d4008eb38d10ae27765fa344785fdcb2e34d372d85578e406fc43f74d4f257a7

Sharing

Copy URL

Twitter E-mail

General

Target

Linear_Loader.rar
Size

78.8MB
Sample

240630-sh684azcnc
MD5

5e3092ff3cdf542109f7677bf283702f
SHA1

1774c69d43bc140a1df3ab7f1ce839fb42776c74
SHA256

d4008eb38d10ae27765fa344785fdcb2e34d372d85578e406fc43f74d4f257a7
SHA512

e05efa8dba0556501d6f5c3bc6a0175f3a1413f4991809aded81a082ef3621340297b97786feb792370126a75307157d09c32a9ee997385f67554e25500a27f2
SSDEEP

1572864:yQEzy1VcNa4ukneNnsxhf4nogX4dwLkJKFb7Qxro/BAO82FaRNF2l0A:zEqVnknMc6ogasfZ5AOHat2lx

Score

7^/10

Malware Config

Targets

- Target
  
  LinearWhitelist.exe
- Size
  
  6.9MB
- MD5
  
  3bbf5be76a8de117e090a18f1f736e1b
- SHA1
  
  22cf50188f1f00b6acab079d0ce6baaa6ee41aac
- SHA256
  
  ecdcc6b4fc3570b8abad13f7b19fc6397a18237ff123ac65555ad93663beb5b0
- SHA512
  
  f1223ab7c31ddcf1fa337aa492fe8c4e490672b593ff536bcee93e67ffc518dc8b761d5f0616704bced84966f134a742d4073dc56ef8fc2a18d9728997702ef3
- SSDEEP
  
  196608:+otWA1HeT39IigleE9TFa0Z8DOjCdyl3ownzbQW7tx:FF1+TtIiHY9Z8D8Ccl4UnPx
Score

7^/10

spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1
- Target
  
  Linear_Loader.exe
- Size
  
  72.0MB
- MD5
  
  70378b27bade30e9e8fcb481ba8177c5
- SHA1
  
  24922aba5dc4564c16e92881574581e0a9bb2674
- SHA256
  
  51aa0bf3158e0c7dc8cb75d02be0696f49e5e2d56e281cedc24c73ef9763c5ab
- SHA512
  
  a5deee1a78831d64522d9dc8d30c7a017bf935fc424549c1bcd18c89dad249cf760e368ce557c3498473e2c620e57b2fe7ad40e77e36ffd859a81e5d8e20a458
- SSDEEP
  
  1572864:KQEzy1VcNa4ukneNnsxhf4nogX4dwLkJKFb7Qxro/BAO82FaRNF27:LEqVnknMc6ogasfZ5AOHat27
Score

7^/10

spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral4
- Target
  
  LICENSES.chromium.html
- Size
  
  6.4MB
- MD5
  
  c3528648bedbde1223a2faab1a3f9af3
- SHA1
  
  934d3c8f184258338ff380964ed89053ce69ac5b
- SHA256
  
  57b8e5a3f2cd62805001aefca035c7348b4d1abac157e6df3d798bb31f2ec3d2
- SHA512
  
  3e3cc0fd7a55f67ee0afff9696beef33bdc9524375bbe9d8e8f7660fd408c756c1156ca0b02ecccdc22799c7b8e74dbde012732ad6b3ebe0a3cfc54ff5132b35
- SSDEEP
  
  24576:d7t05kvWS99LVoFIUmf2p6y6E6c666r8HHdE/pG6:RI8j
Score

1^/10
behavioral5
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  cb9807f6cf55ad799e920b7e0f97df99
- SHA1
  
  bb76012ded5acd103adad49436612d073d159b29
- SHA256
  
  5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
- SHA512
  
  f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62
- SSDEEP
  
  49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI
Score

1^/10
behavioral6
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  6418dfc9980cc0416a327961dacd41df
- SHA1
  
  2e32ab8ea0059606dfe66e978c271e0852406215
- SHA256
  
  04bd8ee92194f076686eab2a94a119629b6d61e554782a0d4520359f1ceb24a9
- SHA512
  
  d3e98fe91bfa4f7b9363d8fbb6997f20f76a638bcb5345d9280f919a4bf13dfa02d190534d1965eccd95f2300f6b4d29b6eaec5d544e5428377d1e26daf501a1
- SSDEEP
  
