072e244f3c1e865c53ed271f58be1dacc8263bbed3d94c6a95c17572f38a84eb

Sharing

Copy URL

Twitter E-mail

General

Target

Dependencies.zip
Size

47.3MB
Sample

231118-ezryvabh7s
MD5

2aec2323c49f63f89a7768a3c4018c96
SHA1

726f3c834a778de5a1a77cebeba5e4a6fff6e137
SHA256

072e244f3c1e865c53ed271f58be1dacc8263bbed3d94c6a95c17572f38a84eb
SHA512

c7b6dcbc13909ecb9932e47b0aba3368c5a81d3667005a0c2d084a766b9701274ed4e083a83acc41fbbbbf068e89a5df30eda51993e3b1b54b9a39a52970e097
SSDEEP

786432:rTE4hxoUduJLrHRWtf8duJLrHVduJLrH9Tzca1M/P7QxRF34v2gTDplDlDPCy2d8:rI+zcJLDRuf8cJLDVcJLD6a1AMFQHD/P

Score

7^/10

Malware Config

Targets

- Target
  
  CSharpDiscordWebhook.NET.dll
- Size
  
  16KB
- MD5
  
  8eb961b6ea6bf1b7d33e3cfe2fef3e67
- SHA1
  
  0c3b8efcb848841da3489b890311fcda6add855e
- SHA256
  
  e02156b0caefc2bdadb9085a836be04e05261442e434e5d517a98a8dc86284aa
- SHA512
  
  d8ce61681d98900440bc6be3bfa723e94cfd93d83d6162888f78c3dd146b6b16f6fc86b9a10bf739a8fe0517b9a911a8e1d12881443c99401ec90361e4357383
- SSDEEP
  
  384:85G/uIr6frh7qzjkJhB4Rk/XCHWPXPtbK6nux:85G/uQABmkEWJKyC
Score

1^/10
behavioral1
- Target
  
  Google Chrome Update.exe
- Size
  
  9.0MB
- MD5
  
  87d78602fff2ef76fc4fdb949b94736a
- SHA1
  
  6c38327cdeb03b849a6743bf0e32d3c75ca5e318
- SHA256
  
  800f0f4c3cc2ba2195d8b527eba6a6a5b76f9aff55a6022814829ff00d433a8f
- SHA512
  
  d682e082631eb4f4036501106b8687eb30a7d4119326eb62832548ba20078c65acf53821db1181ee72c593bea1bbd1175b19c439c7cc65323ec6ebbaf128354a
- SSDEEP
  
  98304:s5TPERvFtw3WiikBkkkkk0p+GWmrZ+s5OhVvbj08DjGljYukqFgsJ:s5j33WOlWmh5OhVjHGK4g
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  Newtonsoft.Json.dll
- Size
  
  312KB
- MD5
  
  6dc7988bf02bdccb02c03ccd5cfc856e
- SHA1
  
  94c503650f7dbff46b92940aca10e33c0ec25e5f
- SHA256
  
  813f3221c13b52784a6fa8f0a148e829c4d8d1c8886d0bd4d978676195949711
- SHA512
  
  577bfa142709b3c5119623b7c77d7e385eae512231badece18905a21139b57157c230d72142b551eb809d06c7b7d3f3b83a495d75d3bd0bbed3376c2ecbe7059
- SSDEEP
  
  6144:BN5uorsKqJVDw3ogTpxzm6kr0tmnXwxHE:9uowKUVWPq7QknA
Score

1^/10
behavioral3
- Target
  
  System Runtime Monitor.dll
- Size
  
  15KB
- MD5
  
  7eb826703a360ca3b2c958564426dba8
- SHA1
  
  2458a3366bd1620fb8b12d99761cb1f8a9ef3107
- SHA256
  
  2646834ddccffa63ccd7f9e5f36cd5de9236037eae35e4f4f3937c53a560a1e7
- SHA512
  
  5f3b5f6ecf0fa5ade7bb73339709ea703063ff5a64b9351057d87ef3d9ec829ec400590162141f50fcba2348b28ea8fd1c278f629e6d6ec9d7529bce283d8968
- SSDEEP
  
