Overview

overview

6

Static

static

1

bin/MobaBox.exe

windows11-21h2-x64

bin/MobaVNC.exe

windows11-21h2-x64

bin/Server...ons.sh

windows11-21h2-x64

3

bin/VNCHooks.dll

windows11-21h2-x64

1

bin/_ssh.exe

windows11-21h2-x64

bin/_ssh1.exe

windows11-21h2-x64

bin/_vim.exe

windows11-21h2-x64

bin/autossh.exe

windows11-21h2-x64

bin/awk.exe

windows11-21h2-x64

bin/bash.exe

windows11-21h2-x64

bin/conin.exe

windows11-21h2-x64

bin/ctris.exe

windows11-21h2-x64

bin/curl.exe

windows11-21h2-x64

bin/cygcom_err-3.dll

windows11-21h2-x64

1

bin/cygcrypto-3.dll

windows11-21h2-x64

1

bin/cygcurl-4.dll

windows11-21h2-x64

1

bin/cygfido2-1.dll

windows11-21h2-x64

1

bin/cyggcc...-1.dll

windows11-21h2-x64

1

bin/cyggss...-2.dll

windows11-21h2-x64

1

bin/cyggssrpc-4.dll

windows11-21h2-x64

1

bin/cygiconv-2.dll

windows11-21h2-x64

1

bin/cygk5crypto-3.dll

windows11-21h2-x64

1

bin/cygkad...11.dll

windows11-21h2-x64

1

bin/cygkdb5-8.dll

windows11-21h2-x64

1

bin/cygkrb5-3.dll

windows11-21h2-x64

1

bin/cygkrb...-0.dll

windows11-21h2-x64

1

bin/cygncu...10.dll

windows11-21h2-x64

1

bin/cygopenssh.dll

windows11-21h2-x64

1

bin/cygssh2-1.dll

windows11-21h2-x64

1

bin/cygssl-3.dll

windows11-21h2-x64

1

bin/cygssp-0.dll

windows11-21h2-x64

1

MobaXterm_....0.msi

windows11-21h2-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    MobaXterm_Installer_v24.0.zip

  • Size

    40.2MB

  • Sample

    240328-w9bs2sdb7s

  • MD5

    dc83ffd4bf00669d648ccbf9830b6222

  • SHA1

    b2fefb1ff6eea596334bc25b3c08b80bb3568d15

  • SHA256

    f9de0ab4edc1048169186dbef6b7a74714f9ab23291cd9e0555af530d964ef07

  • SHA512

    bf8959f8938740ee1153e662563e32a7b1a5831baab380e25c4995f3118f435c4b8052e53d1d45da6939eebeff078fc29de0521a0634e0f4047bda2eb92fe267

  • SSDEEP

    786432:gUFIKJijBHS51QRLgeP5dBhYHxp2RDt3wPPpKOmiVnliatk6+6Bk158gmDB:goJISrugePbTWp21t3SKOmylhpb

Score
6/10

Malware Config

Targets

    • Target

      bin/MobaBox.exe

    • Size

      219KB

    • MD5

      3eeb682d7b7af99bdf5f7ddffe5fa678

    • SHA1

      da9fef988e45bda476cd6623db4bb2a609371150

    • SHA256

      8206fe1f62c82ccbcf968499a803dd2df6ebe8f89d892621f5ad3f49c6e55a6a

    • SHA512

      843080ad7ea9dd3017192375d96cef384e11df24835a9f9fa1ea6e16731f9100e44a3adeba465be88a3d7c1b4e7f0c70520eff7f4cba604f978cb95c3f5414c1

    • SSDEEP

      6144:u0772tv8fgZeN7wb/QPjekw4nUHdv1c/cCRXuC:5WvggkwLQ7ekcHdduppuC

    Score
    1/10
    behavioral1

    • Target

      bin/MobaVNC.exe

    • Size

      214KB

    • MD5

      8e8fdae4a2fb31ec96eb0d93c6ce0754

    • SHA1

      880b446993752fac73e6da33c93f444453fcf271

    • SHA256

      2b777075c3ae797604e6064853ac536278919b549942492741ad918ea3e4cbeb

    • SHA512

      a07a463ca17ec12f9bf8ba443311736e17d5beb9e448d40c8982a4fe76195a0d7950560a9284fb5302720053ff4085d990b19c5917207016220ef09439ae75ad

