Overview

overview

10

Static

static

3

spoofer.exe

windows7-x64

7

spoofer.exe

windows10-2004-x64

10

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-22.04-amd64

1

resources/...c.node

ubuntu-22.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-20.04-amd64

1

resources/...c.node

ubuntu-22.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-22.04-amd64

1

resources/...c.node

ubuntu-22.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-18.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-22.04-amd64

1

resources/...c.node

ubuntu-20.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-22.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

resources/...c.node

ubuntu-20.04-amd64

1

resources/...c.node

ubuntu-18.04-amd64

1

resources/...c.node

ubuntu-24.04-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    spoofer.exe

  • Size

    72.6MB

  • Sample

    250328-wzx9asztb1

  • MD5

    f06fcb2b9cf6e48c978de8140a9895f3

  • SHA1

    b4efe7dc8c3701f38daf2aaf74ef088d1ac48d04

  • SHA256

    b2665f90c1c54dcc77aa3cc62acde7f92101b570159a13dc7c5b774665a9bee6

  • SHA512

    b2ea578a7f59af51b81fb43f459dea81981310096290a83fb8e4a6c809b5f5e03938c4aebc0f721522471055bcf5a64a93b5f1d5cced4283941eec9b7188f15b

  • SSDEEP

    1572864:Y4gPXMouRfKSSloORl5ojezrH9PotADF1bp4HJNTD7dFGuzg07/R:Y4AcHRfmoORwjeNllpMNTF4uzg6R

Score
10/10
collectioncredential_accessdefense_evasiondiscoveryexecutionimpactlinuxpersistenceprivilege_escalationransomwarespywarestealer

Malware Config

Targets

    • Target

      spoofer.exe

    • Size

      72.6MB

    • MD5

      f06fcb2b9cf6e48c978de8140a9895f3

    • SHA1

      b4efe7dc8c3701f38daf2aaf74ef088d1ac48d04

    • SHA256

      b2665f90c1c54dcc77aa3cc62acde7f92101b570159a13dc7c5b774665a9bee6

    • SHA512

      b2ea578a7f59af51b81fb43f459dea81981310096290a83fb8e4a6c809b5f5e03938c4aebc0f721522471055bcf5a64a93b5f1d5cced4283941eec9b7188f15b

    • SSDEEP

      1572864:Y4gPXMouRfKSSloORl5ojezrH9PotADF1bp4HJNTD7dFGuzg07/R:Y4AcHRfmoORwjeNllpMNTF4uzg6R

    Score
    10/10
    discoverycollectioncredential_accessdefense_evasionexecutionimpactpersistenceprivilege_escalationransomwarespywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Creates new service(s)

      persistenceexecution

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-0.10/deasync.node

    • Size

      7KB

    • MD5

      1e618351faea6e9c751b9ea4f9e876fc

    • SHA1

      238651059b169b78832118b41ea4177293e105e0

    • SHA256

      ba8d7856d6998e2b1dc31606ae2e4649f626158d9fa216ad8e9e2b2342f466b3

    • SHA512

      e732a594e71bb3f3421f6c1b690454f84893e3c15685d320b216f9f55c4b2020aab0ac760a24729b18c6ef7980abc6fd796c010b0389fdc634734b1f8af593c5

    • SSDEEP

      96:QSik5IkmaBWBP+JUIo1aY0EC0BXyPaKubFUAlKEcU1pp2j6tcqUH0rcf7aJuBz64:VX8pEUd1JC0BXiAbpcUi0wfYuhb4M

    Score
    1/10
    behavioral7

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-0.11/deasync.node

    • Size

      7KB

    • MD5

      e73515b1fb742bb08bca12e3b983c2be

    • SHA1

      b052e420c71f91b2aa7ad76f917e87fc640d844b

    • SHA256

      8c9a267ed39869a926b3606e0c10910a3fa6a6a1708b329b4361eb433b336675

    • SHA512

      0415634410e80051f6256ebefaf5f807b232f1266d4fe7c86b5b73d95cd749d3d48ec9996d287ac0f5cc6f46100388012d42e5e5e16a5e28c8791263f6fa20b0

