ae56b160203721d6920ba3ab7224fecb24ee6ba0857559a7867e05cdc364ae05

Resubmissions

28/03/2025, 02:18

250328-crhdbssqz4 8

28/03/2025, 01:45

250328-b6dg9az1bx 8

Sharing

Copy URL

Twitter E-mail

General

Target

SlenderSetup.exe
Size

76.5MB
Sample

250328-crhdbssqz4
MD5

e17c53c83c2d738f6ecefc070394579a
SHA1

e2904c6d02f46126307688c2b7cfc2d5cc99a89a
SHA256

ae56b160203721d6920ba3ab7224fecb24ee6ba0857559a7867e05cdc364ae05
SHA512

ad604762d9e9f0d258de3a18c5bd30afd5fa3d50e7ce65351c7bb359be47189be23a72d0e09a4fc46b9d37b7202f0bea3aebdf5431d5a2ec2c68d0020cf47bd3
SSDEEP

1572864:QQ+e4h7TL9BH7t1GwCXknyYmaBcSrufGanp7GgtcQ3AsERUqm:QBe4N5YwCSpmaBcSruZkUE/m

Score

8^/10

Malware Config

Targets

- Target
  
  SlenderSetup.exe
- Size
  
  76.5MB
- MD5
  
  e17c53c83c2d738f6ecefc070394579a
- SHA1
  
  e2904c6d02f46126307688c2b7cfc2d5cc99a89a
- SHA256
  
  ae56b160203721d6920ba3ab7224fecb24ee6ba0857559a7867e05cdc364ae05
- SHA512
  
  ad604762d9e9f0d258de3a18c5bd30afd5fa3d50e7ce65351c7bb359be47189be23a72d0e09a4fc46b9d37b7202f0bea3aebdf5431d5a2ec2c68d0020cf47bd3
- SSDEEP
  
  1572864:QQ+e4h7TL9BH7t1GwCXknyYmaBcSrufGanp7GgtcQ3AsERUqm:QBe4N5YwCSpmaBcSruZkUE/m
Score

8^/10

credential_access defense_evasion discovery execution spyware stealer
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral5
- Target
  
  LICENSES.chromium.html
- Size
  
  8.8MB
- MD5
  
  2675b30d524b6c79b6cee41af86fc619
- SHA1
  
  407716c1bb83c211bcb51efbbcb6bf2ef1664e5b
- SHA256
  
  6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081
- SHA512
  
  3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485
- SSDEEP
  
  24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek
Score

4^/10

discovery
behavioral6
- Target
  
  SaveSetup.exe
- Size
  
  164.7MB
- MD5
  
  304b8c1d5efdc9674e543d19591910f6
- SHA1
  
  26cfad4a62ff0c544aeb1ffd1e8187fc0c28eef3
- SHA256
  
  4d660c578648a8d40df54fd94ac8247331517e8a332bc593e78fa3ea6bd58e3f
- SHA512
  
  6aa0fca92507ee0acefa0cef84378a6bc59f1b28df1b1fc4fecac8d9fd1e05d1ef4f6ae5402574458d93e23d9a0e24e3ca9badbe20e1fe1e2113e5f387235904
- SSDEEP
  
  1572864:wmIh9FimkfWTs6+LkanRWYS8a4lN+WTi6qSFK2u73JvPaKD2JsR2/tVBcpZOcrQD:OsFWY7ihS4kVP
Score

8^/10

credential_access discovery spyware stealer
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral7
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral8
- Target
  
  ffmpeg.dll
- Size
  
  2.8MB
- MD5
  
  14e00bf1d9d0df65f8b1a31240d474a8
- SHA1
  
  f9fe033725b7b1b5c0efce7a14ed7ab223cb32e8
- SHA256
  
  9d1eb0c6eb12bfa87e74a65c2fde5d61c4c93e21fb0800bbdccb6559527036a5
- SHA512
  
  652724450296a739de802ba8fac482953146f37665718446e448a350295e1e7b09bd460835bcd0ac26b2e54bb9b791624a9eea11e6c96573c7c4aed22450ed14
- SSDEEP
  
  49152:IF5qb84KtStWEK/Ju2lf3tAtiLHQVTf6yfcrhCHDXLl8+0LKSQ1SCu:IFvSkJXv+tiLAD0+D1S5
Score

1^/10
behavioral9
- Target
  
  libEGL.dll
- Size
  
  477KB
- MD5
  
  1dcf5ac3cb0dcda9c9679eeb018d01bd
- SHA1
  
  bc21697c5665aab5eaaba61f55719d43328f7e7c
- SHA256
  
  9cfc3001191e8b3eb9c96ba29e57e5bf9aaab264e83897e47cb968167a8a811b
- SHA512
  
  47d8769bf00cc7555479542abf5e0684799e424d9801dad8c6bd199680d9c40cfa2380d969515db7a0753cf6f3a9733b5afb931fe33863fe30a37092d8dc96b1
- SSDEEP
  
