ab459e8edeb68356aa4774bd2329635783e791473943ba42bb33ce40a50a9601

Sharing

Copy URL

Twitter E-mail

General

Target

CyberSniff-Uncompiled_1.zip
Size

4.8MB
Sample

240208-ff7evscg46
MD5

710854f2995087ff46c862c925d26b70
SHA1

0f5f3e9fbe7e5219de6056886518701849dc244c
SHA256

ab459e8edeb68356aa4774bd2329635783e791473943ba42bb33ce40a50a9601
SHA512

4fafcd5dc151d3d88c29b03f9492ffb85aa19fde7ed40ea409ac6fba63de0462b3ae7fc7cae7b06d88a37fdad8c46edb2c114d8e4cc663f7622800b2927c3fd4
SSDEEP

98304:RZxysZQjr0nYLsNmVII2mlm9k20N1N1eelfEVp5lkKfCTBj6GI+r9WviiuY/rIM6:RPtZkLsNEsmi0tLfEV1kKfCTpI+rciV7

Score

7^/10

Malware Config

Targets

- Target
  
  CyberSniff-Uncompiled_1/CyberSniff.dll
- Size
  
  2.2MB
- MD5
  
  6bf3a2f9268f9cd99552aecfa10a6abd
- SHA1
  
  ae49c79144df631328f74d08c806a0d999756eae
- SHA256
  
  e23b27f3242ac9d3a94717eb06e20acbb229b125673430a3ac3dcfb7e73bc944
- SHA512
  
  b46562ac5cc657a2166dd4fb6692a14d73b7e439c829c6db7591de767fc2e9c5a95276b785032e1d0a76cd5cc1e89b902a23813cbdf649eaf27bd89bf0ae6561
- SSDEEP
  
  24576:Gj+JxH3eCsapypA2p7CjapypAZreCbapypAjl7CcapypAPW17:QweCsagP7CjagUeCbagE7CcagGW
Score

1^/10
behavioral1 behavioral2
- Target
  
  CyberSniff-Uncompiled_1/CyberSniff.exe
- Size
  
  161KB
- MD5
  
  8d130996fc33ba685a1c95c06db984cb
- SHA1
  
  a2dfe8044ee494582cad82a099c14b1819b79d0b
- SHA256
  
  895fef1d7338661aa3cd4f40fd226262c642310169835c270994904e81380d26
- SHA512
  
  ff895da3f850adbe3e5e18391480339e521c018b18245254c9c36697481af9c10e4628ece4abfc6091ffde0a19482a7f4e0a692912db5aa4375f08c068cc5557
- SSDEEP
  
  3072:mguAgTsGLYEZl70PsLko1Gs2T/0oim/JbRZzlZ2pfqZ1:m5twsLko1Gs2T/pPlZ2xq
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  CyberSniff-Uncompiled_1/DiscordRPC.dll
- Size
  
  80KB
- MD5
  
  9ed0cc60faa1ca995f75dc8b4bf407c4
- SHA1
  
  87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
- SHA256
  
  acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
- SHA512
  
  9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
- SSDEEP
  
  1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9
Score

1^/10
behavioral5 behavioral6
- Target
  
  CyberSniff-Uncompiled_1/MaterialDesignColors.dll
- Size
  
  295KB
- MD5
  
  914c26874567d180a2dd407aa3fb12f6
- SHA1
  
  bf2f6ffde84453a1fa559c485c2209ed5f6028f0
- SHA256
  
  aed3efc36186c40c758df954b76f5be4a02eec64486c32aa65a2ca877ea5f21f
- SHA512
  
  1af5d387b62cdcd03d1236461a82c00435ef00fdbb83fc0adf43ad6b64071d4fcc2384ff8eecc670be8915e4881524d1157190e452b6572b0702024ca45ef0f5
- SSDEEP
  
  1536:LUNSzgEIbkIbRDu/UQXwQdU7fKoVxbdsuK:LpztIbRDKUok7fKoVxbpK
Score

1^/10
behavioral7 behavioral8
- Target
  
  CyberSniff-Uncompiled_1/MaterialDesignThemes.Wpf.dll
- Size
  
  8.7MB
- MD5
  
  b6b346f60f7943ea6b0d2cd3e37cdea4
- SHA1
  
  8af329bc72d78a449612bf0d3c9a7744afb71849
- SHA256
  
  8c32f2872fb86c65c01dfea688afc48c22013672976219bc1ae2d2d16d285d8d
- SHA512
  
  47174a9f9d70849328262b04d998aed3f01dd6acd896a3a5f1f1a0452ac2bc622114790d6915c1f5a43e040c7d5a3b9e9a4a64a28d06c5699111f333153b95ff
- SSDEEP
  
  98304:COlXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCR2fS0:CSnJ45/9iD54+V11bFv4z
Score

1^/10
behavioral10 behavioral9
- Target
  
  CyberSniff-Uncompiled_1/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral11 behavioral12
- Target
  
  CyberSniff-Uncompiled_1/PacketDotNet.dll
- Size
  
  279KB
- MD5
  
  a6a8334de471f57cea7dfd133b435a59
- SHA1
  
  c889fd7f49eb8afc5a4f8e8bd3bfbc003d2cde70
- SHA256
  
  4cff6d1abafbb93b79632b2a2f4990b93bdbdf1c2bb6965629bb9e085ec3e8e3
- SHA512
  
  e2f98d3417800edc32780c120e05ab0212e5ac0aef301c107d17cd49846c82cf6d5bddd8ffbd93f051bc3f232cec3837e639241ecbe09ab2a9b9c3334929fd2c
- SSDEEP
  
  6144:7Y2fkCf7xFIPxmdRBqeZ/PAJ3JARB7+iN9L7Y9mYRGj:7ACf7xFjRBqeZ/P1B7+iN9Q0
Score

1^/10
behavioral13 behavioral14
- Target
  
  CyberSniff-Uncompiled_1/SharpCompress.dll
- Size
  
  548KB
- MD5
  
  76cb31819dad5b386cf995b9ca13a76c
- SHA1
  
  fc526128f986aeebed2829296c4c54108d84551f
- SHA256
  
  963e2620197e09a3e246ce1e751b042c849f78f84b5e472517510d113b9965bc
- SHA512
  
  47fadb24407a080fd8434568c798f134b2ff947cee83c938f8ff3e047c864f25e31a7fbd84fff89030037d7e6e0d2a11c2a990a43d4a81073b38fea9ba807cbb
- SSDEEP
  
  6144:xRNu3An7qcTExl69Jr0ayPkvmadx+liQZh6c7K03BpMXSEoMmT:xRNuwNSl695pDd2h6mVBpmza
Score

1^/10
behavioral15 behavioral16
- Target
  
  CyberSniff-Uncompiled_1/SharpPcap.dll
- Size
  
  68KB
- MD5
  
  0ba9a0e2f4c6122cbd221f9487e6edd0
- SHA1
  
  bd28b2e5ed1a2de6172b678f40fcf15cad0a4082
- SHA256
  
  9653c299268b81788ec3d9d30ce75e92f8d14846e8428254d80702c46a857938
- SHA512
  
  29f85ec19986578feb3890f3c772e4d4a3aee09034cf597e24a77baf53ee001766229cadc1ef623111fdf35f594f63900a25e3157b21a6b62fe6a5f8c2be2f79
- SSDEEP
  
  1536:S6H0fdjXIxhoM4zlUmOMxMjzijzYjzdjzSZGNfwvC0ZQzjh:RyIt4pUwMjzijzYjzdjzKGNfJ0ZQR
Score

1^/10
behavioral17 behavioral18
- Target
  
  CyberSniff-Uncompiled_1/SimpleInjector.dll
- Size
  
  443KB
- MD5
  
  f41812a9dd2000c8ed266b0fdde6448f
- SHA1
  
  099b4ad395479dde5948e4a384cd6aa3ba76829b
- SHA256
  
  b8da962f4852afee72c179695d7bb0de950e6fb55634a38b36433efc19c6b784
- SHA512
  
  2587c94ecd292f8dedb19228ae9f03c92218f43fc89fcf4cd2a68ff7b5d50627c2d42618bcef924d15ae7d8703a803e8309e082b2bafbb00c53d874d22e31598
- SSDEEP
  
  6144:HSuyk1Ao4/Xl2+YGAxKeQypviRfW4C4TxHKbdMiPjxUO2:HMkYUEANiBnpKbFUf
Score

1^/10
behavioral19 behavioral20
- Target
  
  CyberSniff-Uncompiled_1/System.Management.dll
- Size
  
  284KB
- MD5
  
  83cda4cc597e6a0b2ebbd1b8f41e94d3
- SHA1
  
  10415fa323a21d412eb36e583a98385088065d61
- SHA256
  
  aa474c96b9fd17cb3580d89bb8eb716cb1407c89026b5e8180402666eeeb766a
- SHA512
  
  ff7d869d416e3c47c082b8bd2d6907bbbe457d17d093cd84f66d42b978d143c088e008388041b440b01f7d82e373dde9b1b5c1acfd9553f98a63fa579d7ec8d2
- SSDEEP
  
  6144:HG17jgxtTSfK7JK7XUUmhOzZiRZHhGASipzvZhHcx:HG17jgfefK747ZmhOzZiRZH2wgx
Score

1^/10
behavioral21 behavioral22
- Target
  
  CyberSniff-Uncompiled_1/WpfAnimatedGif.dll
- Size
  
  42KB
- MD5
  
  bd86598613f23b58a5e11ce0023fb14a
- SHA1
  
  3fdfc27d65d4c271f40af0bebc88b894de83b2f8
- SHA256
  
  091c944f2db95521f9190319173f17848d515da8f5a2374a0ab680406ba65914
- SHA512
  
  26351713cd36f2504d32f0ca980c51fdc5c225b5ae4af1418a2cdf42aac285b82970d902dfbf3eb52c6600878ee594f76deadc30823f0048e689a83b56cc11eb
- SSDEEP
  
  768:o4F3ZIiQwls5bcabDFfQe/sYKRGbIoCHQyv6UuY4xVqvW:o4F3ZIiQwlQbDJb/sYKRGnCwyJt4Hd
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24