    • SSDEEP

      96:BkAriBWBPhIAasI8EaLzUwpQ1FrhYSo/sQU9tX0yyYLM1R3O4xCgf77F60hBCB8c:CF8pSAKtZw8FrgCIqgf/hQmro

    Score
    1/10
    behavioral8

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-0.12/deasync.node

    • Size

      7KB

    • MD5

      e73515b1fb742bb08bca12e3b983c2be

    • SHA1

      b052e420c71f91b2aa7ad76f917e87fc640d844b

    • SHA256

      8c9a267ed39869a926b3606e0c10910a3fa6a6a1708b329b4361eb433b336675

    • SHA512

      0415634410e80051f6256ebefaf5f807b232f1266d4fe7c86b5b73d95cd749d3d48ec9996d287ac0f5cc6f46100388012d42e5e5e16a5e28c8791263f6fa20b0

    • SSDEEP

      96:BkAriBWBPhIAasI8EaLzUwpQ1FrhYSo/sQU9tX0yyYLM1R3O4xCgf77F60hBCB8c:CF8pSAKtZw8FrgCIqgf/hQmro

    Score
    1/10
    behavioral9

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-10/deasync.node

    • Size

      12KB

    • MD5

      32bfb4d8f7c93cf3514b03a54b5fdfe4

    • SHA1

      ade02a1cd5a63f30c9a8e9a59da7be1fa1da3af1

    • SHA256

      b85e37fdac8fae3edd6e9f0b6784c10bd81b7c4e67b24cf3c19f76ff0e260a39

    • SHA512

      c65799079acaabd4f941a8f40344aa60cd5797bb3010266e1f7b7e52821f2175bf4da081ce5cbb9f2d67cfbbdcd90f53012b1bca4e5160607a911e2fa76fdb3c

    • SSDEEP

      192:bd8p5FKBSGPZfYZTbbR2xgvZg4nqnljPg7hlFaWi/Zz47ABlo:b2FsQTbMuniljPh/By

    Score
    1/10
    behavioral10

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-4/deasync.node

    • Size

      12KB

    • MD5

      d75ef340d8ed8930e36cec41aea4c98a

    • SHA1

      489054dc8cd4d97b82cbe2bbe3e9ccd08c0c2aad

    • SHA256

      1a2941e905cde3b321092a881eb70fbf85ccc222314887f25fde0feb4f94476f

    • SHA512

      1738049f2f0ee1106a0ee44ccd268e7ae70f8288f8b348d7506fd0eff54119de8865abb8f15385621a7d25dc1874fcb30bf71fbc4f003f83c0890d6ddce1c94d

    • SSDEEP

      192:X8p55KBFvmwVI1n0zid2tYJgyhgf+Wqfl/ihs:s51YmJgV7s

    Score
    1/10
    behavioral11

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-5/deasync.node

    • Size

      12KB

    • MD5

      4792a2369c349b595f617a6eb21f0c23

    • SHA1

      02ea0b31ce914c552302d57df1812b8bdbe6edd1

    • SHA256

      2ff680b9fbad47817c48435847b128807f3a88d11ad8e0aa8791d8bb723b5b4b

    • SHA512

      6cf1cb74c7156d16285e43b0b0c22f065244588247c9698fac4a420990caf69d2d3422e80c07b0b1cc6866e4048717362d81c59877fa291ab9a009f5ec0791b5

    • SSDEEP

      192:G8p55KBFvmwVI1nLVid2tYugyhgf+Wqfl/ihs:N51lmugV7s

    Score
    1/10
    behavioral12

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-6/deasync.node

    • Size

      12KB

    • MD5

      4b29664ae4acc4b68b9c6ad3b4ee6013

    • SHA1

      5761104d4b77f2e2c73e69ed83c357aec857d43e

    • SHA256

      a5fafd14fa4d8fcad200363dcc6d030a6e95198cc5258cf8c9224f504563171c

    • SHA512

      c94b3c3dea65d94be91402cba19d211ce0c0fbe2b3019d12accfb5b0948c308f32c46650bdca3b09ec72e0274f4d8c197eeb4c4ff20001b7e0c826020abe4669

