40702b0d2a57d292c5bdfbf1ab1db3da71dacc942dc6838b10458f185800d6e5

Sharing

Copy URL

Twitter E-mail

General

Target

MultiBit.zip
Size

8.5MB
Sample

230318-zcs8lsdf72
MD5

83c6487305e3aca80663e3ccf254e05e
SHA1

f95ff2bbd42c5b03c929f72c376e80c49e066b3e
SHA256

40702b0d2a57d292c5bdfbf1ab1db3da71dacc942dc6838b10458f185800d6e5
SHA512

79f6ed94cd0f75ce5ec2c17c9c534b0b7461939fb7a5fe7f9af5bb6fd2135d6d65476f3234f5e01b47e7a408b5c9fce64047a702c0948f38c3125a6a5e6969e3
SSDEEP

196608:GTUol9xlZ+vkEdDVCV5jB6VKQ0rWFNINF4N+L/EVdUwCVUgv6nbZ6RHdAVyRu6F+:GTUiGMIsfwUU+rEVCegubZSHdJRu6Fl4

Score

8^/10

agilenet

Malware Config

Targets

- Target
  
  MultiBit.zip
- Size
  
  8.5MB
- MD5
  
  83c6487305e3aca80663e3ccf254e05e
- SHA1
  
  f95ff2bbd42c5b03c929f72c376e80c49e066b3e
- SHA256
  
  40702b0d2a57d292c5bdfbf1ab1db3da71dacc942dc6838b10458f185800d6e5
- SHA512
  
  79f6ed94cd0f75ce5ec2c17c9c534b0b7461939fb7a5fe7f9af5bb6fd2135d6d65476f3234f5e01b47e7a408b5c9fce64047a702c0948f38c3125a6a5e6969e3
- SSDEEP
  
  196608:GTUol9xlZ+vkEdDVCV5jB6VKQ0rWFNINF4N+L/EVdUwCVUgv6nbZ6RHdAVyRu6F+:GTUiGMIsfwUU+rEVCegubZSHdJRu6Fl4
Score

1^/10
behavioral1 behavioral2
- Target
  
  MultiBit/Bunifu.Licensing.dll
- Size
  
  1.3MB
- MD5
  
  2b2740e0c34a46de31cf9da8a75d77cf
- SHA1
  
  242324f1112e6387cda41686291b6e9a415eeb8c
- SHA256
  
  a9be91cae167702885a5ca74273db779e3e391e2e604cc03779ed403c53ebe43
- SHA512
  
  605eb300b159e6ed2ee872b6ee378eed7dde6541000221fcd94d52057be91cb3c7dd65c7203f05e0718303b157b6fb941498b5e653501f97f0417d459da6bc40
- SSDEEP
  
  24576:ebkurkdR5uuMeiPUf2lHmdpjrcbYdwcqMw5LTvBrq/WGs1xGUfGUCco:a1roD9MeiUDDjrW4bqD5LDBrqWG0GUfX
Score

1^/10
behavioral3 behavioral4
- Target
  
  MultiBit/Bunifu.UI.WinForms.1.5.3.dll
- Size
  
  342KB
- MD5
  
  41c216d27c71a227774e680e95e99f31
- SHA1
  
  0a2a93d4ecbf4bbec2faf110066c6b4472b0dbf5
- SHA256
  
  012d717b4ac00c3686a772757f49c1908e223624e3974314cdb9fc9291073305
- SHA512
  
  e355ba11e41b668e4459f709e87c3e212c8986ea894791d9155791ea9d7315372fb51531eb69204ed2ee38e242de7629e4a2f090c05bf9deeea9ea965ffaf651
- SSDEEP
  
