Overview
overview
10Static
static
8all/clicke...fy.exe
windows7_x64
7all/clicke...fy.exe
windows10-2004_x64
7all/clicke...v2.exe
windows7_x64
8all/clicke...v2.exe
windows10-2004_x64
8all/clicke...on.exe
windows7_x64
1all/clicke...on.exe
windows10-2004_x64
4all/clicke...er.exe
windows7_x64
1all/clicke...er.exe
windows10-2004_x64
7all/clicke...p3.exe
windows7_x64
8all/clicke...p3.exe
windows10-2004_x64
8all/clicke...ao.exe
windows7_x64
4all/clicke...ao.exe
windows10-2004_x64
6all/clickers/vega.exe
windows7_x64
1all/clickers/vega.exe
windows10-2004_x64
10all/gcs/Cl...er.exe
windows7_x64
7all/gcs/Cl...er.exe
windows10-2004_x64
7all/gcs/Icetea.exe
windows7_x64
1all/gcs/Icetea.exe
windows10-2004_x64
4all/gcs/Koid.exe
windows7_x64
1all/gcs/Koid.exe
windows10-2004_x64
4all/gcs/crypt.exe
windows7_x64
9all/gcs/crypt.exe
windows10-2004_x64
9all/gcs/en...an.exe
windows7_x64
8all/gcs/en...an.exe
windows10-2004_x64
8all/gcs/epic.exe
windows7_x64
1all/gcs/epic.exe
windows10-2004_x64
4all/gcs/itami.exe
windows7_x64
1all/gcs/itami.exe
windows10-2004_x64
4all/gcs/kr...nt.exe
windows7_x64
1all/gcs/kr...nt.exe
windows10-2004_x64
9all/gcs/kura.exe
windows7_x64
1all/gcs/kura.exe
windows10-2004_x64
9General
-
Target
all.zip
-
Size
36.2MB
-
Sample
220216-vy77facac6
-
MD5
7c2aa852211b49b68f38ebb9971915b4
-
SHA1
adcea03a835a323f8864706610adfefd16895d80
-
SHA256
91cd8bfbe714acc43beff32856c3d56ded48706d3c92c492a1acb994b606003b
-
SHA512
22a9baf252145f405741c639019cc56f0a5ab4a836b2b6077bf196e80e83089dbb49dff8414b79b8fd182aa79f0ed27611906c5c4a8bcbb43aee607c0ae8eb27
Behavioral task
behavioral1
Sample
all/clickers/Spotify.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
all/clickers/Spotify.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral3
Sample
all/clickers/axentav2.exe
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
all/clickers/axentav2.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral5
Sample
all/clickers/isolation.exe
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
all/clickers/isolation.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral7
Sample
all/clickers/mangoclicker.exe
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
all/clickers/mangoclicker.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral9
Sample
all/clickers/nigclickermp3.exe
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
all/clickers/nigclickermp3.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral11
Sample
all/clickers/slinkylmao.exe
Resource
win7-en-20211208
Behavioral task
behavioral12
Sample
all/clickers/slinkylmao.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral13
Sample
all/clickers/vega.exe
Resource
win7-en-20211208
Behavioral task
behavioral14
Sample
all/clickers/vega.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral15
Sample
all/gcs/Client_Loader.exe
Resource
win7-en-20211208
Behavioral task
behavioral16
Sample
all/gcs/Client_Loader.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral17
Sample
all/gcs/Icetea.exe
Resource
win7-en-20211208
Behavioral task
behavioral18
Sample
all/gcs/Icetea.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral19
Sample
all/gcs/Koid.exe
Resource
win7-en-20211208
Behavioral task
behavioral20
Sample
all/gcs/Koid.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral21
Sample
all/gcs/crypt.exe
Resource
win7-en-20211208
Behavioral task
behavioral22
Sample