  384:V6IaAM+4t/mPqs2emJz+gHKuAtiQJU7amHBWM0KHcVphYcXtVcQ3c:MHMa/m/oJz+g2izamHT0KHc3hYcXtVcR
Score

1^/10
behavioral4
- Target
  
  System Runtime Monitor.exe
- Size
  
  9.0MB
- MD5
  
  87d78602fff2ef76fc4fdb949b94736a
- SHA1
  
  6c38327cdeb03b849a6743bf0e32d3c75ca5e318
- SHA256
  
  800f0f4c3cc2ba2195d8b527eba6a6a5b76f9aff55a6022814829ff00d433a8f
- SHA512
  
  d682e082631eb4f4036501106b8687eb30a7d4119326eb62832548ba20078c65acf53821db1181ee72c593bea1bbd1175b19c439c7cc65323ec6ebbaf128354a
- SSDEEP
  
  98304:s5TPERvFtw3WiikBkkkkk0p+GWmrZ+s5OhVvbj08DjGljYukqFgsJ:s5j33WOlWmh5OhVjHGK4g
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5
- Target
  
  System Runtime Monitor.pdb
- Size
  
  12KB
- MD5
  
  8db1569300b907f7cefe249d3905356d
- SHA1
  
  e2f726880a8c60a9bd1d8afbd8c4817c05690e88
- SHA256
  
  e511dcbe6a8616857e99241b372b7981ba44fa9ce9f3a5de9c5fc224edaee751
- SHA512
  
  1914d8e5c6e77dff19fd1cab5b1753ba6c3a1014797cab79964e3eb93ee9463ee8b337579675afb4455c4775f3d5a3e71cbd9f4552f0c4733b0e6eeb67dd80b5
- SSDEEP
  
  384:RHsK1oPAu6pGjua7O502X5pyPAjcDQ0TPJHufMJuXnSkDo0:FsK1oPA4BpXS7
Score

3^/10
behavioral6
- Target
  
  System Runtime Monitor.runtimeconfig.json
- Size
  
  179B
- MD5
  
  f2f829dab5976db8b39adda7c5d5f0fb
- SHA1
  
  b871b9db07cdc95fc81e1472cacb94d80cd02a9a
- SHA256
  
  43a5a44912d8ca12d7d40a655003ef5860936a7f0abd64535f84c63451e2d385
- SHA512
  
  5d574d363492e3810ab83b101f2bbfc4dbfb67e2cf27bbf4162ffe26a5966e79efc275b4af296fe200824d4b16e8dd429285a7b4834b28e5e68383c18bf9ccdc
Score

3^/10
behavioral7
- Target
  
  clretwrc.dll
- Size
  
  297KB
- MD5
  
  d02c5e8b352d4de93b83f35bace28542
- SHA1
  
  aacb39b92bc61feaf2ff53ffa2abe59e3a778dd4
- SHA256
  
  7d7d08a668402796e236eec92f022e4b84049c624abc0a95e38aadffcbf64a52
- SHA512
  
  f59767aa56099e35a5a61b7cdc2380d415859f31a7d8d3905c4a8955554ed5cb1d85f88a0e1a1650f3e3251f797dacd3af0c5d0afd1b5c4f425a3be0922f5cc1
- SSDEEP
  
  3072:FfX9Xit++0PJSKtOJsgI3mwNdmLZ8mTQfsqxVhj:R9xacWIfsqbp
Score

1^/10
behavioral8
- Target
  
  clrjit.dll
- Size
  
  1.4MB
- MD5
  
  0c37a7141a6ac45d2d2517843e67642f
- SHA1
  
  3945fba3cf3fb9e7653518888944a2fc386c6cc2
- SHA256
  
  a296ed8b954cf14813c32db695fe2cdcec04d5b9624c3f50fb5803519f24c291
- SHA512
  
  d1969df7c4b47c58b7953f7139c3d5edef00f5038b470d5daf99f3d67094f4b1f7b13322b819a59ab1c94bb08f15b8582f9414e3982d430c5188bcd3f603626d
- SSDEEP
  
  24576:mLtbu58TIu2rlMBDr0PZYRhVj95f1L7Zr5/z/5ccUYXIBXzkTVsHgWolUZbGjqfs:mLtHAcX0PZuhVDh7ZN7/6YXIBjkBsHgx
Score

