Overview
overview
5Static
static
3Exodus.rar
windows10-2004-x64
3Exodus.rar
android-11-x64
Exodus.cod...E).exe
windows10-2004-x64
5Exodus.cod...E).exe
android-11-x64
Exodus.cod...T).exe
windows10-2004-x64
1Exodus.cod...T).exe
android-11-x64
Exodus.cod...S).exe
windows10-2004-x64
1Exodus.cod...S).exe
android-11-x64
Exodus.cod...es.txt
windows10-2004-x64
1Exodus.cod...es.txt
android-11-x64
Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
09-06-2023 23:44
Static task
static1
Behavioral task
behavioral1
Sample
Exodus.rar
Resource
win10v2004-20230221-en
Behavioral task
behavioral2
Sample
Exodus.rar
Resource
android-x64-arm64-20220823-en
Behavioral task
behavioral3
Sample
Exodus.codes/Exodus (FIRST REMOVED RELEASE).exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
Exodus.codes/Exodus (FIRST REMOVED RELEASE).exe
Resource
android-x64-arm64-20220823-en
Behavioral task
behavioral5
Sample
Exodus.codes/Exodus (LATEST).exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
Exodus.codes/Exodus (LATEST).exe
Resource
android-x64-arm64-20220823-en
Behavioral task
behavioral7
Sample
Exodus.codes/Exodus (WITH BINDS).exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral8
Sample
Exodus.codes/Exodus (WITH BINDS).exe
Resource
android-x64-arm64-20220823-en
Behavioral task
behavioral9
Sample
Exodus.codes/Exodus.codes.txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
Exodus.codes/Exodus.codes.txt
Resource
android-x64-arm64-20220823-en
General
-
Target
Exodus.rar
-
Size
10.9MB
-
MD5
187f57461e7ad41353f91cdcb8da4fce
-
SHA1
581cdec9c38ee21d072de12ffdd334eba951080e
-
SHA256
be34e510178b9f1b10880945b5346f78288d499b9481355ee1cbaa4e07f4d9af
-
SHA512
9310aa4e3b64c815878ecada314241481bf7e92677ff936b0b420ae929896bd282f98531a88f5f378b057291eb1b9d456cf8be23039c3d50f4e914f779323d30
-
SSDEEP
196608:xvLkHhp2Xje+t4quCtF5485nmFXroiZnvXoHV12gl3uEI8x+qMfKRPH9NH9NL7dF:xvLkHhp2S8eCtj8bB812suEIWqfKRPHL
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
OpenWith.exepid process 2436 OpenWith.exe 2436 OpenWith.exe 2436 OpenWith.exe 2436 OpenWith.exe 2436 OpenWith.exe