dc4b9964f4da9a26c5aac6594193cb4ea9e0b4eb2bac20158f98611405c3548a

Sharing

Copy URL

Twitter E-mail

General

Target

CatrinePerm.rar
Size

24.2MB
Sample

240206-ckd3bscha8
MD5

e05d737795238cc7f25a6d1b582e38d8
SHA1

b88a49a21a382dc495254ef8dca4ef498799cd93
SHA256

dc4b9964f4da9a26c5aac6594193cb4ea9e0b4eb2bac20158f98611405c3548a
SHA512

ee9868c09a59bea699943781aad361a0a3e41af30c2b7e6f53e7a530ff28dad483c3ded4d65c31c56e7b76192e5eb9d05d7e3aa902daf49c9e9e447466b11e27
SSDEEP

786432:GEztN3gfmrIT0PXzmpgwfXhf232fSiiARV:GE73xrISMgwPhfJf/iK

Score

7^/10

Malware Config

Targets

- Target
  
  CatrinePerm/CatrinePerm.dll
- Size
  
  811KB
- MD5
  
  5aabc1aaec4fe6297da47c8d327ddd29
- SHA1
  
  ddfb19d827747f4ed4e59d4f2975f7017568e974
- SHA256
  
  45df56d3bd73f3dd6ee05a8d77afd52d61012d1742cae6e42196f9f6f236f6d8
- SHA512
  
  290b5f9e373b39f41b235ea09d90d026db38e0e63b7f660ff020d9c99819d7baa051fe5fae8221fc8eb5ac635a65de47ba127da2453e7d3a25f1ca337afb9fd6
- SSDEEP
  
  12288:bwr+M1vyQiO+e7tmMjg4yDY7YjqhRNecqnfpQzt562ByZG3Xw5FP/umZtD1ryHsw:MzDE4Hzn2pstQEyZGw5F+SD1OHo6T
Score

1^/10
behavioral1 behavioral2
- Target
  
  CatrinePerm/CatrinePerm.exe
- Size
  
  139KB
- MD5
  
  10605ec186aacb6a4b3dde419cb0b5e5
- SHA1
  
  9c41040a4c238dec28c4f47bfb0a28a3cd4bf19d
- SHA256
  
  ca5b3ebffc2080fec7d44655069190b892e51e4bc4401c31f64a5a70d46f1ead
- SHA512
  
  1d48bbc5c965f098300ce5404269ea5b1694887531b9aa1e953755f631325946e4914405ae3cabfe13d222ddfde4b0368d446b9aad3956f345d6b142d6579a9d
- SSDEEP
  
  3072:Ju/4Fqqdnmh9RDNmCXLRiAIrmDSg78INuC31RbPdLnY7eC5a1LN:Ju/4FqqImCXLRiAIrmP78INx70QN
Score

1^/10
behavioral3 behavioral4
- Target
  
  f_000004
- Size
  
  2.4MB
- MD5
  
  46a47acda7fdd80dd473759e32ce4cdd
- SHA1
  
  07228c70d179792e0fa8706bc80c8d93c24048ee
- SHA256
  
  2901a0f7ee3a0f9d1beb6ace1e96a14f53562ced4c8e2db18a9ed8219716b99a
- SHA512
  
  2baabf0de9b0339c625fcb7de455e068ecc471164be170eb41906ae7c6552e19482034270d616a2518fa281088fc18cc01dc8699e8b09e031d30b43f5ffd12a8
- SSDEEP
  
  24576:TT5OK3WfXiExqyHTzmG5o40P2CIQ5kNZFx/IbM22TKFNENt8hvC+G:v5Oq8BqP21Q52ZFVIJ2TKFN4uvCF
Score

1^/10
behavioral5 behavioral6
- Target
  
  f_00001c
- Size
  
  2.4MB
- MD5
  
  4ee2fb755967abaa5dfa3077533ea641
- SHA1
  
  28cb2ab2c5bd0f504d57ef111dcc7ecbb4564cf3
- SHA256
  
  b06870081ed26e46b05c8909ac0e9d928249e0547a3ef0985434c54bb47a1ee8
- SHA512
  
  e022241069c7e3b9eee8d5047cea51360caf46e7b4647aba44e1167146f0fe8098ada0158087ca51eb484fb7845fbed0b5f113ebf916f96b724932329b6b3c46
- SSDEEP
  
  24576:kMoPLfNOhG6ZnykiUYfhsLPyQ/iZSOXAB6JVlDfF7pJYW3+vav1vV:JoPLlrmPyQ6ZHXAoVNF7pJPuiv1d
Score

1^/10
behavioral7 behavioral8
- Target
  
  CatrinePerm/CatrinePerm.exe.WebView2/EBWebView/Default/Code Cache/js/834cfe7d63b4b479_0
- Size
  