  6144:o8hd1BSjuMmof2SEXVVfgV8hxN7h2NIIEOg51f0FticyQ:o8DXSjZmof2SEsmN12NIIE7f0FticyQ
Score

1^/10
behavioral10
- Target
  
  libGLESv2.dll
- Size
  
  7.3MB
- MD5
  
  51378647d290f3a08affa8454a3d59d5
- SHA1
  
  32152a6677c82ea9e2e842baa907d708b46a6779
- SHA256
  
  80c2ef6ca6d0ff4877bd0c0bc082ff19c3a5002d53648bcf5f54368560f9a411
- SHA512
  
  ca90f5131d95fdb1e4a5cb7cb2bbef08676f70367b255270871754f776937994e34258084bf46437b25e1745728c279594d64e0718643eac0ac00cfc43d2c53b
- SSDEEP
  
  98304:1aUIRsMRk/yUt1ngliXWeamn0B8LfdAbvZ3gtT7:1anxRk/Pwzedpag1
Score

1^/10
behavioral11
- Target
  
  resources/app.asar.unpacked/node_modules/ilovingcats/dist/index.js
- Size
  
  412B
- MD5
  
  0b33e83d33b01a51625a0fdcbef42ce3
- SHA1
  
  1c29d999ff7da39426b97f2eb31a3d83db8f5fc7
- SHA256
  
  a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2
- SHA512
  
  1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c
Score

3^/10

execution
behavioral12
- Target
  
  resources/app.asar.unpacked/node_modules/ilovingcats/prebuilds/win32-x64/node.napi.node
- Size
  
  137KB
- MD5
  
  04bfbfec8db966420fe4c7b85ebb506a
- SHA1
  
  939bb742a354a92e1dcd3661a62d69e48030a335
- SHA256
  
  da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
- SHA512
  
  4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65
- SSDEEP
  
  3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
Score

1^/10
behavioral13
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/build/Release/node_sqlite3.node
- Size
  
  1.8MB
- MD5
  
  55c17fc28239b0e8ea873f9c9c4e2c02
- SHA1
  
  c1be46fc03e63eae5145018c1ee3e70b3af9338f
- SHA256
  
  85ec4e3bcec60ec481cd712b4fcbe83631d5ac1e189a87b08a33e1c85f206a66
- SHA512
  
  4d670cf1a2d88452b0d384044f0d0c0f83475e0844711df5420c0cfd0567ac6b655aa75fda81dd2f35bbe7db6c380f0b50e3c6f1d9506096ef17f8d3a8cab7d2
- SSDEEP
  
  49152:AVtIA1xRrGLYLn9M+BMPPivsICK9rzoNEqt:mtH4X3inMZt
Score

1^/10
behavioral14
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/deps/extract.js
- Size
  
  224B
- MD5
  
  f0a82a6a6043bf87899114337c67df6c
- SHA1
  
  a906c146eb0a359742ff85c1d96a095bd0dd95fd
- SHA256
  
  5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74
- SHA512
  
  d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240
Score

3^/10

execution
behavioral15
- Target
  
  sqlite-autoconf-3440200/Makefile.fallback
- Size
  
  547B
- MD5
  
  8ff4cdbeec29d794549a0aa48da06bc3
- SHA1
  
  7fd897fc720b6c9c6f760867c97a95431fa4693e
- SHA256
  
  67d473327dd92f5cad68fddb78b8bb3e8745aba851147945893e4db5a2b59892
- SHA512
  
  9871a654d8b140ad5d6768d385b86ba7f32927f8ed6374e62c93db99be4a40841f6900d648f33d07dc118b6ea93f00c45f53e4b675643b2b487c9c0df1ea1474
Score

3^/10
behavioral16
- Target
  
  sqlite-autoconf-3440200/Replace.cs
- Size
  
  7KB
- MD5
  
  335ee30449b5d0d52ab314dbff93d52f
- SHA1
  
  02c67258801c2fb5f63231e0ac0f220b4b36ba91
- SHA256
  
  74ba0687a84c328df2836f73d7d36368099a5f5c1c360a84211e51fa71f1dfc0
- SHA512
  
  02f40bc955c833105811f78471e29f062c1cebfe4bd96ffba941670c0026ad5bbc81f336b7c2c6b9f804c67ed46c9dabab927ec0fb4c709bd7a049454f27073a
- SSDEEP
  
  96:lJC/3zjNPMMQIQBmajlyM3px6D3t1KO4vNoHyJ:l0iAM3vlO4vNcyJ
Score

3^/10

execution
behavioral17
- Target
  
  sqlite-autoconf-3440200/aclocal.m4
- Size
  
  364KB
- MD5
  
  6f9e7a7b0ab591c27b3cbf01a3c1036a
- SHA1
  
  1f464e1017c18769c630a1d4fbfe9acd57a303ec
- SHA256
  
  a459cf9e72aa3bf51c748226e37c2e192144047e3b1a5173119b92fa62f2bf82
- SHA512
  
  aa0aec1a3442ecf4bbcdb908f32d72803e0988ca0b3d6ebaf32a49a2a898328c3bb71cf77ca3b062d55ccec9d86953fa52ddf02460d7724de09a4efb38d8ef7d
- SSDEEP
  
