d56fad
- SHA256
  
  afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036
- SHA512
  
  c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c
- SSDEEP
  
  6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral4
- Target
  
  All Files/Assets/Backup/Language/WinRar.exe
- Size
  
  3.2MB
- MD5
  
  b66dec691784f00061bc43e62030c343
- SHA1
  
  779d947d41efafc2995878e56e213411de8fb4cf
- SHA256
  
  26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370
- SHA512
  
  6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3
- SSDEEP
  
  98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8
Score

6^/10
- Downloads MZ/PE file
behavioral5
- Target
  
  All Files/Assets/Backup/Language/madHcNet32.dll
- Size
  
  921KB
- MD5
  
  d22b9da713ab36102c9c3d812af8c12d
- SHA1
  
  371fdbf6ae6a9a2e5c0560fc94eba3290028a252
- SHA256
  
  95b538b47e02d0ad2bd15d47efc18695d5e379ef61568b81ef405773d9c199bb
- SHA512
  
  e5ae51f79403358af60bb3ea663251badac57414813f5537d763b0b95504a393fb2d34c94c4b7328ec13f58e74a7147d3a72e63e62973c4c5d80671be1c8face
- SSDEEP
  
  24576:TlUbWq3/gquYUJ4Vgv0eUnDaE0efxfXT95:pUR4quYUJ4VgceXE0gxfjv
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral6
- Target
  
  All Files/Assets/Backup/Language/nolimetangere.pkg
- Size
  
  779KB
- MD5
  
  2ba2923d166e89451fab8b0f1f48a552
- SHA1
  
  a3b8226b8fc5266105347ccb623500750a1b561e
- SHA256
  
  51e588e5c974cbb81b3c22ed4ba9c7188dc057a2bd77b248f4eec4babcf23761
- SHA512
  
  71207bb1493412737ee821754f154b76e45ee73be539f7df7e188e18cc018a45c42312844322f5bf0d8352cb3ee432f1314d8c69e458cbec25c9b47a5bf7bb0a
- SSDEEP
  
  12288:y2eLUppvK0pIw10hf2SZCFILyTVAtIeH6b5+zoTcefCDlNxEawbSSWZ3O:B3e1nGepfH6bCe6pNQvq3O
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral7
- Target
  
  All Files/Assets/Backup/Language/unrar.dll
- Size
  
  304KB
- MD5
  
  851c9e8ce9f94457cc36b66678f52494
- SHA1
  
  40abd38c4843ce33052916904c86df8aab1f1713
- SHA256
  
  0891edb0cc1c0208af2e4bc65d6b5a7160642f89fd4b4dc321f79d2b5dfc2dcc
- SHA512
  
  cdf62a7f7bb7a6d511555c492932e9bcf18183c64d4107cd836de1741f41ac304bd6ed553fd868b442eaf5da33198e4900e670cd5ae180d534d2bd56b42d6664
- SSDEEP
  
  6144:e2Gk6wDaKov/5qrawOZI8uN0f/UVvN3MwdZFmiVFC+OEu:e2GkNo35qrawqmG/yM8PmiO+Ol
Score

6^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral8
- Target
  
  All Files/Assets/Backup/cgame.dll
- Size
  
  1.2MB
- MD5
  
  9a7234078559093e06c9d32148ed95a3
- SHA1
  
  40361dad15b9b5ae2757a21d1ce6a61c3c37e891
- SHA256
  
  32f5d0a454c26e8aa6f4cad58f3782337cc97cfe2305bbfe564437e5f0d51bbc
- SHA512
  
  9a2c3761d799999a691cd605f11c4014f604afa9a46b3b4c9999eef177f0e703ca2ed52c22824cba613559ce37bd134c566d54a4e51141828816b02a4f3da05b
- SSDEEP
  
  24576:4pPfSOTjS+katpqQTutqG3kGP7NS0LdbiAJ:4VnTu+kNQqqG3kIE0Ldb3J
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral9
- Target
  
  All Files/Assets/Backup/fullware.dll
- Size
  
  262KB
- MD5
  
  51f7f7019658c2d03321795aaee76794
- SHA1
  
  d72856af1cd0f95951c3b7fd335caf620eda5796
- SHA256
  
  e2c7640c1c3e6f47a42e31770db248bbe8f44974d34441fc36e8651bddabab3d
- SHA512
  
  26e5934820cd7df1dfe0ed2ae7a1002e60312855da1654459a7b7037a8e8de037934c360d05c1af2ac53e655c7fd1be45dc52adb486ce73a8907486b76d0457f
- SSDEEP
  
