purelogs | c9466ce9f09a0f61da6d4fafa1c8430716ab103b5720b07cddda7c74d59e7a11

Sharing

Copy URL

Twitter E-mail

General

Target

c9466ce9f09a0f61da6d4fafa1c8430716ab103b5720b07cddda7c74d59e7a11
Size

10.8MB
Sample

231204-f3wa4shc42
MD5

4983bad205eb6a5f506b13f50c143495
SHA1

c3080da8b1b6f39067faa40fc001833b382507f7
SHA256

c9466ce9f09a0f61da6d4fafa1c8430716ab103b5720b07cddda7c74d59e7a11
SHA512

bffeb7f91930c5712f64f16699440696b822825d91e588cf9cc6649ba8e22f323f1b5fb6a749c07b751060d954f430bc51eb26f9a0cb6461a857e6c67402bfbd
SSDEEP

196608:8BtZsHrcLP9+bFNMl+1we8ol/hvZwCkGjaH7fWpRrviUR2FQuWC4aoxRfXE4Plz:8BMHrcLP9+QlR8/pZfOH7fWpRLiGjiur

Score

10^/10

purelogs

Malware Config

Targets

- Target
  
  net6.0-windows/BouncyCastle.Cryptography.dll
- Size
  
  6.7MB
- MD5
  
  cc6288f17e55ca037d75b4fccc51f889
- SHA1
  
  3be1a72156992196ff7b623f458b02c34803f3ea
- SHA256
  
  82153c0e68834a0f40e20038425429a3e3f9cf4dabbc9191b476cfe5618a141d
- SHA512
  
  da583281e1397b46eeaf7c0c961f8e38468351a1e011387730f68f2acd9098c01e52ad1b7805425e9d8d26a5c7319dc52c034d1e56f9cdb4a96b14bdc91a478b
- SSDEEP
  
  98304:PWabnH8E4ByIbDSF9bTjno+adQ6Z5EgveHluvNoT4S9tomfTYFNUWZ:VHwBWbQrdQ8rvsluv67amrYn/Z
Score

1^/10
behavioral1 behavioral2
- Target
  
  net6.0-windows/Enums.NET.dll
- Size
  
  125KB
- MD5
  
  6cd1fdee39c95f109b78228a6be40e3e
- SHA1
  
  2b91d3e09e8596add4cbdada9bbf5a2a448e5738
- SHA256
  
  26f6049505d11a4648bbb675f8d08a2fdc06a3b96b7ccfa6c5fe25f35dd6c0cd
- SHA512
  
  2bb20aa900c6ba25b6a0eac0f1309621ac244da6dd09a334184e3375ac091226a2daab8da84d6af6486dbc5829b2d9238ca084a0aa338cfe9e54d71dea8eaa2a
- SSDEEP
  
  1536:XiifgwyR/MNB6qEqBCgOZMv0W3J5LS4dusedonYy7FLpRZSX6Dz8mBUekBV:/ydMNBRcO524duBdoZ9SqdBUekBV
Score

1^/10
behavioral3 behavioral4
- Target
  
  net6.0-windows/ICSharpCode.SharpZipLib.dll
- Size
  
  200KB
- MD5
  
  f44081428f0a6f84dc2afd25763e2ab6
- SHA1
  
  51d030410c88f247fae34d480e5a728fd3984dd7
- SHA256
  
  2b8ba0da97b61d572f234539b3357f79abc50aa925966e3435fca9ab4c9ff36f
- SHA512
  
  4ac19556d9107a8bb5de1c44c686c6c977fbdcfc8da595d34a862c7634cba916ec3c83c1c898808fff73dbea0afbe6faf86601d65416724b8337409648919425
- SSDEEP
  
  3072:bJ1o3gvhN6QX8/5ULEDoSj/OMVhC2WG+ovlf1tupIISBd250RI6rEaEcF6Zu5DkK:N1RvhX8/5vDoSLOMVJWi8pIISBQKjLn
Score

1^/10
behavioral5 behavioral6
- Target
  
  net6.0-windows/MaterialDesignColors.dll
- Size
  
  296KB
- MD5
  
  6070d2f982e115825fa959bcce076736
- SHA1
  
  7dc275af8286f343b2d4a7ddd5bb1b0100e2452b
- SHA256
  
  c5445ad0a687fa61bda02cd45baac1cfbbad31b6b56529eb9cf47510bae84625
- SHA512
  
  7a65dccaf2c4c2ca83b21ac5580b738fb69e3033908515a267a6028c6996ee06e4bf34502cfb3e5c5432d53d12a161bc9445c417d7cd251c1c25792f5a324a2f
- SSDEEP
  
  1536:K7CxEa6JpuYy9kzN4RUB/yCURKR19I4xRU7fKoVxbzQ3V:Rwp4RUB/pVg7fKoVxbGV
Score

1^/10
behavioral7 behavioral8
- Target
  
  net6.0-windows/MaterialDesignThemes.Wpf.dll
- Size
  
  9.1MB
- MD5
  
  b40f2ba6b15f934af84327df0a9ee698
- SHA1
  
  666de7ba77270790d72fdf56702539ca085ff959
- SHA256
  
  26119c12ef6b50ad534faea76411af4eec9bc77ecfd2bb1e17c374b60e6f8856
- SHA512
  
  02cb24be8f5f464e9de3961eeb93a0da177524cb1963e5487176c626886d817c26c1d18b20267dcc4feeb6b5b04b74d4c5aeb3d5701e572efa73da5b9ca3a051
- SSDEEP
  
