Overview

overview

10

Static

static

10

up.zip

windows7-x64

1

up.zip

windows10-2004-x64

1

Cloakedbgf...so.iso

windows7-x64

3

Cloakedbgf...so.iso

windows10-2004-x64

3

Information.lnk

windows7-x64

3

Information.lnk

windows10-2004-x64

6

_

windows7-x64

1

_

windows10-2004-x64

1

agenda.exe

windows7-x64

1

agenda.exe

windows10-2004-x64

6

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

8

vctool140.dll

windows7-x64

1

vctool140.dll

windows10-2004-x64

8

Guloaderbg...so.iso

windows7-x64

3

Guloaderbg...so.iso

windows10-2004-x64

3

Iisbgfhaci...ll.dll

windows7-x64

3

Iisbgfhaci...ll.dll

windows10-2004-x64

3

Iranbggaia...xe.exe

windows7-x64

7

Iranbggaia...xe.exe

windows10-2004-x64

7

Knotweedbg...ll.dll

windows7-x64

1

Knotweedbg...ll.dll

windows10-2004-x64

1

Magicratbg...xe.exe

windows7-x64

10

Magicratbg...xe.exe

windows10-2004-x64

10

Newcoppers...xe.exe

windows7-x64

4

Newcoppers...xe.exe

windows10-2004-x64

4

Newlogfors...xe.exe

windows7-x64

4

Newlogfors...xe.exe

windows10-2004-x64

4

Purecrypte...xe.dll

windows7-x64

1

Purecrypte...xe.dll

windows10-2004-x64

1

Purecrypte...xe.dll

windows7-x64

1

Purecrypte...xe.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    up.zip

  • Size

    29.1MB

  • Sample

    230801-ycl9mabh5t

  • MD5

    8e55ac85297f10a09b3445311e21ee69

  • SHA1

    337faa8462151bf3671d59dac6882320e60e4c0a

  • SHA256

    7ac82c97b884b5ff5ae1699d793d7c0101d2484b597cbae9b7516a2bde8091c5

  • SHA512

    0cc153d18f9cabffffea481e697757306b6ea0c3be4a5f53f1d21a277f58fcd4c135ae6b7a6732952422641e6b6e942d3b1e51112efa30c0a15d2e08ae6065a6

  • SSDEEP

    786432:vBcQV0RGzCr2i+3vUO11Od4W9I6DsENIen86Won4bD:yI0RGzCrF+3vNOCyI6scn8634v

Score
10/10
magicratpurecryptersessionmanagerbackdoorloaderpersistenceratspywarestealertrojan

Malware Config

Targets

    • Target

      up.zip

    • Size

      29.1MB

    • MD5

      8e55ac85297f10a09b3445311e21ee69

    • SHA1

      337faa8462151bf3671d59dac6882320e60e4c0a

    • SHA256

      7ac82c97b884b5ff5ae1699d793d7c0101d2484b597cbae9b7516a2bde8091c5

    • SHA512

      0cc153d18f9cabffffea481e697757306b6ea0c3be4a5f53f1d21a277f58fcd4c135ae6b7a6732952422641e6b6e942d3b1e51112efa30c0a15d2e08ae6065a6

    • SSDEEP

      786432:vBcQV0RGzCr2i+3vUO11Od4W9I6DsENIen86Won4bD:yI0RGzCrF+3vNOCyI6scn8634v

    Score
    1/10
    behavioral1behavioral2

    • Target

      Cloakedbgfjfjjaea5_browsingIso.iso

    • Size

      1.4MB

    • MD5

      41241df93521de6b7b10d0fea2effc7b

    • SHA1

      07085d8cdf9b8f046193cf23610e9eece60d370d

    • SHA256

      347715f967da5debfb01d3ba2ede6922801c24988c8e6ea2541e370ded313c8b

    • SHA512

      d1976c1003cf7fd51ebb488fe09d31137558806ef28382d7b23b1227835c5f73d4f7fb42069a8235b084afe4ae427b9609cdabb4ec52a55e860b3f1da4f8e391

    • SSDEEP

      12288:vV6yXCzzn+KHpN2YouBye2n0Yaot3VQVaR788W+vTCy8sX8uzF/6A4kony:vVAn+4x2n04tFQ4XW+zX8qF/t4n

