ploutus | 95db018c3da57f081886511338ea920272fb9a7e64e1f885a3307e692071b674

Sharing

Copy URL

Twitter E-mail

General

Target

kape.zip
Size

133.1MB
Sample

240309-a9rzdaah46
MD5

16e43eca2d1c9fb1fd68946147ad3025
SHA1

a20d7c99f4953ca5cdb70cb941738dfae7a1b98f
SHA256

95db018c3da57f081886511338ea920272fb9a7e64e1f885a3307e692071b674
SHA512

2d54a91ad606d8d58dd1dee7034a91eb0456a9adab4879c383188f94fa7cc2f5718017c28ead8a38f1335a0bfc165c98e98c4363f26513ca13d82d0ddb9b335d
SSDEEP

3145728:f14qemI2GhAKEaguRqIe9OSJofzo7qN3e0uSdzKlTXc:fWqr6AxqqySJofzo7qN3e0uSzKl7c

Score

10^/10

ploutus

Malware Config

Targets

- Target
  
  KAPE/Get-KAPEUpdate.ps1
- Size
  
  19KB
- MD5
  
  79a25fdd6e5f075d1a2af8a0529b40fe
- SHA1
  
  ba2df370e4cabf73c7b81769eb643654176e48cc
- SHA256
  
  c092906581be7e006c4170ddc12d9fc48106a5b226fed480319adaa8d3484d90
- SHA512
  
  de9d6421da1a59beda5a9319f28d1e9741147bc9652070a1e4cff626de7a11c2dbf878e874be9ca45de5ebf5921a69ea4c99d69eab1953a4b3093e202b5e3e8c
- SSDEEP
  
  384:FdpnjWP8XhVATAypplcogSAztRzEpo4LdyGp+Qrg3t35m:FdpnYRcjH94LdyaHr6t5m
Score

8^/10
- Blocklisted process makes network request
behavioral1
- Target
  
  KAPE/Modules/Apps/GitHub/reg_hunter/reg_hunter_suspicious.mkape
- Size
  
  542B
- MD5
  
  0f228fb4140f9a0add95bacfe4fa7bed
- SHA1
  
  a22dd3f26d6906f687d83dadc712084b8b990807
- SHA256
  
  c34e189affeb12f79149d89e187fca313fdf056e1bc9bb9ca65e05bc9870d80a
- SHA512
  
  7456963ed860ebcfbcae630c71e6ee63f66d83366a5facb66ce9f35a87bb1266b6f3312d5d5581a88e20711aae8447a1697901b0180db14ed2183c7e2a0bda06
Score

1^/10
behavioral2
- Target
  
  KAPE/Modules/Windows/PowerShell_ProcessList_WMI.mkape
- Size
  
  2KB
- MD5
  
  1b199403e4be769d89642acbdc5ae985
- SHA1
  
  b095e1b06046a9afef16cc3eaf284380e70006c5
- SHA256
  
  d979daec39c9b93f6cd88883dff92c7a4171c064b4feb2826391f52e43df5cb7
- SHA512
  
  a58793a2141df61068bea13e409fed000ab2590a869fb5f3819aabee0272b8ec663cd77aeb485d2e407b52083146979d84e469ea693bf20134625570a916af4d
Score

1^/10
behavioral3
- Target
  
  KAPE/Modules/Windows/PowerShell_Process_Cmdline.mkape
- Size
  
  581B
- MD5
  
  981cf9e355d5bb6e977014bcf8d74752
- SHA1
  
  61ad770a958215d7a1803c9debf263d1579e0f79
- SHA256
  
  3b292cf450a4106314cf1e87331900a98ebf45c319bafdb42aa6338962358aff
- SHA512
  
  5b96e4bac1be1574da7697ee2e92f26ffb3c7e067da1c3c11ecd9638760a28efdc60d109c94054888620a42d766a4c42f245bb775859094504efc9af0c13062a
Score