  6144:vHUK1CqqiVpwTmWgsrSTEglq//sqoFo2V:vHyqqiVygs//ZoFo8
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral10
- Target
  
  All Files/Assets/Backup/izanptp
- Size
  
  432KB
- MD5
  
  9e82e3b658393bed3f7e4f090df1fbe7
- SHA1
  
  bfff954b8ef192c01af9fb5d9141a21279cb9c31
- SHA256
  
  c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
- SHA512
  
  de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b
- SSDEEP
  
  6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral11
- Target
  
  All Files/Assets/Data/017.phpt
- Size
  
  964B
- MD5
  
  7b23a20dcadfd60ad310603ef8c62b6d
- SHA1
  
  5239aba15cdc55e58acd10a608e39b028cfa3329
- SHA256
  
  ed1b311a704d6e1a3ba53d49db3c4c9b8d23115294e88b1cb2d30364ff026b51
- SHA512
  
  4ada19207cba9036d9bd7bc06a2ceb2d5255008d79f8e19b7479db0e6a6fb40f62464a5730c4594fb19b7d7ddc2c64666d4fb3b1cb6d50b3d17e40aacf2205e9
Score

8^/10

discovery execution
- Downloads MZ/PE file
behavioral12
- Target
  
  All Files/Assets/Data/EppManifest.dll
- Size
  
  716KB
- MD5
  
  102fde2cac521b547a2163ad9bffd51a
- SHA1
  
  4e8d237a9adf3bf03eb998115f611cdf72e582a4
- SHA256
  
  03a80832952d78ad4a5e223ec02bdbf0ab7e1e3c500c5ee7858f788b0dee3600
- SHA512
  
  c1774ef2f133a1e131e6014638145bd7c3c0e2103be992f7a06efbc04953b05f0d7214077563cf6a0a861b2c7df08e34680922e7768491ed126439e734f6c428
- SSDEEP
  
  3072:6SQgQUH6HNaTx9F7qIIuwSJ5FSpw2phB6Wh:LaP
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral13
- Target
  
  All Files/Assets/Data/NuGet.Packaging.dll
- Size
  
  761KB
- MD5
  
  5e214013105c0c00cbb0f45cdb2a2225
- SHA1
  
  47b11e473b42bb9686131b1bd442fa25cb1fdf1d
- SHA256
  
  be204225cd8e04a394bd8782c19f0639a935a7d62ab8a733890b27aed8660c6f
- SHA512
  
  8ffdaad8e11da69a426681201c36be92bd46588c4f2e1aacf93fc800b2df52a609204a139c56dee882cc02a2acef9f368ed3692d4825d27bc86dc2f07a3ecc99
- SSDEEP
  
  12288:6nnrttOdFXg8Ll++SW0FYG53NRBMPzvv7XF:+nrGdjLl30SgKPzLXF
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral14
- Target
  
  All Files/Assets/Data/StartupHelper
- Size
  
  364KB
- MD5
  
  14934caca84d5fe0288f27efb31dcbf8
- SHA1
  
  98c8c659488a5782679112e0ffb089422a664ac5
- SHA256
  
  7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36
- SHA512
  
  9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a
- SSDEEP
  
  3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral15
- Target
  
  All Files/Assets/Data/TMRegEx64.dll
- Size
  
  803KB
- MD5
  
  75e94d3ca12a7b80d5779302bad90495
- SHA1
  
  3e85b6a3e84d455b6d5f6e3566f6309876d343ed
- SHA256
  
  eab6419cd005e8a1ed4757cbb8d787036e61fa43e6555cb2689f3716054c1c04
- SHA512
  
  3dada2a921c513642ef328d36854cda25533b67f68c33adeed75206b71e55ac2c002d29381b976374cc5683676abccb9b0049c664225dbdc512e6be75c357eb0
- SSDEEP
  
  12288:6Wnt7tAjsdZNZlEXgof7J9S1rAsiAoSxQmJfXTOTxB91yj6L7P:6WltrZVEwgyAsiOJe263
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral16
- Target
  
  All Files/Assets/Data/bug18556.phpt
- Size
  
  752B
- MD5
  
  a4032889bb59f7c23df4fba26ff07409
- SHA1
  
  2f8fc843e3feaa5c3eccde4003d64ed06243c927
- SHA256
  
  dd7a625eab0105e7ce5cd2d7913790c132cb618f7b6b3084d412e7d5ce3d280d
- SHA512
  
  8adbae88f76cf424d30857e5b0c5509a62f553872356b8cd5391c10173a89d0882dcd8b2a8ade2b2b5422fc917cccd8c3bea951f9a00e6acf01b60b6f4b9fa9c
Score

8^/10

discovery execution
- Downloads MZ/PE file
behavioral17
- Target
  
  All Files/Assets/Data/insights.dll
- Size
  
  56KB
- MD5
  
  05e61539b8917fca37c03756bbdd043d
- SHA1
  
  5a72e0e528260de0ea5b34badb9e5f9873cb4245
- SHA256
  
  515c8e0b93f0fef15da3e2573ad92b7e7840374140e65e5d73df63d8e22cb3e8
- SHA512
  
  565d57783e6044d6e7e2026c79dbd897e637c5e1d96e7930dc704ef2b6d801669b38f0c26382f00e67e26668439274941e937a0ade54666de50b5d84f6da7e97
- SSDEEP
  
  768:YEGJ9blT7XZBSbHwJU+tGR0KZUyGKZ0ZgwmF1+3UVambg:YEGJ9bln5o0KZjGKZ0Z1mF1+3UVayg
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral18
- Target
  
  All Files/Assets/Data/installed.dll
- Size
  
  258KB
- MD5
  
  0ac98a4bfc717523e344010a42c2f4ba
- SHA1
  
  7967769ee63b28fc8bec14854a4a0a71bda6b3f2
- SHA256
  
  68546336232aa2be277711afa7c1f08ecd5fcc92cc182f90459f0c61fb39507f
- SHA512
  
  8a5f4f19c24c24a43d9d18a8935613ad6a031b8f33d582767a2407665f1ff39a403ddaeecbf4f22a58759fcd53f81f4392192ca9fa784ff098a6c995509f9547
- SSDEEP
  
  768:KNGdfE7k4pzco2V0lyurfRZBGb052Vqa9/QkHq6KT8W8LI1LWFznKM+psOKrjG5v:KNubVGu57nUQG0HZSBTjZGmDbKzu7Axc
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral19
- Target
  
  All Files/Assets/Data/izanptp
- Size
  
  432KB
- MD5
  
  9e82e3b658393bed3f7e4f090df1fbe7
- SHA1
  
  bfff954b8ef192c01af9fb5d9141a21279cb9c31
- SHA256
  
  c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
- SHA512
  
  de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b
- SSDEEP
  
  6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral20
- Target
  
  All Files/Assets/Data/lowSshC32.dll
- Size
  
  5.7MB
- MD5
  
  c4c176f948aaefdbac2007be7540f807
- SHA1
  
  fab53fea6bf9b66edf37c05f96d0113e7b3ff151
- SHA256
  
  b7ce745085da1ea321ba210178f90c7fbda7419a64452a887219b6fdc7ef762c
- SHA512
  
  f0883c2f65189a9992af98fc05947df34a43740d4c22196a2d3922edfe7e4fb2bcd75226a24b9482d2be5961eeb63a015a329a3a524f25d7e8c6acba31ab80bf
- SSDEEP
  
  49152:XMZDDtZO0oV8BPKzv694e7rnSmRw6DKnByzYC3rkOmcdbzKgZI9cji115OVcrDom:cno0w8BPW694evnSmG6oY013S26vCL4M
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral21
- Target
  
  All Files/Assets/Data/mc_enc_mpa.dll
- Size
  
  262KB
- MD5
  
  51f7f7019658c2d03321795aaee76794
- SHA1
  
  d72856af1cd0f95951c3b7fd335caf620eda5796
- SHA256
  
  e2c7640c1c3e6f47a42e31770db248bbe8f44974d34441fc36e8651bddabab3d
- SHA512
  
  26e5934820cd7df1dfe0ed2ae7a1002e60312855da1654459a7b7037a8e8de037934c360d05c1af2ac53e655c7fd1be45dc52adb486ce73a8907486b76d0457f
- SSDEEP
  