  52KB
- MD5
  
  907a4d3235fc0d5697c35d487c85d26b
- SHA1
  
  f36c4d32175f51fc382ddce94652f1b7b4e94f7d
- SHA256
  
  5359c3853e7ecbbcda58b3ce89ad48630958041656ecf5d541b9509c60611cd0
- SHA512
  
  b15604fcaac678280f8dec044388b666ffc4cb0dba3b7f468c57fcc580bd0bf3782330f21b244ab6a947a3ef7064a2e168b5e355e927598e382a9a6f011b000c
- SSDEEP
  
  768:3SyJmvdqGyhyNt5IXRt3s/BjLmnktzu2xYWbWYtiu2/lfJVpYDGFo6zY3nFZZEPY:iyJmvdO4/K2ynHqjH2hJHWd681ZK4P+
Score

1^/10
behavioral10 behavioral9
- Target
  
  CatrinePerm/CatrinePerm.exe.WebView2/EBWebView/Default/Code Cache/js/e9cf90305a4e5760_0
- Size
  
  52KB
- MD5
  
  eee55503dcb1500eb69b3a3d3a67a936
- SHA1
  
  b53c45a32cf4b2ea7b2dbeac3410185744823da0
- SHA256
  
  2d3e221b28a0d99397cafd80b84a8e5f660013a5015da37e26ac679d9298d7a6
- SHA512
  
  5a3c4f899730ab2fac9543c670f99c8735dab87af3f3f6969e6977bb1f466bb1836d1d8ccaaca6fa920a2e3067a08797ce95f39c6f1ab098cf7f5eb9147a42cf
- SSDEEP
  
  1536:YF6J1Jq7DUmEzme6/TJs/9yBpSl0XVBQvf4+CFJf:1J1UEyJ/TJNB3QvAnf
Score

1^/10
behavioral11 behavioral12
- Target
  
  CatrinePerm/ControlzEx.dll
- Size
  
  245KB
- MD5
  
  6def9baa2552c072cea16b155fed0668
- SHA1
  
  93c9c9a7bf892d102f75b7fbadcc997488b4ed34
- SHA256
  
  3eceee9042e90da4a433007729778f72516f762599f7920839c751e180a47cb0
- SHA512
  
  62ef6519d0aa5979acd11067ff129ebb85bf62df8e66e395423b0cf33e5aa1541f2a028d38f2f6647cc129f6cc8be381b9c4762928fd4d163a1614652f5984ac
- SSDEEP
  
  6144:kv/YsKAsoWDJH5u6YAZBEmR8OpY82gb7gP2rxp+7vVNviPF1vdy0+mE:kyVoOJBRTdl2
Score

1^/10
behavioral13 behavioral14
- Target
  
  CatrinePerm/DiscordRPC.dll
- Size
  
  82KB
- MD5
  
  c6115a08c8e50dac0194fb98d3edc9d2
- SHA1
  
  903da7fb7ad47b7ad8eb5984ed54a865f6148744
- SHA256
  
  4dd4d48e0681604e3a7a72b6eae42173421d0b806b1af8fa03b45d9999978499
- SHA512
  
  3e43f721cf7b1ab28a4ff771b4186c70523eb2bd236063111593453c08dc8a7cf3fffd6a15af72502e8b800a35fbc7a7bd4ebb5b8f5f41796ee62a7a4a96c324
- SSDEEP
  
  768:eZGfuhWbsoZkmJPTsERSrxWjOFB8ZZnwUMOpSJAT9wQtc3nIYH+nijpJRMnk56Ha:TWIbP3QxWjOQ5pYlPMkh+mTxtSNy
Score

1^/10
behavioral15 behavioral16
- Target
  
  CatrinePerm/MahApps.Metro.dll
- Size
  
  3.4MB
- MD5
  
  fe25094bf44c6e3c8d6145bfec1ef2d2
- SHA1
  
  50696530bd5f24f30ae90742da6bf7bccbafaac0
- SHA256
  
  68768ebd9b04ebe7d9f093414c94a4f550741b7f3cf6ec3089b62c0fa76ee308
- SHA512
  
  9632dceb87befcb04af648c1fd70ffb6f2e497de1026cf9422d3ba4a07f03387e75d5bb85dfdb1e1137d1bf5ac2b66ac984e5417e43e1c47d25df992a25b9f21
- SSDEEP
  
  24576:xkcYr/qDOGL4/7qDL2P/1Y5e1bq7mTv+iruHt+Q:fUlPM2bq7mTv+iru5
Score

1^/10
behavioral17 behavioral18
- Target
  
  CatrinePerm/Microsoft.Web.WebView2.Core.dll
- Size
  
  523KB
- MD5
  
  9f9feedb05b87e1be1c7ab710655d0e8
- SHA1
  
  2886a398d065e13f667b974180589baff890d2b3
- SHA256
  
  5e172b4f558723b7dbb7f568f301077c84d6571436fbe5a5f45bfa621c020403
- SHA512
  
  397be2264710120f1f6c419fc7e6a95915eabd0b0586461fadf7335d3b3e0bc35ebca96acf5cb4002a46f6aef90c0238564519c47c7c62c995b1d7469158b287
- SSDEEP
  
  12288:qDrB322zh+iKsRFN/eA+imQ269pRFZNIEJdIEY0lxPrEIgcvLcglxMwCepM1SwU1:Zj
Score

1^/10
behavioral19 behavioral20
- Target
  
  CatrinePerm/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  39KB
- MD5
  
  4caae0e27f1c493ad732e3a49b38b097
- SHA1
  
  4319402a47be6c022552612303b6dca6eed4bade
- SHA256
  
  32a1e3f4184ce03122c4503b53a7983204fa38e030dcdbbfe64f1b471fd12c42
- SHA512
  
  0ff25e58b8e761e0c5b1a419b35547b4de8f02f2fe07e5ac8bc992bde46ac9fcae261bfd31ab90d9a669fa58cc87b798ec0a9de144245f6e39318e6b4c2eb83e
- SSDEEP
  
  768:L41nHCqoU2GmbUt5740eObba2yfhZDgcEST3p4Jjrjh2jJTSG2au8vxJKia5/ZiE:L+bxyfhZDgcEST3p4JjrjaJTSG2au4xc
Score

1^/10
behavioral21 behavioral22
- Target
  
  CatrinePerm/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  47KB
- MD5
  
  60aac68fd5215f9f2f703bf3d61f7100
- SHA1
  
  fafde9b5785400a013e84b6bccaa5c352589b16b
- SHA256
  
  1eaff15b01117b888678bf552a04b2097f64b11adf01f566e4a8c4eb0f2eeb4d
- SHA512
  
  8d86fe304eda0d66b9e7a7257f7f4254a5f8ac72cc5d6760497ce8284650734f224b8097d9b4f6c9b5a7941c278f5e2e9af5a51f6fe48d185376e32a826351d7
- SSDEEP
  
  768:0rYDVkqAbSEJL637/mkqlw8fDP/ryEH0tBy4JjrD1h2jBhlUaGzkD7hKKa5/Bi/w:DJAbZk7/qw8fDP/ryEH0tBy4JjrD1aBy
Score

1^/10
behavioral23 behavioral24
- Target
  
  CatrinePerm/Microsoft.Xaml.Behaviors.dll
- Size
  
  141KB
- MD5
  
  3add5efdb77ac86592db53b1a22d41c4
- SHA1
  
  05cce0b4888b8a4a9d0035a00da792ae2f2f52da
- SHA256
  
  71e00e2b9ca3088132fc4d54a2076cb07127fe02a5fbc10df8d61cde55dfdbef
- SHA512
  
  f766aab25e307c5dcca8ae09925e11fb2183e19b5936984c082eb794bd99256bfb0ae2441cc615cac5b358ba259033e397cd718aa63912ef2c9de2cd558d99aa
- SSDEEP
  
  3072:vq1jbJHF+e2mLqVQhe1d9PrZqYTXx5r1j2u:i1nJwxasnTp
Score

1^/10
behavioral25 behavioral26
- Target
  
  CatrinePerm/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral27 behavioral28
- Target
  
  Revo_Uninstaller_Pro_5.1.1/Crack/revouninstallerpro5.lic
- Size
  
  64KB
- MD5
  
  8462a9b69c76a9603a4143d51fbc201e
- SHA1
  
  4473590f93f94f22c340a354516191c3c0ba6532
- SHA256
  
  fe4bcb4251f77375119a936c80fb36221af0c5105e840e2e115d47f96cb437c8
- SHA512
  
  2f02ecdb06760a093f4d8e6f04c97138695b064db8cb2dcc4af9b47c829852f38b77be9425eb2f3e3e36f85da181c116c829921fa35ae68afc57c728d5393570
- SSDEEP
  
  1536:wg8dvQaFp4zqjLCzkCYlnXMEbnxbiHgsWtXTiKE6AXutI0b:6dvPFHLCzYlnXBUg3TibT+5
Score

1^/10
behavioral29 behavioral30
- Target
  
  Revo_Uninstaller_Pro_5.1.1/RevoUninProSetup.exe
- Size
  
  16.8MB
- MD5
  
  ab0d159cbe7e1f7f9adea455506f73b1
- SHA1
  
  a780054d4721e433387091233fd16c67ecbf3bec
- SHA256
  
  21a5b0e1ab9d88eec56dcd1c2ff050742d73e87325922e0840502d211b77b22a
- SHA512
  
  a28fb07060a33405a3d26d92c6479f77e4c403092b71471d0516cb4a431d2af55e48740c14622c6353066f53945ae8185aafb15f15b643ac4254dd26dd157ddc
- SSDEEP
  
  393216:LwA1pdJwTb+1yXa+v5wfFUSwwV6YWlw9Muo4O9W3XfCX5wRIa4o:MADdJYVNCtUS1VWlwa4O2Xfs5O4o
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32