    • SSDEEP

      192:98p55KBFvmwVI1nLDid2tYRgyhgf+Wqfl/ihs:W51fmRgV7s

    Score
    1/10
    behavioral13

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-7/deasync.node

    • Size

      12KB

    • MD5

      a5260dffbf5f85686c5eae0b08ab8cef

    • SHA1

      bd338d5260253cb29a78020cb219fe154e4bbbcf

    • SHA256

      dac86300142aeb2c82afafb2be80bdbc15266716fd23006f39993204ec753b12

    • SHA512

      768a4d53f37b223af9503da5610675f1b63169d79e254177368f121ec869183ba30fb962df8ef0586b4a204477283f0008fafd8606181dfd10c83992298d6897

    • SSDEEP

      192:mz/8p5FKBF6mY3Rjlb7KcyYhXUb38mo94hlFaWis47Aalap:wkFTb1yYWbZoLs/

    Score
    1/10
    behavioral14

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-8/deasync.node

    • Size

      12KB

    • MD5

      59d10bfeb449924f8a94718f0c7f493d

    • SHA1

      c2a376a6b3e11bb08b220f5333b64c86db3cd4e5

    • SHA256

      390d514ecf093ddcb2059eda475eaba8047c8972fbb0c208f0a2cf7d07d0d622

    • SHA512

      471a057794e5b1a64af4a1d00cdb36d042d6b167294096eefc529fe2171e14636f7db0faca7ccb73bb8af9d88a9d2ebcf5ea4f80be0c35ac0dd72ca45549e648

    • SSDEEP

      192:m0/8p5FKBF6mY3Rjlb76cyYhXOb38mo94hlFaWis47Aalap:vkFTbFyYMbZoLs/

    Score
    1/10
    behavioral15

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-ia32-node-9/deasync.node

    • Size

      12KB

    • MD5

      05ab05e5f047b26b216531e724cca2c3

    • SHA1

      5dfa40b2b7a7767a25f7ff2b63f787e6dcf59b4e

    • SHA256

      2ef7e384231f3fe4ac83a75edd74ce86373258bd9ec33c9c640a02fbb5c40d03

    • SHA512

      b51b163e95b29e9f8248442218c47034020544d70651b31d656c1b9cb956a71bf7aee11a50d5f7138ad8cf77abe08159da64bece1237907e33d7f409d75ff050

    • SSDEEP

      192:mN/8p5FKBF6mY3Rjlb7KcyYhXsb38mo94hlFaWis47Aalap:SkFTbVyYubZoLs/

    Score
    1/10
    behavioral16

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-0.10/deasync.node

    • Size

      9KB

    • MD5

      7d3238fe9ff12cff8cbf681853b26937

    • SHA1

      c12555cf13707728226aa8367c5ad0fb1035648b

    • SHA256

      834598193babc22bee11867dd49fb5422b2c252682816fa33e25eb6b37fcb71a

    • SHA512

      936dc818bf479eb9b9f935990f1eb5e44d95bcc71d47ffba2f250aabcedfe51706906f728389c183ecdbab68af12ca980e7e3b359dc25a4ad6a9e1bd85e736fe

    • SSDEEP

      96:Ra71wUv+JUIo1aGE9nWi7n49bxHRgTlUprW+tQcVoutcOjW7q5tk5NOui+:RaWUvEUdQ9nWH7rAm5tk5b

    Score
    1/10
    behavioral17

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-0.11/deasync.node

    • Size

      13KB

    • MD5

      dab1d2054f5ebd0e6100f36bcd3812fc

    • SHA1

      7e4f0f53f8f5e244fd79ea802bc6b5ff1630dfe5

    • SHA256

      2c3b0d455b452b1126c644b5a4a345e5c1b1cb21fc32001b8566898e7e7ae0ad

    • SHA512

      d907353d326f81a7f64f01cc95f44646d29609d7fff3872414e6fb01ed5087a70be3264d824befe7ffbfb51b8d886da9cd9d71fe46f5e6fa34203e81be28744d

