4f34bbe360793caea38e7097a1aa61e4338414eae5525d3bd2a68e42b59bfa64

General

Target

Thallium.Nuker.zip
Size

21.0MB
Sample

240204-etmryahdf9
MD5

2baec32706b3bb26e10524c8ca73f529
SHA1

daf11147bc37054c22b641ef1acf1f1ee0cc941b
SHA256

4f34bbe360793caea38e7097a1aa61e4338414eae5525d3bd2a68e42b59bfa64
SHA512

c71bbc85c5b5d27d2bf3869405ed07fb8f7ed520c64e21f56005ef439dbd86a548a0241ea94be8282e6e0215344c12a3b24d7993ceade1bf04f00eb1cc5bf2e2
SSDEEP

393216:JLl8mqXG8APItFpFCCC3Qn+W3+dQml1thEbaLbhLJeyCv8tlNcBw:ll8mqYwtFpFFuvW3+dhlfhkaRJe2bOe

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  Thallium.exe
- Size
  
  21.3MB
- MD5
  
  3f6b1834c71fea6f5118fa86c50e9e6d
- SHA1
  
  e080e94e61f4d2e976b86373783b4757f5a5a885
- SHA256
  
  858ab05ef0e168a43ba39fdd3c1055c32391706e84f1d6d9762cf033761642e0
- SHA512
  
  660a741d5b449151929eb383e708097bb842d45c54d710d0746cca9810ef664605a2d9648bdfb450850f1f141d28bcb063660dd18f5a191e43a292574f20867e
- SSDEEP
  
  393216:jQtsS/2YwcHi+2ohcyLkW+eGQRF93iObI8LHP+bJJFJAUSXzeTr+Pmy:jQts0wcHiRyc0kW+e5Rn9M8D+9yU9XD
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  Thallium.pyc
- Size
  
  51KB
- MD5
  
  788b230d98cc3f61e74fb3bc8eee510a
- SHA1
  
  eb311bf87c681a91f4b6640f4f9ab0373bf6aef7
- SHA256
  
  77ecf5c820fb12f7b8514832f9d7526b3ef38aefea4efce739013211e10e0828
- SHA512
  
  1fbf2dbc0ef7e7a8f5d3298ca11145db02a839fdef904e2df69460a9ec5f6ea25ea57c219c11c3ba511eccd73f086e98562b6f996350b511ae3179a19cf8587a
- SSDEEP
  
  768:KbjL2PL4vMlVYB6STGCNEcdXjCtNTlumogrM2wtbocCp4UgXMIc2hjZj:6L24mk6STBBjCtYbocCpRgX1zF9
Score

3^/10
behavioral2
- Target
  
  config.py
- Size
  
  331B
- MD5
  
  15bc0a8b605f765466075ee3f3d14281
- SHA1
  
  44cd52fb560b74a2d1455967efc1606fb9295429
- SHA256
  
  0b7569f3dcc16e5307278837314ec19a90065bcaedcc0cd3461e709af4b82160
- SHA512
  
  48de184c36f84edaa2140588f8d0d3cbbee7525d1c6dc3a83e2bd95f2416cdf1357854658143973f9981c90efa2cc01667a9ca0b44ac7ce36493b9352f5a5854
Score

3^/10
behavioral3
- Target
  
  fetched/members.txt
- Size
  
  62KB
- MD5
  
  c2b0d6a2d9e19b6644f29fbe23dbc73b
- SHA1
  
  fccd22d256ede25dd2a7a7934a44797f9a9e0e4d
- SHA256
  
  bf2de42a8dcf7f9911a3efb599f9bdc84556712ade51d86d21b0f61bdb7b4f17
- SHA512
  
  645114d0ea7f21392b03d35e1f592fa99fea61f2bf8b1d4433a11271d59ff0fdbcf36cf13e7fac0e607ee5c52dcb2191b6d3c31562c9a2c20d60a6fc526e9556
- SSDEEP
  
  1536:7odWQfVFeVSjr5pYdYhZy1vw3SVr9VATGNrg+ti:7zNrgZ
Score

1^/10
behavioral4
- Target
  
  proxies.txt
- Size
  
  3KB
- MD5
  
  11874f1ad5f22c29a4262ef88f68b87d
- SHA1
  
  890566dda05702d4921fb9d6c6375895f210e577
- SHA256
  
  f798a6280d005fc47e1daf627984975fc72d02307f95bf5c8d98324eac0000bb
- SHA512
  
  36228cd3d46fc38c8adb84ede27eae98ec5a4d6b44b1425ff0294046a07372cdd6d3f9a50a5d82e64edf141302894314ccae503b2ca643da7937623abe4a2944
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5