8b1158f6552a30da70aff106d4ab129e08980175e440c5945bb290edbb8a222e

Sharing

Copy URL

Twitter E-mail

General

Target

Mechvibes.Setup.2.3.4 (1).exe
Size

61.8MB
Sample

240326-3h3wsahg6s
MD5

2441bd745cfb0cbd39c806a475cc9bff
SHA1

6e8c59aee5c3d072b6d42a67346604b5dcd532cb
SHA256

8b1158f6552a30da70aff106d4ab129e08980175e440c5945bb290edbb8a222e
SHA512

fce3deb09acbe8cd5e650700fdeef2edafe2ba37167a0b2ea1ff33f266c9f69d9a56856ba4868a025b3d5bf9893a50ad0bccb97d8c226798e3c9ef39e8b714dc
SSDEEP

1572864:y7b4n3FTTZ4bqlAKjv2/btReXUq4ndx+55D+UNdR:yO3F/NCJReXUHdx+5xpR

Score

7^/10

Malware Config

Targets

- Target
  
  Mechvibes.Setup.2.3.4 (1).exe
- Size
  
  61.8MB
- MD5
  
  2441bd745cfb0cbd39c806a475cc9bff
- SHA1
  
  6e8c59aee5c3d072b6d42a67346604b5dcd532cb
- SHA256
  
  8b1158f6552a30da70aff106d4ab129e08980175e440c5945bb290edbb8a222e
- SHA512
  
  fce3deb09acbe8cd5e650700fdeef2edafe2ba37167a0b2ea1ff33f266c9f69d9a56856ba4868a025b3d5bf9893a50ad0bccb97d8c226798e3c9ef39e8b714dc
- SSDEEP
  
  1572864:y7b4n3FTTZ4bqlAKjv2/btReXUq4ndx+55D+UNdR:yO3F/NCJReXUHdx+5xpR
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  238KB
- MD5
  
  38caa11a462b16538e0a3daeb2fc0eaf
- SHA1
  
  c22a190b83f4b6dc0d6a44b98eac1a89a78de55c
- SHA256
  
  ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a
- SHA512
  
  777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1
- SSDEEP
  
  3072:hD2ekNFXiQraqoDDfbrH6ZgxkzStPpwGxqeujXj5Bif/Pa0L:hD2vhaqoDfb6mxk2LqHXj3if/Pa
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  75ed96254fbf894e42058062b4b4f0d1
- SHA1
  
  996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
  
  a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
- SHA512
  
  58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
- SSDEEP
  
  192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral11 behavioral12
- Target
  
  natives_blob.bin
- Size
  
  81KB
- MD5
  
  f8ac49858ca8739658ff44c296f8aba6
- SHA1
  
  427b4da3bd619d85381c36d61daf2ce392e07909
- SHA256
  
  354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317
- SHA512
  
  52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313
- SSDEEP
  
  1536:+bz4Oif2sMnL8gDpKD0rrr/4or06mGsY3csV3/EBSee0fHVvJ4TGD3zT+2/ei7gP:+bz4Oif2sMHEBSx0fHVvOT6jTVeikwVK
Score

1^/10
behavioral13 behavioral14
- Target
  
  resources/app.asar
- Size
  
  25.9MB
- MD5
  
  c8a2b2ff81a6ff2213f7340aee1821bf
- SHA1
  
  1ec7d58cd9df90dd45f4b66defdfdbcc47912b03
- SHA256
  
  7be8e65fa732ba26133255ea51653e0262cd6d62cbccbf479b61a1b1c62c6cc6
- SHA512
  
  334871965b2e5628b69a067664ff2dadadb4f4abebe65597f071310ee8370641c92f50c7daba1e67de8ea456e9c76c30bf894bafcb6f756255cda78314a9476c
- SSDEEP
  
  786432:9+0ckWR5/7pq7mF77prLR5Sjo1mG6qHJgkOo2X5FxE/P:QVk3Yh2pFxE/P
Score

1^/10
behavioral15 behavioral16
- Target
  
  resources/app.asar.unpacked/node_modules/iohook/build.js
- Size
  
  3KB
- MD5
  
  9ea78b067ebadd8c8677da14ae782d9b
- SHA1
  
  fe94bbf7f3a59f2bcb46524ee91d44339af5f0ce
- SHA256
  
  a48159229aa653155c01a773ca64120699fd1675466003d0a6929d8ae95be77d
- SHA512
  
  ce3934dfb2ee3105210e7086aee97e570f75276558e0551fa8a79b5263cb9db4d07b29b5f6e38538f7c80c821b33c67c2e37b665eba18b146f2e2b3ee45a6a5b
Score

1^/10
behavioral17 behavioral18
- Target
  
  resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node
- Size
  
  87KB
- MD5
  
  f62a029e0c3669a49ea5e3ba010dd2f3
- SHA1
  
  e611346b5f230a9e7e6f16ab547fe52bf8b75771
- SHA256
  
  884c1a50d0daf9bf55d9f299b50ee00249287c35d6ed18019964792be5429130
- SHA512
  
  19e699176bcb1b9790f6684d670028c9f86fec6a04c34c17243f0afa2cb934ef9b3f8398db067b12bfd87bbfd2d09d4a3b509569dbbfb792606e8b36b90708f7
- SSDEEP
  
  1536:zb2NkSOQVbCeCrQhMHOkTvvM4MJSm1Ut8KaxKWy:zb2NkSOQIeCUMHPTv2wkUt8Lx/y
Score

1^/10
behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/iohook.node
- Size
  
  38KB
- MD5
  
  0ce491c1884b0cca8d40fe2e71a83eb1
- SHA1
  
  475e749aa2987f28d160945fd929b326ed1e0993
- SHA256
  
  6776940aa9653ed8bd693561dca745f200d946b5e1eeeadfa7174228f3d30dd5
- SHA512
  
  e22a489de51baace728baf35a1b10c0f29274a47bb37e089c559d75fbc9e16c710720acbff576af134acc0c722b565a6944c8afdd2a5f88b3909a0610f3e31ee
- SSDEEP
  
  768:DGcjpGnFTOMATZerDvyjbuApiD4RsWYTx1XGO6DOQXZxDB:CcjpGFTOzJbuAMD4RToxQvZpB
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/uiohook.dll
- Size
  
  29KB
- MD5
  
  03c8f03de92c2881525c8ae112496c8a
- SHA1
  
  44e39d48f41ec2a6100e7e984cb5652ac1d9e3b4
- SHA256
  
  f496f9a661a8e309f99aa5b428e2557425d8c3f1d4a37fb16b26438ef1c8da66
- SHA512
  
  264a3fd839e168f84fe00d4dfd84454322a27e6586de74846e74b30ad46d55f6d430daced2a522ba6fd7f6ad1c5913e604b8eacb59f766e9d33a5322ba5b9773
- SSDEEP
  
  384:a/JUTodSQCYR5U9ukNYMD4PV1aDH7JC1iXCoRQgMnqwyQ4YTMCw:aRUMZCYk2dPzat8iXCHMOL
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node
- Size
  
  88KB
- MD5
  
  55e4ad2bafce3071102dab9574e760dd
- SHA1
  
  9077463ec60978125b6c417ccd2f29e74efd5517
- SHA256
  
  ee47cd2e942e520ed759d10a7f07e904c30d57fe72063b59cc335592d360fea4
- SHA512
  
  19d93cdb5898acf58a2faf8599913c0ce7f7012b9124affc6078862885cca4798b480a4e21d129761f8ca0249612a7f8c52583b66ea5449acbcb6396a00287d8
- SSDEEP
  
  1536:Fp0FkSHQHUgfhKhlB9iDa/goNiaQ8dyAKajKgQ:Fp0FkSHQ0gYhlBU+/DI4dyALjlQ
Score

1^/10
behavioral24
- Target
  
  resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/iohook.node
- Size
  
  36KB
- MD5
  
  e2ae98cadf2959e98bc4e5566e2cf6bd
- SHA1
  
  0e562132cbf99b9c8d7acf1946b0f967c4e01233
- SHA256
  
  e354e60fc1e115ec6dce5a5515d2caec508b36329dd0ffe97bcc84a9acfc301a
- SHA512
  
  ebfb68308d8c7fec73b8857d75cc2b18fe3729bae5b282e34f9924dde3003e02574b6594fc5445bfc55d12933831e30f7a0a7294d434d79e8f723aca1e7ee04a
- SSDEEP
  
  768:hdsIErBwre7kB/xJlq8U6ipeAq4KnOXwWvffzRZKG6BeHXyc:hdsIE1wC7KZJlqzlQAq4KnOs+y
Score

1^/10
behavioral25 behavioral26
- Target
  
  resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/uiohook.dll
- Size
  
  29KB
- MD5
  
  10ae08e58bcb23a3a000f357751cbc48
- SHA1
  
  00947ef16163a2a50c1134f28927b0e83d40616a
- SHA256
  
  dcab13767ec675abfa66bb7ac5859caecc706b478abb0f54b9a903e215cfa32c
- SHA512
  
  dfefeedfe991a496463d97a2105f3da4b0d9b85cee26ebb5e885a1215ffdcb3833858eec92ae9943bf5dd98482730b016478b64a4a10c90d8c97c7d213a67c27
- SSDEEP
  
  384:axJUTodSQCYR5U9ukNYMD4PV1aDH7JC1iXCoRQgMnqwYQ4YTMCw:arUMZCYk2dPzat8iXCHOOL
Score

1^/10
behavioral27 behavioral28
- Target
  
  resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
- Size
  
  382B
- MD5
  
  17ce128289a3d19b931e6cd436bfdb14
- SHA1
  
  581d5a68cfa8ec97caf34b15d4e411ff08a20f56
- SHA256
  
  7b230bef0652681969d8dba281d5e3b750fdd822087e5dbd78b4030b5e1174ae
- SHA512
  
  0b8e4d5a029bbc54433e106de14baceb0f874eb28e6ea939ece7eeb1cedb54cd0b5c08e8babe508bd25516ca8b032dff386b83192c93ba3db7127096c5905b00
Score

7^/10

antivm
- Changes its process name
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Changes its process name

Checks CPU configuration

Reads CPU attributes

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32