    • SSDEEP

      192:RI8pSAKtocw9vVXXazARVfT0a2gffhQmSBo:GAltnEARVfB

    Score
    1/10
    behavioral18

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-0.12/deasync.node

    • Size

      13KB

    • MD5

      1a70ddb29898bc9d35e4d7864eecb9ea

    • SHA1

      c9ebdc2e89969ab828a21334f6f9ee71f5cb7d6c

    • SHA256

      6f9538e90abc0a8d339776e8a154e3130886d69330c0b5e2b6676df941ff7984

    • SHA512

      d5583c66947842387d03b6fa256b1eb59c9ed45f1498f58e55795aa69f6fd766c3af884c04bfd936a2270f652d1d239301c97373866f2ed64ca57a8eb0a2464e

    • SSDEEP

      192:RI8pSAKtZwyX5cQVzY2lzArbc2BKgfQhQmro:iAkX5cmM2dA02BUo

    Score
    1/10
    behavioral19

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-10/deasync.node

    • Size

      29KB

    • MD5

      596a14f93497f29341a3666785eacee8

    • SHA1

      0d5ba208345becf71e47a2053f20718ec02a21bc

    • SHA256

      7a0d4b4c6892b92311f0ded43b816a9f59760f4f77399ddf36e3186776fb81bd

    • SHA512

      4d015f2a9fd86bcb3c29804960f7e6ce0403b65ca810b4b132736797cda6fc27037917e221914cafc0744ed7a7731bf405c2a73a922cdacfb36b4be91f5ae793

    • SSDEEP

      384:uhyhOovlbBshMReu6mv3xzCF4dmR9XKwfLhIDm7/gZJdtqxaA6FKocKyVJxKIe:ZbBVe+P1CFBIGo7dtxKzKkK

    Score
    1/10
    behavioral20

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-11/deasync.node

    • Size

      29KB

    • MD5

      f4d9e2d9e0d407b4f5e0834229e780ca

    • SHA1

      1c4bb7a5cf1ef024349b01bdb4578057438d3270

    • SHA256

      e52248e6e3c07da1eafbb75b24437834969e7e1c43e5239a81d4d5248786d305

    • SHA512

      b44221c0686ea6d90e59a7d86cdc77d2ab78074f7a076c0ec2a025ccf3c8356fc18babe24332005c7419ab476530e2b5e4e8a8bd37cd20a3cf87e876171e1128

    • SSDEEP

      384:ChyhOovlbB5xPYp9Ki2QD11mmPATFRjguIYNmK/WZSwEaA6FKocKyVJxKIeu:lbBcpcU1GREaNHqSwZKzKkK

    Score
    1/10
    behavioral21

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-12/deasync.node

    • Size

      29KB

    • MD5

      f4d9e2d9e0d407b4f5e0834229e780ca

    • SHA1

      1c4bb7a5cf1ef024349b01bdb4578057438d3270

    • SHA256

      e52248e6e3c07da1eafbb75b24437834969e7e1c43e5239a81d4d5248786d305

    • SHA512

      b44221c0686ea6d90e59a7d86cdc77d2ab78074f7a076c0ec2a025ccf3c8356fc18babe24332005c7419ab476530e2b5e4e8a8bd37cd20a3cf87e876171e1128

    • SSDEEP

      384:ChyhOovlbB5xPYp9Ki2QD11mmPATFRjguIYNmK/WZSwEaA6FKocKyVJxKIeu:lbBcpcU1GREaNHqSwZKzKkK

    Score
    1/10
    behavioral22

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-13/deasync.node

    • Size

      29KB

    • MD5

      f4d9e2d9e0d407b4f5e0834229e780ca

    • SHA1

      1c4bb7a5cf1ef024349b01bdb4578057438d3270

    • SHA256

      e52248e6e3c07da1eafbb75b24437834969e7e1c43e5239a81d4d5248786d305

    • SHA512

      b44221c0686ea6d90e59a7d86cdc77d2ab78074f7a076c0ec2a025ccf3c8356fc18babe24332005c7419ab476530e2b5e4e8a8bd37cd20a3cf87e876171e1128

    • SSDEEP

      384:ChyhOovlbB5xPYp9Ki2QD11mmPATFRjguIYNmK/WZSwEaA6FKocKyVJxKIeu:lbBcpcU1GREaNHqSwZKzKkK