    • SSDEEP

      3072:OVBBaA2+0bcdLJPf9FZJD/WoCpXYs2ZXQ3y1gmKnHA4izvyyhiu4esPXGhSok4kD:WBa4VZJDcpyXAnHA424PP2XuFV

    Score
    1/10
    behavioral2

    • Target

      bin/ServersListToMxtSessions.sh

    • Size

      694B

    • MD5

      9f889d19da7f0e623d3e893a0526d7da

    • SHA1

      7a439598eb292b57ceeb2bf66e6348fd61cbc41a

    • SHA256

      d9a4d4b93a38dc94b022537b4a6469d61bf57587c732772938e2d7b9f549bded

    • SHA512

      ffd45b3cab26dc3a22a8ab65492afa52218e819d01cc4262734f1f0d8f475c3693eae3f7cbf6eafc5bfc52106c38689c0fe785d47c06a915fbdacd4290b22bdd

    Score
    3/10
    behavioral3

    • Target

      bin/VNCHooks.dll

    • Size

      28KB

    • MD5

      0d86ea232c289964f4ea5c99825bbc8a

    • SHA1

      ce7397db3293300c65b45c7d9a2e4d00a3e08532

    • SHA256

      4e4d2637bd7d0fe4bd72dd1c92029afcab880e17c69968246523cdb59f5e14f6

    • SHA512

      d72560d93a3e176c83bb489b313a7d74b9e7b08f9dbe6897622841f81d46b1b823e36375c71610bb193f1a02b41cb5a3a10a96ada26fc155f47994a3c7a453c7

    • SSDEEP

      384:LxBcEcjaVgAwB/QD+oVoLCSlxizTppUuqj9hSHTTmIFe0SD4TimwCJJRneazzGa:L0JGyAwB9o7zTDMj94nBFej+iJCNb/T

    Score
    1/10
    behavioral4

    • Target

      bin/_ssh.exe

    • Size

      103KB

    • MD5

      d69af8a5a3d30cbca1e9e81cc8a3a061

    • SHA1

      802c8588502a9af895952e3c6b44e4b9e31ceaa7

    • SHA256

      10bc745d61ed1557df38e89810932007962ed4b573666e7b0503c35d99150de9

    • SHA512

      569bf18d6b689574889821b12527de3efb22b1bdaadc9b198d9c1ef624d61ab3c295ddf32cd9566b35ff74532cbc8799225f3524781e5cdc08357a48a3007924

    • SSDEEP

      3072:axfqNEBMEKh3uPiqvDBoJP7pIrRMrWUnuxGKw//a4km+2:4SmPiqvNoJP7pIrSrJu5Q/cm+2

    Score
    1/10
    behavioral5

    • Target

      bin/_ssh1.exe

    • Size

      233KB

    • MD5

      4f048128f6a88ff881953e003da518ef

    • SHA1

      070591af6f4a715c0323ba272b1a95f5880fae1a

    • SHA256

      bf3d9ef2a1c5f4065c34e1e96408247cd32e4c9e9512a7fcc30e5459c808721d

    • SHA512

      0982eaa64161fb0dc81727cd8af422f500fbe7feb2137cddf9a04febee5ae7de6db95591c22afd56eba1464ffc6509ff03b2d55c7e871689d8e70c0133da4d73

    • SSDEEP

      6144:GuslZ4yN5r2dgRDxSG//QVsTqVe3obQbrXFf:5CZBN5rjRNRwV12obmF

    Score
    1/10
    behavioral6

    • Target

      bin/_vim.exe

    • Size

      635KB

    • MD5

      1260e6ce41dda3e7abdb4c11336986cd

    • SHA1

      62b3c00c4d16ceaa1bac1b9ee9b6ab4ed1390d61

    • SHA256

      c0b15e89e3ad29f0ce4c23fe9ef6339ce4e2b529f4bf46252f2264301a0403f5

    • SHA512

      77df6c8dcde11b7774c98603a298f33de7de511bb4f10f35c5736ee12af41a5d5a0c07d19e263ec672eeab73653f598555a8e22205244eeeb2393507ca0a8505

