Overview

overview

10

Static

static

10

Data/Apple...ct.dll

windows10-2004-x64

1

Data/Apple...ct.dll

windows11-21h2-x64

1

Data/dll/ACEEXCL.dll

windows10-2004-x64

1

Data/dll/ACEEXCL.dll

windows11-21h2-x64

1

Data/dll/A...ed.dll

windows10-2004-x64

3

Data/dll/A...ed.dll

windows11-21h2-x64

3

Data/dll/Bass.Net.dll

windows10-2004-x64

1

Data/dll/Bass.Net.dll

windows11-21h2-x64

1

Data/dll/B...er.dll

windows10-2004-x64

1

Data/dll/B...er.dll

windows11-21h2-x64

1

Data/dll/D...ex.dll

windows10-2004-x64

1

Data/dll/D...ex.dll

windows11-21h2-x64

1

Data/dll/H...rp.dll

windows10-2004-x64

1

Data/dll/H...rp.dll

windows11-21h2-x64

1

Data/dll/I...er.dll

windows10-2004-x64

1

Data/dll/I...er.dll

windows11-21h2-x64

1

Data/dll/M...ay.dll

windows10-2004-x64

1

Data/dll/M...ay.dll

windows11-21h2-x64

1

Data/dll/M...es.dll

windows10-2004-x64

1

Data/dll/M...es.dll

windows11-21h2-x64

1

Data/dll/M...sh.dll

windows10-2004-x64

1

Data/dll/M...sh.dll

windows11-21h2-x64

1

Data/dll/M...gl.dll

windows10-2004-x64

1

Data/dll/M...gl.dll

windows11-21h2-x64

1

Data/dll/M...eb.dll

windows10-2004-x64

1

Data/dll/M...eb.dll

windows11-21h2-x64

1

Data/dll/M...rk.dll

windows10-2004-x64

1

Data/dll/M...rk.dll

windows11-21h2-x64

1

Data/dll/M...nt.dll

windows10-2004-x64

1

Data/dll/M...nt.dll

windows11-21h2-x64

1

Data/dll/M...ds.dll

windows10-2004-x64

1

Data/dll/M...ds.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ꜱᴀᴛᴜᴘ__0ᴘᴇɴ.zip

  • Size

    46.6MB

  • Sample

    250417-fanqkaywcs

  • MD5

    cc8aa60492ff139f53a8bec66c8ee8aa

  • SHA1

    f489a8f792a9f1ce92dc86ee7042c0d39fa33043

  • SHA256

    2705018412749bb3e11bca68ba5d7052261f539a57d29437178de804757a4b2b

  • SHA512

    0e60aeb7156d1947f2fc955940b09870eb8159263b479e6144f9bd20c1885977706785b9ccc7afb6305acde7493fc345601b84d96cdbe22830e04b68aa856ab6

  • SSDEEP

    786432:zXpgiwvC/XLV7LpQNGY+bIl5+GZkWNb9uPaoh3Xaxp:z0YRLpE+k

Score
10/10
hijackloaderdiscovery

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\dwekxkof

  • inject_dll

    %windir%\SysWOW64\input.dll

xor.hex

Targets

    • Target

      Data/ApplePushDirect.dll

    • Size

      330KB

    • MD5

      164bfd15b9b72d30fa41f10e74f0fa65

    • SHA1

      6d0c942f112ab638d5c289037e28d1ddcc6059b7

    • SHA256

      106beed1c918f3e12c3923a24b94eb496745e19eb8baed5453f372a6af6e9797

    • SHA512

      563b6b2966280cade7621fcfb8b1a46304c622ae769e36b1c77d455bfe706e6442f1ccf17fe6076f186a8b646add028ee2c5e7f7d0caa40019075c219bf6d765

    • SSDEEP

      6144:TY58WhWl3pxBzVIlaqeO6Ie6SsNlX75jsyELMzOH6HXH8oSZv:Y8N3pxBzV5qeOY6zjsysMzOhZv

    Score
    1/10
    behavioral1behavioral2

    • Target

      Data/dll/ACEEXCL.DLL

    • Size

      877KB

    • MD5

      84784ef516d810edd01e7ec2775246e1

    • SHA1

      7b6a9b90031270bd4868af5ab5e7175ab30d5efa

    • SHA256

      65077d9942193aa89e119b86ed6e26cbed159acb13faaae6e6503aea0564e780

    • SHA512

      4906c8f0633d948c7157ed71b58b83f5469259ce8b89ed7c5c2d3f0945781e73a8474901a0246e04d0da1ef9a861f1523d1f3c87f5924bdeef0363581e3e2b48

    • SSDEEP

      24576:A3J0CDIaR9lz/h9WKx+LBomqFZ5sG8K9mTdggOH0lG48CXa:A3J0CDII/HFZ5sG8K9ms

    Score
    1/10
    behavioral3behavioral4

    • Target

      Data/dll/AsTaskSched.dll

    • Size

      25KB

    • MD5

      b136d684bf99333f405b3b437341464e

    • SHA1

      f0198b0df13ed8d5bb3e7488e98c3402b81ce88a

    • SHA256

      a9a55f0fb356fcb27acd17b94a28224afeea35c149abf881615c796ff063692d

    • SHA512

      36004e56f3d4406b317d268c140c4a524d03433e3c65dda8c2f54513923d620a2a27aae175632e035ee00523a75605a1337e8f96cde95acf6944f65a73c84282

    • SSDEEP

      384:3bgodob6DWgGr44EDIn+sQnObRSO78G3e7bPTLsAzHIYixon6d4i/8E9VFL5NgF:tI6xGr44EDA+6SOQG3c7TLn8YiNeEqF

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      Data/dll/Bass.Net.dll

    • Size

      676KB

    • MD5

      e0f9ca774f0e3b40d42de2793f46245a

    • SHA1

      9c2e4403e0b5123196b0118fc6678d305a246efd

    • SHA256

      5edc14702b84ebed5653a6cbf64b3a06ffe4e500be10d449a0c68e5a2040f9ef

    • SHA512

      896e83ac8fe989369bc8f433242e5d0cc03611a24c3376d7f5662b1a0d252979f2a4329b9287f72d5903a82880facea393720fe105aeeb2138ec3315dd4ceb37

    • SSDEEP

      12288:YhAilLJOTeBtAnoxmbkq+ll9iBzrBFmVTmrBVv9lRVsg:WAilLJ3AoxdizFmVKrBVv9lRn

    Score
    1/10
    behavioral7behavioral8

    • Target

      Data/dll/BravoInitializer.dll

    • Size

      394KB

    • MD5

      b13646befef8de3539495fd854aab267

    • SHA1

      aa43053d7839f8b48649003d500282724dc69cda

    • SHA256

      569664629da1fd68a16e1717514ce830dc97597ec3590bcf10b5619b0048abb3

    • SHA512

      e415e0db65f313b5e372ac42a9a11d0568c394040a1da963006b1d0792475105427a05dae4b25a70ef83a6644debb88c0c1a4a3904ce4769e819bc6807a84ca2

    • SSDEEP

      3072:nxEKUQt3Nhve91V1DgCdST+MsvWTzyTz1MiKNaRI6kJCsS5jAQ9hRCGPmyB5nJjY:S0WIIsS5rfjpHdDtyeCM0pAOlqFYX5v

    Score
    1/10
    behavioral10behavioral9

    • Target

      Data/dll/DirectXTex.dll

    • Size

      556KB

    • MD5

      4ade9b8e9a6cd1cb891913b7ca1a9025

    • SHA1

      7d07b083066193dedbabc7d2ef1c7be53dcd99da

    • SHA256

      54e9bf1f9a7f0a4c1614dbee46b43f3e57e19381f9131480f8e3fb956946d7d5

    • SHA512

      079b570c74e1a03e889ccb75d0425759d9a8e843c8a29b31dfb1b1655f4b353441f574154813e7e2fa2980bfce600e42d6f2bc5f2add70227ac324c3fea8a425

    • SSDEEP

      12288:y3o487nEtorerBbyiSEJcka/oo+6BbjlFX:eo48hrerBbyiSEJcka/oo+6Rl

    Score
    1/10
    behavioral11behavioral12

    • Target

      Data/dll/HarfBuzzSharp.dll

    • Size

      211KB

    • MD5

      bbb0c3f99524a41955c9fadbf66b554f

    • SHA1

      49edd4104a892f3f97d002ac930a0f79c0d2106a

    • SHA256

      f8e0166d425d121ac16145aa483ecd02d066ba3aafd73405b9e4d9dc7c3f7c19

    • SHA512

      ca25e7f48f19865fca99bf2944b5a5f57065c9809b564f58186b2a932aef8b48ce16955008adf059b3e09daaad3bacf97f9dbc2701ddf8d3e1a511f54ac18883

    • SSDEEP

      3072:GP6RHwn3hbBhL7IJvwt0cr3bl8F6hHAsHzDkEUAcv1qgpWnso:1RHw31LSNcr3blQ6usHzUpE

    Score
    1/10
    behavioral13behavioral14

    • Target

      Data/dll/IntelQuickSyncDecoder.dll

    • Size

      505KB

    • MD5

      3d499916e49ea4b20bc9e4bad1ae5476

    • SHA1

      24c3476989d80178506d9c6dcc859372e706d299

    • SHA256

      79bfa788e0ef7caff3c137834920563f8f7e139ac4c58369cb8b6e58f01ddedd

    • SHA512

      3cd049e1841b615850728d1420a4b58331490832af42dcaa5448ce1f5ff0d427d868d01481ab79b3ff137b790b50be7078b6932c033bf3e3eb08084de5983795

    • SSDEEP

      12288:b93LS5LMP6l/prlfXQRuuTkitkEYD0KRI8Md:b9mBppZskittYPH0

    Score
    1/10
    behavioral15behavioral16

    • Target

      Data/dll/Microsoft.Azure.Relay.dll

    • Size

      243KB

    • MD5

      7af3a81f33d4d3a87d1cf0b6c99c0e64

    • SHA1

      3b8c86a55998ab519f7cc37f5a37affb7f9823bb

    • SHA256

      f897d7707c75d8bbaf25fe14d7fe7aaba944f7faf5e32fc586c5961349bdda99

    • SHA512

      c7fff31226ba21b503f9d37bcf72a51a1ef9c638b3d193e49245e34b2968acba7785ce8643ef83c3108a6a3860ec9f1d39a8ce908d2d5e980edfb7dea08ba135

    • SSDEEP

      6144:Kcw8A/Xw+x0hWxVcfT+w7qW1cRSXptqPC/EW/1PWqDDPD:Kcw8AFgW2qW1ccpN9/rDDPD

    Score
    1/10
    behavioral17behavioral18

    • Target

      Data/dll/Microsoft.CodeAnalysis.CSharp.resources.dll

    • Size

      564KB

    • MD5

      a3fbe1a31e4d555daa87d89bbad7bb2f

    • SHA1

      92739b15eac585149fbfbccb5f04ab7c761a04f2

    • SHA256

      2272ee9b4df7b6e62792f9d017824954c8ff790255760be1a3d51185b32ecf46

    • SHA512

      351e5c915c3be7783e42d999ddeafd867825446381af8a94d218e1d7a97ce33917a2be8e2e333cdccb3d724b94559e457e6727e09cdae8fe4903095aa5c36670

    • SSDEEP

      12288:0Fpz+bmpYc3lyhLQJP8Vo7xphnxQBxou+68i0y1gJfGVF6jeF:

    Score
    1/10
    behavioral19behavioral20

    • Target

      Data/dll/Microsoft.DevTunnels.Ssh.dll

    • Size

      324KB

    • MD5

      718bea5a21050b85016346d65b19a54a

    • SHA1

      45b1598249b7ad33409e8a513c4e0ce33b033caf

    • SHA256

      ce71b136cf02e4b8eb03a9781dd6abc69a36513273c9930ed3a309d8883320cd

    • SHA512

      119e5c1803dac938148096c25724c49fc91a888b31e4804af543296ba82e72f6ce6cb9de22a4332b2ee727bd1ba286418598a1e38a1858238326a987c64ba318

    • SSDEEP

      6144:wFZETjA7qF92qU1CWycMQznmFoqbefQffH1MFaJ+WDg6RfVspy81rbS6Aj0Jqgqr:wHMA7qFgWWy0n7uDfH1MIJPT

