441c40dab907570edb0bbd3e3877d337a7656799d8c185831deaad1cd7d5ee26

Sharing

Copy URL

Twitter E-mail

General

Target

COVAULT-19 (server).rar
Size

1.5MB
Sample

230418-stn7naeb2w
MD5

bfe336594aca010419d239440e786f98
SHA1

fd652ad0e90ecb26d6871fd3dadf3d3839d238a4
SHA256

441c40dab907570edb0bbd3e3877d337a7656799d8c185831deaad1cd7d5ee26
SHA512

de53531e5953dd915c775ef25924443bdf8f9018864e2baf67d35a4b21fad813625f2df07cb82a95c582a665bd41a36589792649c0dc5bcfae30a6268fc69b42
SSDEEP

24576:eYQ6Ihwyw+6jIoZKq8Fuv+oBwXxSobSKQaAdYT1cqu6APGLKPuuIFibGuevVEUS7:eK1Fdd8FHruVHyc/G2uBFibu93nrw7

Score

3^/10

Malware Config

Targets

- Target
  
  COVAULT-19 (server).rar
- Size
  
  1.5MB
- MD5
  
  bfe336594aca010419d239440e786f98
- SHA1
  
  fd652ad0e90ecb26d6871fd3dadf3d3839d238a4
- SHA256
  
  441c40dab907570edb0bbd3e3877d337a7656799d8c185831deaad1cd7d5ee26
- SHA512
  
  de53531e5953dd915c775ef25924443bdf8f9018864e2baf67d35a4b21fad813625f2df07cb82a95c582a665bd41a36589792649c0dc5bcfae30a6268fc69b42
- SSDEEP
  
  24576:eYQ6Ihwyw+6jIoZKq8Fuv+oBwXxSobSKQaAdYT1cqu6APGLKPuuIFibGuevVEUS7:eK1Fdd8FHruVHyc/G2uBFibu93nrw7
Score

3^/10
behavioral1
- Target
  
  COVAULT-19 (server)/COVAULT-19.deps.json
- Size
  
  13KB
- MD5
  
  77b946036651a45b9a940361b668ff4c
- SHA1
  
  8e8f9e4ecfbd67c785e26c6a8e148cbe3cc98be3
- SHA256
  
  738a01d18ef137469d5cb7b9abdfddc4e8eb7ee0d6bb342d95a325f6341caf7f
- SHA512
  
  2a8eb839c1e1ef13256f0216dd43072b748dc2558fab29f67fb2d3c4d4a748af759a056811b3dded34bd721699cae731bac2869fd6aecfe6d74ed9f44b53cc92
- SSDEEP
  
  192:Y1DCqRRCcpUytCVqKAKKrRGXV5vfa4X3T7:YYGRCcpUywGbrcFY4P
Score

3^/10
behavioral2
- Target
  
  COVAULT-19 (server)/COVAULT-19.dll
- Size
  
  487KB
- MD5
  
  995531160eafcdcf7e1a860ba96abbd3
- SHA1
  
  b4981b47b374e3d66fae7bc894ab8cfdacc9414e
- SHA256
  
  6e9d8ac34e819e4e6822ce776fd711c7a61f1fd5c4699f4779cffe64f2818d98
- SHA512
  
  9f0d2f207c0cd544581288a2cd52fa3971eebf435b87dcbfadf58c1e9165bbc5fed4ebc5facc83e65f7346b67422fb959d38cd3270f8771a7e4157d32fad70a3
- SSDEEP
  
  12288:eH02rhrrYOQX3P1Xm1Op7/OdogdwiKB6NrfTkvnR/2x:eXrWX3PAm7mdogo6rfTEW
Score

1^/10
behavioral3
- Target
  
  COVAULT-19 (server)/COVAULT-19.exe
- Size
  
  517KB
- MD5
  
  6f47cbc498ca869d95a2b98c1958110e
- SHA1
  
  1b98c2946eb7a130ce03fa3168fac65b1db4ddbf
- SHA256
  
  569d2dda14d54d9cf6a064138b9ae0f08b44023219eb71c9729ee4397311113d
- SHA512
  
  771b95f0b16fa15843cd5121e26fb2a1f7b06f4864e2a4a601fae9f7193b32801ab419ff67d00f544814c5d63ab8592b59567f46245d87134bc777118df59b51
- SSDEEP
  
  12288:MLDnyp4enDbOQX3P1Xm1Op7/OdogdwiKB6NrfTkvnR/2x:MPyp4eDjX3PAm7mdogo6rfTEW
Score

3^/10
behavioral4
- Target
  
  COVAULT-19 (server)/COVAULT-19.pdb
- Size
  
  44KB
- MD5
  
  063fd1d52fa5897fe9e148344d4c5f79
- SHA1
  
  32b3a23a726efb1b603d2e33407f76c54b83fb74
- SHA256
  
  fe8f065a1964d28b9e6928b456f4bad0d7aaf36adb72a292f9ed58d9d852dee8
- SHA512
  
  0bd57a2b8ee395fa913930ce641edb59c385cd6c0d619479343370883f676f260d379cfa1a7d5bb89eb27d3e9a53c4622c38a2f71159560abd2df751582b2b63
- SSDEEP
  
  768:Z6BBrHayRMNecIy0BTtJLoXz1saxXwwwwQFrU:Qr6yRMENBTtJkX+mwwwwQFrU
Score

3^/10
behavioral5
- Target
  
  COVAULT-19 (server)/COVAULT-19.runtimeconfig.dev.json
- Size
  
  326B
- MD5
  
  c3e9e8dc7d81f82783046b1ebc69a5a8
- SHA1
  
  f4a9fabf4fd3c7620e809b47a51c44bfa2d3923c
- SHA256
  
  e56023444c905bb08648059f8caa12fc93fa0760a226b8f53d2fa3be88f0b89f
- SHA512
  
  f85e09a7b4f6ed885dc69ae8c7f31653afe558140bd86c36ec328644d4be46150eb36eb572122c1a6d3d5de86083d4ddbb6f022e83da8a5cf370d4bdc1b9a70e
Score

3^/10
behavioral6
- Target
  
  COVAULT-19 (server)/COVAULT-19.runtimeconfig.json
- Size
  
  260B
- MD5
  
  8ca3b7795e000c8aeb8da3e7a4ecbeea
- SHA1
  
  3af08e88a8c7d3b31135ec105105d8ecf1a8af8d
- SHA256
  
  2c6dd6135c044b210aa1168389205f5c4c2b6d721328f15a69d4dbde3510030b
- SHA512
  
  3cc0a89c936708ed7c744630ca2e8c734b3cb2356cfb52a7b77779f88d838635f4d5c896ae18964f4c87b1da6b50d416ccbcea7ede5a605350180ed3fda5349d
Score

3^/10
behavioral7
- Target
  
  COVAULT-19 (server)/Microsoft.Win32.Registry.dll
- Size
  
  40KB
- MD5
  
  e1d9a5b63a29e0be888ca6952700ab83
- SHA1
  
  819607a0c5acd057219e22cc1174a2e3078b9d6f
- SHA256
  
  340933ad6701077ae9b8035e4671803d86074ab32f2de8165acfdb954bd260f6
- SHA512
  
  5e153bc90195e20e503c8c04b1361598947de3500c8c6f6fd6baf0e245aa5afc7d84bf55787d11914a28c0e8186a29360a94fcc8b816f482045b7032ea8738d3
- SSDEEP
  
  768:JipxaP/LOgSJzldoB7ViedPHAsmlxPvyyE:AaP/ybu7ViCPHZmlx3yT
Score

1^/10
behavioral8
- Target
  
  COVAULT-19 (server)/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral9
- Target
  
  COVAULT-19 (server)/System.Diagnostics.EventLog.dll
- Size
  
  49KB
- MD5
  
  14b8ab0f426d52342f2098023b287623
- SHA1
  
  d79df6f5f70373e70202782aad9edd76db95939e
- SHA256
  
  c476fbc42f2a4161833020ea65e8a895561f6b64c6f531d52dda4324d27b4d8b
- SHA512
  
  8237d400336afd2e4faddf139e74935e5a9b530684fdea37843d2aaa73bd8e1505a3acabb7368551c6ec53bd7877ca75f3c6541c1f81d8964772d1d5cf9d7b88
- SSDEEP
  
  768:etd17d/cc2PK5SUizOAFipsH+MKmL+7NQ1OaY7pykJ:KF/cc26whifMmNP7pykJ
Score

1^/10
behavioral10
- Target
  
  COVAULT-19 (server)/System.Security.AccessControl.dll
- Size
  
  54KB
- MD5
  
  2aa3be1a5e32b7fc89ee5460a2c4db18
- SHA1
  
  ff27582916b77d75df896399ede0b9e8ffe369ef
- SHA256
  
  93084849c17a21f641c13c9f17545cfe18c1ec097561f3f0ebbbe26f358ba120
- SHA512
  
  f470fe10e0033a8d96de8a747243eb1f90e07108873270d4ca538a02f46ab20232fd715b05a2f23357c0d58b0c845c4e7ea35f453b90aeda2942f36d57d6d498
- SSDEEP
  
