Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

CliIkosNet 2.0.16.28 R4 BANOBRAS.rar
Size

20MB
Sample

230314-v66zcagg97
MD5

01ee6656a9a267e0e2f7e7288ccc5d34
SHA1

3bca8e3f289bbea327c15bfdc3133523e3a79ff1
SHA256

c530d7214b50c0c2f0382b1d9a83f3fc4bb71f33024823c751503bf301f2e132
SHA512

a15a6d10c0e8d1a490238cade3d7cbd89fdb093ed4ae33e63dea52b3406945372635ff6d6b867f4e1dc0957253e91d8a9d32d2521f112e6e80641a4b0cb10ea5
SSDEEP

393216:DRroe216maCW6P9oeV2iwGCOTcxgvXYCAJ2llvuvklO283wd35127Q0WPdoBm:DaeKC61oWLwUT8gvX9Qc8cl38c/7FoBm

Score

9^/10

coreentity

Malware Config

Targets

- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  0ed248f9cf0b97fb2f7a307f498d9169
- SHA1
  
  75960bfa0675588a9aa3a88d568c30c6660fbb89
- SHA256
  
  285398ff2139b1dfd13e47b1374aaed11f15679c21d8ed5d5f5ba17d89f05554
- SHA512
  
  25948eae27cfa2398ad449410bb0d0946cd8fa1f2271d1440ecd53f334ac728677bf6764d169fb80642c460b86c898d6b758b0e19bc346ceff019503696a71fe
- SSDEEP
  
  12288:H9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc398:H8m657w6ZBLmkitKqBCjC0PDgM5t8
Score

1^/10
behavioral1 behavioral2
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/Renci.SshNet.dll
- Size
  
  785KB
- MD5
  
  5b1af51340f333cd8a49376b13afcf9c
- SHA1
  
  cae42eefd663555e65c3dca25f7d3a5bb451c8a2
- SHA256
  
  6368012435173295fab3bc2ce1e68b97bed0f01452be93b0b1499fdb60730441
- SHA512
  
  787063a7c715ef3f82ff7acece691a3855c26e16493522ef0591d1907f42aeb6324e6769c4fe6b1d068fd241ac4bb2ae777897a8cf8fa0addca50a6db0d1505c
- SSDEEP
  
  12288:s5loXY6v7XEKWHl6rDSh0uYuV3xVvPTrPTrQ2iwJflmKJMElNMSSMs:9Y6EKuTp5Df1f
Score

1^/10
behavioral3 behavioral4
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/SharpZipLib.dll
- Size
  
  112KB
- MD5
  
  c37a2719bd83ba766b29d8f83cee6258
- SHA1
  
  9f92916429f9f52723d18079899e63715a32ab36
- SHA256
  
  1e2cf0f79d2e5d6b10e21067bb86c4df1fc8b28f45fb7ef92ae67a2dcee3be0e
- SHA512
  
  64670d11ea9edea0c96bf8de64f005149109ed5fd5a6c1fc5f825ab6b8e1349b7524afadb564f144bda933ca61de891fb6c7a5f2508eb98094f97197eb4d58d9
- SSDEEP
  
  1536:V821slfy1MQ+0qxrJtTVsDWsHtdLSvvnnoU+q4UrviOBW6zsAzSYxCS/LsDuaCCt:a2GE+0qxrPuLSvR6OBPljsD5CCitwZj
Score

1^/10
behavioral5 behavioral6
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.Buffers.dll
- Size
  
  20KB
- MD5
  
  ecdfe8ede869d2ccc6bf99981ea96400
- SHA1
  
  2f410a0396bc148ed533ad49b6415fb58dd4d641
- SHA256
  
  accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
- SHA512
  
  5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
- SSDEEP
  
  384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
Score

1^/10
behavioral7 behavioral8
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.Data.DataSetExtensions.dll
- Size
  
  27KB
- MD5
  
  2c290e2b61b20719359ce2a70dbd9fd2
- SHA1
  
  8037cc183663919b64e813f32dea52675e30c2cb
- SHA256
  
  f7c59b2c715ea18118cfae8a439a0d4ebfcfaa3be64d11a5ca48183ae5a65010
- SHA512
  
  4192945e8701467a83d71fbb72a45518e3a0dc737d9a2064f33def7813296f783dbec624067fe339d5808a36e05c0608e10bd6b84f0c593e7d1e8c372be4be3a
- SSDEEP
  
  384:gPaz61snl9QMBtsPZl8pRWfeW9QF0GftpBjSlc4HRN7bXhlYQNwr:aaYsn5bMMpWC+iUlBK
Score

1^/10
behavioral10 behavioral9
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.Data.dll
- Size
  
