Overview
overview
10Static
static
10d4164b1dab...05.exe
windows7-x64
3d4164b1dab...05.exe
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$TEMP/ulicense.rtf
windows7-x64
4$TEMP/ulicense.rtf
windows10-2004-x64
1FarmFrenzy...ca.exe
windows7-x64
9FarmFrenzy...ca.exe
windows10-2004-x64
9FarmFrenzy...rp.exe
windows7-x64
1FarmFrenzy...rp.exe
windows10-2004-x64
1JNGLoad.dll
windows7-x64
3JNGLoad.dll
windows10-2004-x64
3Squall.dll
windows7-x64
1Squall.dll
windows10-2004-x64
1htmlayout.dll
windows7-x64
9htmlayout.dll
windows10-2004-x64
9wrapper.dll
windows7-x64
9wrapper.dll
windows10-2004-x64
9General
-
Target
d4164b1dab1337e28d3ce097a32b8635c893e1acaaf7136e745b90c44ee2cf05
-
Size
4.8MB
-
Sample
240630-cwywwasejh
-
MD5
4aabaf1f2d1daaba7ac4c9fc9498e59f
-
SHA1
a975ce8ba928dc4e1562a7d277bb309f7c06f712
-
SHA256
d4164b1dab1337e28d3ce097a32b8635c893e1acaaf7136e745b90c44ee2cf05
-
SHA512
5a54a2bee850be430983af39a184c9fe2c42252e4e24dd3b9aa49d4de92c61226c7c0b00018221b8364f4c7ddfd35ea9b0958ddda6dae601d314ba526170f1d9
-
SSDEEP
98304:66Q2rqI0O7L41KUOY3Aqrvj99849cOjk2WQV14ayHLQ3AA:66Q2rqI0O7Lfa3Aqrz849cckI14FMf
Behavioral task
behavioral1
Sample
d4164b1dab1337e28d3ce097a32b8635c893e1acaaf7136e745b90c44ee2cf05.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d4164b1dab1337e28d3ce097a32b8635c893e1acaaf7136e745b90c44ee2cf05.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$TEMP/ulicense.rtf
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$TEMP/ulicense.rtf
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
FarmFrenzy3_America.exe
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
FarmFrenzy3_America.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
FarmFrenzy3_America.wrp.exe
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
FarmFrenzy3_America.wrp.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
JNGLoad.dll
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
JNGLoad.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Squall.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
Squall.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
htmlayout.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
htmlayout.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
wrapper.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
wrapper.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
d4164b1dab1337e28d3ce097a32b8635c893e1acaaf7136e745b90c44ee2cf05
-
Size
4.8MB
-
MD5
4aabaf1f2d1daaba7ac4c9fc9498e59f
-
SHA1
a975ce8ba928dc4e1562a7d277bb309f7c06f712
-
SHA256
d4164b1dab1337e28d3ce097a32b8635c893e1acaaf7136e745b90c44ee2cf05
-
SHA512
5a54a2bee850be430983af39a184c9fe2c42252e4e24dd3b9aa49d4de92c61226c7c0b00018221b8364f4c7ddfd35ea9b0958ddda6dae601d314ba526170f1d9
-
SSDEEP
98304:66Q2rqI0O7L41KUOY3Aqrvj99849cOjk2WQV14ayHLQ3AA:66Q2rqI0O7Lfa3Aqrz849cckI14FMf
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
959ea64598b9a3e494c00e8fa793be7e
-
SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0
-
SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
-
SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
SSDEEP
192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
f7b92b78f1a00a872c8a38f40afa7d65
-
SHA1
872522498f69ad49270190c74cf3af28862057f2
-
SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
-
SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
-
SSDEEP
192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z
Score3/10 -
-
-
Target
$TEMP/ulicense.rtf
-
Size
80KB
-
MD5
8c7f512cdb1b21e01ce120a0b2806c53
-
SHA1
f1cecc74193bb17dd59a1fea492b9144809c2445
-
SHA256
a4ecc43c48d029afa62afbac5923fc2d1b5a031190cf97f0e6953684e0f9a9f1
-
SHA512
12a673d2ea3910460132e016eb8fc21022c7134430a8c775e288df41f9fda029a97f0223892f62f62c40fcdff41d013828aba8c551f43ca97a37aef57b8bca06
-
SSDEEP
768:0eejrI4LvyVoaXMDe4MhxR+RpR+JWxR4zhc7AOB4BjLW5qojflMeI/Z3VRVx9BUZ:0hApce0Fy8Qo+6+Wp
Score4/10 -
-
-
Target
FarmFrenzy3_America.exe
-
Size
2.2MB
-
MD5
fb831b4880832939cb71438709315419
-
SHA1
adb4898e9cb378d85e3a8aa9687a83ab57f8d0a3
-
SHA256
45358426457118f34ec7b91f181164ce7f7713f136329c78d9f3f331c209b441
-
SHA512
41449b6f46bfb2c4b3f27066ee641219698f6a61913713e0225dd6746937a33f5e921f1a5c1b0aee6cd7e33761a093e2d711eae8d3d8520e62c364be477b601c
-
SSDEEP
49152:fsZFqt6yszz3ZYWyoTLPFJn6OVlTmJMBnulCVtsYo5:UmY/3vyoTjFJ6OnTWMBulCPs
Score9/10-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
FarmFrenzy3_America.wrp.exe
-
Size
5.0MB
-
MD5
5443b67ebf77f2327f6904d2a4929427
-
SHA1
740d997dd8af072b2ea11fc16c3c96fe7d405403
-
SHA256
71ec15d0eedef28013fe72b6ab735f8eaf79351d26b69b7db0b22f5d1bafb0d3
-
SHA512
37d233cdd3c3d4e99e02e2bf7f4b83cd4dfdc9e7e1713e9a9143a7a03c5d97a96c4161809358d9764c75e4404eca759f6a747fdbc084dfdb00922ddd84f138a8
-
SSDEEP
98304:D6ISy4lkXJXwbr6raHv4k2W5vR/lhwkPCHM:D6ISy4lkXJARv4k2W5vRbwkx
Score1/10 -
-
-
Target
JNGLoad.dll
-
Size
372KB
-
MD5
72c5553b89524c3a58dfe91b2cece127
-
SHA1
197f914f5738062d12688fae0449c3723c8f5b46
-
SHA256
a10fb9c5245421719366ff60164fbdcf5b7d78f9725801163670b398c874f80e
-
SHA512
1705f792f7b869cc0e093b684c98b0b95384d3523fa8477c140b9e03f907971c147ff55b25257d63d69a7cc673f4acedffef9aaabe77540746a74f6727f45dd0
-
SSDEEP
6144:QRRdzxh+PgrtcbvnMnH23YcpbxwvTAc5O1hU+aYzTBav+nAOqvR:QRRddLGTZocpOT/5GhU+ayTov+n
Score3/10 -
-
-
Target
Squall.dll
-
Size
480KB
-
MD5
e4450e7fd70c4c576a299b5ba945dea7
-
SHA1
f6b57a3566136074f55e4ced67e20f831096a15c
-
SHA256
712eab657dd5b2b50014a4fb678f69ab1ef461215d68f7fe621f048ec5da5021
-
SHA512
66bc907f031de9fc85688cf5717005a639affe44c93afbf499bec477332a2001bd2f186f6beefd866ba1533ed5f26a810f8b8607dc82ec707f5fc1b6e570568d
-
SSDEEP
6144:bo/mdugIeuLAoakz1bxJ5zwe7RCEtW+zn/eWv5LpTB3/V6MTmiW5hUyrddfrR0Zy:bokYAoakz1H5zv97xpN6oEsyXV
Score1/10 -
-
-
Target
htmlayout.dll
-
Size
681KB
-
MD5
cffe21f7cfe677eec54b8d8020ef0690
-
SHA1
580b995f8d370d25cbfeb5dc633f6eec68e7cafb
-
SHA256
9cf74cd193f4fb530c530d4f9feff9ec81a24a5c5922998101657128de771b0c
-
SHA512
a74bd3b8ad64ea6bd56aafcc71eac85f47ea164b025e8f700177f53a9d37ad2ce718dd265c93e525ef6bff06d7ac39e4e2a8337a55ca668a665313eb1ae01dd2
-
SSDEEP
12288:gLugumxc7DzzM1POf+8WmysE5SgQ11D3XVUuK8bFe+airYt/IOsyuW+dvL:gKge7PJf+8Fys6Q11D3XVULm4+aisSOc
Score9/10-
UPX dump on OEP (original entry point)
-
-
-
Target
wrapper.dll
-
Size
655KB
-
MD5
e1656d25f53820e291e60093f8e8bc41
-
SHA1
1407ef55c30de78b3b5f3e4a0042281ae9d55831
-
SHA256
367fda11631296caef0acad26cfed7d0934475eacb8349c1c209a575bf547cb8
-
SHA512
5407d8605a1405759f824e10bd748671d057eb477b8feed5772e62fa55f67df10ed643a7a7f90562db3782461291b61b452d679453888d065e0c8bafb8791e7f
-
SSDEEP
12288:3lTILolEZuvuVJBK9ONOkx2PAUv0vWPdcef6WKqC1bBTzBS0ncQ:3lTI9nhOkUIM0qNf6WKNJB1cQ
Score9/10-
UPX dump on OEP (original entry point)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-