all/gcs/crypt.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral23
Sample
all/gcs/encephalon_clean.exe
Resource
win7-en-20211208
Behavioral task
behavioral24
Sample
all/gcs/encephalon_clean.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral25
Sample
all/gcs/epic.exe
Resource
win7-en-20211208
Behavioral task
behavioral26
Sample
all/gcs/epic.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral27
Sample
all/gcs/itami.exe
Resource
win7-en-20211208
Behavioral task
behavioral28
Sample
all/gcs/itami.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral29
Sample
all/gcs/kryptonclient.exe
Resource
win7-en-20211208
Behavioral task
behavioral30
Sample
all/gcs/kryptonclient.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral31
Sample
all/gcs/kura.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
all/clickers/Spotify.exe
-
Size
1.7MB
-
MD5
5214e287e7509bb4940901996b496d4d
-
SHA1
a3fe343817dc817c091fb2b30b36600abfb062df
-
SHA256
afa2f55e149097f9b250142bbfd94d9d56d10649c96adb079fdb0dfdac7c6660
-
SHA512
c29a538c58407e46d79df33d05014ea2156cf40dec11122569d9135adfe15f6b1a038bac4dc88a3ac8b2f2aae3cb72e22cf10cdacbe621dc8d3d60d57ef18797
Score7/10-
Loads dropped DLL
-
-
-
Target
all/clickers/axentav2.exe
-
Size
786KB
-
MD5
89ec845ca6b4ace15355ad206ebadc11
-
SHA1
8415a77f1cece08a113fddbe9c781fcffaf4dbd9
-
SHA256
cedab271e30415766e897ef6b1fce37116bfc73c6bf71bfa9f3343e261fa98d7
-
SHA512
edd655ee1b34dc62f00db12703d6ee5dc3e2ea5ea89ddfa84d856717205f8a1a1a8b66ee6a5e7995ae0c945530eb523c180c73871a4fcfa886c4d99f06bbf287
Score8/10 -
-
-
Target
all/clickers/isolation.exe
-
Size
1.3MB
-
MD5
e1263e274c27ce43655c36ab0638d34b
-
SHA1
96c66c508f542cbf2f5d08614f8c66a30a7799cc
-
SHA256
ede30bb0c9a4b8564538315b76759def592ee6869864f0fc7cd6de89deba6581
-
SHA512
64739e5939fa3d863475f6dd005e923d7004a107a09c721af57075e22ec845655583691cdaec401e1dba6c56890ac3f3118e7e89801e4a667371bc3251556d03
Score4/10 -
-
-
Target
all/clickers/mangoclicker.exe
-
Size
937KB
-
MD5
091aabf897476d2d6e82fd0fc21a394b
-
SHA1
f531eda1a001a9cfc9191c1d8a4048c61ee53393
-
SHA256
6c9708fcb2729df27a7d92dc2573fd9ea9c518a8b53a103ca597dfbea398236a
-
SHA512
bc386b500631f756521b3cf0b05605c16e3edc21f0fbaf90faf6ccf3a2bad2caf33ac7c5d736c8be3d549c7c13db37730aeab9b859fed864e0f1c5126a4fdbd9
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
all/clickers/nigclickermp3.exe
-
Size
154KB
-
MD5
c54431007e22486b5f6f6dab618224e1
-
SHA1
6ea6d21f22c0350541ca9e1e48bc20a571e33dc4
-
SHA256
131bd4e3170c5c87cafa632cfec7eb7281490b00c292dcde95e770752d7272ad
-
SHA512
b63d396af593b26538226e5940b3e18479dbc84c60f6ea0148969ca67b810b102cbdf44b06033513cdc7ba7b868ff94c0c4df4d586f7a2cd3b9ed6ed819bdeb4
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
all/clickers/slinkylmao.exe
-
Size
687KB
-
MD5
5bfdbb28cc7fed82bf415edac9c9eb83
-
SHA1
c04b108edbb95b75dc1496bed342b937f37fa17a
-
SHA256
12affb37160cf0bb5fe284c7f65ddeea23a788f4d35fbf158a4877c99640e8c3
-
SHA512
ff52df5c58fbee9dd555f373bb1a4b520e36f6a76e1b6ed345015cbd0adf1a3927dd79afe1b92e76b439d1221865b72a34a9023fad3c0c1f849e6a90e4352ae3
Score6/10-
Adds Run key to start application
-
-
-
Target
all/clickers/vega.exe
-
Size
599KB
-
MD5
284849a2131da7c109cb496b388bd3ac
-
SHA1
9b21005a0bb149ba8222ed5e53dbd3cf312ae404
-
SHA256
6cfe6fac4c62d54e6ed35a12607c561beced186069801b20e6eebede85940fa0
-
SHA512
3926df84b6bb57286198dda09461e2e1ced230a7215f5ed0ae4a1a6a2d394e57e4ef41a58b2cc63845f8328360a49af327afa8b3157b1c3ab7c14659b5962910
