Overview
overview
7Static
static
3Mechvibes....1).exe
windows7-x64
7Mechvibes....1).exe
windows10-2004-x64
7$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3natives_blob.js
windows7-x64
1natives_blob.js
windows10-2004-x64
1resources/app.js
windows7-x64
1resources/app.js
windows10-2004-x64
1resources/...ild.js
windows7-x64
1resources/...ild.js
windows10-2004-x64
1resources/...k.node
ubuntu-18.04-amd64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...k.node
ubuntu-18.04-amd64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...ocs.sh
ubuntu-18.04-amd64
7resources/...ocs.sh
debian-9-armhf
7resources/...ocs.sh
debian-9-mips
1resources/...ocs.sh
debian-9-mipsel
1General
-
Target
Mechvibes.Setup.2.3.4 (1).exe
-
Size
61.8MB
-
Sample
240326-3h3wsahg6s
-
MD5
2441bd745cfb0cbd39c806a475cc9bff
-
SHA1
6e8c59aee5c3d072b6d42a67346604b5dcd532cb
-
SHA256
8b1158f6552a30da70aff106d4ab129e08980175e440c5945bb290edbb8a222e
-
SHA512
fce3deb09acbe8cd5e650700fdeef2edafe2ba37167a0b2ea1ff33f266c9f69d9a56856ba4868a025b3d5bf9893a50ad0bccb97d8c226798e3c9ef39e8b714dc
-
SSDEEP
1572864:y7b4n3FTTZ4bqlAKjv2/btReXUq4ndx+55D+UNdR:yO3F/NCJReXUHdx+5xpR
Static task
static1
Behavioral task
behavioral1
Sample
Mechvibes.Setup.2.3.4 (1).exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Mechvibes.Setup.2.3.4 (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
natives_blob.js
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
natives_blob.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
resources/app.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
resources/app.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/node_modules/iohook/build.js
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/iohook/build.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/iohook.dll
Resource
win7-20231129-en
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/iohook.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/uiohook.dll
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/uiohook.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/iohook.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/iohook.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/uiohook.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/uiohook.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral30
Sample
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral31
Sample
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral32
Sample
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
Resource
debian9-mipsel-20240226-en
Malware Config
Targets
-
-
Target
Mechvibes.Setup.2.3.4 (1).exe
-
Size
61.8MB
-
MD5
2441bd745cfb0cbd39c806a475cc9bff
-
SHA1
6e8c59aee5c3d072b6d42a67346604b5dcd532cb
-
SHA256
8b1158f6552a30da70aff106d4ab129e08980175e440c5945bb290edbb8a222e
-
SHA512
fce3deb09acbe8cd5e650700fdeef2edafe2ba37167a0b2ea1ff33f266c9f69d9a56856ba4868a025b3d5bf9893a50ad0bccb97d8c226798e3c9ef39e8b714dc
-
SSDEEP
1572864:y7b4n3FTTZ4bqlAKjv2/btReXUq4ndx+55D+UNdR:yO3F/NCJReXUHdx+5xpR
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
238KB
-
MD5
38caa11a462b16538e0a3daeb2fc0eaf
-
SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c
-
SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a
-
SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1
-
SSDEEP
3072:hD2ekNFXiQraqoDDfbrH6ZgxkzStPpwGxqeujXj5Bif/Pa0L:hD2vhaqoDfb6mxk2LqHXj3if/Pa
Score3/10 -
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
75ed96254fbf894e42058062b4b4f0d1
-
SHA1
996503f1383b49021eb3427bc28d13b5bbd11977
-
SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
-
SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
-
SSDEEP
192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
14KB
-
MD5
adb29e6b186daa765dc750128649b63d
-
SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9
-
SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
-
SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
SSDEEP
192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
natives_blob.bin
-
Size
81KB
-
MD5
f8ac49858ca8739658ff44c296f8aba6
-
SHA1
427b4da3bd619d85381c36d61daf2ce392e07909
-
SHA256
354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317
-
SHA512
52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313
-
SSDEEP
1536:+bz4Oif2sMnL8gDpKD0rrr/4or06mGsY3csV3/EBSee0fHVvJ4TGD3zT+2/ei7gP:+bz4Oif2sMHEBSx0fHVvOT6jTVeikwVK
Score1/10 -
-
-
Target
resources/app.asar
-
Size
25.9MB
-
MD5
c8a2b2ff81a6ff2213f7340aee1821bf
-
SHA1
1ec7d58cd9df90dd45f4b66defdfdbcc47912b03
-
SHA256
7be8e65fa732ba26133255ea51653e0262cd6d62cbccbf479b61a1b1c62c6cc6
-
SHA512
334871965b2e5628b69a067664ff2dadadb4f4abebe65597f071310ee8370641c92f50c7daba1e67de8ea456e9c76c30bf894bafcb6f756255cda78314a9476c
-
SSDEEP
786432:9+0ckWR5/7pq7mF77prLR5Sjo1mG6qHJgkOo2X5FxE/P:QVk3Yh2pFxE/P
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/build.js
-
Size
3KB
-
MD5
9ea78b067ebadd8c8677da14ae782d9b
-
SHA1
fe94bbf7f3a59f2bcb46524ee91d44339af5f0ce
-
SHA256
a48159229aa653155c01a773ca64120699fd1675466003d0a6929d8ae95be77d
-
SHA512
ce3934dfb2ee3105210e7086aee97e570f75276558e0551fa8a79b5263cb9db4d07b29b5f6e38538f7c80c821b33c67c2e37b665eba18b146f2e2b3ee45a6a5b
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node
-
Size
87KB
-
MD5
f62a029e0c3669a49ea5e3ba010dd2f3
-
SHA1
e611346b5f230a9e7e6f16ab547fe52bf8b75771
-
SHA256
884c1a50d0daf9bf55d9f299b50ee00249287c35d6ed18019964792be5429130
-
SHA512
19e699176bcb1b9790f6684d670028c9f86fec6a04c34c17243f0afa2cb934ef9b3f8398db067b12bfd87bbfd2d09d4a3b509569dbbfb792606e8b36b90708f7
-
SSDEEP
1536:zb2NkSOQVbCeCrQhMHOkTvvM4MJSm1Ut8KaxKWy:zb2NkSOQIeCUMHPTv2wkUt8Lx/y
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/iohook.node
-
Size
38KB
-
MD5
0ce491c1884b0cca8d40fe2e71a83eb1
-
SHA1
475e749aa2987f28d160945fd929b326ed1e0993
-
SHA256
6776940aa9653ed8bd693561dca745f200d946b5e1eeeadfa7174228f3d30dd5
-
SHA512
e22a489de51baace728baf35a1b10c0f29274a47bb37e089c559d75fbc9e16c710720acbff576af134acc0c722b565a6944c8afdd2a5f88b3909a0610f3e31ee
-
SSDEEP
768:DGcjpGnFTOMATZerDvyjbuApiD4RsWYTx1XGO6DOQXZxDB:CcjpGFTOzJbuAMD4RToxQvZpB
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/uiohook.dll
-
Size
29KB
-
MD5
03c8f03de92c2881525c8ae112496c8a
-
SHA1
44e39d48f41ec2a6100e7e984cb5652ac1d9e3b4
-
SHA256
f496f9a661a8e309f99aa5b428e2557425d8c3f1d4a37fb16b26438ef1c8da66
-
SHA512
264a3fd839e168f84fe00d4dfd84454322a27e6586de74846e74b30ad46d55f6d430daced2a522ba6fd7f6ad1c5913e604b8eacb59f766e9d33a5322ba5b9773
-
SSDEEP
384:a/JUTodSQCYR5U9ukNYMD4PV1aDH7JC1iXCoRQgMnqwyQ4YTMCw:aRUMZCYk2dPzat8iXCHMOL
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node
-
Size
88KB
-
MD5
55e4ad2bafce3071102dab9574e760dd
-
SHA1
9077463ec60978125b6c417ccd2f29e74efd5517
-
SHA256
ee47cd2e942e520ed759d10a7f07e904c30d57fe72063b59cc335592d360fea4
-
SHA512
19d93cdb5898acf58a2faf8599913c0ce7f7012b9124affc6078862885cca4798b480a4e21d129761f8ca0249612a7f8c52583b66ea5449acbcb6396a00287d8
-
SSDEEP
1536:Fp0FkSHQHUgfhKhlB9iDa/goNiaQ8dyAKajKgQ:Fp0FkSHQ0gYhlBU+/DI4dyALjlQ
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/iohook.node
-
Size
36KB
-
MD5
e2ae98cadf2959e98bc4e5566e2cf6bd
-
SHA1
0e562132cbf99b9c8d7acf1946b0f967c4e01233
-
SHA256
e354e60fc1e115ec6dce5a5515d2caec508b36329dd0ffe97bcc84a9acfc301a
-
SHA512
ebfb68308d8c7fec73b8857d75cc2b18fe3729bae5b282e34f9924dde3003e02574b6594fc5445bfc55d12933831e30f7a0a7294d434d79e8f723aca1e7ee04a
-
SSDEEP
768:hdsIErBwre7kB/xJlq8U6ipeAq4KnOXwWvffzRZKG6BeHXyc:hdsIE1wC7KZJlqzlQAq4KnOs+y
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/uiohook.dll
-
Size
29KB
-
MD5
10ae08e58bcb23a3a000f357751cbc48
-
SHA1
00947ef16163a2a50c1134f28927b0e83d40616a
-
SHA256
dcab13767ec675abfa66bb7ac5859caecc706b478abb0f54b9a903e215cfa32c
-
SHA512
dfefeedfe991a496463d97a2105f3da4b0d9b85cee26ebb5e885a1215ffdcb3833858eec92ae9943bf5dd98482730b016478b64a4a10c90d8c97c7d213a67c27
-
SSDEEP
384:axJUTodSQCYR5U9ukNYMD4PV1aDH7JC1iXCoRQgMnqwYQ4YTMCw:arUMZCYk2dPzat8iXCHOOL
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
-
Size
382B
-
MD5
17ce128289a3d19b931e6cd436bfdb14
-
SHA1
581d5a68cfa8ec97caf34b15d4e411ff08a20f56
-
SHA256
7b230bef0652681969d8dba281d5e3b750fdd822087e5dbd78b4030b5e1174ae
-
SHA512
0b8e4d5a029bbc54433e106de14baceb0f874eb28e6ea939ece7eeb1cedb54cd0b5c08e8babe508bd25516ca8b032dff386b83192c93ba3db7127096c5905b00
Score7/10-
Changes its process name
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes
-