    Score
    3/10
    behavioral3behavioral4

    • Target

      Information.lnk

    • Size

      1KB

    • MD5

      8fd497870926cbca338475287214572e

    • SHA1

      2626e891b55d0132eda86841ab648e47dd0d6bae

    • SHA256

      32e1eebf2af8d36857b3a9ea3a2653e8e7ad6b6eab8ca4665b252b5fb609d993

    • SHA512

      43ea429f8e5bf8a623d28034cc1e287534fc347322339e0a633121d88a4188a8f07a53f9f587d72d78bc61a6a297a7de8db6769c2c6b0a6f41d546a0f44fd4cb

    Score
    6/10
    persistence
    behavioral5behavioral6

    • Target

      _

    • Size

      435KB

    • MD5

      1000838ba3100d37c5db2ba81137f9d9

    • SHA1

      0019ed3bacbea575649bc9299a32935a00982099

    • SHA256

      09f0ea9b239385eb22f794dcecaec1273be87f3f118a2da067551778971ca677

    • SHA512

      c33a69e722dcb681b5c203e7e158e1160cef2890c4664ec13ac93aea86365ae45b1f4822f1b738f197128d9ea85b2c4e9736143fa5612bf21d024ad3ad29e7ec

    • SSDEEP

      12288:hV6yXCzzn+KHpN2YouBye2n0Yaot3VQVaR788g:hVAn+4x2n04tFQ4Xg

    Score
    1/10
    behavioral7behavioral8

    • Target

      agenda.exe

    • Size

      180KB

    • MD5

      bcb225e7f9a3fc81429de70f7b124a02

    • SHA1

      dedca09d9a97f719a970883eeaa570434f9ecaba

    • SHA256

      e8e63f7cf6c25fb3b93aa55d5745393a34e2a98c5aeacbc42f1362ddf64eb0da

    • SHA512

      990e0605d8ad4c1ea0c01fdb78bf889e03f271ccd5f5ad7e511c59b739cf91b6fc4a4c38e8ea783a4250c6ffee7a41d17ea9623b56cb243d56023ad9f9d539ba

    • SSDEEP

      3072:3+ibspVp47mbnV+NCU6DJ0F0NMgqF10IIGFySD:3+1pTCEnVasDjNFHIBFDD

    Score
    6/10
    persistence
    behavioral10behavioral9

    • Target

      vcruntime140.dll

    • Size

      90KB

    • MD5

      5473861817fa78725313648dd9ceca7d

    • SHA1

      59c929a9f329f44d21b32ccd742c8dfded815d2d

    • SHA256

      a018f4d5245fd775a17dc8437ad55c2f74fb6152dd4fdf16709a60df2a063fff

    • SHA512

      bf73794e44b197e74c8ec9342c4de0353d44c4ae5b3903d9908aa1b52e8641c92f38ee39625d711884b5e8d5ef95b765d361065c4d855525af56f9b9f92e76fa

    • SSDEEP

      1536:oT11/9nhu8HQRC/lYLFy1E0CWtVn3GwDa/becbfQqF:o5NF/eLUCnWtVn2wDObecbftF

    Score
    8/10

    • Blocklisted process makes network request

    behavioral11behavioral12

    • Target

      vctool140.dll

    • Size

      106KB

    • MD5

      b3b95c31fd3239a8b544ac7928e90895

    • SHA1

      b7bff7464c18db412de1366805475dad7d9823c8

    • SHA256

      9230457e7b1ab614f0306e4aaaf08f1f79c11f897f635230aa4149ccfd090a3d

    • SHA512

      7fcbc91f488448f5581c666adbc7b469182c3f0d00cd7fa451fedf02c7440be3d94daf8164cc9c2d86a174b15ee8e7acdda6c6e1302daae47be61ef1d10b48c4