1^/10
behavioral4
- Target
  
  KAPE/Modules/Windows/PowerShell_WMIRepositoryAuditing.mkape
- Size
  
  796B
- MD5
  
  c4851b95e096788bb236c411cd56a164
- SHA1
  
  e099504bf00c3031f787a2090341675f94432fd5
- SHA256
  
  804f0587ef55c125250e28b77b2f1380ad1ddb04a4fb85b6f955cd4313d92eb0
- SHA512
  
  2c80443192a93e9b01d5f1ec2dbec5f0a03370adfc25b06a389e262e7933711863ed3d444e67446318a1c1a83f91a72307db508c29f3c8f76bcc35ff17f9def1
Score

1^/10
behavioral5
- Target
  
  KAPE/Modules/bin/AmcacheParser.exe
- Size
  
  4.5MB
- MD5
  
  f9da0978ec5d1597174c4296fa713a98
- SHA1
  
  22357fbf6f0a091df162650322b88f4119e8307e
- SHA256
  
  c941fd1662e96186eafc3406694ddc37f841a7f0ecf0211e51b82e74c69698b9
- SHA512
  
  d23542fc60b6efbf153564b500d41d7ead4b2d55092ad350ec3c3c21fe968272d2c775a6dd92649c6b15887ea48c5af6586fa8d70b4978dbda7b432dc1b76742
- SSDEEP
  
  98304:LRSJ90/9MpJVaozN9kwwmX8MzKtnqCVuOw2Sg+Nt2G2dy1E26+Geu240:9S/7XaozfXNzKdpw2Sb6yni0
Score

1^/10
behavioral6
- Target
  
  KAPE/Modules/bin/AppCompatCacheParser.exe
- Size
  
  4.3MB
- MD5
  
  74376b9320f992363a3b92b23a398d90
- SHA1
  
  6295a97bfdffff8db402eca72ba26ad844838a9c
- SHA256
  
  cc625d78812e6e4cae43fdf1897c97ba9640ca25e6e1a3cdab62c47e479494dd
- SHA512
  
  cbab239c5bf35bec526c0a08cd1ba0a114e88bc8c9417e03f6184004257617d5210d5ba70eb242c5c69c1878c79999e932b75872cff8a652cc851038f76f0645
- SSDEEP
  
  98304:9RSJ90/9csitItuCNjGGusDeRlzKuVEwuOwWCSg+Nt2G2dy1E26+GeZWWe:HS/xsiG4CJGmulzKuVEqwWCSb6ynVe
Score

1^/10
behavioral7
- Target
  
  KAPE/Modules/bin/EvtxECmd/EvtxECmd.exe
- Size
  
  4.9MB
- MD5
  
  17a260381793fd1f9141aa06bb5dab7b
- SHA1
  
  33ddaebf358de45a368036a328b2f3fea462c7fb
- SHA256
  
  71f74d5c2f3561f785994bde913ccf30c0251b434fd08d690f25baa0817d37d9
- SHA512
  
  52efdef14459663e79ab60243afe7cbf9b16e1df1cbed4000f5d44064ebd64642092c94e442ac1541a9ef8ad2dc3cac9673b0bb1963f88649c0f4251d49b06b7
- SSDEEP
  
  98304:eRSV0/9bpRslSdzrN9cd883v8vUiIPYMRYqD/DF9fbAFSg+Nt2G2dy1E26+GebZ4:OSVsRsAzrBEv8vlIwLcHEFSb6ynS
Score

1^/10
behavioral8
- Target
  
  KAPE/Modules/bin/EvtxECmd/Maps/Microsoft-Windows-PowerShell-Operational_Microsoft-Windows-PowerShell_4100.map
- Size
  
  3KB
- MD5
  
  20a3efb99148ba951129e869a3de5fba
- SHA1
  
  7648a5ed6596d6a5c1657758c8c11ec46bad7164
- SHA256
  
  fab843b3d28dfe8cc611311e7ac8ca9cbeb537a4fe2f10b18543f1b458ba0ded
- SHA512
  
  ddee682f692fd1cbb653a885957a0d78c9e63444ff1d64d4e0cfbe24b93019ec1c26b1a7b24cd10869e1c6817e434278d4951c45647557b2af49e468a25e6b71
Score