  1MB
- MD5
  
  31cf3c235cccb381ec282bbf3975f9ae
- SHA1
  
  bfc8fd8e2341a6ccfda95d8be5d7c425295672d5
- SHA256
  
  31812365198b0707ad98005e19e38a3d354b13fb5cdc272d5000bfe4b82a9b97
- SHA512
  
  a1a61667c6bc1cafe0790b3c651ab11a83b873e9cd66e482f0f9fecd39b3f0ad1df2d37207e0306f898698408f401ed35865b4393426745e6b2f8bb46b0fe032
- SSDEEP
  
  24576:Ak5enR3m5LB1GX5g7PTvN7TJ9VdBLKpagagngRhyNX3AsYN4hCJg6B5+ghg7xNxA:wiLB1GJg7PTvN7TJ9VdBLKpagagngRh1
Score

1^/10
behavioral11 behavioral12
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.Drawing.dll
- Size
  
  185KB
- MD5
  
  87d2bc9f5fb617e15d5887f7ecb8dd80
- SHA1
  
  e5536a0cf421e82f8a9c942c37326e6836806fc7
- SHA256
  
  65a42d3e5bd4508e3c75133cd1967301a84b5dae6698f300cd831ff79c54b611
- SHA512
  
  af6e385aa36a8d2c45993d0beb5dececce93ee37470713300ee342fd883f1538f3d298ecfbcdb2aad5310140927ee833c325b14d1b48794870e7b81c275458b4
- SSDEEP
  
  3072:pSXM0FFPvW3W42hOCSb/mCJpkfAtLwCMLh+hQ/JHRrDYM09CnA0u02z3z57rQn:pSX/P+mdSWAttMLhk8HRrDYDx05
Score

1^/10
behavioral13 behavioral14
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.ServiceModel.dll
- Size
  
  2MB
- MD5
  
  300d3fdef7348884a31e5e2dbb1c6cc6
- SHA1
  
  a859c7ec75c1a1004de0c4d9c487be43d326b001
- SHA256
  
  3d5b366f82246a37e3225f105bccbda7e699aeaaabc9fc2168ad9fe093dfd9b8
- SHA512
  
  a4b6c2e697c855c4e2c55acf792c31422cb1a781342a2d4117ab7a94087e661b913c30aeb4c088bc3a87c229905efab18318046c19ab757376b0eaa16982e2b7
- SSDEEP
  
  24576:3ykWO/8xjilq3qBr+K+38/Bny/k8tzz2aCSAyrMYKvQCUZ4u1oGalwnrTH:sulKAy/kMn2aCSAyrMLLu1oGalwn
Score

1^/10
behavioral15 behavioral16
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.Windows.Forms.dll
- Size
  
  2MB
- MD5
  
  5704ee24d68eb8a6d01b2e74f926ce3a
- SHA1
  
  79c9b2c2396b89cac82f277e41ab5460296837f2
- SHA256
  
  0b0bc1f2ebfefe0cf827b2e2a0caa3fb8c772d84df26ab8e40abe98e0f2eb300
- SHA512
  
  c8365dfdfec24094d9abd4c3ae03e2742e8fe0e8ce432a88883c33da4f10f8793e2e2272fa23e2b9ea1c25097ecd10f8c05b9943f8026a49c2f6967b9691b88d
- SSDEEP
  
  12288:3VQkIfvWp2pYn4cpEFi86OQdIxpH976ad3jveSlLT4QPzNilliUHJufGJULSo+wl:3VKvrZd6ObdTveSlX4Q4llBpufIo
Score

1^/10
behavioral17 behavioral18
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.Xml.Linq.dll
- Size
  
  44KB
- MD5
  
  d0c673eadb63a8d11f573abb578dc98c
- SHA1
  
  3e292375f4df6284f295f7410f9cdeb674b99ed1
- SHA256
  
  39e51b600362a070fbc231272d167072ecf74b2bbf0fd80bb8b37287683b29ac
- SHA512
  
  44001cbc0014e97a8c9ac309675221fd2f61528f9e26b404e75bb1222c93a85d46dd7fb2f34d280a878fd2943520b8bb56b2e867607e1efb592473282d2143db
- SSDEEP
  
  768:gRLa5+k3XRK7THV+6xMM1beCxkxz+4pW+Aj+iHsgBB/pD:GQ+QXk7DVbpKL+4pWL+SfBB9
Score

1^/10
behavioral19 behavioral20
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.Xml.dll
- Size
  
  903KB
- MD5
  
  9ea44b529e14810c45c35ff5e9de4e1a
- SHA1
  
  16a13de42754e6d42210e8f7b5ceb15f3c8c4ae8
- SHA256
  
  00208e20e3d1d520c233e7ffc10e4e56f9e6b3920bf4a971faee864268c7e5a5
- SHA512
  
  eda42a71be3cceb0cfc333dc46bdf7130c5f1a1c2abf7f2cb793ea90a25417352527b176d037b9afa5cb407255ab85bedcb01bd03152bff5a37a56e170b4d1e5
- SSDEEP
  
  12288:Y4lDNpKQsu9AMJvPJNiAC76mKfyy5NJFgzvRnS:YaDNpdUaPJNi/76muyiNJWvRnS
Score

1^/10
behavioral21 behavioral22
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/System.dll
- Size
  
  1MB
- MD5
  
  1b711459c28cb423940f9f9c348551bc
- SHA1
  
  996236960c9dd8e96666d4fa414617eff7f4daaf
- SHA256
  
  2fe343569f794f2ca92ee14a41875571a9f21bf92637b8f8ee86306534209cca
- SHA512
  
  aef7a03f378ee4c6d0832ae049530c75f429d84d1feefcf6baac28995378cb6d3fa6a6d0177a27d6d4398d6327492b449b6b2c00b06eddd00580a32715191e94
- SSDEEP
  
  12288:TMw4sVx/7T1pL0i9cuWtGNipyPhVWJuEtUygRpeH6/Bx8PhNM///kNp6MARWch8i:wOD3nLp9FWLeEtURIMBxxvpf/RSP5O
Score

1^/10
behavioral23 behavioral24
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/Telerik.ReportViewer.WinForms.dll
- Size
  
  176KB
- MD5
  
  609e5f552fb3d8496d4db0ba7aa9822f
- SHA1
  
  2b368f7e60393cd7365697ca0a913ec3ecc4df54
- SHA256
  
  22489dcb078e96a06912c8a32d2037ae3aff0cd7649d00c898976f6512da2c91
- SHA512
  
  c9c11af4df15998152283b97880230a1e46e711540e7acb95d74497584c401182a237858f39facdfa6f512812a00dcf3acab8497242e2559495ac4d677bf9b32
- SSDEEP
  
  3072:rlaroolO0xkPan/U2/i+hvDeOPk5+jGw9YoexLAcQCXejGOQ/5WV6HHfQxQvvb1l:oGa/di+FeOs5+jGwwAczl/5WV6HHfQx2
Score

1^/10
behavioral25 behavioral26
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/Telerik.Reporting.dll
- Size
  
  2MB
- MD5
  
  4c0f5c63a2f68cc5fee21561769cfb38
- SHA1
  
  0038039a923bee12982410f17c168c0f4e73d12d
- SHA256
  
  807585df2d3c35cd31aacd6987fc59b4005a2431363cc96dbe8b027eab87a17d
- SHA512
  
  ecc1ab5d1e7a6e2c038778258655e4d839ebfb323006b570cdf272ab0e75ec272cc0692196c7542d373738ff7adbdd78fce9316eaaf412969e8a57824e6b4f51
- SSDEEP
  
  49152:S7Xq8Pe4Mvg/FopZEzLj+y3riQ6jsFVpd+PugYRxDYFmCzZnine4pYozx3HjiYkO:S7a8cgdopZEzLj+y3riQ6jsFVpd+PugI
Score

1^/10
behavioral27 behavioral28
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/Telerik.WinControls.ChartView.dll
- Size
  
  488KB
- MD5
  
  50bae6b513908a2766ff79fbed7dc621
- SHA1
  
  34cf84269734230d7d04c0827fdff44087bfcc1b
- SHA256
  
  f8929d8f221649d3b849e15e852437c8c08b2c26937bfd2c936043606b71d533
- SHA512
  
  aa403bb892e3339e68d8e8f6d8735ef12c2fc5e41b3f44d37d31308e0c6d958ed085adb8bb7cd2333024c56718f1a23ad4ccfdaf3ebf1b08125f6b3671ea8417
- SSDEEP
  
  12288:ZawbnfQyV/gedE594ixCmX0UCvtl3M+shVcKHf:ZDbnfQyV/nEomXFCHK
Score

1^/10
behavioral29 behavioral30
- Target
  
  CliIkosNet 2.0.16.28 R4 BANOBRAS/Telerik.WinControls.GridView.dll
- Size
  
  1MB
- MD5
  
  d51237783871fe34c41b8e4efd5e43d3
- SHA1
  
  7cf79350ee0d9390a22315554bea1b85c2836f4f
- SHA256
  
  9239322e5be046b9650c534a8ca99a6265c6fed7d93da2b09fe4ed8b225a11fb
- SHA512
  
  eecd77200a12159d1e8d0a1342d6f2b01a6d2db0d80ed2d8122aac48dd8a4e844a560453ef68e82bcf551c2848793bf5b525a11e3d0cae172dae86a9c30c2dc5
- SSDEEP
  
  12288:JaLQ03p6qbkKde9Dh2tL3MeBU/XQf707k5iLjvkXGu2doB64NE9:Ac03+oe9DhXV/Xnjv3og0E
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32