d7361457b9a5090057132219b1212d6fdee117069039df7baf757ba5b5d52d99

Sharing

Copy URL

Twitter E-mail

General

Target

86164f88017462abb673ae5e56136380
Size

2.1MB
Sample

231222-mvndvsadb3
MD5

86164f88017462abb673ae5e56136380
SHA1

85ee480c7c6c396459913f9d80c9dd876f932583
SHA256

d7361457b9a5090057132219b1212d6fdee117069039df7baf757ba5b5d52d99
SHA512

f351437c469573d32bdcdacf3856f281565d85909ecfe940fe64f7a36f026c752077c18ecc266c4f21131cd2dc53f3ea23b6dc962c84351b36f09e9c641a2e3b
SSDEEP

49152:ak9ZSPKMvIFvn/PE9Zgn2SPjIDrhSqAPpBSIAa:VUBvIN/sI7PU3LAPpBtD

Score

7^/10

linux persistence

Malware Config

Targets

- Target
  
  86164f88017462abb673ae5e56136380
- Size
  
  2.1MB
- MD5
  
  86164f88017462abb673ae5e56136380
- SHA1
  
  85ee480c7c6c396459913f9d80c9dd876f932583
- SHA256
  
  d7361457b9a5090057132219b1212d6fdee117069039df7baf757ba5b5d52d99
- SHA512
  
  f351437c469573d32bdcdacf3856f281565d85909ecfe940fe64f7a36f026c752077c18ecc266c4f21131cd2dc53f3ea23b6dc962c84351b36f09e9c641a2e3b
- SSDEEP
  
  49152:ak9ZSPKMvIFvn/PE9Zgn2SPjIDrhSqAPpBSIAa:VUBvIN/sI7PU3LAPpBtD
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  .new/ascript/a&a_03_a_xservice.tcl
- Size
  
  23KB
- MD5
  
  ac392dcdc1560e7af79942750a128c77
- SHA1
  
  ee93c9e31236b84b90060931fa14d1a26b20b308
- SHA256
  
  99101337fa251f772906319fb6a6df0abe3411e69e3932c8ae75940c9dd13518
- SHA512
  
  3f4624795b0b5dd102390171ac27ec8f3ee42b7b604acd27fec0a64b555fd3d91b6424a807928241391b8e7dab3e0d611c24e998dc03f4d1dca88d8f0432be42
- SSDEEP
  
  384:tzK7koN0EgiTdTMRTsoMzBZo7NbfWdVb4XVtemEaJxVBvdzFJ+fQMnJelYWBpRAj:EhgGMlMtZCNbWjbK7/HV5dzH+Wjd+
Score

1^/10
behavioral3 behavioral4
- Target
  
  .new/ascript/a&a_10_a_owner.tcl
- Size
  
  5KB
- MD5
  
  77136f748623cfd34370db67e528f010
- SHA1
  
  1408cf37607ba5de9607de50d91f5eaee9438a12
- SHA256
  
  d87e3f35cfc3c2959b41b8ed0e540e28acd16857c9233a3d0473e999d427f59b
- SHA512
  
  a42e915a51c94d4fca28ee9b6e7f5159324a8859d5659ee84ff16764f9bee9cfaaa05294a7c9b8dc7d540ec3b2736b06d1db98ba930c83891fb99c129000e940
- SSDEEP
  
  48:UBfcwAn7xVJvCSsnwF8DZOXkuNGpfP78NYhcB6pBE7NhJ3guP3wIEwJiobqNRsR6:UVuTJrHF8D4fGm24h93w/ObKRspKxI14
Score

1^/10
behavioral5 behavioral6
- Target
  
  .new/ascript/a&a_11_a_global_N.tcl
- Size
  
  4KB
- MD5
  
  eb96b6de05380c9f4e0f888a42ae928f
- SHA1
  
  63b2c9adcfa09f84e47ed84c7835da9af1482cb3
- SHA256
  
  7782341358353574633e79827a1dc4fce2a153debcafbd09eedbe6c19b93b071
- SHA512
  
  0f44b2f381ac11012971a0afe413d5eb41fd1560787c28607bea4e6c884e5423624740e3d210f61e311daa822383de1864bb3b7fd1673fb95c4f3e2f964b5bec
- SSDEEP
  
  48:UBfcwAn7xVJvCSsnNlfypEpcJ3UwopyxKFhWvqR4MTqpUpLc58stj1HLLVF:UVuTJrkfyOylUwopLGvqRlqV58sN9L
Score