    • SSDEEP

      12288:AWx/lZ0D/l+Szs4gJFTBA8ZGlCooIgvABgG2HRQm1oWxJwQ9Zb:3ZzSPibRG3oIYABgGiemS2JR3

    Score
    1/10
    behavioral7

    • Target

      bin/autossh.exe

    • Size

      8KB

    • MD5

      aaf88adc573588b92110a90ce1d3cf9c

    • SHA1

      4276725087983fca640909b60e13743231a25531

    • SHA256

      c20ad70ee8da2f3b64a412c5c3d846015575730f200000b4b5dec7f62d87e395

    • SHA512

      5fc85a8367a4c4b4e756067ec05b7b9345b5b40ae33faaabbbdf2f5d578b4f9947c53b4aeb445157e8faf3dfc77559a9709c3e684d1437aaf60f5f03e56b9509

    • SSDEEP

      192:sMfmoSKXECHt1m/ItOq+BGKgVia34arbETwk5il5vU7+6U9T:szRKUo1O5w4arbETwko5vUIt

    Score
    1/10
    behavioral8

    • Target

      bin/awk.exe

    • Size

      51KB

    • MD5

      215b88fcf86708afc102a4b0cf8ba749

    • SHA1

      575f48ddfa0b25b0e026c5830ea35e41dc6a1c19

    • SHA256

      8fda1f3ce3e4ed276055f0216be75197b7586d18bd343c455791392d34c0b485

    • SHA512

      088caf879555a602f1d9ba28139910cfedad3838b21f18f273263763eeb253b42b5b4e2a392c2305cf5a8a9f6527ca3e01ac16c19520fbd1b6d37e6cb04a8ac1

    • SSDEEP

      1536:GnGPLCfKs0nA6b92IFlu2XiDdMR6BtaR9:GWGfKs0H91rT

    Score
    1/10
    behavioral9

    • Target

      bin/bash.exe

    • Size

      356KB

    • MD5

      13364145405bee49b0be85fdaaf329d7

    • SHA1

      e2a76ba1eed8a9aeca89743521ea77240448f66b

    • SHA256

      cdd4872cf73baa8e454b1bb7d16137ac6a8411a6432ccaa52c5081e253884fd7

    • SHA512

      2571a2fb56ed3d53752a7da1f2e63311ed4b9c25817bac1c441dfea300191768266134236605d5054933c787e31560125bde1281b3060e9428d2ec3afa189647

    • SSDEEP

      6144:0eM8VIV9dqQ+5vbHI2qDFR6Q0+JGte/HN5PsOUWf+LumYfaLsKBVtU4gZaMlo0:dVI/INs2qJAte/H7Psef+LnTHtRgZaMx

    Score
    1/10
    behavioral10

    • Target

      bin/conin.exe

    • Size

      40KB

    • MD5

      9061d546e821cfb98c559531608a4108

    • SHA1

      e74b56a2e5c7339f759f935f230525af2bc736c7

    • SHA256

      b3ba470b5185466d6723c4a4f1ddb042e236d524cfd847eb9a54466e9b5cf61d

    • SHA512

      b54772f37cc16274c1bf2cc9e42cd4bdbb96e93e8dbb6d5e8f6e873caab23e60f93645292ca5184f9bef44ce993e7a7b46ac5f817db294e90c314f2049206502

    • SSDEEP

      768:gSU2FQGCnF4+hjGbG5ApeZUrHZmrQ/DgPmXIEfx8XptycaPkx:gSU2FQGCnGiGbG5Ape8HZWqguJx8vdl

    Score
    1/10
    behavioral11

    • Target

      bin/ctris.exe

    • Size

      11KB

    • MD5

      b1e1674865a66e873fb9ce92908b5d36

    • SHA1

      54f5ce8890db0fa56bcb6afd93779494a85b5ccf

    • SHA256

      9043d20c97c065a1bdddcf50d0a0ea406f80a9e5906a519eda4cd3d6f66783bb

    • SHA512

      b789cb93b76d11fa6bc7691a747b296480ebe8bacd60803a013884da35f534cdad6837e4b7909c80ce264a881a17257e445df7157d22abcfb8218f4b807d59ca