    • SSDEEP

      3072:Nkg2jVkFchebV/mkzOx+sRQMLnRxbhtnaz:z2jaiebV/mkmBbltnaz

    Score
    8/10

    • Blocklisted process makes network request

    behavioral13behavioral14

    • Target

      Guloaderbgghjjdjcc1_browsingIso.iso

    • Size

      1.2MB

    • MD5

      8666360d274893b9280f687ff76b57a3

    • SHA1

      39eecf28d874493ed44d6bf5f72417ee745cc313

    • SHA256

      fb8e52ec2e9d21a30d7b4dee8721d890a4fbec48103a021e9c04dfb897b71060

    • SHA512

      c1efa42e1f80d43723ef020b28eb8a2ab9430063ced03f79686b4387394aa7d63af704c9ff785b592db5a85d1b376d2e7965a0213fb2bb7220b2e24c4e3864c9

    • SSDEEP

      1536:BiH28X0mHEealzoOjMXjX7nE9ougnacvwXIs1ue560ZS3ARBBGHzm0nt96aDBF:MHYmHEeeMgYjXYRgnaBB560Aw+TnjX

    Score
    3/10
    behavioral15behavioral16

    • Target

      Iisbgfhaciadc2_browsingDll.dll

    • Size

      163KB

    • MD5

      84b20e95d52f38bb4f6c998719660c35

    • SHA1

      9af6dde77c274af5384dfea76a414bc60a99c878

    • SHA256

      2a0b83c316219ed8c7ce1d14edf09794fa76a71cb04348d2a332991f3fceab2b

    • SHA512

      56922ecf1cee78c8ec76bad9c5d6aec5c56bed9cfc025d66f1db5541023a962c9784b9708e82c5cb84ed828f053e15186fd7e0483666eaee111c4cbdcac81ea0

    • SSDEEP

      3072:1LHuUlJiR+2h8DdMhUlHKoaQZTaw59X1mVXYYiNRoac:1LHuUiR+2hB+lqeR5BFRoa

    Score
    3/10
    behavioral17behavioral18

    • Target

      Iranbggaiajfbi13_browsingExe.exe

    • Size

      23KB

    • MD5

      08dc5c2af21ecee6f2b25ebdd02a9079

    • SHA1

      dc2ae40aa0ef8ed3eb0cee522f1116fe0f1f7acc

    • SHA256

      cffcae5f9936636f8c3835a038b95ab44533be813290d67b83883f6356da8359

    • SHA512

      98c80eb8de95155354e1c30db858ad59f14182c89c3fa753a0221411ee061d328c7dfeb33b170795a16cf5f1c80272b67111fc05e4188d22e24bb7af968e1745

    • SSDEEP

      384:rfRa1oAVJogEHIMBBZdgGBSIX35/EnzVev+251Wy:Fa1DoPgGgIH5/IVGp51W

    Score
    7/10
    spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral19behavioral20

    • Target

      Knotweedbgfjcfhafh13_browsingDll.dll

    • Size

      1.4MB

    • MD5

      a2104a61be3d5f6c5339e768fe2e71a6

    • SHA1

      2cecadd0beb26461c3806b5d27efbabe4f173821

    • SHA256

      c96ae21b4cf2e28eec222cfe6ca903c4767a068630a73eca58424f9a975c6b7d

    • SHA512

      ad89fbf42ddaa72801dcc9b62c02e8c17ba65a52de9bba807d33f895b43b6ffb9fb1e1a12bc1db56d2a840cadc75a8b1639b309638006d6d48b34ec527d38a49

    • SSDEEP

      24576:NZ9aFrc7eKFV5ts1gjdV0GM2RVQ+c9ZTb2EYok:NZwrc7e2+1gjAGDQ5LTb2L

    Score
    1/10
    behavioral21behavioral22

    • Target

      Magicratbggdhgejff1_browsingExe.exe

    • Size

      18.5MB

    • MD5

      b4c9b903dfd18bd67a3824b0109f955b

    • SHA1

      a3555a77826df6c8b2886cc0f40e7d7a2bd99610

    • SHA256

      f6827dc5af661fbb4bf64bc625c78283ef836c6985bb2bfb836bd0c8d5397332

    • SHA512

      73ec5620b9c607c96e883d95ac6ea4033444cb74def871d16875bb90cdf6560e592c1dcb9d6e9b406cd7d238464f46f61ca5f95bf07b0367ee826971ff151aed

    • SSDEEP

      196608:99rTfn5Mp6Z9j2ujTh4e9q77AJsv6tWKFdu9CqK:9F+p6Z3Ph4e9qoJsv6tWKFdu9C

    Score
    10/10
    magicratrattrojan

    • Detected MagicRAT payload

    • magicrat

      MagicRAT is a remote access trojan developed and operated by the Lazarus APT group.