1^/10
behavioral7 behavioral8
- Target
  
  .new/ascript/a&a_12_a_global_n.tcl
- Size
  
  4KB
- MD5
  
  6715e504612dd82b3f53127a562def56
- SHA1
  
  9c585d7d242165fa22d302ad64395348bec3df8b
- SHA256
  
  8ca3fec9bc8c882d577f5cd2db0bbd32917d327728f3d147a97b1ae14c08f6e4
- SHA512
  
  9be1b502225cbf9e952b253eb3c20cbed21c7d2a8e69f3704ae2d92213bceb0a262f7db9f107d15072b377ab1b3cba1a77635ecfde02457cefd8a3763d067005
- SSDEEP
  
  48:UBfcwAn7xVJvCSsnfMXvfE1qHEnYHMy+fHJyV3gckVDdEpx4lKmA5qR4p:UVuTJrVXE1aEYHMfpokVDwhcRQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  .new/ascript/a&a_17_a_global_s.tcl
- Size
  
  4KB
- MD5
  
  c9909338110628bd933cbf3d211d42b3
- SHA1
  
  e7847218bf37690f149b0628f9e43beec86d0cc3
- SHA256
  
  a279b775a73161cd325c92cf7452dafa27175fb8d58902d7c014fac43b30e771
- SHA512
  
  ed61823dacf4e0f716a6582b83585345feaffb66fc1ddde77b8c6e7232cadd932d7f396f6ce8b49ed41d3e0b1a97c032759087410cbdad3ca234f04f66d24556
- SSDEEP
  
  48:UBfcwAn7xVJvCSsnTYVB2QJWsOw6f6IURXj7qWcBZLT7u4NN3D9mUVqS8gg1xxcn:UVuTJr4YVB2QJD6SIUtLKLz9dixDa
Score

1^/10
behavioral11 behavioral12
- Target
  
  .new/ascript/a&a_21_a_local_X.tcl
- Size
  
  13KB
- MD5
  
  fe49c9a5e632137d050f3bf17b33ed9c
- SHA1
  
  309898c883630ec36e6e76ab94a27d6ffffe7498
- SHA256
  
  73bbfdb236ff53b42eb00f6f12c33233e057a8b33fd2c382c580cb68b0a32133
- SHA512
  
  91f80ddc21d59e7c1dd1f3b0ab03438310b691353ee42a24874a6ea8b51eb22c031d6998206b818312b07e4a6201dac23dd973cc8be1a24386bef69b4573e2f8
- SSDEEP
  
  192:UVuTEdgKZQaI7YoAVylHzS2HniQFHEip1BiF606o/NAN:0HZQaI7YjylH+2HiQFHTp1J06yN2
Score

1^/10
behavioral13 behavioral14
- Target
  
  .new/ascript/a&a_23_a_local_m.tcl
- Size
  
  7KB
- MD5
  
  f81c71bd7e638db5aa815b618b2a6af0
- SHA1
  
  03d3ed7f12e12f0e7087526f19f2042f7c9d96c3
- SHA256
  
  58831c9032fd0e5c847162aa5e00cc34b1a648d902f0574d27837fd6c9e7569c
- SHA512
  
  16e6d18c4e2f3354773599a4dfd501aef507b28c0060f82c462a184eefe730274d17046c969e4dac92d62be0f54ef08140dd6114c4e78cbf19117f0de492d268
- SSDEEP
  
  48:UBfcwAn7xVJvCSsnGbOEba8ydEnYYBAnDETiiTmVpLVUs+ZuppiOjWIPoV32VL5v:UVuTJrHazEYYBAnDtvCVqprBJlJj
Score

1^/10
behavioral15 behavioral16
- Target
  
  .new/ascript/a&a_24_a_local_o.tcl
- Size
  
  4KB
- MD5
  
  d749dd5d0c83680cd7e499be20cdbf82
- SHA1
  
  74f58b2f403682134eec707fc14978d8615f6937
- SHA256
  
  2081b2ae81ab8af54321311f65452f1de99004b48892c9e425224464f6e0348d
- SHA512
  
  9a43cee465982db112522a320e2fc8d012af134145634bc5072a01ef2153a5aab4e458514c9efb488f473bb943cda7336d4b3f04f81b136547453333125b623d
- SSDEEP
  