    • SSDEEP

      192:kCDGfXiTmy6Lg5lLXxVaDkV6mlDxQvTDw7gMSSrbkMesEf6q98Pn1qv09aVuxTmg:kC0iTB6Lg7XxADjmuwbb5lqvgaVYSCOU

    Score
    1/10
    behavioral12

    • Target

      bin/curl.exe

    • Size

      62KB

    • MD5

      ad9b709808e13608b55bd35a1199342b

    • SHA1

      8e35bfb5d54c101d96d47d82aa697e6c21430c64

    • SHA256

      b78458c340c9ac11ce2a4f80dc43e2d80a7a94851eb199723a05b4358ddcbca2

    • SHA512

      8221bee6b1b9197d6cfd7de5c79c63323ab506628e546c7042e72c9b9e892bc873bb0c5d75dd899bd47da50176f92cb375ecad05acdc1f5fdde0b2b06675965f

    • SSDEEP

      1536:dfchiuLjaydvBXeUgmSRdOe5dhYIFT26kI+rNFR3p5Wg:dy7jVBP9Sm6XkI+BFX5Wg

    Score
    1/10
    behavioral13

    • Target

      bin/cygcom_err-3.dll

    • Size

      3KB

    • MD5

      37b4d882824b7768db4106594cbcf3f7

    • SHA1

      fdcb438b831e62a104f5ea742374a6c6e2464560

    • SHA256

      44c328d854024f84b9826efca5bc152f302caced525830d6d333596fb353bfa5

    • SHA512

      f4a1ea6a2a5789879c40f84cdaac7bdd201dcdd2d3e5bddc349aacce731fa8c5e181be7aeea7e0b406511809a7afd00e4a2318b0a270bba04e982dd6f0338e2e

    Score
    1/10
    behavioral14

    • Target

      bin/cygcrypto-3.dll

    • Size

      1.2MB

    • MD5

      a0295602ffec0308e3b6a6da0b0ae492

    • SHA1

      7ef08861fb6b11c5c5ec84b2ef26f5ad0dd7fb4d

    • SHA256

      86603a57c00490200c44dacb43fb8e96c7599778634c669661eb05198b21947d

    • SHA512

      c15a21230105b2b2ab3ab2fa25a4aa18057c1af1841caf10d9f73cba2fa2d843a272b0adc548b17a46e0614cab24821a4eed03300216bff13ba1e25683960c89

    • SSDEEP

      24576:rVDE5rDpYOXbDQVt3gVK4I/o1te/m97w0Evg3GfvJ1S+c0lLSw75MQNZ/e:rJCYcs1Ytkm97wS3GfvJ1tkUKQ6

    Score
    1/10
    behavioral15

    • Target

      bin/cygcurl-4.dll

    • Size

      224KB

    • MD5

      6dbd61e5b4dedb610c6cb5052e5aab0b

    • SHA1

      e0081eab0f2c94b758539910a9876082edcbae11

    • SHA256

      d6d6ad86b8b3e1c3aa7750b73b160c21c86630de4f731abe03e30c2ab8455184

    • SHA512

      b57ebc2a4dcdd600290606690e6fcf70c7b8ef2a8bd9f4254c5ffb3f9449bd51fc88e8672ab3ebcebc0ca0e3b4d7f32206fba5fc89624ccc54bf36f052811c55

    • SSDEEP

      6144:rHppSX7lRxbTrlQuYC0PCXgrMBUw5sk9v:+ZDbTRYC0q1ew5suv

    Score
    1/10
    behavioral16

    • Target

      bin/cygfido2-1.dll

    • Size

      61KB

    • MD5

      1ba2e9d9cbd3e57304dafb678504aa5f

    • SHA1

      b8975782312345663b2d550f82c742a62323c9dd

    • SHA256

      af3b8d07c08d121c00f97f5b0df14dddcb782506b44e8add1f2f141cd6519b73

    • SHA512

      fa1d7491426f0fe347f06f3765e5e61969ad002bb64b84beae7454a7e237d85e7dd0dca8b5776edf57fd807df22bd1a53fa1cdf228d4f97a9ba38d62e9440c51