    Score
    1/10
    behavioral21behavioral22

    • Target

      Data/dll/Microsoft.Msagl.dll

    • Size

      1.2MB

    • MD5

      9126a994a7a29b29b5d8ef918ae88879

    • SHA1

      9b2979039ef18f8bd3e666a5497e657e964d4080

    • SHA256

      7fddd0e81099ebd7d82e9745a2042f8859b1d167befa2211995328d3b988ebdd

    • SHA512

      90e8e8d3565052057885e7b9a785b2baf499b8142d05db7d7d391e21c1cccbc9c5d2fba5ffd9caaa7d0652b9460d24b254f30003090c4e3e43cd284eadccd140

    • SSDEEP

      24576:ucW8aagXNhdUwwgJ2UfOGdPw+DbQePBfeUi:9qhywe+DbQePgUi

    Score
    1/10
    behavioral23behavioral24

    • Target

      Data/dll/Microsoft.ProgramSynthesis.Extraction.Web.dll

    • Size

      893KB

    • MD5

      e06507fc5f2bf40aba3719cdef80df7a

    • SHA1

      d60f10a6f2ba8c3095e84e41f5781debe52bced7

    • SHA256

      3c2090398189c532971b01f6dc545ebb180201e4f8c1ea48d5f116478d1cbf43

    • SHA512

      d888f716903c92369a08d775a931517b4b4b5f098669364d8ffcf1a41f816281c3e167d442a6240a58c79e9e47e9b59e496e5e30e93b0a94a5d5e13b919efec3

    • SSDEEP

      24576:6+G6FQiNhdYDsc9mA2AEsLj5F2gEWInI+B5IfAIQIZIIdIh2V9l990IJIIIwIIqk:6+G6FYb2AEsLj5F2gEWInI+B5IfAIQIb

    Score
    1/10
    behavioral25behavioral26

    • Target

      Data/dll/Microsoft.Publish.Framework.dll

    • Size

      1.3MB

    • MD5

      28aee101d750665b618ae3b9b4fe5901

    • SHA1

      eb00822c3e18a46170a3d1904257f47ec286938e

    • SHA256

      ec68864a46f1653ef233b6d6bcad72c093a74ab292a179461c0e8d5e61b5d8af

    • SHA512

      c5886d2b6d7a72c579bfb1427f5ae20ca64f5993b53673a42b12662c5d5a8bb2c40fda333cd42c3b597bdb24c6d8489b418f603c0147c87d72096935352cf599

    • SSDEEP

      12288:IxSF87yqiyueWxwgEV6m8SNvFzEtrrpGCzxnucy9icr:2SuabEV6m8SNv+zGC1nur9Lr

    Score
    1/10
    behavioral27behavioral28

    • Target

      Data/dll/Microsoft.TeamFoundation.Build.Client.dll

    • Size

      551KB

    • MD5

      909785245068f528ca16e98678a51e5c

    • SHA1

      fcac86a161aac5cb7a3d6b245e189f71d38b33b3

    • SHA256

      1ef1358a4950fd9c4fb804a447188fd750338e0af8dc6c22a28edcaef606b10e

    • SHA512

      c55534a10bcba565ef5e35c434839226e306d7b6b68dcad659ae23a0e6e3973e3ca1027352d38a080296d79a3226edc48ef1bbb31e028ab3c2f6864dd8c2220b

    • SSDEEP

      12288:BPJDPoP+LQECUX6866iOmuVqkWJnK26h1VZScaAKb:BPJDPoP+UExX6866iOmuVqPJXsaAKb

    Score
    1/10
    behavioral29behavioral30

    • Target

      Data/dll/Microsoft.VC.Wizards.dll

    • Size

      582KB

    • MD5

      717d6769d618f422bd46f612b1a8e4a5

    • SHA1

      54c0358d68d4f80a8d718d3e22308af8b2fb68f9

    • SHA256

      118ab41ca8bb0feadaaae5cb536e09bb375ba523af0e5a54c72f84bc5d1fbb14

    • SHA512

      5177f301eb002e0e85423abda115668c5562c0898f7b596866b934c0f6e664e6c064d42fe90f17c88923ade6ed7aed5f5f27851c2fdaf4ee41868b9e32a3f3f5

    • SSDEEP

      12288:FXcRvKBfM7ikD5CXgonQKdv4MjAxZcNrTpFDpjDazzv2MKFNSVSfAjugb:1clzfOrzAxZcNrTpFDpjDazzvkF+SfAx

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v16

Tasks

static1

hijackloader
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10