1^/10
behavioral9
- Target
  
  coreclr.dll
- Size
  
  4.9MB
- MD5
  
  e7b637f7949d042ccd39f582f6367fe1
- SHA1
  
  20639962a55ad7b360af9d4a6c50c14b1ce6a0e8
- SHA256
  
  53b01f235e8b6909942f02f339d1765abd2a7e5d39422decb9ad5786ab8dc120
- SHA512
  
  28f31b1a175b847500c264bf97161390dd0f864767b857c2096d6eb99c2bd56b7e6062627c0dac0fdb3d20acc3f358f62f8aa7beff5e41b5a8eb8a2a194e1515
- SSDEEP
  
  49152:JIiTkMm2IHsmOSwUkYoM1UDNAUOZJqqJZDa0+e5kkqEE9A2rHuRQpHOKXRDoTptX:JksmKcQN5qtn5vm4uu9/wia0ELI5
Score

1^/10
behavioral10
- Target
  
  createdump.exe
- Size
  
  56KB
- MD5
  
  1fefc857e346f7d1eebb1c66ef5b9230
- SHA1
  
  3eb453e06a1c80d72cb1f790d283c2d4411c5d98
- SHA256
  
  9cf6c0c706977d20bddda44108d17127347a8bcfb0969f7ef12afbd52bd6a4ef
- SHA512
  
  24589b504b831249a90c1268a6d7407d7496916809993106f27c2172900bd545748f92deec5a334766dc652cba0780b89e1e6f9334ed43769b376d8833dd7c59
- SSDEEP
  
  768:nQ6XULhGj8TzwsoeZwVAsuEIBh8v603eQd5o/iGi9zxo:dCVbTGkinTgiG+za
Score

1^/10
behavioral11
- Target
  
  dbgshim.dll
- Size
  
  137KB
- MD5
  
  9cd2bc038ad6b250932fab96abcf65fd
- SHA1
  
  ddd895b691aed8467814b5a6fc3f0d4fb452a1f1
- SHA256
  
  d78b9068d3c027cba1553bf81d2042af85545afd699fc93ce9ee50cfd20010a8
- SHA512
  
  f00a64a75c81fe29c20e565428007b4271ac0891de6c01532171ac2775cd72d223850c8d3feb007d70d2bacaa8253344ed3e6969b5cd97ae26abd65dc570baa5
- SSDEEP
  
  1536:DXY8Ja8dy1+iLfBcGPUZZceOiU8mJ/QQc962jqc413OugrxkwF9XiQDX+zRYF5:LLgDL+vU8mpcoOugrxkMQtYF5
Score

1^/10
behavioral12
- Target
  
  hostfxr.dll
- Size
  
  366KB
- MD5
  
  02a007f073a27a9c1360affc0513ca16
- SHA1
  
  9aafb1316cca36cd5cdd2a6a3cdc7c1ab867ff68
- SHA256
  
  1330ca408495b1a206933c5b5e9bdd09b0311c9af4263dc96370380904b92fbc
- SHA512
  
  3ee7b255e428d451fc65ab3dda59b9ddd63b8787cbbdf0ccabb51794af6e3234ca5a2d2189e2de2ddbadd4a0312b7b0a65c4064e9468620f98918bf17f72ac04
- SSDEEP
  
  6144:ga+tIYjfqprB7qZJwqlri2nn13gZUMkA6p6fHbhD:anfqprFqkqlrzBgZwnQND
Score

1^/10
behavioral13
- Target
  
  hostpolicy.dll
- Size
  
  383KB
- MD5
  
  99932ee2d65887962dbd38b1ae9dc51e
- SHA1
  
  07dc6e46548ab90af27273d0c5ef92f36804fbb5
- SHA256
  
  05c4a3e5af8483bb2196bb6052c6589a4fffeab738a0b2caaf3954b8da732890
- SHA512
  
  aa8cfcd7017a62b4bb97197e436d80f54ce771e8a48a66b3c968fa7fdceacb90015d7c665f2f1ec7c4ddf7d05f560da2aec53627d0b350286838cd96fef1ca78
- SSDEEP
  
  6144:38WQUm0xDWkw7DbpxjIxFtpwJ96nc35/v:38WQUzNODbpxjI3EYcJn
Score

1^/10
behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14