Overview

overview

10

Static

static

7

AgileDotNe...me.dll

windows7-x64

1

AgileDotNe...me.dll

windows10-2004-x64

1

ChangeLog.html

windows7-x64

1

ChangeLog.html

windows10-2004-x64

1

CraxsRat.exe.xml

windows7-x64

1

CraxsRat.exe.xml

windows10-2004-x64

1

GeoIPCitys.dll

windows7-x64

1

GeoIPCitys.dll

windows10-2004-x64

1

LiveCharts...ms.dll

windows7-x64

1

LiveCharts...ms.dll

windows10-2004-x64

1

LiveCharts.Wpf.dll

windows7-x64

1

LiveCharts.Wpf.dll

windows10-2004-x64

1

LiveCharts.dll

windows7-x64

1

LiveCharts.dll

windows10-2004-x64

1

MetroSet UI.dll

windows7-x64

1

MetroSet UI.dll

windows10-2004-x64

1

NAudio.dll

windows7-x64

1

NAudio.dll

windows10-2004-x64

1

SimplicLoader.exe

windows7-x64

10

SimplicLoader.exe

windows10-2004-x64

10

System.IO....le.dll

windows7-x64

1

System.IO....le.dll

windows10-2004-x64

1

Vip.Notification.dll

windows7-x64

1

Vip.Notification.dll

windows10-2004-x64

1

WinMM.Net.dll

windows7-x64

1

WinMM.Net.dll

windows10-2004-x64

1

res/GeoIP/GeoIP.dat

windows7-x64

3

res/GeoIP/GeoIP.dat

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SimplicLoader.rar

  • Size

    4.7MB

  • Sample

    230427-qhr33aff94

  • MD5

    440ebe09051a8cc5c21dc4408915c9d9

  • SHA1

    51a66ad8f193a309bb7b61d3123711042ae7fecc

  • SHA256

    3797d33045461d3f38719dc5a2c226a8163dc06ac0b75c2a93c54ab91f0efb5b

  • SHA512

    f19b3bd7e26ee6d3afea4c4d6a17baa4e2ebfd529b77558082f26276aa5eabb9c8249d802a36ec784c88fa96076805702a213caf3f7892f5000e15e37727dad5

  • SSDEEP

    98304:jLju9vlFDC3LRQMqkQRJ6LA/S8oRQT3HZI0rh9bAmek5bolAincbeSHCC:j+9dFDC3dxU/S8o235BEmHoNnQepC

Score
10/10
agilenet

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://rentry.org/yui9p/raw

Targets

    • Target

      AgileDotNet.VMRuntime.dll

    • Size

      51KB

    • MD5

      06f3445fea4baefc85e9bd8132c08340

    • SHA1

      016aff2a392a4c5b63d74ec6e3bc0f85ac1a067a

    • SHA256

      fd186283d8b31a7605004a4c85ea25042126b8f4bfcb2acf092d9974a647be97

    • SHA512

      3eee5f645f1791b82d7baa278dd64911870fed5afc2f4c4044953bed9e0a5598fc8e4339d7e254ad268d72f424b83998902102313c1b08c18962ab4e6ea45507

    • SSDEEP

      768:d4gOx89KEARw2a11HI+bvY603JLw8M2DaUBGhvbOikA+4LC/+3oGH:d8EN24HIwQqbvbOikATy+3oGH

    Score
    1/10
    behavioral1behavioral2

    • Target

      ChangeLog.html

    • Size

      1KB

    • MD5

      e13a142fd65ba98dcd14acab49b75f5c

    • SHA1

      5259cc36a8473edab4b5328dd45ba2c0579185cc

    • SHA256

      adedda589be1f4181787e5f3453ca48f74f950ba7628099ba217d89fd9eb7f73

    • SHA512

      10dfc63549eb15d2bd787f83e5da43a9a2eb34fd9fbc22d10b1015eb0869c3e323db1d49c7338a567105fea9139a04294a51a9f44e2562b703c5c10e07685004