  6144:vHUK1CqqiVpwTmWgsrSTEglq//sqoFo2V:vHyqqiVygs//ZoFo8
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral22
- Target
  
  All Files/Assets/Data/msm.dll
- Size
  
  191KB
- MD5
  
  3109afa3173ddc16f9b08043e1db0ab9
- SHA1
  
  6076352e45786e341c5598e1bceb82bc98c7ea9f
- SHA256
  
  59ba38d1dfb82affc6ab8c797c9d75c18ca03fd6cee76a8ed542dbbfeef70060
- SHA512
  
  cfd59fef4344091179e772128105548e1ef0e67084105d4fe492eeb16b090f9a80cf18cfce626be125e3b00104079d21739451a8b97bade37d2f24af81bf766f
- SSDEEP
  
  3072:ssbUYqDN0gLkmbAOYnvK/PPKBUyyX2iEXS/upatC2GVs6er:UYuSmbALvKnP6iT/3/n
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral23
- Target
  
  All Files/Assets/Data/portable.phpt
- Size
  
  752B
- MD5
  
  a4032889bb59f7c23df4fba26ff07409
- SHA1
  
  2f8fc843e3feaa5c3eccde4003d64ed06243c927
- SHA256
  
  dd7a625eab0105e7ce5cd2d7913790c132cb618f7b6b3084d412e7d5ce3d280d
- SHA512
  
  8adbae88f76cf424d30857e5b0c5509a62f553872356b8cd5391c10173a89d0882dcd8b2a8ade2b2b5422fc917cccd8c3bea951f9a00e6acf01b60b6f4b9fa9c
Score

8^/10

adware discovery execution persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral24
- Target
  
  All Files/Assets/Data/test_vendor.txt
- Size
  
  1000B
- MD5
  
  80aec646e662ecdb8f7677b93f39aab7
- SHA1
  
  5fd0591618895472bbfa350c9ea59356c93d8346
- SHA256
  
  5912f1ba252bac927720d0342e63b16a7e273b63e097bb3d1c8e68f9b0703742
- SHA512
  
  19e5d35c78cdfb64ca5caaeda5cd3b46dec21aa77c85d421959fa771614e5265602277c85b7557e58cae04d166feab5a9c5cb6c70c512a29852eb7b1a68fa078
Score

8^/10

discovery execution
- Downloads MZ/PE file
behavioral25
- Target
  
  All Files/Assets/MigrationService/legal/bin/odt2txt.exe
- Size
  
  60KB
- MD5
  
  7740873b69ed9fbd043883f35625215e
- SHA1
  
  4f3dc44479feaef804c6d16af6feaeb98f2deaee
- SHA256
  
  87ccefd04081c88273f289e38052b172e3607803178593f57547adfcb9a41685
- SHA512
  
  5006fbc8fb283ccd2e181172bb675666e870bd861bbb0db6d7b1b0462331154ec9d24ac7b1c5ce748229d95028dfc5cea216c61297cce0da9d453b500bc00ea6
- SSDEEP
  
  1536:lqtO7wRXB6ktv9bHGKhxqHcrFT8on9rnfAWrF3A:lcjtJHGKqton9rflrF3A
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral26
- Target
  
  All Files/Assets/MigrationService/legal/bin/sexp-conv.exe
- Size
  
  62KB
- MD5
  
  28dfa4942f159d4078c8d59abfbb0d15
- SHA1
  
  1189807666fb4cbb131a54c4e73a16d536a84041
- SHA256
  
  49a56387ba47d53025b2e78cd957fc465e5a8fddfc771d776f87ec2ca455764c
- SHA512
  
  2703edd205d55d6ffcfed968d6e2f3fc91e111d626443180f295d139b3d3d82402ecb4973e23bc37c0f78078ab47d9bb5cbf133fe8030088e19fae87c64fe0ff
- SSDEEP
  
  1536:MPFyB6stCaVPd6k2IAN7BGdpFuzTFrhh3+y0d0GcWDFF:MPFS6snj2xNGdKFuy0dnZDFF
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral27
- Target
  