      trojanratmagicrat
    behavioral23behavioral24

    • Target

      Newcopperstealer10_browsingExe.exe

    • Size

      3.7MB

    • MD5

      7c7671a948fb42fd70f55432e8a21786

    • SHA1

      b06dab46a30f2f5a38587ce16d4ea9876368f797

    • SHA256

      e69026db820b4aecb17d98bf3cb9f40b78758232a5b45b5b7ba84850bd9f9ec5

    • SHA512

      8d3e20fa94b9ab29ce419d46b572370ba2f0dc9fa7ffdb4aef9c9ad988486ed62324ed95679da9575564330a795582d220616cc12ff3abbb98fce84d13cecc75

    • SSDEEP

      49152:ENTZ0VDVRkP3p8diOcjTvfUwvOnI1ttMOjD647nfxX5Vgx6:ENTZ0VDVRkPGdTuGWtyOjD6e7ig

    Score
    4/10
    behavioral25behavioral26

    • Target

      Newlogforshell18_browsingExe.exe

    • Size

      701KB

    • MD5

      26cff833eed7465c4c74580031baf735

    • SHA1

      ae62ddb1deeeda07535e10d90f9d87307b0e11ff

    • SHA256

      ef25f37fb988e1e041e5dbbd6f30aac3918e540fc253964b054fc1ec6e45b6a2

    • SHA512

      8b8f740a945f9728cd077a24a4054d86224ea4c034c80a3377743eaedaa42ce68c8ec690b0be2d58731e729836105858d715897e1e63b509c94157a03a712b73

    • SSDEEP

      12288:/5KggX3QpKzfFmOMExypt/BlM/947f07hfd2wNUO28ux5b:BKHX3eKHc/O4707hfd9NUO2rxp

    Score
    4/10
    behavioral27behavioral28

    • Target

      Purecrypter12_browsingExe.exe

    • Size

      5.0MB

    • MD5

      c4caf1d9517d3fd4c29a915756941390

    • SHA1

      30cf2034b3a59ca367cec3e02096734c3b4184a5

    • SHA256

      9bed965557631646dc5f0bf1126a9da3bf9c8c8e92e792055f981668e06c3708

    • SHA512

      810d9c2bd87dc9aa094a668dd877376dbf9991062f740929c921d8ef6fe795895b27191519fd7a94b0920629c92deab48c99bb18073c818a7c83f8d9d1e5584c

    • SSDEEP

      98304:3Blq1BrjmlJD+Yk1TbGOAXTf+pCAFGKHjgTZa3LbYax/nnOJuIUtcaD2K/:3BYmHu1Q2pCADcNa3/YalnSUGaD2

    Score
    1/10
    behavioral29behavioral30

    • Target

      Purecrypter16_browsingExe.exe

    • Size

      291KB

    • MD5

      e497ef1d6cf465f562f6368594eb8c50

    • SHA1

      d77a0ce62e2a0d29f1ece98b4ddd83ac53118567

    • SHA256

      c401070db22f1fa3a5dc170b4b60920c8dde1d1bd7f0404952c13e897f07b820

    • SHA512

      1a9a95b47dd5efb2db8678d202f57120ed97808938ec827a06448087d1124a4e39763dac2385302a4e1971a9468c2e4e554aae376c5ac8528be59bd9f4f7a532

    • SSDEEP

      6144:jtZGRKb8wwzC7awq8pVHhMOnX/NkmWQevn3pOw/VieXKxLga6qYz:j2vCuw5fM2NKBTVNK76

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

backdoorloadersessionmanagermagicratpurecrypter
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

persistence
Score
6/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

persistence
Score
6/10

behavioral11

Score
1/10

behavioral12

Score
8/10

behavioral13

Score
1/10

behavioral14

Score
8/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

spywarestealer
Score
7/10

behavioral20

spywarestealer
Score
7/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

magicratrattrojan
Score
10/10

behavioral24

magicratrattrojan
Score
10/10

behavioral25

Score
4/10

behavioral26

Score
4/10

behavioral27

Score
4/10

behavioral28

Score
4/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10