    • SSDEEP

      1536:RpNslGaQX1e6gceaGsY69vEcZOhgNiRqWZ1krgujAi:zNxh07sF9McYCNiRqWrklAi

    Score
    1/10
    behavioral17

    • Target

      bin/cyggcc_s-seh-1.dll

    • Size

      27KB

    • MD5

      22ff4a35db926880a3912e086d1af135

    • SHA1

      ed3c5d9e987bfd73b8544df28eb46f736be72c1e

    • SHA256

      a1d31489c01c5372feff21e83696e80fbc4457defe5a5969af0dd652d15adf50

    • SHA512

      a0eb150dfc7c0723e161f15850e65294a6c70fec3304fc775d9d53bd5fc68b6ef9def962221e8199a04c6192d26ed6d87bfb88418478e78e8eac9ca8ec8f0e90

    • SSDEEP

      768:f9TXwwUEAGD+TNDSmOWrLvrX7eqAy4qqgSg:f9WEAGD+TNDS2TeY2gSg

    Score
    1/10
    behavioral18

    • Target

      bin/cyggssapi_krb5-2.dll

    • Size

      88KB

    • MD5

      6ad9b2c4f68ce1593ef294ecc6187e7d

    • SHA1

      a59fbdc8dc292f6f80e991731d4e46e4d04521cc

    • SHA256

      895c40f92c0585f341ef80d43cfd2fd57796230ab71a8d4d6d3e4f300bf7d4fa

    • SHA512

      beeefee92174781ae6420cf29b2ca78f3ff07d166e5c84c51d4f128b9b5787219112adfb88302d098c21cd106e29a54565aaa552a7b802ab8dafee4df5b32f56

    • SSDEEP

      1536:IXWJUcTjLpOCXuMtDpG6nFZsga2D9YVItiyCfPApxnCq0FxYjy3SNlLaXtTvUY:IuHTjLBfDpBda2NXpBCqw6jy3SNBATv

    Score
    1/10
    behavioral19

    • Target

      bin/cyggssrpc-4.dll

    • Size

      36KB

    • MD5

      ff390a0fd97af6588722a37add1f54d0

    • SHA1

      94aeac3409e75588795b34169ca8a486ab68c4be

    • SHA256

      69ba0d384409542814dfa364b5b3b2f805d08be3ebafaca4b7704c27c38d9085

    • SHA512

      b1c2a3340ba939a8dcf2523bd1b5aea374bb70f0162e2ed6915808530310da5bfa502c3717dae614827be2fca691c426d0f477dd7d8cedb0ca9e703c0c113e3c

    • SSDEEP

      768:2bv2KCypzUc0cYdNuA7Pjqhxv0L8OXEcKhuBFbbVhuFQD:2dCy1UFcYdNuA7PjQN0LxXEcSUbbVhue

    Score
    1/10
    behavioral20

    • Target

      bin/cygiconv-2.dll

    • Size

      510KB

    • MD5

      2db7d42095308d8c0748a3af61c15b71

    • SHA1

      ed0974cc91418faf96a4eba143b76c7c38d0fdb8

    • SHA256

      b0ce9719178d23c72ee63e17421c7856d6323359e09c46f41d756dd7c3b5a9de

    • SHA512

      e8c13ff737904d88a61e7c80ea8fac204db6f4751f2e12744c172d7d7f3930a64e9361310457fad74507afe101f06ab05967ecdcd1ecc367fa58f86ec2753e01

    • SSDEEP

      12288:slbYHoCeHqPGnt9hPmYIVwDg7esxy1qpt9OTUNMhLYnJpqw:3oCk4Gt94N7501qb0SILwD

    Score
    1/10
    behavioral21

    • Target

      bin/cygk5crypto-3.dll

    • Size

      65KB

    • MD5

      5168a924f113c3378deb04de683175d8

    • SHA1

      ea25a220b5ff55c0613b196c1aaf81f981a45c1e

    • SHA256

      674acf2f65ea2f1a21f557b95d0fc573048b49ed1029c2c9ca7d0d0497c53012

    • SHA512

      bbb1c72fe4abe828ea75e8b76e32f7111fb60a81ec986ef8856318dbfa7e63e6397233c4edd9ed361c5b554a5b4ea81b457b1a8d49b7b39729449c37e9583e45

