b3f73318c60f35c2acc435b85c07d24aa5ab40f1cda482a66550fefb1d102c90

Sharing

Copy URL

Twitter E-mail

General

Target

Elsify v2.2 by FrostChanger.zip
Size

10.6MB
Sample

240202-ntn5fadaa4
MD5

1a90021d815532652c0ab3ac0cd43dea
SHA1

e0e9a655e5412dfba2da9d41f9911a3d29557e8f
SHA256

b3f73318c60f35c2acc435b85c07d24aa5ab40f1cda482a66550fefb1d102c90
SHA512

bd7efdda430c2ae3cce6dee6fcc1af2d672ba9bfaca4d87ea998e9dcf4847ed33913f31e14c7bc8c26096c68b3fb92255b253d1e2b8fb558712137ad290b7bdc
SSDEEP

196608:RZTmS3B+psUt4g9UKGtb9n4zLHw6msuQCw+Ul9FckWYts6gH2i/G+xvR:Tx3B0xbUKGtb9OLHwXQCYXFckLtW2i/X

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  Elsify v2.2 by FrostChanger.zip
- Size
  
  10.6MB
- MD5
  
  1a90021d815532652c0ab3ac0cd43dea
- SHA1
  
  e0e9a655e5412dfba2da9d41f9911a3d29557e8f
- SHA256
  
  b3f73318c60f35c2acc435b85c07d24aa5ab40f1cda482a66550fefb1d102c90
- SHA512
  
  bd7efdda430c2ae3cce6dee6fcc1af2d672ba9bfaca4d87ea998e9dcf4847ed33913f31e14c7bc8c26096c68b3fb92255b253d1e2b8fb558712137ad290b7bdc
- SSDEEP
  
  196608:RZTmS3B+psUt4g9UKGtb9n4zLHw6msuQCw+Ul9FckWYts6gH2i/G+xvR:Tx3B0xbUKGtb9OLHwXQCYXFckLtW2i/X
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1
- Target
  
  DiscordRPC.dll
- Size
  
  80KB
- MD5
  
  9ed0cc60faa1ca995f75dc8b4bf407c4
- SHA1
  
  87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
- SHA256
  
  acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
- SHA512
  
  9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
- SSDEEP
  
  1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9
Score

1^/10
behavioral2
- Target
  
  Elsify v2.deps.json
- Size
  
  7KB
- MD5
  
  cf60892943a3748c607369c82036af84
- SHA1
  
  de0d0fe798bf08ec5789fb226db22ff9f939ebf6
- SHA256
  
  5d7676cbf1ccd70eeab113ce21f2ca094a56084f5159849d1dd284a50cab95d3
- SHA512
  
  676498c89ae31c8e570fc65ead5e447fb4df4674f974c4fc4f4baa876c2f8e826af63d438fcbf38135bec91251f61729e8fecc10935bf7e771f727ba95e725bf
- SSDEEP
  
  96:YfX90TNQ+l9P19Q2zx6nLO/cvJ733mdqicAMdMf9+wJEdhodjl21soJ2UpnTo1CM:Yf+pm9EdZxghu8uKHTXdgOCN
Score

3^/10
behavioral3
- Target
  
  Elsify v2.dll
- Size
  
  10.0MB
- MD5
  
  6648e7297021062f58750aab38566a9a
- SHA1
  
  1692474c42eb5176a388e6d54635165a0bdb8c78
- SHA256
  
  b7914592b44887528911b7d41d9ca02c9b095116ec66d7971c82d28fb6c65922
- SHA512
  
  82e340dd9e523b20c71328215b6509a27bab6debf85daa07e366af138d8c8c12cf3172b86f521b9e0b5a2cce815748b1f6de6e3e90ccb84cad5647b88c8fe775
- SSDEEP
  
  196608:ZBWT3RKt6/+jgd4Yuh5PnWPFBN6casJKyilOZ7LMgdcS/:6EtM14Yuh5P8FBB3Kyd7ZcS/
Score

1^/10
behavioral4
- Target
  
  Elsify v2.exe
- Size
  
  253KB
- MD5
  
  9e95e8f56cb6f3d1cdc6ccb08a76c912
- SHA1
  
  151a1f3272d55f1dcbeef162b7f70d04025bc098
- SHA256
  
  595fd61801d2ea5739d688e2b22a83f2917bc532fe82c02734972ccc159497a8
- SHA512
  
  026f1f2e86b684a069eca4626a7ff209bcd8017cd9e47bc96c6d13dab5e2811e3ab830211495971ce29e9884b17d0e0928e4b68692dd12ee5ef0ace5145d7907
- SSDEEP
  
  3072:MguAgTsGLYEZl70PsLko1Gs2T/0oim/JbRZzlZ2pqqJhBbC:M5twsLko1Gs2T/pPlZ2wqJhB
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5
- Target
  
  Elsify v2.pdb
- Size
  
  70KB
- MD5
  
  79cbfea0e86705c586b3df46d4baa562
- SHA1
  
  b8182391a463fe06578796368822e92e61e6f766
- SHA256
  
  2d6f4efe5cc6a23ce12ddbad256dacb60e86c7af916b904615e6eb8b51e8a9e3
- SHA512
  
  6a603972bd69f2e2092bfa086a1611d6d8ac2d74c9185b33edb63ab290e2c21e951e97dbcc67517999b0223f1f3e6be917c5aac695f6575054539e344e915604
- SSDEEP
  
  1536:Ezh+rpLwEODA6qFsDt83XgTYKu3IveQLHyRLzkwXvW68rcGCrjs:Ewt+A6DYvMrcGCfs
Score

3^/10
behavioral6
- Target
  
  Elsify v2.runtimeconfig.json
- Size
  
  266B
- MD5
  
  d720176a229e9d969b40fabeb0baf62e
- SHA1
  
  f2d8e97a6c6098a10dd80553eaaef7547ad32ba3
- SHA256
  
  321b4e463bbacd6113aa337511bdebf5e7356e9971744346b28424607c7b483a
- SHA512
  
  0844f9aca147014a68248c43310bf97e0a0a3679fc84650aa0a27aa09f70f56fa071c0ace1be80f0e33ce4dd3f865eae11e946d98d21af916dc1a7f945acaba0
Score

3^/10
behavioral7
- Target
  
  Microsoft.IdentityModel.JsonWebTokens.dll
- Size
  
  66KB
- MD5
  
  ffaa906b13eb79f905da09e68d151bc5
- SHA1
  
  b2c3b80be2280ca4d8a66065bf4adfe61453700e
- SHA256
  
  234df630ac0506de9f21eebba175aa3efbb2a64b32fa35a3c4904316db3dffe5
- SHA512
  
  4e42a6fc1c3855b68f43383c7c26928ede60425abf6ae3e76c6a2e42791ee45a3f4022776116562583481745f3e342b91c98a6660d9c8d1c1691863de63592c6
- SSDEEP
  
  1536:4m6516C8j4O537NPkeDuttJ6gjakdzwuGFzdd:4mqECF037NPkVjxtgZd
Score

1^/10
behavioral8
- Target
  
  Microsoft.IdentityModel.Logging.dll
- Size
  
  30KB
- MD5
  
  33614db74c23e3435074dea95f2be9e2
- SHA1
  
  e9258118f3c8f80f2e5126ac803e554d285187dd
- SHA256
  
  5273a1f5fe963b4306f441a3d28abda9bb13b644cbbfd4e356238f716eccb7dc
- SHA512
  
  1177baf97bc25a8b21e0d163ec27a4e7d06193ae6a80657e7af3537dbfbd69eb6c1a7aad8a868e9432e3c7c4dee7a877e000502f134d72ee3d66ee1d2e6d4e76
- SSDEEP
  
  384:Zdhs0NuLp2xU6dZG5gl++pci2FBX85bKdQlRhVE7czWi74WTyHRN729a/P/R9zdk:vS0NVU6dn2nX88y+7QJu4OPZ9zdk
Score

1^/10
behavioral9
- Target
  
  Microsoft.IdentityModel.Tokens.dll
- Size
  
  899KB
- MD5
  
  42f2465b06876e610763171b0a814aa6
- SHA1
  
  7cbdfeb7216c5c413071f808770900015f579241
- SHA256
  
  d1abc76c88611f87db27606b0190a487fc557aff696b31c3248368748126c536
- SHA512
  
  449ac37ed012b31c2b3885d40bd46130980a9f9f11916e9702fd5bfcb94b2264b3f4705e86ddc37a5fb8baee8dcdc4906f18ba962757d7c9179d5dc34bf76612
- SSDEEP
  
  12288:5gK72IeY7KCwQtyiTsv1jfn8U17LYffuJw/5MdtQnB6jadbW:5x6EwQtDmYB6jIbW
Score

1^/10
behavioral10
- Target
  
  Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral11
- Target
  
  RestSharp.dll
- Size
  
  186KB
- MD5
  
  74f7189e0d8462b4766ceda305b5e6a8
- SHA1
  
  27bc0b6410917ddd63b3a61230e61ee56b85886f
- SHA256
  
  44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640
- SHA512
  
  22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6
- SSDEEP
  
  3072:P2SM9KBg52ArSQIi+N2/4CBUBu4UH/vammBktTqTLJ1qI:u551KBa75fv2
Score

1^/10
behavioral12