1^/10
behavioral9
- Target
  
  KAPE/Modules/bin/EvtxECmd/Maps/Microsoft-Windows-PowerShell-Operational_Microsoft-Windows-PowerShell_4103.map
- Size
  
  4KB
- MD5
  
  099eebbe5ecbf8ec1345afb3ec782834
- SHA1
  
  79bf8e72889e335456e5895528ef2808468eb32b
- SHA256
  
  f0ebd1010d45fde385948c12e762dfb94c4ef30e9bd8777666bbaf6854a1a1e1
- SHA512
  
  d2d78bddc63d2f6f52db00ac2561e417f76197cf734d585aa130f87aec388ad7ac86821857a5527cd9a59fec47749400d20a939100b603eb03a831c98342ebe8
- SSDEEP
  
  96:QzJylUxbGQE9nntm2VUVbSXUaASboNkoXublbuLaLkFimMX5bu08fMf:uglsbTEhtZVKbSkaAFeoqlpKwuX6
Score

1^/10
behavioral10
- Target
  
  KAPE/Modules/bin/JLECmd.exe
- Size
  
  4.6MB
- MD5
  
  c5a0694bdf4f672d2813112b6174e27c
- SHA1
  
  a17879ba2cc6de1490251223841080950dad90c7
- SHA256
  
  544ee10af68bac273f1077897888bf90da103ad9941b0095d0cb2aa32b5dcf89
- SHA512
  
  8bd3cfde82fbe09b97f431f262cb0847444f152217165bca132c67f2fd1a7df0d1f0b9f5200f46a4b37b0bcb87353a0890afe5dd02470243def44b0a30c26bed
- SSDEEP
  
  98304:ARS2pJVaozN9Vl6miVQMRHtnqCSuOw6Sg+Nt2G2dy1E26+GeuZs:oSUXaozhOQ29Yw6Sb6ynYs
Score

1^/10
behavioral11
- Target
  
  KAPE/Modules/bin/LECmd.exe
- Size
  
  4.9MB
- MD5
  
  1e7d57dc5fd5ab602d81306d54ab830c
- SHA1
  
  5ca6fa98fd9dbed7560f928beed288ba45ab28eb
- SHA256
  
  fda278c50f9684508e971fcae0b79bf24695bad12d82f817fb5c909caba68fbe
- SHA512
  
  166fb5d83c3d960eb72639dd3634e6e549623d3c2d5d618517125345dfcf0fe154a7e0920bb962682eab2653c83039254ea0f2246f791ee92f4950c2783ccd06
- SSDEEP
  
  98304:2nRSWpJVaozN9Vl6keiL8D3sEm0zwemdzKTnqCSuOw6Sg+Nt2G2dy1E26+GeuoH:yS0XaozhJ+cE78zKTYw6Sb6ynJH
Score

1^/10
behavioral12
- Target
  
  KAPE/Modules/bin/MFTECmd.exe
- Size
  
  4.3MB
- MD5
  
  3bec3468a0889a086846c59891db902b
- SHA1
  
  0706604f1a626fb839f87a4462ed634c871fba0b
- SHA256
  
  d01a1b646778b2c2cc89141a15e9a177268becef9c4aaccd8036e7f418e4bf60
- SHA512
  
  21861bcddf6a44e098dfdd675bdef5ac329964940321394ce591f8d4fcf4dc9e4d78e40056ab64f848d6df0db9c45b0624da02f3a3dec17f0843c39b91e68494
- SSDEEP
  
  98304:3CRRSl7X0/9MpJVaozN9fjvgVvP1HtnqCVuOwsSg+Nt2G2dy1E26+GeuO:CSlT7Xaoz3vgVvt9pwsSb6ynl
Score

1^/10
behavioral13
- Target
  
  KAPE/Modules/bin/PECmd.exe
- Size
  
  3.8MB
- MD5
  
  1afed4afcb86c8ac6ba2aa3c6160072a
- SHA1
  
  cf40e1d89b3c6f4b2d2c4848c2d6e657c0f70214
- SHA256
  
  26759e06a61e5089273fba882d3238dfe6a3d16b89784943a4191991c8a22a42
- SHA512
  
  5dbd0acf74e2649ea5a4c741d7424abfabfb5f3aeb0c165e48969b47d84f02ec93ee7211236f3d597355f8de3c7104eed738d74d9a256e228023e953236c2514
- SSDEEP
  
  98304:PRSn0/973980eGeJxsBzKTHJbWSg+Nt2G2dy1E26+Geu9v:ZSnY8RqzK1qSb6ynsv
Score

1^/10
behavioral14
- Target
  
  KAPE/Modules/bin/RBCmd.exe
- Size
  
  3.5MB
- MD5
  
  70ef4af5456e94d8a10167c1a9369c3e
- SHA1
  
  c2cd9cc57173236d6417c8c0aaa7e41b856df3d8
- SHA256
  
  8d2fa09b131e54ead80855b4bb22772ead40c7fa98c309b3128f0b90912488d7
- SHA512
  
  bb0c7c8db8d25f6466214c80c33951e74cf306ef3a0d88f75c2bead71d6bfdb1e806803081e442add9e315fa75e673140b9e633215b6a71c03ff007ceeaa6943
- SSDEEP
  
  98304:YRS2pJVaozN9kEQMRHtnqCxSg+Nt2G2dy1E26+Geueui:ASUXaozVQ299Sb6ynBui
Score

1^/10
behavioral15
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.7-ZipHistory.dll
- Size
  
  24KB
- MD5
  
  94b8622a0a0100aa55cb1c9ea8e8abd9
- SHA1
  
  ebfa363066ba296d327106553244d47fed3e6566
- SHA256
  
  6fd3b78441f411db8e1c2d3082640b153999fcd9ce79c62e82df5e0706436c1d
- SHA512
  
  81c10ce9ca2ada735655ccc3508c784afc0270ff268ad9eea98dd25e33580b8f203c6f6d2d070a8e84d42e0c7edb02636821cb3c636a330aa2258ae66228abf5
- SSDEEP
  
  384:b4hxCKU4Z+t9YV779QZF7c8AGfZb8ZpHzGov0yh8AGfZfSesRGmGovy8ZpHZL:sLQ2hQZBLjbiRP03jKeEyiRV
Score

1^/10
behavioral16
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Adobe.dll
- Size
  
  27KB
- MD5
  
  8bbe445183c270c19f3abb031fbb97c3
- SHA1
  
  a5b0bd5ec714d35677333455e5696d2767849bc1
- SHA256
  
  b76d352098c2ed54ee08c339559eb0804a36f3325625aed757b0c6909a6cc0ce
- SHA512
  
  79aa01730180b512fd37afd73db44ff860231dfad561c8e5579dae577d5129b68cb96a59685eb3db09b6939f5b332a4e9820dc1bdbc0a0fd3275eb6cce13f69b
- SSDEEP
  
  384:AEivO8Vc2U4+xt8GF7kJjgMv8AGfZb8ZpHzGovGRppy98AGfZ+GmGovy8ZpHZ9r:aO8E0GujgMEjbiRPR6jsyiRZt
Score

1^/10
behavioral17
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryApplication.dll
- Size
  
  25KB
- MD5
  
  2a1bfa5b001068b7c9c6df12e268377b
- SHA1
  
  10f0afb932a8290c812884ae0e1db1a43d155b02
- SHA256
  
  80f726b29ba535677231021e2444938672bb44c80ce85512418c5d7ba40ad988
- SHA512
  
  35155e2b03418fbf71a8fa7086c78013e2e789a2a8c90802fb6419bfa627458709dbc9f48c3a217dc78dbc0d5630f5d072bf3b49ab40fdc42807810e43a085b5
- SSDEEP
  
  384:Lt7HqH02U4Yt6InWR3o8AGfZb8ZpHzGovujAxO8AGfZwGmGovy8ZpHeSB:xDqdB5njbiRP5jSyiRZ
Score

1^/10
behavioral18
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryApplicationFile.dll
- Size
  
  25KB
- MD5
  
  d45e10d6058f979783d855d727841bed
- SHA1
  
  32b3a173116525027b28a20d066025bdc8dbbeda
- SHA256
  
  95cf10dc500f4a5b04cc8ab663fea9566cf7aed21810a8796dd2ca68fc04be17
- SHA512
  
  1178a2b10d58c59c8c67bc75873289693187d0995662b811076b02380874f4e810b4883f4aa8d45f01dce21bbbc851795c07201349ef48962c26f189e35ae088
- SSDEEP
  
  384:SO5LtUxpE7U4ktuIAqgzkobj8AGfZb8ZpHzGovxeP/8AGfZ0GmGovy8ZpH6n:FZU8HZz5YjbiRPTjOyiRI
Score

1^/10
behavioral19
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryApplicationShortcut.dll
- Size
  
  24KB
- MD5
  
  f0960026659f291ddccbacdab7ac9de4
- SHA1
  
  7250b2ed72aff838132a9eacf5bfaafec3dd5558
- SHA256
  
  49ab391324fc8e0d0f34fc71bcf0bfdde16687321a7f664960a8656f7d20c0b5
- SHA512
  
  0eb1f5be80aeca0d6cb8dcbfe54431e03783140216eaada6c19ff4121e0b954218f11e152fcb1d05339e4866f52d7a1d3cbd342e6587afb9d24c12f9e8b352ef
- SSDEEP
  
  384:7/WHCx8CTU4Nt/IoDVau08AGfZb8ZpHzGovhv8AGfZjGmGovy8ZpHgaIu:7/W+5njjbiRP+jJyiRt
Score

1^/10
behavioral20
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryDeviceContainer.dll
- Size
  
  25KB
- MD5
  
  db39c156b26ab1401b4612cdb576fcb4
- SHA1
  
  6daf9d70342837472ac7279ebde954430553e9b8
- SHA256
  
  950b485fc207f715f877f9ab162c09f2e22d88dc3d83ae4b7f3718bf61632ed5
- SHA512
  
  a339444206d987411b8a551ce786cd44e0843c7c5e22eece2eff7ae0f4b0668cfa6e0b614ea7022ab5016932dc703a7c43809dca80f058bc057382f22676e3d9
- SSDEEP
  
  384:9HGdSEFQtU4YtQI/s6Rad8AGfZb8ZpHzGovvXsbyx8AGfZ2fIGmGovy8ZpHWJw:FPfEUajbiRP/sRjfyiRh
Score

1^/10
behavioral21
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryDevicePnp.dll
- Size
  
  25KB
- MD5
  
  0764cec308ab6a66624e8a2e9fb5aeec
- SHA1
  
  710bbe0a2739e2dc5997ecae16b4afaf2011dc48
- SHA256
  
  fba1192305bf9adfd13362554a9c0c108f5b7cb26f76af82b3757fc47fb9c5de
- SHA512
  
  6f74a6312652a8311df58833fb3f9194353ef800799bb199a58b8d7818ac54c6ad175951e5dae57cada1fa85f8d5f51306799e49e15e6f531cb5a802378b683f
- SSDEEP
  
  384:tULzCB6eyhU45tyIgS8RLjD8AGfZb8ZpHzGovb2v8AGfZ+cGmGovy8ZpH/Cy:2LeB6Qbx0jbiRP6Ej+WyiRay
Score

1^/10
behavioral22
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Amcache-InventoryDriverBinary.dll
- Size
  
  26KB
- MD5
  
  947d7f701286cb6c25a6188f34160bb0
- SHA1
  
  b47308aada11495798c3e036e7026f4d1ad06b61
- SHA256
  
  0f68c7a15d5420ebab9eaa682e7b31ec938ac6b10a033f143657aa6ebb0a0d84
- SHA512
  
  c26d9a7dfce8540a2af9c5cc33d51369a289804d1e9398abb4fac1c0fc13787162a04bdda8fc18574808f85f1e563cdda7636c710daec479279b2b1031440861
- SSDEEP
  
  384:3Ub6vScccccxXa7bU4AtUIdYXaCo8AGfZb8ZpHzGov+EFB98AGfZKGmGovy8ZpHz:36wuc+vnjbiRP+y6jAyiRz
Score

1^/10
behavioral23
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.AppCompatCache.dll
- Size
  
  37KB
- MD5
  
  a031091596e93204e3213cb403f794f5
- SHA1
  
  a1e34c99dba2df2ca145f0e6d221bba452b1bfe0
- SHA256
  
  b819480e2c7e5bec5e2685707094f3e1b277e02cf715a951ab583b6dc358d016
- SHA512
  
  332d5d08e11f8372dc050bd0d35ba8a0de59d7c59fddf9a1e5959631450f6467ea78ecafeb6322ef92a9167c73ebb35ebdee3135b4249a2252df141c6543b2ad
- SSDEEP
  
  768:NNidPWYOz+w4nbvwRSvdRzLD9J0jjbiRPGjKyiRAB:NaW5K7oRS7zL0nbix4KyiOB
Score

1^/10
behavioral24
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.AppCompatFlags.dll
- Size
  
  28KB
- MD5
  
  af79ae633d8f1aaacd88e415dace23e5
- SHA1
  
  95d6aa51df456b9dbe9642dedf0a92bc01cd39c6
- SHA256
  
  0086c526ac7821e50ac05e46c1b668bf1453d9508f48e6bd348db5dc1bca7c29
- SHA512
  
  dd2cb948c18b650d6917b8e45c940331c0f15f9ffd6684394abe091f857c685957289c99ca7b9244fa140f290991431ac97f26e132e6724d9cf6ee8b27c3fb46
- SSDEEP
  
  384:v8qTm+Xfs4PXOrOCPLkU4VS5Jtji12VsaMDu8AGfZb8ZpHzGovYhNc5E8AGfZpGD:HmAsAXORzZsaMD1jbiRPYD+jbyiRA
Score

1^/10
behavioral25
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.AppCompatFlags2.dll
- Size
  
  23KB
- MD5
  
  0c0fe1772b98b15d758ad30d728f275d
- SHA1
  
  aa54d52401318cdc85c02d92d541451b10ea7715
- SHA256
  
  9338bfdb965ae3af8525cf379513f60351a0c9bfe77d665bd7a2fe2768262433
- SHA512
  
  a0caa583ec1fc0211fc7158d4a2defa300ac0724ec72085f384d1aa28cb108fa33f833c0de08a95f14670422e026b66449eb5d7b0907b9dc20cf911dd42df493
- SSDEEP
  
  384:TZKuXwDyQhCpU4st2dPf77cSs2l8AGfZb8ZpHzGov3PrSg8AGfZy7fGmGovy8Zpd:T0uNJ39CjbiRP3zSfjyByiRFr
Score

1^/10
behavioral26
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.AppPaths.dll
- Size
  
  25KB
- MD5
  
  bfe33ba91ab5517331c2149f1f27fd34
- SHA1
  
  8439f953ba65080869f755adcce4b77cad8c590b
- SHA256
  
  3146f00c4a81a587855d5b1a4a1fe1256be736079fa2267f07c94c8ff02f35a9
- SHA512
  
  9f11c8f00e9d1fcb23dce39b68204180f7c41f5b3409de1dbb0120896e5a2e14d42f43370baadf580b5a1a6c2da7361304dde25b6adba289e1e69250e2e5888f
- SSDEEP
  
  384:w/97Pif2ceU4+tRZLdsqkg48AGfZb8ZpHzGovMyVb8AGfZdNGmGovy8ZpHjVC:w9jipwqkg3jbiRPZQj1yiRk
Score

1^/10
behavioral27
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.Ares.dll
- Size
  
  27KB
- MD5
  
  374af7dbdd6f4cb8563f935c235986cc
- SHA1
  
  87fcd8a735b982db9f54b575bc622dc1c661fcd2
- SHA256
  
  599fe7dd7e0a7e02f66334d84f78a1459e63b126041cf10e7ce646c780149f56
- SHA512
  
  fe3bd4d370b0af66fa1099a9e7d56685d713d77244fe8cfb69148545cb772dd7ee62b746842a428bc668fe6bb0025fd0629bf0c8dbbd4e85fcec4a876feb43a2
- SSDEEP
  