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
-
-
Target
all/gcs/Client_Loader.exe
-
Size
1.1MB
-
MD5
4d533e9bf473bffa223d08375406e354
-
SHA1
a476be755207b0a789a7ea291980ddc53318ff1d
-
SHA256
84b42521803e83e1d6633bec4099f443a46898297c2588a04dd4b97797311795
-
SHA512
e20230aa5091e8ff762d7b81c0edde8ab476aa03ed83c2a2bc75b06e3dfebb0aacfde26562c2684368cce72595672f6efa9ca0b489cb09e0394a602564a89980
Score7/10-
Loads dropped DLL
-
-
-
Target
all/gcs/Icetea.exe
-
Size
629KB
-
MD5
ec75749551b255093e77a5d6c1d72e1b
-
SHA1
fac81f6c1f1bd668b66f2d1d84c6fe2a4e6b0c98
-
SHA256
1a9f99be6ea38d09047da97d68350d5c04f59cd40269569271ff3231fbabb32d
-
SHA512
2db7db3fe569d70e476d05f8b4e88e2f5d22ecccce12dca745208001078d0cd9c7f00711b32c2599d2b594f98a6a6ff20ef9c133d3c133654782788f8e5198e8
Score4/10 -
-
-
Target
all/gcs/Koid.exe
-
Size
1.5MB
-
MD5
15ec276e3c1d3d757eed8698c59c1095
-
SHA1
28be0d3db48ef6423c2c4e222f5f949b8ed6e845
-
SHA256
4bf92841621b08ec1796fa380fd71bd9f6fec65b923aec1dbd5b074f062eaf21
-
SHA512
467196ee35523d4a24bd3746a9785040e092e4aba096c4e342ce1dfe2a9c3b1ca61f207b4581ac97a3861f12f714581854339727681aba1ba93d8e36ef9eb671
Score4/10 -
-
-
Target
all/gcs/crypt.exe
-
Size
9.9MB
-
MD5
b9e93f1bce9f61e1a98083a36c8a4a06
-
SHA1
9b4d9b385d47831749059a7db02008bbdf610146
-
SHA256
476be5bcce19adbc987d6e99b2edd2c55599fb9367ae72a8a175284cf07c6802
-
SHA512
6f97821eeded7dd9c160358b440b73c1d26b656a77b5c08f33b1550d23ea5cbfddb048093dac5333e32ab6bfa87e8e7d6d4dca1d0846ea337c4b6b40b31fb206
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
all/gcs/encephalon_clean.exe
-
Size
4.8MB
-
MD5
21d07a078e78af8a4ccb30d0fc133ca5
-
SHA1
6f93f72e4b4b1219e0fe9b18192fd67b43666460
-
SHA256
5890b95051bdad9b5aa287265b64d85e61f26ca0368adc2f526959c660d77637
-
SHA512
dffb7351066d9ee99515a46c4612d420667b36a6f55e7aaf7b743e79ea4c76f041a9da711c5557a6439702630566db8fee3844f26969f4ecee771afb2d3d9838
Score8/10 -
-
-
Target
all/gcs/epic.exe
-
Size
1.1MB
-
MD5
0cf061ff391f467a683d11884d2ad520
-
SHA1
ed6212e71335f3707303da91c84993c149520d01
-
SHA256
3ac8a1a80b1aea1542a42ac25b0b4d730cc9f3cebd9b2661686177a083e98c03
-
SHA512
022e77fb62f3b5911172ef0b378b6f625fb940f475c6069c5146d179c0d426ba99a80f10fada8e5d1bdbd00c3ff3332dbf11f81469a75db29e79e71d0fe616d3
Score4/10 -
-
-
Target
all/gcs/itami.exe
-
Size
430KB
-
MD5
ad7057a3d1472fa03f068feb89eb81e0
-
SHA1
3c460a273a32961823c64e3b2c471b2eb48ed0a8
-
SHA256
348d5863c8a01db43945be3738198d9dc4d64f27c9c4282d59e1bc01af11dfab
-
SHA512
6258574f4174fe1bda67d92daf4e38f4568df9b1e20fdf453daed0de610a067048716ffe08ffb566ec739c5603c7edcd0b04a48cc1131412e2b3a51080c0be43
Score4/10 -
-
-
Target
all/gcs/kryptonclient.exe
-
Size
3.8MB
-
MD5
a7beb58e9507171e44455f1f823286ab
-
SHA1
3689b44d42583008d5d158968bf7e81c3c0ccf3c
-
SHA256
e781c6915a983883f16ed22a1236e9bc93af081fb5cd3b8ec4c554ceb18183db
-
SHA512
35b7714979773d60296d81f57c4805cc0160db8b881a27ef4370718049949940f9d5734566b6398d5ab7b32800bf50e6f54bdd23150ad02ac60f2b7b55bd4b2b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
all/gcs/kura.exe
-
Size
3.3MB
-
MD5
208a92b2100ef3dc268b709e7a9aa3e2
-
SHA1
2825a5777445dd584289fe35e41c836f8743dbcb
-
SHA256
5e8394b44ba1373b36214d09b16a43ada6d001e55509de72c1f85928481422b0
-
SHA512
fa64f5ab44d63ee3963dfbc4c49f089fb9395c55a4847096c7791935876bfdb91af6653dc27db6a012cfba02ef97b7e5ac278a5145f1ad3b80fa735f1d86699a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-