elysian[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

elysian.zip
Size

857KB
MD5

927856300943452a0e0a419e28565edd
SHA1

62c0888ce3a1030705c26027b13b71a64961daba
SHA256

6a64d212427a0a022f9d37bb114051a7ebf2a353a3233f0c8a8ecc0b771b34cb
SHA512

e5974845374ae435c924d1b92a11251b6db8d742ed37a3e6ac8837599ac4662c18f1d354d0c12c0641c07fa088b8737e8c1afdd2a2eb37cbd7be7a14f7b9ff39
SSDEEP

12288:XpSewzZ/DKbjGb0pDUVITRoocxawyhV5UiXAPk7Oa8BEi/fwOQhnZ/D+zfcbumNu:5Az283VoLSaT5UgM2j8BEQQLRN87sqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/accountchange.exe
unpack001/elysian.dll
unpack001/injector.exe

Files

elysian.zip
.zip
accountchange.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
changelog.txt
elysian.dll
.dll windows x86

01ab4df556b3e39576562001204d945f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DispatchMessageA

gdi32

SetBkColor

advapi32

RegCloseKey

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

vcomp120

omp_get_wtime

dbghelp

ImageNtHeader

wininet

HttpSendRequestA

Exports

Exports

r�iw�ٺ��J1*ſ��4�M"��ӫ8�9�q��fzeT��){A�W�G��I�PV��L��r�F��Y2�u��`-��[��|�2�� £�=��m"��O.n''�#D��IFk��<M�4�y,ȸ�Z��K�1z|D�a��gV��h�_G��ta{,w%��L�+�#!R�x�$�vŉ=�#L��E��=��R��P�˞J�0�*��(v;��l�B�V�n��[n��-��Hp��uI�&]�N��nf��q֫ڷ�n[M@N�2k�d��(O�h��g�&T^�U[�W��9��x-��k��@nE)�]J[�,�ʞ��p�;��8��><��!�7��=~��iF1�0�[�|�2�/JC�a�ٞG�u8.o��R̠bnT��=��c��Ό��ii�K�I]��ګV��f*��ɵ��u*�9��׳��AJ�6�}SLЉ��9�F��upief<�ma]`6��=(l�l�[�z��ME�I�~��}�)�5��>z0�㛍eY�S�<xMԟg�^cօ-�b�]��TX� ؁Xg<HT��R�^��F��YG��c v�g첽��(֕�U)YB��K��(e=A~�qs$��G"@��=�o��/��Ok�i$��ӳ+D��#��X��w�.1�°e��>5hA�Pj0NZ�4��TBa84z��QI��v��^��9�s��Zi�G$Ž��1��C � {c@�x@�S��j��I�?�.R�O�s+(��U�.��}�'V��4��#��M�j�K)L |�A?D�)�ٺ}*>�Hڨ�k8��C�P��:� zM��$uy<�<~�>f-ʭ�1^T�F��>z#��;ƁO%�>�� X��x��|Y��r8]�̝�b�Wk�j]�0-ᅊq��ͮ�Nd�W��.�фV;��b%�U��34[��L!�|�4�a��jˌ2\�rm(�;��.5��9+4��MI�m�}�,��=@��tM�$?Oe��zdɁ��%��@��]Ϳ�~�3kTpI�İ��J��:3 ��ή��E��+��]Ɏ�i�a>�N��6�O{-�3�B?�_��<t/��ȳe0�� ws`#��'ZyVP�2�_�!�ԓ,?�ʄM��@H��åɯ�w��s�(��\�˃��K`[V�[r�U�A��Dȥ4+��EAeL,�G�~�ڀ#�%�R�{��f��<�8��`r��;��ٯ1^ԿC ��e��og�AV`�d"47_�+\+�mU��IŌ�:�"��:��ܟ|Sj��ǵ�&�� O�.�nmDP��̊��B?`��k n��B0��$�H��G{�.#�k��T��&I��k��#&��_�A��z"cw4��b��M� ~�A�4��e3s��@��u�@ F�f�sb�(�9�$-�{|�I��/��yW��˼��~e|�5;B�0s�9y' ��wSB��$�<W�`;.u�X��$`��e��(�N�W��YE��#QQ�=��#��JE%�w.1g�[=+��<�tc0�y�@�qF;l�m"0v{��n��<]9D�߭�|?�v{�2Y��W�+ ��%��z��18�� \A%;��1�aM�}��<�\��:�f��^��=#�CYB�Ώ�-��ү)�_�bjs�K;��?\�J��i��x%�J�� ʤfT`P�Q��h��+U&Oh��D*��i�e�7�� b��YFb\��C6��?R(��G�ɄC0�uP�Y�"��f� �ƽ��YG'ÃCJ|ܷ�a�s��5�D�r��8sy��o�FEL85)�Kߌ�5��g��+TIs�*�~�iM(Al3��yb.�5Z8 E0p�{�8��?W��E=�� !՚eQܢl�n,_#J�le��׏%��?4:�"�y oӁsB1F��:��/C~�;��D��]r}/7 Z\�p0�%Ӹ�q\e��ӆj�C��-��ڶP��r�KT)��U��`W��-pLz��"1��HC��-�+"��+>Pe�h؟��{WTї�IyH�*Ft�ى�� c��J��Nߧ�}(1,P[��C$��bo��k �r�q��v��ɢ�g�U��Sͅ2��4m��\r>"�곖"�f�a�z :��N��A[.��W�$0x,c�رҢ,�R�Da��;e�X,\j��SpK��U/U��?_C�� N��{'�db.��ܗQ�}'��Hm��x0�!�X1�V)U6��zE�P-$Y�K�U��Z{��6�� T��:�/;�o��X}��`$b��[@n�6�#C��rK�P|W��f�7�@j��5l��Iiw��*��~��!��Nu�5h��AZ��(݅��wJ%(��"5Q+�掃/��ɧ�r�DW��"�d�"aG"��i834�0i{*g��S]��,��( �, �[��2ۄJ�ň^;v�9��yW�3d̸˗!��"$ M\��:w� ��u�w}��p��:<� �n--��튕l�Y��^ġ�h�K!��M�k̓�%Wzl�Ò��,��Ǹ5u��ٔP��F5��&=Nh��3�2Mn��X�c�7-�D��'��@o L�hg��/H��|O�nz3��U��-5�#l�mVǗ��^��T�ϐ\��i��s�i"qZ�m��q��>��r{n+W�j��r%�<f��0`��$�%V8�kܪ�Q��b��e|ໜ�s�Ѳ��0��R��{#$�1\��u �5��ա�H��?�a�:��H�_5@��8t诮�W��K6��/0�� 4��E�Fj},n�A��讹��D�@��De#�F��W�<��@��{!ͺ�

Sections

.text
Size: - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ELYS0
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ELYS1
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 742B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
injector.exe
.exe windows x86

34abfa337b587060c86d3f9980a867e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameA
Process32First
CreateRemoteThread
OpenProcess
Sleep
SetConsoleTitleA
GetProcAddress
VirtualAllocEx
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
WriteProcessMemory
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

msvcp120

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Syserror_map@std@@YAPBDH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAPBDH@Z

shlwapi

PathFileExistsA

msvcr120

??2@YAPAXI@Z
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
??3@YAXPAX@Z
_purecall
memmove
_stricmp
__CxxFrameHandler3
memcpy
??1type_info@@UAE@XZ
system
_CxxThrowException
memset

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scripts/autoexec/init.lua
.js

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 624KB - Virtual size: 624KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

01ab4df556b3e39576562001204d945f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

vcomp120

dbghelp

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 498KB

.rdata Size: - Virtual size: 184KB

.data Size: - Virtual size: 27KB

.ELYS0 Size: - Virtual size: 340KB

.tls Size: 512B - Virtual size: 24B

.ELYS1 Size: 644KB - Virtual size: 643KB

.reloc Size: 512B - Virtual size: 400B

.rsrc Size: 1024B - Virtual size: 742B

34abfa337b587060c86d3f9980a867e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp120

shlwapi

msvcr120

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 744B

.text
Size: 624KB - Virtual size: 624KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 498KB

.rdata
Size: - Virtual size: 184KB

.data
Size: - Virtual size: 27KB

.ELYS0
Size: - Virtual size: 340KB

.tls
Size: 512B - Virtual size: 24B

.ELYS1
Size: 644KB - Virtual size: 643KB

.reloc
Size: 512B - Virtual size: 400B

.rsrc
Size: 1024B - Virtual size: 742B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 744B