  96:UVuTJr7eIzURBmykfELKGY/O/RMlBc3hY1KG4L:UVuTl59yjHifZa
Score

1^/10
behavioral17 behavioral18
- Target
  
  .new/ascript/a&a_25_a_local_l.tcl
- Size
  
  6KB
- MD5
  
  7beeaf6236ab8bbd9fc7608974d54800
- SHA1
  
  031e9e45e21565f219329675382d6be7ceba7323
- SHA256
  
  faf5d261938c16b8dc248e61a55e882839dcc284b84dc44b8f0abd3bf5f74248
- SHA512
  
  cfef39bddf497ba6a5378205da9d5cbf483980bed4781fb91568d4172180436d61f297df42cdb22c264ff98a96cf14aa75720d6cf492b6daf158e58feffd3fcc
- SSDEEP
  
  96:UVuTJrq4VRDl3sdYsNLsR9f0j94RmQOhsNPy:UVuTg4Vtyqsfj9Ca
Score

1^/10
behavioral19 behavioral20
- Target
  
  .new/ascript/a&a_26_a_local_v.tcl
- Size
  
  18KB
- MD5
  
  8d8cafeda38de80b8e764b1053b3b0aa
- SHA1
  
  0c5f69e9480ff1dfdc05b9835d90a72c7384f473
- SHA256
  
  b1d6efb2cebd83920c3ce43900f43e1077de1e0da2f7f51434053bb9d634149c
- SHA512
  
  1d320a6d6d67426af2bf8145ae8bcf0448f318e1c24dc707f9b8d22a592c5933ecb82ce30263be5451b7079d368a4a31bee3268dfd72c20cebfbf7e96b91c3b3
- SSDEEP
  
  384:9zPskku8UZKl8H0zgTiWWIF8mSJWBSaWJxcBC:FPHkQZXHUqiWWIF8pJWBSaWJxcM
Score

1^/10
behavioral21 behavioral22
- Target
  
  .new/ascript/a&a_27_a_local_q.tcl
- Size
  
  19KB
- MD5
  
  182c41f1cd314479e9a7f76fac4545a1
- SHA1
  
  689f98be36a277506f9642a096141e64ea55bb55
- SHA256
  
  5ea90644f4546fea7a23f97b0c2c7f250a15e81227488c71df0e8bbe68c5aff2
- SHA512
  
  f1af4a72fbdad026f2641e13a5b7528b012cb630c4ea5b81bf2a32a1de199f31050ab8b3745664a38d432218ee4d3d2a8f4f42dee7823b9d84c7df882dc5723c
- SSDEEP
  
  384:oNlkZjzNLJM2DodbhHHuOF4CoBovevZCC:EMjRLW2DodbhHHu045oO
Score

1^/10
behavioral23 behavioral24
- Target
  
  .new/auto
- Size
  
  321B
- MD5
  
  ca67eae5a1d96c9c3360081112ed3f3d
- SHA1
  
  7b1972c14b16bcb7894cf253a0a6f35d20955050
- SHA256
  
  f1f2050b111aaf87fc959de7e42bb4a128324a3b49e1725bb46ff1de3741287d
- SHA512
  
  2a71f12606fa889254af881389e3b6c8a908a0f8494881da23f13b3fabb984c783c06011eddd5a615f3f89f57a5ded545edf069bbfbf2b1b728c74137820616b
Score

6^/10

persistence
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  .new/doc/TRICKS
- Size
  
  2KB
- MD5
  
  bc50e508512f1326a7bbc89e65900f43
- SHA1
  
  56b4148ef10ffbe0699468895f91aa7ac820218d
- SHA256
  
  951377a431a02ddef93dc018468072b411698a6774948490e2ac4b09a13ffb97
- SHA512
  
  8517588ca49a5d1f5af03c121a9d0c74ef987528d23c7956cd68e08eb53a64f0e76f0e4b042024255e8b83be4e83e7016ba698a0738e77cd43096d40c9b7f142
Score

1^/10
behavioral29 behavioral30
- Target
  
  .new/doc/html/about.html
- Size
  
  3KB
- MD5
  
  8b96d1dfcfa19a0e3f3b9f8a885af155
- SHA1
  
  97b7d340d1c92a927d7a135ad5ff0866b1d4ce02
- SHA256
  
  62643fe848f827296342eb30fc6f5022fa22178d1180f556f99aa073fa22aa02
- SHA512
  
  860e7f69c413ff2eaaaff7f1dce49c40d33def4ecd98a77773987c3b621fc59e19436b4341e683ab5317a227f0e384ed8c03305200116e664abc8d2134703dcc
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Creates/modifies Cron job

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32