  6144:tdAwSQSqrgHFnOvwYAU9FWgi/2WDg5+YaNk56cHrYw+Zg+XrZsGEREYRGAFU25tt:rAtM7E0LQNnc
Score

3^/10

execution
behavioral18
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3-binding.js
- Size
  
  59B
- MD5
  
  8582b2dcaed9c5a6f3b7cfe150545254
- SHA1
  
  14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81
- SHA256
  
  762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c
- SHA512
  
  22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d
Score

3^/10

execution
behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3.js
- Size
  
  6KB
- MD5
  
  275019a4199a84cfd18abd0f1ae497aa
- SHA1
  
  8601683f9b6206e525e4a087a7cca40d07828fd8
- SHA256
  
  8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973
- SHA512
  
  6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0
- SSDEEP
  
  192:QoM2Wd0WmO6pM+tPtVRhoh3hG/h1goWPQfAcCy7gPQbQwZQiR893+9dY:npM0I6aPkd/K
Score

3^/10

execution
behavioral20
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/lib/trace.js
- Size
  
  1KB
- MD5
  
  e5c2de3c74bc66d4906bb34591859a5f
- SHA1
  
  37ec527d9798d43898108080506126b4146334e7
- SHA256
  
  d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f
- SHA512
  
  e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5
Score

3^/10

execution
behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/sqlite3/src/backup.h
- Size
  
  6KB
- MD5
  
  29dd2fca11a4e0776c49140ecac95ce9
- SHA1
  
  837cfbc391c7faad304e745fc48ae9693afaf433
- SHA256
  
  556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9
- SHA512
  
  5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021
- SSDEEP
  
  192:jXmQS7rRLcxPsPVHXmIXYIyx15kPhw0Io:j2QS7rRLOPs5e0
Score

3^/10

execution
behavioral22
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral23
- Target
  
  vk_swiftshader.dll
- Size
  
  4.9MB
- MD5
  
  0b0658bf4f8cf397e1deddc50d67523f
- SHA1
  
  8fcf0726ee1272a3d5c65d50be1626f1b1f49477
- SHA256
  
  94adcd97d1cdd459d21f0b5b57e0caf4c5c6e44f7bc6fc6a73f0bd133e8d551e
- SHA512
  
  d745424644b66783dc8cf6dd043f27356f25afcda679ed43672fc0caf33c7339006f033e0fb392c865a5eb3e9f0e5edf37154e77121ba5a71893420da26b7cd5
- SSDEEP
  
  49152:26h3a0f1ABi1jP9LoS8lne0Zv8EgHI7JXYN3bgFNmEgMYmz2qA0Mr7wsVUsNCOzw:Xh3aMXoSHfPwksHldLiuNr
Score

1^/10
behavioral24
- Target
  
  vulkan-1.dll
- Size
  
  931KB
- MD5
  
  d421ae53119ed85e1e90b073eb51d7d2
- SHA1
  
  014f0f98a2271d385d57152a15f5d8a763d27c14
- SHA256
  
  3a433f9cbee4cc89ac58917f1872ee0f38ba451760d4bba6f37712f0c8179b7a
- SHA512
  
  8b36d24496ff5253a375ee72de616cbc165f815f8d1ee339955b922846b1e0de015f86ff45b8ab710d0ecf162fe3c6c801774b889cdfc35feb6baf5d12d67bdd
- SSDEEP
  
  24576:iYWOq/4Kt/Ku8n387ecbFb6Z5WoDYsHY6g3P0zAk7sa:iY65/M387R56Z5WoDYsHY6g3P0zAk7s
Score

1^/10
behavioral25
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral26
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral27
- Target
  
  $R0/Uninstall SaveSetup.exe
- Size
  
  136KB
- MD5
  
  47290fe8abedb0dd98b3c0148a257a76
- SHA1
  
  c479144a04b2c3dccd9432679a8c8bc97372585b
- SHA256
  
  bd38144ac0c2667d3a7f3f3054eb93362009f507b79b05a60a77159e0790c3fb
- SHA512
  
  a78c67d03765bc5eb289fc28638a8511a45d44725ad8ba39cc98effbdacc8282d2571c5f699ae5d187f0502be612baf8b1ce2caa2bc4146e82fb52a047322f9d
- SSDEEP
  
  3072:in77v00hEoDEtaucceAYOp4NRuZ4UraH2tvhOEA1RJCir86SrSrv6Ia3q:i740IsmfU0xs2t0EyL+yaa
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral28
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral29
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral30
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral31
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral32