3797d33045461d3f38719dc5a2c226a8163dc06ac0b75c2a93c54ab91f0efb5b

Sharing

Copy URL

Twitter E-mail

General

Target

SimplicLoader.rar
Size

4.7MB
Sample

230411-zab7bafc23
MD5

440ebe09051a8cc5c21dc4408915c9d9
SHA1

51a66ad8f193a309bb7b61d3123711042ae7fecc
SHA256

3797d33045461d3f38719dc5a2c226a8163dc06ac0b75c2a93c54ab91f0efb5b
SHA512

f19b3bd7e26ee6d3afea4c4d6a17baa4e2ebfd529b77558082f26276aa5eabb9c8249d802a36ec784c88fa96076805702a213caf3f7892f5000e15e37727dad5
SSDEEP

98304:jLju9vlFDC3LRQMqkQRJ6LA/S8oRQT3HZI0rh9bAmek5bolAincbeSHCC:j+9dFDC3dxU/S8o235BEmHoNnQepC

Score

10^/10

agilenet

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://rentry.org/yui9p/raw

Targets

- Target
  
  ChangeLog.html
- Size
  
  1KB
- MD5
  
  e13a142fd65ba98dcd14acab49b75f5c
- SHA1
  
  5259cc36a8473edab4b5328dd45ba2c0579185cc
- SHA256
  
  adedda589be1f4181787e5f3453ca48f74f950ba7628099ba217d89fd9eb7f73
- SHA512
  
  10dfc63549eb15d2bd787f83e5da43a9a2eb34fd9fbc22d10b1015eb0869c3e323db1d49c7338a567105fea9139a04294a51a9f44e2562b703c5c10e07685004
Score

1^/10
behavioral1
- Target
  
  CraxsRat.exe.config
- Size
  
  7KB
- MD5
  
  dd5a0508827ec5ef25064c18fbd73c79
- SHA1
  
  32f9a8803107d28418437312fd0e52e564f0f753
- SHA256
  
  fdd077b07e6edd22678b2a29beee104daffdf56d545bbae1f39c632208a61d74
- SHA512
  
  6fa7e2407b412e471c42162d460625e17a7dc7b76b0a236db1746645f75cf38806026f1084b254da204ce149e960da1a7897e472c58fe71151435fb94ae012e6
- SSDEEP
  
  96:ur71tp7K0rjtHyZ90nDP9SbujEBKgFAnuAnznVuupxZAEcHn4abLQAntYIWVv/xb:ur7rp7vrjaHyv
Score

1^/10
behavioral2
- Target
  
  CraxsRat.xml
- Size
  
  16KB
- MD5
  
  4ff73212d7d2187a4f22750eed7c87b9
- SHA1
  
  5a89a5e44616189fab928138567d6fb0f2797e75
- SHA256
  
  3158967b27592b793dc731382decb92da050097eb8528d654e7e9737cdf04c4b
- SHA512
  
  d6f011b5eb0b2629fc90173a23e5f36d65c865e0ebccc98609348bdf5233e1e84ad873b0a6b95c0c41e3d8905f4118b431db31716fc82564a377eb157d293ca4
- SSDEEP
  
  384:3xIfunXQgZ0DaUmhgbkxWPV4OzT8qKSODeSjD7BTPM0:IunXt0D+nDl
Score

1^/10
behavioral3
- Target
  
  License.xml
- Size
  
  1KB
- MD5
  
  044c6afca15cc7529e9295bb2f37fd90
- SHA1
  
  e7a91e525c6f68737b20b523a3a567ed4a2bc063
- SHA256
  
  407fa330063e56cccb96e7b26540ff7eb6ad39fa659f2cb06a6433d453550dff
- SHA512
  
  817319739e60e8885589e7e6eaadce341100293c4699adb3ba2d53ccb6a308cba9fb84c175f4e226b452a76a7c30a7eca00e5b989fe236737e7dadd8fea959d4
Score

1^/10
behavioral4
- Target
  
  LiveCharts.Wpf.xml
- Size
  
  171KB
- MD5
  
  9cbc27f6b1afbc7f43a9ed07f784a73d
- SHA1
  
  c15b3540ef31f3b229c3ffd6f5602aa7c04b3928
- SHA256
  
  c18a11b019a56ec8e5916042a9f23a8655ea199bf2a4319573b18b7e035e3914
- SHA512
  
  c39b9c022d8ffc6d651e6bc4aa60ab435318b69571e97c71b7ebb0c5b25d0b50cdb235ba4302c689be132e32fc0d13b686db5b4fa794f8db8342162a55dece58
- SSDEEP
  
  1536:6/Jl3Mw7VTlv6aoz/Jj3WCQOtnPsJyjJ7t6U:oMwLv6aoFWCQOtnV
Score

1^/10
behavioral5
- Target
  
  SimplicLoader.exe
- Size
  
  75KB
- MD5
  
  72fb96fbbee9fa0c1c25030152f8a802
- SHA1
  
  22d1be899c8a2aca51420a9ae3f89c5528d7e347
- SHA256
  
  1f08b5e59bf1ec24b9be2c2211dccf22a6651202d29a9be6d8d2f99b127a9274
- SHA512
  
  bbcee824c437c0069d174d2b34ed42cecef72c22fee9418144af64083d8833af9572b3670bacfcfc1eb5cfa3da269aa289ee10d9d2eeb2442763e1dda1e3248d
- SSDEEP
  
  768:ol9EoLDR6GjcJUsg6O/scbnY+kVgbu7FpMtqwH7pRMAfPdqoxgGgKrVuua:S9RuU/da7HM1Zgero
Score

10^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral6
- Target
  
  System.IO.Compression.ZipFile.dll
- Size
  
  24KB
- MD5
  
  dcda916372128f13ada8b07026c1b3e7
- SHA1
  
  99d6c187de8510206a93d2eed9c65e65e0c86e72
- SHA256
  
  b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
- SHA512
  
  d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
- SSDEEP
  
  384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score

1^/10
behavioral7
- Target
  
  Vip.Notification.dll
- Size
  
  17KB
- MD5
  
  a292d382f369373d6a925fe5907c69c9
- SHA1
  
  7336065527d93566f79121c478545ae86ba8bb2e
- SHA256
  
  ec7dc8e7890b3881e0a6f8616c7363d4fb43b9c5af2c090b08bbe0275031a6d7
- SHA512
  
  9f45240686f506b11dbce466dd8b843683e09ff3896bc6563a6580d531898f60523614295c62556a5e058af5af18c3e98e80b3f0642f49f07dd2dc44a181dfdc
- SSDEEP
  
  384:EDkSAZXF8SniyHUX4ICx3Fs9SqVW4z5QdfVASCFCDOtfgTuokwuwAqu05yokwOwG:ED8fR4tQsNFLfgvuPIOjk7ch
Score

1^/10
behavioral8
- Target
  
  WinMM.Net.dll
- Size
  
  43KB
- MD5
  
  d4b80052c7b4093e10ce1f40ce74f707
- SHA1
  
  2494a38f1c0d3a0aa9b31cf0650337cacc655697
- SHA256
  
  59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
- SHA512
  
  3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
- SSDEEP
  
  768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score

1^/10
behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9