    Score
    1/10
    behavioral23

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-14/deasync.node

    • Size

      29KB

    • MD5

      596a14f93497f29341a3666785eacee8

    • SHA1

      0d5ba208345becf71e47a2053f20718ec02a21bc

    • SHA256

      7a0d4b4c6892b92311f0ded43b816a9f59760f4f77399ddf36e3186776fb81bd

    • SHA512

      4d015f2a9fd86bcb3c29804960f7e6ce0403b65ca810b4b132736797cda6fc27037917e221914cafc0744ed7a7731bf405c2a73a922cdacfb36b4be91f5ae793

    • SSDEEP

      384:uhyhOovlbBshMReu6mv3xzCF4dmR9XKwfLhIDm7/gZJdtqxaA6FKocKyVJxKIe:ZbBVe+P1CFBIGo7dtxKzKkK

    Score
    1/10
    behavioral24

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-15/deasync.node

    • Size

      29KB

    • MD5

      d2a6df4353ae905a7a79c45e820c7762

    • SHA1

      3edab30c70722bbc22375ee4793db74333221ce2

    • SHA256

      0382de0d0eb50240cf29c23a780b5fe026933ce296171cedd1fe4ccc8d7e1acf

    • SHA512

      2c7e846629ef0f98976d07bf6114850372ad4ee7ba83780a07cf35991fe16d90178c41c729db2530336fb171b8da16145607991a30968ed5addf8d4aa068d542

    • SSDEEP

      384:3+td8z5hUJB4Z9ZJdROYHc88BmvNWnz0HDO8SlqHCxjtm5/vTgA1K6cKyhJqjxKO:3+7B4LzrN0yDO8qxt23K1KfK

    Score
    1/10
    behavioral25

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-16/deasync.node

    • Size

      29KB

    • MD5

      d2a6df4353ae905a7a79c45e820c7762

    • SHA1

      3edab30c70722bbc22375ee4793db74333221ce2

    • SHA256

      0382de0d0eb50240cf29c23a780b5fe026933ce296171cedd1fe4ccc8d7e1acf

    • SHA512

      2c7e846629ef0f98976d07bf6114850372ad4ee7ba83780a07cf35991fe16d90178c41c729db2530336fb171b8da16145607991a30968ed5addf8d4aa068d542

    • SSDEEP

      384:3+td8z5hUJB4Z9ZJdROYHc88BmvNWnz0HDO8SlqHCxjtm5/vTgA1K6cKyhJqjxKO:3+7B4LzrN0yDO8qxt23K1KfK

    Score
    1/10
    behavioral26

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-17/deasync.node

    • Size

      33KB

    • MD5

      0b3a4ba2ccaabb3f771927624ca1d625

    • SHA1

      2cd8bd9c308a8b62d0f836942fbf91a62bebdb69

    • SHA256

      89c9419240d2d217ee72ad8a49db0cbbdc8d5aa65dd6dd92cb6505dd4cb2df8c

    • SHA512

      05933d00ccab4dc507694b28d20bad423c90d4ebd130acb43f344f2c5477edff417c293d20644afdd9026651285dcdf6d505adb7267abe01966f6cb8957af0da

    • SSDEEP

      384:sYWNz5FSQ8B4Z6adKdL5HsnHvB25ftSSR28188fhJWaVl1xme1/OKpbAtSK6aMKS:ssB4DKFZ/zR2Q8EWaXmU3XKEKfK1

    Score
    1/10
    behavioral27

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-18/deasync.node

    • Size

      33KB

    • MD5

      38a033fc9f379752d47b1c12b634f718

    • SHA1

      5e23d4fec8edd9c82d0d368e3177682e446822e2

    • SHA256

      bfc462b4b9ffd6933d93d60d2780cdd4c19c50cb0f149b6d87b00fd67fe683f7

    • SHA512

      f5b311e02435533fa17ffbe805c9b1bcf4498733f26a859b32f4ef43bcc202606c03d695b49bd932ebd783981f3ff58b792cdecb764883331ab982fd3011e244

    • SSDEEP

      768:rB4DNKqiaSKC6yqiaSKC6yldVNF91tldVNF91tldVNF91tldVNF91tIg4Q//2evQ:rB4c5Q/WFNJ3KMKnKKH

    Score
    1/10
    behavioral28

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-19/deasync.node

    • Size

      32KB

    • MD5

      07a6505a7a9aed27deadad0649aa8170

    • SHA1

      6d6abdf3b3f4b1a91c7dcfc9d09dfe51d3ca3dab

    • SHA256

      b1c9c5d9993f05f0da24fc8f7f680f4fdd2ebb91b91b9b1d7b0f4310267fb4ed

    • SHA512

      a35d65656ef70e8602528ce8108f43b8570eaf867b538715b0cc545c9ee213a48d1bda3b08e01f2a714747a0a9f9b8f4069a2d504b5cd9923b52d2012106d32b

    • SSDEEP

      768:IB4jr1a6yqiaSKC6yqiaSKC6yldVNF91tldVNF91tldVNF91tldVNF91tIlW9Tx8:IB46XG3XZmIDH

    Score
    1/10
    behavioral29

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-20/deasync.node

    • Size

      32KB

    • MD5

      be6d0a6c1d19ff164532ba0fef563c31

    • SHA1

      c562329340e2416efcb0d2f0b474070a43aa0b24

    • SHA256

      ab49a0d5398d51805a48895a9cc97b9199d39ca00c18f9cb9d3a23e6dd480a11

    • SHA512

      8dff6d2e454a4faf8371e817e9471696079c5845826b61bc077d0dc866329628151d420a521efcec45515b097dc1b99e01d4e1d081935e7637bd273c9550aacd

    • SSDEEP

      768:/B4vWa6yqiaSKC6yqiaSKC6yldVNF91tldVNF91tldVNF91tldVNF91tIlW9yHvC:/B48HvaYHXmIaH

    Score
    1/10
    behavioral30

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-21/deasync.node

    • Size

      32KB

    • MD5

      3d7b59d0c7f7646db32f7a1e69295a89

    • SHA1

      f2b943dfba18fc39a84fe6f74f5321d8700494d2

    • SHA256

      4593728f4e9e2fad3f70c7873f28d3a15967ba7aa726880a30a12c4a02746ce7

    • SHA512

      ecafa88db938bee4a394594038d76639591859a5b631bd7586ba222930d89cf0a5b95fffdee39fbf30ced43783a51edd9531391282a759922427a04b57af52c8

    • SSDEEP

      768:VB4vWa6yqiaSKC6yqiaSKC6yldVNF91tldVNF91tldVNF91tldVNF91tIlW9HHvC:VB4BHvaYHXmIaH

    Score
    1/10
    behavioral31

    • Target

      resources/app.asar.unpacked/node_modules/deasync/bin/linux-x64-node-22/deasync.node

    • Size

      32KB

    • MD5

      3d7b59d0c7f7646db32f7a1e69295a89

    • SHA1

      f2b943dfba18fc39a84fe6f74f5321d8700494d2

    • SHA256

      4593728f4e9e2fad3f70c7873f28d3a15967ba7aa726880a30a12c4a02746ce7

    • SHA512

      ecafa88db938bee4a394594038d76639591859a5b631bd7586ba222930d89cf0a5b95fffdee39fbf30ced43783a51edd9531391282a759922427a04b57af52c8

    • SSDEEP

      768:VB4vWa6yqiaSKC6yqiaSKC6yldVNF91tldVNF91tldVNF91tldVNF91tIlW9HHvC:VB4BHvaYHXmIaH

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

System Services

1
T1569

Service Execution

1
T1569.002

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Modify Authentication Process

1
T1556

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Access Token Manipulation

1
T1134

Create Process with Token

1
T1134.002

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Access Token Manipulation

1
T1134

Create Process with Token

1
T1134.002

Direct Volume Access

1
T1006

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Authentication Process

1
T1556

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Modify Authentication Process

1
T1556

Steal Web Session Cookie

1
T1539

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

Query Registry

4
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Inhibit System Recovery

2
T1490

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

collectioncredential_accessdefense_evasiondiscoveryexecutionimpactpersistenceprivilege_escalationransomwarespywarestealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10