  98304:b3shRXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCR23:b3shDnJ45/9iD54+V11bFv4z
Score

1^/10
behavioral10 behavioral9
- Target
  
  net6.0-windows/MathNet.Numerics.dll
- Size
  
  1.6MB
- MD5
  
  14724b3fce6c4dfa10911fe29db28d3a
- SHA1
  
  5ffd1748e6b34afbdf117033a56812935b5e6544
- SHA256
  
  21df48966e650dba60d83f6672c886d918a45d81849b0d352e94b824ebe27107
- SHA512
  
  3d2957ddda83b460d8265d7607881618fedc8f66cd0d2e7274eacae5362d155bc1a2c90bd3a624719ccee2770f2dd5586d1517c7c3295a21881fac78911ed692
- SSDEEP
  
  24576:/dU7QWh3Ymq5R95M9NntxYvn3yPszfmaOc7JrriXS6:QqLX+aOd
Score

1^/10
behavioral11 behavioral12
- Target
  
  net6.0-windows/Microsoft.IO.RecyclableMemoryStream.dll
- Size
  
  63KB
- MD5
  
  46086ef34bced896f6105eef10fbed87
- SHA1
  
  b9a686c49162af491533f8e0c9a7cdb4a3a8a995
- SHA256
  
  d7a81dec5b04691d1a3aa5d48d6472e84bd6511291a387f85e38acb905be8670
- SHA512
  
  4a3034345f3a1cda16c0fd2fefb00705c8b6911a35978ef28f531b35e54c44f65a7cab97b51b4053f838cbe76fb7a22a9c8722649084a0572daa1208cbd3325b
- SSDEEP
  
  1536:aUoPqp8e5pV23vC9x3TBdyL69yfmTtCwDzl:r5MvGjML69Mm5Cy5
Score

1^/10
behavioral13 behavioral14
- Target
  
  net6.0-windows/Microsoft.Xaml.Behaviors.dll
- Size
  
  141KB
- MD5
  
  72f8adb8af71cf55ae3fa13afc72e877
- SHA1
  
  620b3c526997ae0d07171f14555ed22d58ee3639
- SHA256
  
  8f782ad7adfdeeaa933183065aa7a0be9387abce6038e912455e78527b04adca
- SHA512
  
  c0d73400b9e55952c1a70b844bdf3fecdd8fc55e3a9920c7f9a30e8def372422dadb2bb716570769037bae98d930c6bd50226f3ba3c255b823edbd67bc429c63
- SSDEEP
  
  3072:wXQg6pDJRt4vs+uWRx8kt1dLXTiGmad5rUj9yV:OQD1JRtiWfGTV
Score

1^/10
behavioral15 behavioral16
- Target
  
  net6.0-windows/NPOI.Core.dll
- Size
  
  1.8MB
- MD5
  
  71764cc63530ed9bc78c4673ad26bb42
- SHA1
  
  a2907e30e191570c3ded86f6f287364ba7e512ac
- SHA256
  
  ea07e446f091823f9a8908a19a29186419dfe15cfe1a2a5437692d9cdf6fec10
- SHA512
  
  725b2456c46418eef9aeaf58ce98543c63ec5512af5c37f4b1093711499b02f441875416fe7fb26b16753e221fd9b6fdf60b994f02c0552b0341774dc78e8bd9
- SSDEEP
  
  24576:MvBHSxn4JaA33vuOu0ZDPPCkJ+q91111mkX6gK0C9RKjz3Cjd:M44JaAZDPuqwkKg7C9gz3Cjd
Score

1^/10
behavioral17 behavioral18
- Target
  
  net6.0-windows/NPOI.OOXML.dll
- Size
  
  1.2MB
- MD5
  
  21ee81762141f3cbba5d3ab702439a58
- SHA1
  
  a4c738a1539d5fb111bb547221d8ef657a0e7df1
- SHA256
  
  9a3f55ed6dafeebe3ee9ce9ff33b587e505ed085ccd977209e08ca2c67170c76
- SHA512
  
  66c9b334c52ce4bf21ec52c6c1b5252355a7ba7d38cd335981006dfbd8b84a7bf5e3063f72a62284557aec7ac87417c2165f78bcdd1343dd0104c0fa231a2c6d
- SSDEEP
  
  6144:JEHt3L2EmAOvOgZl/6yNPSVb5UKPxAkXAvDcAVDcAJ3IsiYPLCbLhXYBMdolejE3:uHsaMGzLyfwA/IZM3f731SG
Score

