daam | 0fdfbf20e59b28181801274ad23b951106c6f7a516eb914efd427b6617630f30

Resubmissions

29/05/2023, 01:11

230529-bj2assha72 10

27/05/2023, 19:22

230527-x3jqrach68 10

27/05/2023, 19:19

230527-x1ph8adc8s 10

06/05/2023, 03:47

230506-ecc66sab7y 10

Sharing

Copy URL Twitter E-mail

General

Target

ee6aec48e19191ba6efc4c65ff45a88e.bin
Size

7.4MB
Sample

230527-x3jqrach68
MD5

ee6aec48e19191ba6efc4c65ff45a88e
SHA1

f3b135555ae731b5499502f3b69724944ab367d5
SHA256

0fdfbf20e59b28181801274ad23b951106c6f7a516eb914efd427b6617630f30
SHA512

0f1fb2554bd05df4c4987f64fc9c22695cb2f0951b1b46202fb0aa24ff5008d14dfd2782e1c508b5534c16c024034d75b72cee2aebeeb4337e0fda69314ee0db
SSDEEP

196608:Cej0iP9EswQ2qypeQa/twJFQdKShmodX34Rd1k7Q8Ufy6mC:CUvP9ryjeQa/tYFQRtd4be7cfZmC

Score

10^/10

Malware Config

Extracted

Family

daam

http://192.99.251.51:3000

Attributes

uri
/socket.io

Targets

- Target
  
  ee6aec48e19191ba6efc4c65ff45a88e.bin
- Size
  
  7.4MB
- MD5
  
  ee6aec48e19191ba6efc4c65ff45a88e
- SHA1
  
  f3b135555ae731b5499502f3b69724944ab367d5
- SHA256
  
  0fdfbf20e59b28181801274ad23b951106c6f7a516eb914efd427b6617630f30
- SHA512
  
  0f1fb2554bd05df4c4987f64fc9c22695cb2f0951b1b46202fb0aa24ff5008d14dfd2782e1c508b5534c16c024034d75b72cee2aebeeb4337e0fda69314ee0db
- SSDEEP
  
  196608:Cej0iP9EswQ2qypeQa/twJFQdKShmodX34Rd1k7Q8Ufy6mC:CUvP9ryjeQa/tYFQRtd4be7cfZmC
Score

7^/10

evasion
- Acquires the wake lock.
behavioral1 behavioral2 behavioral3
- Target
  
  AndroidClockMono-Thin.ttf
- Size
  
  5KB
- MD5
  
  865726afe8b0b3e604da03819a4573bf
- SHA1
  
  9c32d4dccb41b1405677f26aecfaefba33f9fd81
- SHA256
  
  36b8ff47ed75e57f3a4268d3733f80156aec8f92265ef0a48516f21454098222
- SHA512
  
  16bfee3afc9e9d7e910cc79405b3ad1ad90dea534035df75a81fe17a51e49945cf48d7fc37823e43504dd8810d96313054583c04e695522954bceac57feb86d4
- SSDEEP
  
  96:u639wRWDqUIy5nlQVZWgTtT00suKlR9ys3Eln1WcDG/0Lhti6G4:h9feynuVJp00FY9Yl1Wcq/0Lhti6/
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral4 behavioral5
- Target
  
  Roboto-Bold.ttf
- Size
  
  290KB
- MD5
  
  dbcc2d576ca222f307fef3fedcb441ec
- SHA1
  
  ce209e7a825828599429bf4d0d134272d20adf3d
- SHA256
  
  6e6a7dce45f352fb8ed0daf9d98e899cbdabbdd2cb83ddb7fb27d192c94e148b
- SHA512
  
  c70fc6e3b2a6add180e27de25dceaa666c107afb4e72f80f3f37c0f94ef31085ea26facae34d1f57f8edf3deb44a5918486bb33bfdc677960a0d5942e4c4c586
- SSDEEP
  