    • SSDEEP

      1536:DzX9zFl0mFFx76furUbzHUZW0sjHCS3FKhzDizdJ:9Ubzml+ilhXizdJ

    Score
    1/10
    behavioral22

    • Target

      bin/cygkadm5srv_mit-11.dll

    • Size

      32KB

    • MD5

      44f52831c1b1bc6e7faaa536d6b2f8b8

    • SHA1

      fd21f81be60b42e0c4e45c9dc6a31cfd3c940eb7

    • SHA256

      736712567f4e0be4fb713f7eb189b9c8a5586b3763a3daddd885af7ad9474394

    • SHA512

      96471323e7eb4764c427797644904964899264e33c35a3787b0d01d2333b261332e7373024d7b1d956ee6abd4495b95d0a390e1376c767af07f4514e43bcc139

    • SSDEEP

      768:c/n6/BuCtDS8hDVgBu9s6wgq0TOaQxGCdvM99a1S/NEBLh:26/BuYDD/8uRwgq0xQxG+M9AmaBLh

    Score
    1/10
    behavioral23

    • Target

      bin/cygkdb5-8.dll

    • Size

      21KB

    • MD5

      b0fd65dabdd0ffbdfb9372fe9d343695

    • SHA1

      64ad1c0e0ce594db371b73a9ed31e7748ae33cec

    • SHA256

      2de8ace8c4efcc00590bf16a89101b61c9d5e3c5df72f38ed7ee420c0ae725a5

    • SHA512

      8160fbe3d6861297b0e108b22e425ffb05646c03591aaf750298ecc72223750fa310ab7a8faf229bd84bb93d59aad8fd61b0b0afd673888774ccd2c895f57a18

    • SSDEEP

      384:VdYq9cgibcVr0zsubuLSgWt0Tlju4Xr/QUvhnbGnB0X6s3MVM9yPiXwMd7:LY0cgibcVibCSlauYvhynDs3MRiX17

    Score
    1/10
    behavioral24

    • Target

      bin/cygkrb5-3.dll

    • Size

      208KB

    • MD5

      5cd1a1e958b4f2b7d8971d504e0d5df0

    • SHA1

      6e209f633335174ab11a15c911fd7a2a60ce7ddc

    • SHA256

      8b3744cff555a0b4b59743c7f35a854fb600fc26bc59dc71fc48e7a1c2e023e4

    • SHA512

      ca0a6fbbb0e52b97a91873ca8c6513e29c4758cd4bcfe77bfc1d876c5749cec7e83a3ff2a3b1d4aab0991ca5033fc4b4d92ae4a88ccb44094b7837b07200cd9d

    • SSDEEP

      6144:tQnPdrm0Vguwng4lA1RE45/jS2KyHF352Xges:Sndm0pwn969/jNllF

    Score
    1/10
    behavioral25

    • Target

      bin/cygkrb5support-0.dll

    • Size

      12KB

    • MD5

      f63edaa30b1293be7f6480d9d0e0ab2c

    • SHA1

      67c4ee21ea328453dd6337004bc0a649a87f5d7a

    • SHA256

      b4a37835bfa025a445261b6fdf971a241f780b33ace47954454b7f624e8623c6

    • SHA512

      1b95d81548547a530d10c2f139c191ef87dabaa66c54ec706e6408de59083ab941c45d010903ef3c75bde3af7b29e7eb2e0b8851c7ec17cb4b9a4c192c86958d

    • SSDEEP

      384:PvYaSRnpKUJl1XyzPPCWjZp0t8/2x1kWbB271:HnSRnhl1C6oZO8/gkWNy1

    Score
    1/10
    behavioral26

    • Target

      bin/cygncursesw-10.dll

    • Size

      118KB

    • MD5

      0844c6d6952676d1c798d3e24fa462bc

    • SHA1

      4f17e5d1ffa501f46eae95c5d7184161c0545db8

    • SHA256

      4e8b6dca9f5c5b6ae229436c7dfb27321634b521d152f102d8bbc8077a790c2a

    • SHA512

      bb4908afa55270ebd1ff3276982e4067498176ee189cc84642f1286b6c86f582108a08dd18fa1e28a2827dcc4c6aeae1d1e615a114b30ac2a14299d4825a44f5