    Score
    1/10
    behavioral3behavioral4

    • Target

      CraxsRat.exe.config

    • Size

      7KB

    • MD5

      dd5a0508827ec5ef25064c18fbd73c79

    • SHA1

      32f9a8803107d28418437312fd0e52e564f0f753

    • SHA256

      fdd077b07e6edd22678b2a29beee104daffdf56d545bbae1f39c632208a61d74

    • SHA512

      6fa7e2407b412e471c42162d460625e17a7dc7b76b0a236db1746645f75cf38806026f1084b254da204ce149e960da1a7897e472c58fe71151435fb94ae012e6

    • SSDEEP

      96:ur71tp7K0rjtHyZ90nDP9SbujEBKgFAnuAnznVuupxZAEcHn4abLQAntYIWVv/xb:ur7rp7vrjaHyv

    Score
    1/10
    behavioral5behavioral6

    • Target

      GeoIPCitys.dll

    • Size

      191KB

    • MD5

      c070f2421851420e832e4f5989a775a2

    • SHA1

      d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46

    • SHA256

      d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131

    • SHA512

      75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e

    • SSDEEP

      3072:87IcHKc0TwY4O6BlLiJxTmd9h1+fJ5uJnjpUoh/ht21hYvpMaoySJHPc8E:8dHV0Tn4pox6d9G4k

    Score
    1/10
    behavioral7behavioral8

    • Target

      LiveCharts.WinForms.dll

    • Size

      19KB

    • MD5

      76c775d09b24798f6923452e920979b5

    • SHA1

      3fe2c79512a0d1153fb07f6640b27106c90d333e

    • SHA256

      a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad

    • SHA512

      eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9

    • SSDEEP

      384:F5gNA4m0NkdPbJfGZLifwdNqF8vLvTjzHEhZFUPOxFBVGquJpQ76RqMm:F5gNnrNklJfGZLiAw27jrEhZFyYMm

    Score
    1/10
    behavioral10behavioral9

    • Target

      LiveCharts.Wpf.dll

    • Size

      212KB

    • MD5

      e924f79f0b5f3e79c98477d75831813d

    • SHA1

      64f71e20e1953b13c771d8a8e63549ad6d64216e

    • SHA256

      1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b

    • SHA512

      063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1

    • SSDEEP

      6144:d/vd0eaDQcUc0GkiTV3bkACA3AloBtefVt+aA2xgKPo1zlW1w:vaErjGkiTV3bkACA3AloBtefVt+aAGBF

    Score
    1/10
    behavioral11behavioral12

    • Target

      LiveCharts.dll

    • Size

      148KB

    • MD5

      9642899636959b7fc89bf34a8b998a90

    • SHA1

      479a0254d1c9e5565c7d861bb77f54b7eae50c96

    • SHA256

      9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca

    • SHA512

      435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2

    • SSDEEP

      3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z

    Score
    1/10
    behavioral13behavioral14

    • Target

      MetroSet UI.dll

    • Size

      444KB

    • MD5

      d99a97de55b2561e57135433b44bb786

    • SHA1

      ab588b8d36683b52adcb32c03a9859b884838f29

    • SHA256

      6288e559b0f34d56ab4601ffb2ba2289001c77cf7351d135dd93915034c56bba

    • SHA512

      7ef95cb161265fcf110ba843fe3af5e6cf6d47465e17a10c742256bebd91c128df2cfa7d21696d716bfa861c952d6fad445912f8cca9da9cb03d780211b0545c