1^/10
behavioral19 behavioral20
- Target
  
  net6.0-windows/NPOI.OpenXml4Net.dll
- Size
  
  99KB
- MD5
  
  bbac0579e3eb736c45d48fd64f868b46
- SHA1
  
  9840dcbbd3ddedfff67bb5ec2bf95d7474b6d9c1
- SHA256
  
  c8b5b89235d5bc5755c638d0e192bc9f6869cfc9f1de8b9a13b1087004ace48d
- SHA512
  
  92741bba267079e7f9ebdbc08e0118cc1d96110904e5a7d328d57f1808fe0b368cdc27732c4b9c4bc85c2d0271f87e70e7308973c6e3fe68be98c22e9d510fef
- SSDEEP
  
  3072:sdS22+cmkxR3o2IkNgsYbcbSf7f8QowZaZe5yPuRU:sdS21cms42IQUIbUJI
Score

1^/10
behavioral21 behavioral22
- Target
  
  net6.0-windows/NPOI.OpenXmlFormats.dll
- Size
  
  2.1MB
- MD5
  
  111fe25d07628d3da6a5d401ebd51d99
- SHA1
  
  8e56abd0ae52d36b108395c9b4c980a48101b3f2
- SHA256
  
  7b089c3ea7cb8313ead74204d0b82ea79e2815da7dc0232021327117145d07c0
- SHA512
  
  5b57c788c0b52ec67258dfe808392efc3390b6c4d130fa7dfe8faaef8f4b649bbc51e09bff646a7aa54b109cca2adf2572af5b0882577d568b16fb8bf42f6978
- SSDEEP
  
  24576:d12uxkUiCdxhk3eOG0dofCbZn01swYKQA2edH2rgA3KNKszQhPdg6v:DxzkOUdofO0TQA2edHagAaNKszQf
Score

1^/10
behavioral23 behavioral24
- Target
  
  net6.0-windows/RegisterVisit.dll
- Size
  
  39KB
- MD5
  
  2163ce70565b8c5f1e4f80a63a7f04a4
- SHA1
  
  1f6531401633153435284eeb9d847ce7d48aa498
- SHA256
  
  c2756f7ad5a2c6c28d5a7240b1dbd8a51ba8600aa3b11d1b0fe280f2f540f7d5
- SHA512
  
  57d2c26e8648e5cdb6b8ee9d364082a34098fb3b5beec3abcc2ed35f40e8bc9d40881c42db7533583bdc6c373dd889cc3667edcea3e47eed0d1894f3e82540a6
- SSDEEP
  
  384:QAIlCXJ5rwdxOIuq1zt6iTK4LHA0He47uKCUNQyuG456WQvU8ComWnEHqpmtQQFK:Q1q5rwdxYaoK1Y7KCjTQ8C/E3g
Score

1^/10
behavioral25 behavioral26
- Target
  
  net6.0-windows/RegisterVisit.exe
- Size
  
  161KB
- MD5
  
  d1142ca89cd0111051e3811471bdac06
- SHA1
  
  cfc4182f00fde88187dd27947c8b2d58940740af
- SHA256
  
  a807db4694ad7cc6a83f59be166c2ea427c3550cfac84bf3209b591a5fa3c51e
- SHA512
  
  3276ebb0a449cfe582d81748fb2a6540f9c0706896526f9141dacffb612a35e0bb188fdf95a844bfdf9e755d2cd3e7c34ca2302333e5c942259e1b69a019edc2
- SSDEEP
  
  3072:9xyjMffJq5h4uMXTfSP89fA0J9W7clSztMq:98l4uMXTf0MU7c8ztM
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral27 behavioral28
- Target
  
  net6.0-windows/S7.Net.dll
- Size
  
  97KB
- MD5
  
  86e37d6ecd1ac298897792d1b73087ea
- SHA1
  
  689794e2f63d475d807632a586d2f2e20e3b5553
- SHA256
  
  e2ae4c22fab52fddabdaa3f4fd1c6943d881f5cb6cf6b9842b3ae986a573f060
- SHA512
  
  4041f078b639025b70dbc8e345183685c9eef1b4af4997a46469365583f403381cef3f7068ef1a3c799796a5b292650a1604847e3928e68dd45c538d2067f282
- SSDEEP
  
  3072:wEDzvL10bLBjrj/khMBGSaRLs3bJRSk0BCsKvOaIj2I5l9:wovLYJ/OnSaqrDwCsK
Score

1^/10
behavioral29 behavioral30
- Target
  
  net6.0-windows/SixLabors.Fonts.dll
- Size
  
  1.1MB
- MD5
  
  e1302c61e150033c9ddc700ec64e8c44
- SHA1
  
  4d9d26765b62fa5ccaf855ceda4530f7001ff666
- SHA256
  
  e1e2f107e7c78fb859f1b23383107a125acd8b3a7470140850daa6f6f6c45d9f
- SHA512
  
  9a450bde7c978b5cc343463f79e2830695768092b634afda78286d6a836cdf13944ea5b469228715691eb107d93234fc6a95b8f9c1f1d7c6310313797152412d
- SSDEEP
  
  6144:0e2oUEtqKZFK0RFpusvc+MRgQxcWBIunLZd/opxHF7tbwFSRDVIT412x6E8vdj:t2OkKZFK0RFpusuRcWKGdgpxHrbgSTg
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32