  49152:PmDNlF2B3JHEM5tPtnOK5RQAvChpC6ethyVS6NO8pyJegiUWmhbvvWSqgN3lzl3a:PuyHlvRQASPHUWmBvvWvKa
Score

1^/10
behavioral7
- Target
  
  libEGL.dll
- Size
  
  468KB
- MD5
  
  13318cb90b385fb918ba6e07f1fd8d83
- SHA1
  
  899985a7608268893c7fc1c9810568bdd8294b81
- SHA256
  
  53a2d4c5ae582f15aad481e75e516ddabce9b756e553bed33720a66d2c5f736d
- SHA512
  
  b5418f6bd2ab883dc1ef4d9f2c0a976296d06fe1309c6db7331a3470f198505561cabd41ecd05e675b90076196b4f82e8a9ef0574cfe96869bfb24d07cc82450
- SSDEEP
  
  12288:cu0LAjbIkyVVR8O9v/6TiT5eU3axzvVwo:cub49/6TiQzvVX
Score

1^/10
behavioral8
- Target
  
  libGLESv2.dll
- Size
  
  7.2MB
- MD5
  
  ad3edee84b49923e4847119eb4d6c6b7
- SHA1
  
  8649be26571d3fa645c416f36c1bdc0b27f1d478
- SHA256
  
  51c9f2e9aecf5745ad343185cd39a05f581c2062d644bedcb25a5ef4b9624591
- SHA512
  
  e504996b8371f294fa8a5173da48256e9070156249bdd7431e3adeacbd99f7cf39dc3c0876c4aa11da8d1932147cfaff91764c517a70d69d8c8e4876abbeea56
- SSDEEP
  
  98304:X5zAgO5fjnoTdA8gtJru3xChd2FgJCnwgsOMZ:XJMoT8rDhdQfsb
Score

1^/10
behavioral9
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral10
- Target
  
  runtimebroker.exe
- Size
  
  154.7MB
- MD5
  
  75990ee1ed0dd57459df924c28b46700
- SHA1
  
  be7d7c518a44b3d73230364fd2064f9e2918f733
- SHA256
  
  43ebd800204d360a8ea88eb0d2ed10df9553a910741cd5646ed7d276fd0723a5
- SHA512
  
  f1337181f33e6724939859dc5d9fff45242870b36021fb45c737a261f82ed56e594370a24afe87f94a4376e92c0391604714fa2ff80ec000709fc66bc48341e2
- SSDEEP
  
  1572864:WQLTsMunuCM2/w9Asn6xzIEhw3JvqzPd24cwT3tIDvvEO/TZidNoyiMhOab0XLHE:WA8g5vu
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral11
- Target
  
  vk_swiftshader.dll
- Size
  
  5.0MB
- MD5
  
  30d193f1976035cebec2c2d8f071c556
- SHA1
  
  97b1d811743f03e888c22d975c9eb77ba92142b9
- SHA256
  
  600e158b7d7fb95eb63552da1ae8159a6eb9bb04ff6341d11db2d10bd6c30c8e
- SHA512
  
  4eb6ec91fb060f67ea126c9c7dd7f672161d86302db41c7d999f33239a7c18062cc020c06ab9571f8023c846d22bd0fa5c020fb4c710bf6a21472002dccb6226
- SSDEEP
  
  49152:qe8XShSf/LIIKZIpvUIZHsQbZ+TN/Ld7dMZga4USoMqJKBwqJ5h0gKInLh1vuiP/:/8XSMfkcsLbJT7GMwZgKI9oiPL
Score

1^/10
behavioral12
- Target
  
  vulkan-1.dll
- Size
  
  899KB
- MD5
  
  7fdd1bec727e2b389c8ca84c407446c6
- SHA1
  
  a91343d9f52883325f52f28c5dd142f4ae07b3ef
- SHA256
  
  d04035c59f49444bd3cafd71296afd70bad5daa6e28bf5d7de3ffd0e36a85938
- SHA512
  
  2fdd95185507be9bcbf6cfe1f05ba47e71203b1dc3ce4cc1553e5fcfb576ab89bf018a8927fc5e6e451b00f56f7abb5f2efd504e1a674b42dbe80deeb13d669a
- SSDEEP
  
  24576:/R9nl1crwjLAQw6Z5WUDYsH56g3P0zAk7:/R1l1culw6Z5WUDYsH56g3P0zAk7
Score

1^/10
behavioral13
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

An obfuscated cmd.exe command-line is typically used to evade detection.

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

An obfuscated cmd.exe command-line is typically used to evade detection.

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14