  384:tY/AXawAiU4FtI7R3NW1zlQ8AGfZb8ZpHzGovIy/zG8AGfZrGmGovy8ZpHgRk:6/AEq1BPjbiRPDjxyiRH
Score

1^/10
behavioral28
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.BamDam.dll
- Size
  
  24KB
- MD5
  
  479d99c8b7e802b93eb24999aa7bff15
- SHA1
  
  bd96f151342844d82a3d1a7bdc585b90321f3f5c
- SHA256
  
  5a3efc375011f72b8caf9d8739223490e998f7ab281d8e0c70da957647f2c6e8
- SHA512
  
  78c65f6c6f5655034231432c08dcc10424274ee714872dd5e4bf3d79808f470b9ee539bb5f844ffdc12f0db7c21ae4bfddede490c3fa25b6967c34a7b8a6d14e
- SSDEEP
  
  384:9Dw01GpAVU4DtbrRC2sTEuQwWV8AGfZb8ZpHzGovhQUy8AGfZZVGmGovy8ZpHgFD:9D/jM2sTO8jbiRPhpj9yiRo51
Score

1^/10
behavioral29
- Target
  
  KAPE/Modules/bin/RECmd/Plugins/RegistryPlugin.BluetoothServicesBthPort.dll
- Size
  
  26KB
- MD5
  
  f0a99744cb206938e70202d0ae055990
- SHA1
  
  744c21a83f09d4ff53709c689674fdd7bf5f9498
- SHA256
  
  fe1e9702bb921c6903f167e619a900825818493fe9f1f3c2c8dbe9e194e5c4e7
- SHA512
  
  aec2cd5a4c46a8396b703552049fd788180c1a842536c1dae8fc820abb298ec50e7cd0f2ae630b614a1b98b12defbf3cdd974654dce9c4ecf908a4f74bed34c2
- SSDEEP
  
  384:qNSbNDU4HBt9eNrBm0mpSF3PBicTn7NKQNh8AGfZb8ZpHzGovAa/78AGfZQRbGmb:Xg3dpYtjbiRPz/wjQRByiRY+
Score

1^/10
behavioral30
- Target
  
  KAPE/gkape.exe
- Size
  
  60.2MB
- MD5
  
  b0f04453f5b82ba072b3292dd15d944d
- SHA1
  
  2a3b8219d4d2e80f413858109cd1da19d1b212c9
- SHA256
  
  48788ffb46766a92e4574e4a318146e5ead36c03cca30eb03f6f2df50c79ce14
- SHA512
  
  fd6938b9cf09d4bfca66a82dcc2441b82bb04c3bf52ee1f8d690c5d37eb011cc9cd2626b8386fa723b08804f3a7feda79d847a41ddd421453f04d9d7be695ef6
- SSDEEP
  
  1572864:PYOD6C4aJ9z/nrgKQaTjWErc6w4wMTopsVaWPHp6G2+QhWY:marz/nrgKZW2cnpYaWPJVA
Score

1^/10
behavioral31
- Target
  
  KAPE/kape.exe
- Size
  
  6.7MB
- MD5
  
  7e09af85742522ab31748c8992839ae6
- SHA1
  
  a3b5cdfb814acf9e924e1cb29d4d2def537e8b90
- SHA256
  
  6167472179d0b5b028560dcc84ea1a2e3cb2d7128dd18e4e9278263b86a4318b
- SHA512
  
  ec5cfd135e619bab0343583cae1e7451715c5e065698116a20d4e895ee589d11aa8669423f81f46a2f96819b4cc7e0da88dbd98d2feb824029b315ac32706de2
- SSDEEP
  
  196608:T2xOtwIsiGbSnXz/8QJLe6fD2NbnOY6gn83R29Xkj:oURTBHle6fDXY6gn4gN6
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32