    • SSDEEP

      6144:PTJ1DwrSfCmrB0O1SIai39IkRetlJT4ihPrsAgbP2UiuE2Bnw7M:rJSpmaxIephPrYDK

    Score
    1/10
    behavioral15behavioral16

    • Target

      NAudio.dll

    • Size

      498KB

    • MD5

      6ca17abccae3050f391401b2955f9333

    • SHA1

      0975b039a793accb58130d6639262cd291d80d5d

    • SHA256

      3ad5d09b4c8c3146d15955a564a9f1a57d7c795b189a25c6f722a738d95ef89c

    • SHA512

      c08f366aae9baf0e7762f47a2f79d0dee5187a1d7631e5838590b7c12911bdeb6247e0ff860ade36e04f1d6717f919ad98df6d3a1a556bff4b8994db9616ccec

    • SSDEEP

      12288:MnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6C:K8lrT+r5ADakP4i9gs

    Score
    1/10
    behavioral17behavioral18

    • Target

      SimplicLoader.exe

    • Size

      75KB

    • MD5

      72fb96fbbee9fa0c1c25030152f8a802

    • SHA1

      22d1be899c8a2aca51420a9ae3f89c5528d7e347

    • SHA256

      1f08b5e59bf1ec24b9be2c2211dccf22a6651202d29a9be6d8d2f99b127a9274

    • SHA512

      bbcee824c437c0069d174d2b34ed42cecef72c22fee9418144af64083d8833af9572b3670bacfcfc1eb5cfa3da269aa289ee10d9d2eeb2442763e1dda1e3248d

    • SSDEEP

      768:ol9EoLDR6GjcJUsg6O/scbnY+kVgbu7FpMtqwH7pRMAfPdqoxgGgKrVuua:S9RuU/da7HM1Zgero

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral19behavioral20

    • Target

      System.IO.Compression.ZipFile.dll

    • Size

      24KB

    • MD5

      dcda916372128f13ada8b07026c1b3e7

    • SHA1

      99d6c187de8510206a93d2eed9c65e65e0c86e72

    • SHA256

      b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a

    • SHA512

      d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9

    • SSDEEP

      384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa

    Score
    1/10
    behavioral21behavioral22

    • Target

      Vip.Notification.dll

    • Size

      17KB

    • MD5

      a292d382f369373d6a925fe5907c69c9

    • SHA1

      7336065527d93566f79121c478545ae86ba8bb2e

    • SHA256

      ec7dc8e7890b3881e0a6f8616c7363d4fb43b9c5af2c090b08bbe0275031a6d7

    • SHA512

      9f45240686f506b11dbce466dd8b843683e09ff3896bc6563a6580d531898f60523614295c62556a5e058af5af18c3e98e80b3f0642f49f07dd2dc44a181dfdc

    • SSDEEP

      384:EDkSAZXF8SniyHUX4ICx3Fs9SqVW4z5QdfVASCFCDOtfgTuokwuwAqu05yokwOwG:ED8fR4tQsNFLfgvuPIOjk7ch

    Score
    1/10
    behavioral23behavioral24

    • Target

      WinMM.Net.dll

    • Size

      43KB

    • MD5

      d4b80052c7b4093e10ce1f40ce74f707

    • SHA1

      2494a38f1c0d3a0aa9b31cf0650337cacc655697

    • SHA256

      59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46

    • SHA512

      3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450

    • SSDEEP

      768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv

    Score
    1/10
    behavioral25behavioral26

    • Target

      res/GeoIP/GeoIP.dat

    • Size

      1.1MB

    • MD5

      2fbec46d430f57befcde85b86c68b36e

    • SHA1

      3ff9829e3242deb69a7fde0832b7d9345b925afc

    • SHA256

      681ede512fe7ac21e976c754bfc1e1a75a9e02c3d931ce6849cfaa9d4080338a

    • SHA512

      42036af6f57e446fec194ce71fa634dee9f4c77342f64a867fca8730d76349190960a7e7a5967ea59c250ca1b220d4845b4911dd63ee870f5620d9eb513b91d6

    • SSDEEP

      24576:3nHFtqj0+DZBNJvOL1h5NsVOQu7MgAsrmPQbdclxkghoIes:3ltqjRDZZehvsVOQu7MgOPkKSghks

    Score
    3/10
    behavioral27behavioral28

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks