Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Exodus Lunar AimAssist.zip
Size

10MB
Sample

230609-3rdm9adg43
MD5

d89f0cf5a798b2cf5261fed3be5bb9d3
SHA1

fc3de65fe375faac39c23639719314964e9788cb
SHA256

1120384cb197413e7a81b25c51f2b8c6ee3ff49c5260579d2e8ea36d7ffd03d4
SHA512

1ee1e5588500740fa3cc811ad57ab8604b69ce3fbf190051f91da44122bfc80381583a0eaa8c1cf4ed75825807e39c623a9abad9d11bc4f7e843da20e487f1e6
SSDEEP

196608:q59GVt3YDlkKNCQmqJz3423NIvlJsaXLRzkHVxSylA0GcmaNWUuRWRHrnHHvt1bd:q59GVt3YiocqJTgXZ8xS0GcmacRWRHr5

Score

5^/10

android

Malware Config

Targets

- Target
  
  Exodus.rar
- Size
  
  10MB
- MD5
  
  187f57461e7ad41353f91cdcb8da4fce
- SHA1
  
  581cdec9c38ee21d072de12ffdd334eba951080e
- SHA256
  
  be34e510178b9f1b10880945b5346f78288d499b9481355ee1cbaa4e07f4d9af
- SHA512
  
  9310aa4e3b64c815878ecada314241481bf7e92677ff936b0b420ae929896bd282f98531a88f5f378b057291eb1b9d456cf8be23039c3d50f4e914f779323d30
- SSDEEP
  
  196608:xvLkHhp2Xje+t4quCtF5485nmFXroiZnvXoHV12gl3uEI8x+qMfKRPH9NH9NL7dF:xvLkHhp2S8eCtj8bB812suEIWqfKRPHL
Score

3^/10
behavioral1 behavioral2
- Target
  
  Exodus.codes/Exodus (FIRST REMOVED RELEASE).exe
- Size
  
  5MB
- MD5
  
  97bf141091204cd5e1c7cd078afc7e5d
- SHA1
  
  00bfb72ee22f9f863dbfcddb95b81361902d9393
- SHA256
  
  8eb87463d4c7f57f6bf5839fca4f36939d95bf5e8d0d29ab743d70917be49f98
- SHA512
  
  5eb1e177375fc17e9760b2b36ce8232718875a7a937577c9a49253d2b0249997bf033437dc9e45f0bd8a0ca6153781e0989c0175fece4c2d6d2732a78e53f4a8
- SSDEEP
  
  98304:q6wzEKV61Ggh/Lva51R0XamPxeed6SBGW00QYu3UfTswWSXNgrDCR4:vwzEX1Vjva5MKcx56z3CKSlC
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  Exodus.codes/Exodus (LATEST).exe
- Size
  
  832KB
- MD5
  
  e32ea9eab2fcc9ffbc1bda7fc569576f
- SHA1
  
  766f708ea5aaa80991c578eb94205df2c9f2a60a
- SHA256
  
  b7e9c5b63c2c22b58c792800a36025b878f88c79f3c81e0c990110da8c896672
- SHA512
  
  f8aec6d69fb5dff65d2053db0a972537dcdfbbec326fa2b2a81544ffaa20894b6c3e7156d8ec5299df5ebdba94046bb9cb588badee720ffc724fcff7534b14de
- SSDEEP
  
  12288:8tuueQ1++B54VDnoQQNzLMbSahYrFEpASGT0o5hnIJDH:8cU++YVDEXMXhYrKpALAIhnIJ
Score

1^/10
behavioral5 behavioral6
- Target
  
  Exodus.codes/Exodus (WITH BINDS).exe
- Size
  
  5MB
- MD5
  
  4e135a73b9e053e5554d66bb698744e3
- SHA1
  
  38d9d20148a35e7b06a187958d97ec57059e733a
- SHA256
  
  4958ae40670c3c748b7e7cd215807a0abff467b9d4fe1377f68549e417f2ce7f
- SHA512
  
  c8b8ab349c64d236d2e1cc61f5f124c9051935d05f811ea0a8b26c9341818fdc6641aa8bf5c87d44d861b4921b39289901dda7a8e9b5bc3a891e1c3bb2d502f5
- SSDEEP
  
  98304:uGrkFwJNwEYKFbkOUC7ekAD1o1VFkzjH8MpTGzORK2dSc2Y:uOkiJNRNjpI5zruY
Score

1^/10
behavioral7 behavioral8
- Target
  
  Exodus.codes/Exodus.codes.txt
- Size
  
  97B
- MD5
  
  79f4955083eb1cfd102180bf9a140630
- SHA1
  
  2c0ba7366c5d131853d0f54871a837615e739a64
- SHA256
  
  028920942f81a61edd10b69b0cf00533472df220c0ec3825357c870cccfb710d
- SHA512
  
  6efdfc0b2fafcc1b52999b79f551ffbdd33bfd48aebbb09e386fda05dd506310e1fb2fc3e7b703004af177e89fb7556ef81c862ce89095a66ef5143a63d4ef53
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10