  6144:KKhBCxC2IZ/xYmlQrkcIJb0aV3ohqEQ65pq+xHm9rk:VBCxkrthEQ65pbHurk
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral6 behavioral7
- Target
  
  Roboto-Light.ttf
- Size
  
  291KB
- MD5
  
  754d6cadea9b0853971234a51aaeb8a1
- SHA1
  
  1ce31afef046a5f38dbcb6e212d827eb69d56569
- SHA256
  
  e1959931aea5ae5ad71edd67728f07830985a1918c6cf8b7f8a039f94c2901e4
- SHA512
  
  6fe9eb4cf5ce0a555ba8e0e9527e3caee0eddbfddebc017131b493e5015315fa2dc1d65375c303eb91b1dce4e21c795f81f68bb9fd482db857721fd4d5453b96
- SSDEEP
  
  6144:boHfKvNa8re4fk9jTt4oRa9DO/Rm5oO91wWDdHkQs7xs:bIKvkme9b4Sa9n5lDwWD9jsts
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral8 behavioral9
- Target
  
  android-iconify-fontawesome.ttf
- Size
  
  138KB
- MD5
  
  a3de2170e4e9df77161ea5d3f31b2668
- SHA1
  
  6484f1af6b485d5096b71b344e67f4164c33dd1f
- SHA256
  
  7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499
- SHA512
  
  94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b
- SSDEEP
  
  3072:31DuCzsU9393sdVP9Xy2i0iEPGFCMD17VJG6wVcxwDgo69Mc6iGcyKIhwxjtkOc1:31DuCzsU9393sdV1i2ZiEP2CqVVJG6/S
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral11
- Target
  
  backward
- Size
  
  3KB
- MD5
  
  f3e01c685242d9b43bd3fc9d23189875
- SHA1
  
  affea9edbf88ad67ec5ceb57b9245add746bc915
- SHA256
  
  a1de3301a646e6a1af087295edd1b03cd804be46fc41ef833f25f830798552a3
- SHA512
  
  d0df7aa58adb7d68c43f023a65f939fc7c35ee2399f4d3169ab520a18a9452ba619a990fcb090356fc436923384d873b11c953471bb6f1287de44e5611019dd9
Score

1^/10
behavioral12 behavioral13
- Target
  
  crashlytics-build.properties
- Size
  
  362B
- MD5
  
  49dd67dab9f45fcb010ab03e74e72cd1
- SHA1
  
  b04ffe6c85d11fabd10ff92726aac207c9b07fc8
- SHA256
  
  88a8ccf7f2cf691a7095feae4cb6404c5b8a54fcee6ba8d10dc57107851686c7
- SHA512
  
  dd02c4577264d08107c491ae7109e9b54ca0886d3592bf034c490dc9fae60ddfe6514bc8b5995f8f6647cca107753435287c46c7dce4bca38179bc1fc5536ffc
Score

3^/10
behavioral14 behavioral15
- Target
  
  zone.tab
- Size
  
  19KB
- MD5
  
  629e033b76bb8f01ae05d8c69a55e3f4
- SHA1
  
  774512e996a3cf2a30df0fce5fb03ee8d4f73b2f
- SHA256
  
  b4428586696a102423e8dc1c1a31d86f881947685a2090ea2ef4a26c76a56cd4
- SHA512
  
  3ac7686c55e40af2b63bbd07e4b4cdfa8ebd3d4528fb48c290783ebedd18fbde640aaf3df55f61ece717abff8d0727503d12b9c804549f709d841c8252f09b73
- SSDEEP
  
  384:KjQ7FZ6OAKf8DYFd+bCviRz0HDT3Io9y65bWFNmc302VTdfSf4bkkhK:KjkMOAKf8DBuKmHHywiYN2VJf2bkw
Score

3^/10
behavioral16 behavioral17

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Acquires the wake lock.

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17