  All Files/Assets/MigrationService/legal/bin/wish.exe
- Size
  
  65KB
- MD5
  
  04e5e2f8ad46008a4691874bfc4a7a5d
- SHA1
  
  94a08eee1b13612cc11b77ebf44ece901362df31
- SHA256
  
  fc199ee77bc8ab131cf21ba332fafcc8a7132e7006d69a6e4195d48962c87fa0
- SHA512
  
  5b5521a6f256d812f3c8d3c0a8d03210da6c490c5a1ed53743a02cc422b6c1fc1136698f5e41ba6aaee6b92a5d6e4a5b2306cd77e0b8a2e4f7ecbde72c5f0944
- SSDEEP
  
  768:Mdxh9v8kTSnTUT0KV/+wawI+JbQiO8kApYLwjjCHd:uL8kWnTUTr25kJQixgwjjC9
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral28
- Target
  
  All Files/Assets/MigrationService/libsmi-2.dll
- Size
  
  714KB
- MD5
  
  7ddc1f47c81f90f211ea6bb5a778d8fb
- SHA1
  
  a299a1bd0deddbe75b463e9c2802021934a37dbe
- SHA256
  
  aac65a1beea9932cc8d5976739139b37cbfb9164d1ad93012c63e34a1c628376
- SHA512
  
  f117981e67d17d2553ee33e0ec5099e03b55e3e8b87c751318abc44c56a18cdee6e6a80e1e6b70404c49dbf2601a916df8479cd393ae3bd2087182556b9a041d
- SSDEEP
  
  6144:9OlMYF8vb4v/3fQWgq4sQOp+gn+Ult2PmHqGGGGGGGGGGGGGGGGGGGGGptGGGGGe:IFlgq4sQY+UvHErB6RaDj1Rm+sj
Score

8^/10
- Downloads MZ/PE file
behavioral29
- Target
  
  All Files/Assets/MigrationService/msm.dll
- Size
  
  191KB
- MD5
  
  3109afa3173ddc16f9b08043e1db0ab9
- SHA1
  
  6076352e45786e341c5598e1bceb82bc98c7ea9f
- SHA256
  
  59ba38d1dfb82affc6ab8c797c9d75c18ca03fd6cee76a8ed542dbbfeef70060
- SHA512
  
  cfd59fef4344091179e772128105548e1ef0e67084105d4fe492eeb16b090f9a80cf18cfce626be125e3b00104079d21739451a8b97bade37d2f24af81bf766f
- SSDEEP
  
  3072:ssbUYqDN0gLkmbAOYnvK/PPKBUyyX2iEXS/upatC2GVs6er:UYuSmbALvKnP6iT/3/n
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral30
- Target
  
  All Files/Plugins/cache/Language/madHcNet32.dll
- Size
  
  921KB
- MD5
  
  d22b9da713ab36102c9c3d812af8c12d
- SHA1
  
  371fdbf6ae6a9a2e5c0560fc94eba3290028a252
- SHA256
  
  95b538b47e02d0ad2bd15d47efc18695d5e379ef61568b81ef405773d9c199bb
- SHA512
  
  e5ae51f79403358af60bb3ea663251badac57414813f5537d763b0b95504a393fb2d34c94c4b7328ec13f58e74a7147d3a72e63e62973c4c5d80671be1c8face
- SSDEEP
  
  24576:TlUbWq3/gquYUJ4Vgv0eUnDaE0efxfXT95:pUR4quYUJ4VgceXE0gxfjv
Score

6^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral31
- Target
  
  All Files/Plugins/lang-1058.dll
- Size
  
  262KB
- MD5
  
  41c75e831a5571c3f72287794391a0e6
- SHA1
  
  0fe7a9a3c905d0376001a5c46edfc0000fa82bd4
- SHA256
  
  b3ad99afdaee3b9365e7a3ffcc44c2761e22a4f92dff5e5efdc52f6b08ea0105
- SHA512
  
  d3d03f3308db1862522127300127839aa44828d29622db20aea71e6a80a51247654e380d7a0126361d85774137826fc345ae368335bb1ea9c1c8995721daf432
- SSDEEP
  
  1536:yNbT+wDopP25xej01K1+KnohMEDdQPfYBRL37KCxr:gbiwo25xwKhTDd80Rp
Score

6^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Installs/modifies Browser Helper Object

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Installs/modifies Browser Helper Object

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking