egregor | e66fd24e29c4cd33772fbda049a4efc7b55a0c22959d0d56d0fa77bd34040864 | Triage

Resubmissions

28-03-2024 09:19

240328-laa3cshc5s 10

28-03-2024 09:13

240328-k6zvxseh67 10

Sharing

General

Target

Install Termius.exe
Size

174.7MB
Sample

240328-laa3cshc5s
MD5

47dd221e93e67afaec0c9da2faad8c2d
SHA1

cc6e78e778a6369022d16e218a8578ec4a7e64bb
SHA256

e66fd24e29c4cd33772fbda049a4efc7b55a0c22959d0d56d0fa77bd34040864
SHA512

30b4246bcdf4c34408fde8b0eb813301135b2e493ea069eda2f20e737bde667574b9c1ff08e2346977e945dc75a1c9e10211418a4d52703485e4906f5db6331a
SSDEEP

3145728:pnTEziz7qeKOmhoSiH9wwDTD5yCeEQ3Tdpf+5bCGMNMkWxoU5oPb60:BA67qJhiSNwHtyZEQ33vDfQA60

Score

10^/10

egregor

Malware Config

Targets

- Target
  
  Termius.exe
- Size
  
  127.9MB
- MD5
  
  d6ac79d520b70b1e97a7efecacf0e39c
- SHA1
  
  a1081041746d5c5aedd755cc86a3c13c57d6d7f3
- SHA256
  
  c49a2a50b1e38ddc9d293a4e87dc25ceecb19019a52b5f8fb9131f64b66d873b
- SHA512
  
  bd8727b95623c12cd83e804f9c516109ad6b3fefe4b633741146890a16f45b2c820b4a368951f30b1df4d69ecb258dbdfdf62ee2a8376a557b96ed7378fa9575
- SSDEEP
  
  1572864:deuFC6t472Ah+FgOqXJniFHUfN8WZis2Vawn0fhj5h8ioZFk5/SDJPtiwhkzLUsj:2SJZqT8Ois+nQAE5m0rWEDFMk7
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  d3dcompiler_47.dll
- Size
  
  3.9MB
- MD5
  
  ab3be0c427c6e405fad496db1545bd61
- SHA1
  
  76012f31db8618624bc8b563698b2669365e49cb
- SHA256
  
  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
- SHA512
  
  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba
- SSDEEP
  
  98304:q4Xyn7IfxiYMzgom1mEU/AJC/vujMD9rM:809om1hU/Aavu4D9rM
Score

3^/10
behavioral3
- Target
  
  ffmpeg.dll
- Size
  
  2.4MB
- MD5
  
  2132fad8315a47284cb3ffc75b318b28
- SHA1
  
  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
- SHA256
  
  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
- SHA512
  
  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945
- SSDEEP
  
  49152:6KYNFzdKB6gk9BZy67nmzmu7V78UOylBW:6BrzrLbmzm5yn
Score

1^/10
behavioral4 behavioral5
- Target
  
  libEGL.dll
- Size
  
  367KB
- MD5
  
  5c70cc094fc6e108a5689c88f1144a51
- SHA1
  
  460b668e4301e774b79b182756db25fb0b7c206e
- SHA256
  
  c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
- SHA512
  
  3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7
- SSDEEP
  
  6144:Z5Qt2a1DtgDNyJlwMwds3hFQMHkx95NdD0OITw+Knb:Ut2a15ghivwds3fSb5rIS+E
Score

1^/10
behavioral6 behavioral7
- Target
  
  libGLESv2.dll
- Size
  
  6.2MB
- MD5
  
  7b2ce44ad89a57b1183d36e89fd0357f
- SHA1
  
  178f7ed96f5c879b08729acff45bc50cd2ed64c7
- SHA256
  
  9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
- SHA512
  
  9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41
- SSDEEP
  
  98304:FLBnpe7yyxRkfCSC7Kzc2e5+M1E+F+VeNmOeOptkLYhSzchdxPxd:FL9s7TbwCSW2e5+SF+3LYhee
Score

3^/10
behavioral8 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9