  768:dfYY2UVC44RvZy5cgPWOUl9QR2OreWBkyNFazSuVN:WYtV+hy7WOUlYbrlAzhVN
Score

1^/10
behavioral11
- Target
  
  COVAULT-19 (server)/System.Security.Principal.Windows.dll
- Size
  
  36KB
- MD5
  
  a1f634780387ab0b5219a8741366f4a2
- SHA1
  
  0cf42e1bd78443ae1d6c16223a7ff463c5105d21
- SHA256
  
  7828dfd952a9fd49404477baff714849177d9f18c0654adafadbdcafb4b21f47
- SHA512
  
  77a1a74ed08c746c0de4d523d0128233ebe8af601127bff5a2531a8f062ac83d2e6c792b54ab17ecb0cd4ef4a9ce3216975953ceae8ebaf26374bf809a79bfd0
- SSDEEP
  
  768:Ur8Jx0w6kYq/fru6/EBiOBGyU3J8R64N3:NYq/fL/EB9BGyMJA649
Score

1^/10
behavioral12
- Target
  
  COVAULT-19 (server)/System.ServiceProcess.ServiceController.dll
- Size
  
  32KB
- MD5
  
  81d2db93fd0ac4c7130d49b6d1e16ad8
- SHA1
  
  e26df3ca56328570d82e5c4464f5be1c7e22f421
- SHA256
  
  fe8f5811cc2312916402d720bedef088aa277673ddcac9318a790279e77810f4
- SHA512
  
  010db23754959b5565571ed17baf621493146b0cdbff3d1d4296134e53e6cb5dce138b48aa0a06a8d592871ec1bff20982437a8eabfb7f3ac8872efca5cc52a2
- SSDEEP
  
  768:C40Smq62df/uxb7aYN92D1NltSvL7iJZE:0h2Nuxb7aYN0pSvL7iJZE
Score

1^/10
behavioral13
- Target
  
  COVAULT-19 (server)/WindowsFirewallHelper.dll
- Size
  
  199KB
- MD5
  
  af6bfb45c96b2474bfe8c8fde7728091
- SHA1
  
  1b94512ac341650a73e5b99c93e36e471a044055
- SHA256
  
  0aa29831929aca3f7f621563bac395e8b50f9eadd99edf61fd30c8f758c9b189
- SHA512
  
  97a8ab795b50d58416c061d73a052b7ddc421d789d64252e809662ac9fa2f35aee44ea323f8ea9c9d4b278a72cb64fac61e4a4fbde7c8cb6aca1eafeb21f9579
- SSDEEP
  
  6144:nxtZOq63JJIBgrf/9HNclgH59x32ZKPu:nxOqfgUgH3F2ZKPu
Score

1^/10
behavioral14
- Target
  
  COVAULT-19 (server)/runtimes/unix/lib/netcoreapp2.1/System.Security.Principal.Windows.dll
- Size
  
  36KB
- MD5
  
  0035b12417dfd1d22d43d696968cb54f
- SHA1
  
  76ae451be0b87ac0a7cd5de80edbe117ae191535
- SHA256
  
  f470c7ee0f99f5ceaa25f51970988cfbcddbe0f8dd8491ca3e9cf4f9f52fdb75
- SHA512
  
  600a2ce00f779d0a2f87ca23cf3c6d280067666879a3978923056b094815830aea9caba7a5e32bfc6a0b973c8d2a6d706eea1f73658ead840cc05ae705841f43
- SSDEEP
  
  768:hr8Jx005YLlU2mM0faosEbTnQD+o3J8RkK4Rw:4YpFosEbTQD+oJAkKIw
Score

1^/10
behavioral15
- Target
  
  COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Diagnostics.EventLog.dll
- Size
  
  127KB
- MD5
  
  9fb98981ec44d65d5a8fd867d7704dfb
- SHA1
  
  7558a89c885ebad2fe4fdec28c1eb7235a751c7d
- SHA256
  
  351f8619c3dafbad38ac8c89349b4c15073a944b2906b42cc7efe6353d21a985
- SHA512
  
  b0226ad2487ee124953205079f7d13efdd8c4ec92a184a5687607ce78022ce5899bf079aff7a04685b5c44798483642f0996871ceebe094d8965d6ecf1833576
- SSDEEP
  
  3072:GH/D1R8EYgMivs+qA8fb/+kPbPH5+LKlwnO4S5llBkQ7cEZ7A:GrQLgMivs+qdb/+kPl+4p4Sb7HZ7
Score

1^/10
behavioral16
- Target
  
  COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Security.AccessControl.dll
- Size
  
  99KB
- MD5
  
  5ca4f84f2270a788fa2beef07a4789b1
- SHA1
  
  10471c83f8f24880edc09ccfde4464119ca7e9fa
- SHA256
  
  94d32fbe707c5a162c1f7e37b092f0ec39f5c03152609a140c9f85aa4f8768ec
- SHA512
  
  e5b7f40396515db845e48967f704438ea06359a4e4ff728fe98e44807a935bf44aa0e1c26d1976a4ee8d587f970cdb40f95f0659910fcda6f8f935968882042a
- SSDEEP
  
  1536:f8dCzHuriAqBpmBe2mmEdrrrzDhHbVudX0lqxDU:UMzHu+AOmBlmmEdrrrzDh7VudEqB
Score

1^/10
behavioral17
- Target
  
  COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.1/System.Security.Principal.Windows.dll
- Size
  
  79KB
- MD5
  
  e9f61f68df63cf7ac8353ca16a4dbd26
- SHA1
  
  0b94fa28a00c427536cc948e2b0ecd1f6a67a010
- SHA256
  
  0add93a25fd4e011db55cac9e7c062b807d98447bc8272cf3a24b06b7437c16c
- SHA512
  
  793a139769f93d74b59f7d46846d3023dc46e129c88a6bace865be9d97806832433248e65886c8d080e241201ad4aa04b4b664db42e612ad5408838afa4af89e
- SSDEEP
  
  1536:la2wV3WjgCUdS3gDJyUyEy7pZpH1I/GQhaH41D2wlJAw149Tw6:l7wV3YgUCKE6H1d41D2wcK
Score

1^/10
behavioral18
- Target
  
  COVAULT-19 (server)/runtimes/win/lib/netstandard2.0/Microsoft.Win32.Registry.dll
- Size
  
  52KB
- MD5
  
  f775a8103a6034d25fbb2934f5e1b979
- SHA1
  
  e449296d1ae86c6417b3067f6aa5108946c5e15a
- SHA256
  
  5738f1e014d65979898848781075db25eede1f14d7e38d68cea6a4c49bc2b2c4
- SHA512
  
  9f52dd9e4cd78ffc240a794752c57158a504071ee45284ee71f93d25b938554c999d60324fdbdbd5b2602429297df4ef6175da44b076a7d6aab1fead5a8a53ab
- SSDEEP
  
  768:+iyJzkVFn/CEmIF+/x+iJsUYFoNN9B7UwNbhtVi2viXmlxVs/:UJzkGZA+/zJsSrL7HdtViEmmlxVs/
Score

1^/10
behavioral19
- Target
  
  COVAULT-19 (server)/runtimes/win/lib/netstandard2.0/System.ServiceProcess.ServiceController.dll
- Size
  
  60KB
- MD5
  
  0d405001dde2c1208985c736cd35d41c
- SHA1
  
  9f7d50068a0ecb9f105db23e7eccc4dc7f3a363a
- SHA256
  
  68bb1c7a138878cb3a34f553cd93b3a165779fd59169cad9b95175b673844012
- SHA512
  
  76a2a4da2fb4d0f6609aede5786c219824c011ed9114563631a492e35d67955715397df1370a84351adbf929235b2ebce64b1b56ad21504c6681a23aee5f8999
- SSDEEP
  
  768:rrdWBfA9NoaIXvHCTdM9o2b+c+fcil73U/qN92D1Nlt/Nscpzr:rrYBfBaIXvHC2kf5l73UyN0p/NVpzr
Score

1^/10
behavioral20
- Target
  
  COVAULT-19 (server)/websocket-sharp.dll
- Size
  
  244KB
- MD5
  
  7379936cac71973885587a3bc6fbb70b
- SHA1
  
  e72fec39314d7eb75f13c1ff0459515d95dd910c
- SHA256
  
  fb06ffceb4f8789c893d2f292e5810927dd7266d3bad68df2cedb8775500e8be
- SHA512
  
  d9da358bcc134232f6418d49fe98c427ad49fe8a212a2f166fcbf1718d0a8f8b0fa055caec30b267c6e4b1b4d687f08394830e3fadbae812c4b255abdf8c7b7a
- SSDEEP
  
  3072:ZLixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC519:Sn8nDenoRXoJF3bqEiyzZ5m1FsgU
Score

1^/10
behavioral21

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21