a693fff41c4e738cfa6b7f0e9bcf51ae341b276b81189fa698f0c0ede4a8a54e

Sharing

Copy URL

Twitter E-mail

General

Target

Kiwi X.rar
Size

28.5MB
Sample

240320-g2pbvaba8t
MD5

0aa7defe6f32e1e2e024f62f72178af6
SHA1

d8d318688cbc73faac2adfd8609e110997ee2c68
SHA256

a693fff41c4e738cfa6b7f0e9bcf51ae341b276b81189fa698f0c0ede4a8a54e
SHA512

c8e0760d60495a2a9e8e7762132cdeba8ba535effbb58fdfc26fa3fb9b13404f92b7af85b54a185157b43bd5411d2d626048983f02b50cbf9610ce8aad570802
SSDEEP

393216:fvKurZfJU52CyQ59CZpTJFfLMSu3lu15+gsfNncYPpnDTYHN/HKpbQn5pRjq2Y5s:fvvZxky29C5VKY1P3YpD0VH9fFfiXc

Score

8^/10

Malware Config

Targets

- Target
  
  Kiwi X.rar
- Size
  
  28.5MB
- MD5
  
  0aa7defe6f32e1e2e024f62f72178af6
- SHA1
  
  d8d318688cbc73faac2adfd8609e110997ee2c68
- SHA256
  
  a693fff41c4e738cfa6b7f0e9bcf51ae341b276b81189fa698f0c0ede4a8a54e
- SHA512
  
  c8e0760d60495a2a9e8e7762132cdeba8ba535effbb58fdfc26fa3fb9b13404f92b7af85b54a185157b43bd5411d2d626048983f02b50cbf9610ce8aad570802
- SSDEEP
  
  393216:fvKurZfJU52CyQ59CZpTJFfLMSu3lu15+gsfNncYPpnDTYHN/HKpbQn5pRjq2Y5s:fvvZxky29C5VKY1P3YpD0VH9fFfiXc
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Kiwi X/Kiwi X WPF.exe.config
- Size
  
  1KB
- MD5
  
  1f48b296eae19f30d6abdd9e1fbc1a14
- SHA1
  
  8529346e5c926a9f4ded49320873f70ec6a7f9d0
- SHA256
  
  97ca967656db09e3d7046339e5c9e774c179a8d9d7bc72584eb5a8071871c2ec
- SHA512
  
  c69e5e0b82a27596bc5e2481d580fdd5588036eec6fc13de31e1dfdfe9a6b81882a69c43a3f3f2f145cf17a55cfb2ce4cd28c21291935fa13336a379f040a7ee
Score

3^/10
behavioral3 behavioral4
- Target
  
  Kiwi X/Kiwi X.exe.config
- Size
  
  1KB
- MD5
  
  1f48b296eae19f30d6abdd9e1fbc1a14
- SHA1
  
  8529346e5c926a9f4ded49320873f70ec6a7f9d0
- SHA256
  
  97ca967656db09e3d7046339e5c9e774c179a8d9d7bc72584eb5a8071871c2ec
- SHA512
  
  c69e5e0b82a27596bc5e2481d580fdd5588036eec6fc13de31e1dfdfe9a6b81882a69c43a3f3f2f145cf17a55cfb2ce4cd28c21291935fa13336a379f040a7ee
Score

3^/10
behavioral5 behavioral6
- Target
  
  Kiwi X/Monaco/base.txt
- Size
  
  132B
- MD5
  
  0d834904a252e1ab786f9637bef6819f
- SHA1
  
  f8fbbdc4d0c5ebdc4037b32183a7be3027541596
- SHA256
  
  dbe440c5dee6367ebca919886ffe593246e1e52618e4713373000c9fc77c87cc
- SHA512
  
  72a23e1ccacbaabbd65660b57fe4d9c6bf403f35f46bd439c171eb3682c805a387db25ac2206bb9a868b230aba38de38d25bb2102a2bda688ef7ab7ba67a0b42
Score

1^/10
behavioral7 behavioral8
- Target
  
  Kiwi X/Monaco/classfunc.txt
- Size
  
  1KB
- MD5
  
  bf32e93d11011eb780619b3e17fb824a
- SHA1
  
  f0fa7dbd2577b83a5d5a81622557ca05966d292c
- SHA256
  
  519da000de235c331f10660509fab51a1815ace566b8ae5b511b75813922dcb1
- SHA512
  
  5d0b4cc09c5966b3cf806b02816eb95dfc42c7e4c2056b37d254d835459444c796759795e64c3171453b5bd9d70d2705775e7200a0283725676f26a39323dc9d
Score

1^/10
behavioral10 behavioral9
- Target
  
  Kiwi X/Monaco/globalf.txt
- Size
  
  835B
- MD5
  
  1700df0210cda593d3df64f51b3caaea
- SHA1
  
  d4832190dc99184f0e0fde832e453fef9330646c
- SHA256
  
  deae98f86c62749e4b642acb41ea5dfce0caf09bc77036aae82ee814a04ed9e0
- SHA512
  
  76a651129e25bf2ac1f4a1f1e397185ec4eeb292ef64ed44633bde6ecc7b342cb1464224f2c521a69ac51d88dc4d46bc392c5db2ab94939bf84be5ef21f85add
Score

1^/10
behavioral11 behavioral12
- Target
  
  Kiwi X/Monaco/globalns.txt
- Size
  
  220B
- MD5
  
  ba56c14634b7ae6fb585be396acf5f03
- SHA1
  
  8aa4125655cd48073b55c5ea892e5da734220bbc
- SHA256
  
  5cb987e7c87f2f04cdd45f3a474fb2380bbf846534e38f2b485eafc562b7b482
- SHA512
  
  46a904064080fa51e9071e11c44685cdeadf0cdabe5feb038a4a85f2141ef13d46bd0563016ea62e5b1ccb76995c71451f6ba958b5551c31d36231b8f436190f
Score

1^/10
behavioral13 behavioral14
- Target
  
  Kiwi X/Monaco/globalv.txt
- Size
  
  161B
- MD5
  
  5cf9f238d4e62c8bcde351651c3a2a45
- SHA1
  
  16f25e5686f1235d1fbd9b9954236b043d2e6260
- SHA256
  
  eeb98f2c9911ae8ddd25f1b3be3732000f16788bda60aa962e9f8452012b1062
- SHA512
  
  b2fb24e6309303220eead8ac60d68959d189178db62611361440cafd219b45e57d3b79656b51df13eb825097557e9cd735ef228c1fc82e593368ce30fb88ca58
Score

1^/10
behavioral15 behavioral16
- Target
  
  Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
- Size
  
  4KB
- MD5
  
  48e754cb54c78a85dcc9aaea9a27847e
- SHA1
  
  8d79b23037deb6586e4954305dcb4caee14afbd2
- SHA256
  
  d1aa361f33564e8f9d527a01a66c7ce35d73f23417432e80ddf51f562770ee79
- SHA512
  
  f6d902b5c73b59636cb71d4019ff45cb77532bf22aab28a8314697e24a62163a94140c97495ad5ce421c09c26e4bcbfe5a815eae27e945c51ccd80c2ba9c3a77
- SSDEEP
  
  48:CnN6wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKm:zJWFCMcfkCFGE6+yZCacJImkArbbqrAm
Score

1^/10
behavioral17 behavioral18
- Target
  
  Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
- Size
  
  4KB
- MD5
  
  6e5c0ce7ec09969f07ea6ee078ef8ad6
- SHA1
  
  deadc5357a26852d872bffa77d1aa19108603b25
- SHA256
  
  7d23c0f30cb9c05c81bb15785a3299772ae3cfbe51f3e04895aa1f23ffbeba5b
- SHA512
  
  2b02cb82f9e4720ee43bfc8b7fe5d6de38228329aafbedb589d5a219057c15f073023deca3c1ca5b65cea4a4f0d863ebd88c889b1d67119639fae2ce180863bf
- SSDEEP
  
  48:Cn7wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKHG:EJWFCMcfkCFGE6+yZCacJImkArbbqrAm
Score

1^/10
behavioral19 behavioral20
- Target
  
  Kiwi X/Monaco/vs/editor/editor.main.css
- Size
  
  171KB
- MD5
  
  233217455a3ef3604bf4942024b94f98
- SHA1
  
  95cd3ce46f4ca65708ec25d59dddbfa3fc44e143
- SHA256
  
  2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701
- SHA512
  
  6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455
- SSDEEP
  
  1536:ZxP4PUPVP0PAPeMi76Q4TVq5bbhLynlDTkDatDF8Jmmvgs0aMJkn:p2bIRkDSYmmvgs0aMJK
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  Kiwi X/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
- Size
  
  20KB
- MD5
  
  649fb0a55b0e0fc9d79e6b7872a14c10
- SHA1
  
  b33619c9dfd65d3f2e5a5fcb767a752123d51607
- SHA256
  
  fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
- SHA512
  
  3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd
- SSDEEP
  
  384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7
Score

1^/10
behavioral23 behavioral24
- Target
  
  Kiwi X/WRDAPICONF.json
- Size
  
  25B
- MD5
  
  e980ad71e4e5ed465831d732d3175c98
- SHA1
  
  f07e0767a4d9d53bfd8a4028fcd6b2ecd2df8c30
- SHA256
  
  a52aed34a368ec553e7f89067ec65b7d6205208640f8357f76247e406d80452e
- SHA512
  
  d440156035b849287f7ad719345e99b06e481b27c6c9f794ab9fc8c3319de44dd42f62cee454608389feda7d803eaf475bc0215c3d589b0a4d50fd1215bc7861
Score

3^/10
behavioral25 behavioral26
- Target
  
  Kiwi X/bin/settings
- Size
  
  268B
- MD5
  
  79c8e6ac5ae2710242f3fc143da005b2
- SHA1
  
  411125556d5063030a4a7a2f86acf913ccff13c8
- SHA256
  
  fd2fd379b401aa0ff97e2bc97722f48687eafe4646bb5d1a13c86fc99389f1e2
- SHA512
  
  b0807e1cd50895872cff33e614e29237b30099db97ddb27bb2360e6921f21ad68a7debcec32047836a6f623fac181f3e7d17a416aa5d2fa9dd827d5f3e4235ae
Score

1^/10
behavioral27 behavioral28
- Target
  
  Kiwi X/bin/ver.txt
- Size
  
  8B
- MD5
  
  a5531945d8ab786b0d9225da5cabd495
- SHA1
  
  1c9cb55e882c7f72ca209c735b3808f156f880cb
- SHA256
  
  1cc4396d79cf3c9c177e0e536f2c2894f1dd386a4ea91330b631703a321b9ab8
- SHA512
  
  26aaf1c53bc9aa8cb38951ca2c3c5e2df58a3c304542aea84d1319350282fe8fdff5f29cd0d05de7f5d83156bab2f54b0217834fd31ccebace121dbc76b6eeab
Score

1^/10
behavioral29 behavioral30
- Target
  
  Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Empty Servers.txt
- Size
  
  1B
- MD5
  
  c4ca4238a0b923820dcc509a6f75849b
- SHA1
  
  356a192b7913b04c54574d18c28d46e6395428ab
- SHA256
  
  6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
- SHA512
  
  4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32