  6144:3e5XJsDZGUbIf5kqw23B1Q8g2iYcHIc6uWXMIFidNw:qMZGUbIf5T37Q8ncHNAMhNw
Score

1^/10
behavioral5 behavioral6
- Target
  
  MultiBit/Bunifu.UI.WinForms.BunifuButton.dll
- Size
  
  107KB
- MD5
  
  21f999e5ac72a16077511d41590822de
- SHA1
  
  d8bb1a8a291f73cdf2b5658b2b65736c87db19dd
- SHA256
  
  2a62c78f1f0db2e3258135b50f7885e6734c31c74a8f2f5782f285aa268c2f71
- SHA512
  
  e04fe31870f266d772829053a6bb210a9513ff5c8c0f9a3a267ddbe1875125496caa602baf44a4e241ef84d933bd55b79af43d5871ed10c81711adecee78b8e3
- SSDEEP
  
  3072:tgiMibnDED3/7f2ih0xdGzFpzUHgmCFKHUUZP0tTwmnkyY:xDDED3/7f2ih0xdGzFpzUHgmCFKHvF0e
Score

1^/10
behavioral7 behavioral8
- Target
  
  MultiBit/Bunifu.UI.WinForms.BunifuImageButton.dll
- Size
  
  155KB
- MD5
  
  7d68b8af58c87ee29eca74fe8ef2f093
- SHA1
  
  16e8d2004d2c3a71a8dcb6983b72537079ccfd3b
- SHA256
  
  32b8eb2fae4a14e8319448cd173b73a8e63234b3816d6407ef95be204cec226d
- SHA512
  
  6c3f90e7596e0a73cc5da77b92b2d4ed248e49aba2c0c299be4400b8841782415820a44bcca1635a224edc90444559ed14de7dc23fbb7133c0bd86fe93ecd236
- SSDEEP
  
  3072:28cu9fbsLqRKynlLWwUGR3BKRqbpqtqzh4E6jt/:zfbsFulLASYqddzcZ/
Score

1^/10
behavioral10 behavioral9
- Target
  
  MultiBit/Bunifu.UI.WinForms.BunifuPanel.dll
- Size
  
  42KB
- MD5
  
  ba5a73023ac466e78f54fa87460dda16
- SHA1
  
  15b7b81172ef13e72e6b55d93f512d3c660f8238
- SHA256
  
  4404f91ebc3aa2b018dc98039edacd02c4578f7c581e27ab902fb7c8a8eb76fe
- SHA512
  
  8eb1ff4d2c420fc2d832f8d7d8c05d0e63145bf132c5b0622d8cbc515a89dd735f985e2a0c723fe8d6b95b37cd7c56c70c2e1cae3d183d600e8b83d2d522ad7c
- SSDEEP
  
  768:j87knLt2VL6NhPxCb6yH4EgrtR8pLBsyv29UFsxztf8gVnzFy+KDj/njd3m7Vejb:47knJ2l6Nh5Cb6yH4EgrtR8pLBsyv29u
Score

1^/10
behavioral11 behavioral12
- Target
  
  MultiBit/Bunifu.UI.WinForms.BunifuSeparator.dll
- Size
  
  37KB
- MD5
  
  5a389e93f449d77bb0b685fa40f14a95
- SHA1
  
  94a5848f149a8b4fd8bbf401d43bcdaae1765829
- SHA256
  
  9c2c4d272ce8fa98a6100fa668190e5084f69ee9e75e0075e267fdf1811c5738
- SHA512
  
  73efd93390eb188272b922b0a95d28fc7b4a0eb0006dcd62210cd2a2b8265ce804cde5415133f6da6aeeffb179eed2e1e2d0368676173df8fe563e805bf8b00a
- SSDEEP
  
  768:N6/wh8zZ1LDNH8FOXAJyr09GvYBqjs1+Hw5ibkt2fIxaTclu3gpSLUdWUU7CGtOe:2DN57CGUFWKGWkq79Tal
Score

1^/10
behavioral13 behavioral14
- Target
  
  MultiBit/Bunifu.UI.WinForms.BunifuShadowPanel.dll
- Size
  
  45KB
- MD5
  
  ebaf1a6efa8c7a04d174be7e0df602a7
- SHA1
  
  ce08c80e52b6cf3f62ba82408d8f32ae6bcef0d8
- SHA256
  
  1858b16074d7f9b73f462e3adcc77309800594fa96f2e0904c810eda4eaf5e86
- SHA512
  
  4ffd5dcb59a4a03273c4e88047c7d398f098302b9485d07cf5549ca0d72467102aafa69298e248250df154a8b09f7560e634cca9cb1af2838baf3965aa645b31
- SSDEEP
  
  768:Zq2Z1jRTnTpK4EBwmUy6fRXLvXcU8knpZlvliQVk3+aIS1GzsQxDzpYElRgyszhL:ZNnlK4EBwmUy6fRXLvXD8knPq+lS1cs5
Score

1^/10
behavioral15 behavioral16
- Target
  
  MultiBit/Bunifu.UI.WinForms.BunifuTransition.dll
- Size
  
  92KB
- MD5
  
  db7e06b950f15c1a799d2a049122aa5d
- SHA1
  
  445ebb73a64bf910bea401192784446d298bf106
- SHA256
  
  c6e038ab3cc0b56551e3613506a5b4028b796a6424ef3c66ef310c901c12f8d7
- SHA512
  
  b8f9c9b9e487565f0920dba28a6fec75ff9dcf20ec16988d63f2df7ff2a935e117b98f74f780c6f6806a58d217687cbf4bfcd5de19de2a121998f7291900d119
- SSDEEP
  
  1536:WgpjL77cNTSNuma2olzkB8KiqQ1C6sqVzeScHodtu2SMTb:Wgl7oWS2yzkBeqvKiScHStKMX
Score

1^/10
behavioral17 behavioral18
- Target
  
  MultiBit/Leaf.xNet.dll
- Size
  
  129KB
- MD5
  
  ea87f37e78fb9af4bf805f6e958f68f4
- SHA1
  
  89662fed195d7b9d65ab7ba8605a3cd953f2b06a
- SHA256
  
  de9aea105f31f3541cbc5c460b0160d0689a2872d80748ca1456e6e223f0a4aa
- SHA512
  
  c56bd03142258c6dcb712d1352d2548a055fbb726ee200949d847cb2d23d9c52442b1435be0df0bf355701a2c1a3c47cd05b96972501f457d2d401501d33d83a
- SSDEEP
  
  3072:gE3OJDHIfFLlL3pPiqhcLS/oZhttaMBM2cid:gHWZxJiqO
Score

1^/10
behavioral19 behavioral20
- Target
  
  MultiBit/MultiBit.exe
- Size
  
  324KB
- MD5
  
  0f39821d5744907e68885862080c6234
- SHA1
  
  71e263f94a80d6cd1df1349c4a2202ef5f2518c3
- SHA256
  
  86f783a90ebc8f381e8c6484d412cce8e587d003856b522b271ca15691e9dd8b
- SHA512
  
  38299692594b995607987e1369d7c2c8913e8daec076b3779a61033093290e69fab1fb8cae0a83a80643a825f67b41a81eb17d21736054a656067ae8bcf93cbc
- SSDEEP
  
  3072:Ex+JMeg3Z0EeYesNKnXORQtmGWA68rdCbyzziT6hTnNPmxZjmsNKnXOZu:Ov4XORAmGc8rdCbkziksZ4XOZ
Score

8^/10

agilenet
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral21 behavioral22
- Target
  
  MultiBit/Qt5Core.dll
- Size
  
  5.1MB
- MD5
  
  7d180286e9c071c7bc3a6bc2ace792ac
- SHA1
  
  f5947d69aeaacc8a378721f3750b049cc41dddef
- SHA256
  
  4f8dc460162407cfccb1be6ef9cce45c4449de838aeffa3fd33378f01a3f9cc4
- SHA512
  
  9b30d5dd48e736da770e71622b79da294829621565cfc4d995ca31c8cfbbbe2d577677f4240e0ff2d995deeeb5f894018412596c141e8360dd77bf12596ce167
- SSDEEP
  
  49152:q1AH+7g4QrRpvOK8Bbl+Gy+/LZsxRFNHlZTlJsv6tWKFdu9C/cPk4VHEYI9CV4eO:E5gje5lCjzJsv6tWKFdu9CtvDhgwcY
Score

3^/10
behavioral23 behavioral24
- Target
  
  MultiBit/_asyncio.pyd
- Size
  
  59KB
- MD5
  
  f5d81b2fb250ad4bdac8fb29b9bb4885
- SHA1
  
  e8893fed89d122c597a595efa53b710934873f46
- SHA256
  
  f367c877c2c547b8f65d00e0c1d8c6f9b448ad30eef047deac28e35f5b8dd24a
- SHA512
  
  dbbda8f37541198bc477294a1ba630f6f6ec772c77b26944b55588ae63d1770940d06de3ccffd6065bec43c685e37986071b7c741049031962188ae1d992d7d2
- SSDEEP
  
  1536:dw7HUgU+wU9IYrya9M4fvzBa5GUBaWRztIW5nbR7SyXMTJ:dwL7lw4DBfbI5GUBaWRztIW5nbRSTJ
Score

3^/10
behavioral25 behavioral26
- Target
  
  MultiBit/_bz2.pyd
- Size
  
  78KB
- MD5
  
  936c16d3a7772f6e3aabde834f910e10
- SHA1
  
  5e1d790c53de6aea775e816e41987267b45e2b2e
- SHA256
  
  72d24d755142eb06aa3e6a03a63217ed66b141c16d898405dd01dafff69aa8de
- SHA512
  
  130bc5742dd07b80568f8cb0e44723369b65bb31abe542833e972b70b8d4f22b92bf984dc4718931d9902e2831fbed06abde6defa1aa7d6c0ac25e5ab5659992
- SSDEEP
  
  1536:bhELX4fbkyzMI3miCTlar1v1y8/FCCqS8tVIWtVv5J7SyYt:iLkkyzv3o0p1F/ECqS8tVIWtVb+t
Score

3^/10
behavioral27 behavioral28
- Target
  
  MultiBit/_cffi_backend.cp39-win32.pyd
- Size
  
  152KB
- MD5
  
  f1e68ac35ddbfaf79df05dbb20401a3c
- SHA1
  
  90b3c5402489a6cffd99a251c96c19f8a3d860cd
- SHA256
  
  6a5660703730244900d4bda5f5c47e5017263c9c7f095c432c0a7dd56d10dddd
- SHA512
  
  db6a6fcee0168833b5d7c3e383ba5101851e0d1de6eabfc3dcd8b16edc74cfc375752e3b8e5f09fdd87d9f1abe00ddcd5947bec5743e10da2931e0dfe3fb8d77
- SSDEEP
  
  3072:GuXPZbpDR1sRn1d+MH4ghrXMlmRQpORJRAMjFU7pxyTL3q+05ivj:GUPHDA1dRYghrmpORJKMjFyxyTL6+2i7
Score

3^/10
behavioral29 behavioral30
- Target
  
  MultiBit/_ctypes.pyd
- Size
  
  115KB
- MD5
  
  79fb0329c6d698c9a2d360066622ec4f
- SHA1
  
  d7e4c0e68227c2bd6013fbe21829808d7854ba96
- SHA256
  
  f2de4bdd91f2b0bebdb597f90d9718499a061b66773dba21380058bd4965b30c
- SHA512
  
  74a29ab18ab9b455e7769bfd96ad60800ca39887ed207d3de22b859eab032e0740ba92fb62b1dcc6d4128a4174264f7a10a6c6194f53837a6bd2452423ab59a9
- SSDEEP
  
  3072:KeLRlXrhZu6mLXV0Q/Z6czuHBYJIWQPE8sreq1:KeLrX9JiCQ/Z6cyHiVb
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32