    • SSDEEP

      3072:mCg8pfYxk96uaxyhV2X9xzzbelt3RPwZq4HndNToyj0V96s7c:1dYxnua82X9tzbu3RPwZLHdNNIn17c

    Score
    1/10
    behavioral27

    • Target

      bin/cygopenssh.dll

    • Size

      216KB

    • MD5

      350820642daad167110fdeca89bc6e56

    • SHA1

      152cda6097e78ceee68667da807051122866cffe

    • SHA256

      7d8038bd5235670f7bdd3f60c8fedbc54cd2c8c57721277502a4bb2384f42d83

    • SHA512

      4dd4bcf4b9f96b3080f151455621330d6903f9f74071b548874713680549d98e6f6294b5527525d5e64c0128548503462f7b15d3391a6b0151bca05c7ccddc92

    • SSDEEP

      3072:tCf9ZnBjeUeriRicupowl8qLTPsAAQFg4yjs5U63j4kup++GpJGmZa2ZkH1UKAAT:tsZnmiRic85T/kRhjsf4MpwmFKATLQ

    Score
    1/10
    behavioral28

    • Target

      bin/cygssh2-1.dll

    • Size

      87KB

    • MD5

      d69e98f74104fa6f91a8db899ade0e50

    • SHA1

      bb933148307ee1347df094e3b03dc764e20f6532

    • SHA256

      95c49dbde75f6cf328d764bbe4039e8a978fd1f0c8f38a229155e950b005f898

    • SHA512

      7ddb49292b88ee2a690ddd07e2aa28eb53070662e7baa93538d7caa00ff4f87b72183586e54f341a47f79713862e4a395d4ce6d3757fd7995e887441b31edeea

    • SSDEEP

      1536:8aWgYILs4Ofa5tGLx6Af9w2JNOIBMxJbOE37aOd/WTxlgjQSZWO0PjOrH0xX:xs4OS5asE0MMbNOi/WTxlmWnjHX

    Score
    1/10
    behavioral29

    • Target

      bin/cygssl-3.dll

    • Size

      186KB

    • MD5

      689bd63acfda0bdea74f3b514c1d9648

    • SHA1

      ff80162a403ac20dc873c947a5e09e4b38bfe236

    • SHA256

      a710b020fedea66952c218a1915f5a94ac7f8d56a6cc5bf8d2ddbef756ce7fa4

    • SHA512

      ab933c324e3c517662ab1a0f5a1ffb40706fae5a363801f5d618a731aae4496fe736d539db22574612a0e4e70a2fab9bef2236b25082d218d2bacd7259c60261

    • SSDEEP

      3072:6w3WTsxvZM7RQhSXYxm0D1jzBZ1Ooot5mBDeooNovDbDkwjS7pi7E0H5F:6/TEhoDm9D/ZMoI5oSovDUwjS+E0HX

    Score
    1/10
    behavioral30

    • Target

      bin/cygssp-0.dll

    • Size

      3KB

    • MD5

      9e9a85fc8ab60232785e4a6c42913a3d

    • SHA1

      b10f51db886f8dc650d90e8c28036197b27a7696

    • SHA256

      12c42455d855b597697dc27c674de9085c373f26923b9cd135763ee56926ba8f

    • SHA512

      beba8189a55c512394a76cc5d6dfdb66f448fdb8ca33374b49c061f1523e388737d4bfe22b5bc384d6446af2c43c1e1efdc3b9cf186c354554becc1fbf41d801

    Score
    1/10
    behavioral31

    • Target

      MobaXterm_installer_24.0.msi

    • Size

      13.2MB

    • MD5

      472a864c6648bb01f0cdd44f942e5e62

    • SHA1

      47c3b829bf4ada054ee7c7bcbd101edd82de0ce2

    • SHA256

      22d4edc469689eb8712333dc5a578733bd8305e28895a91685208945b81bda92

    • SHA512

      099ca08e460fc0f5b6798210d509cae1e797c28c401a578f3b259304317d5fbe50dfcec141e976a483c5cf9bddad96bc7012dd0cb67cbbe984b2a55609b4be1b

    • SSDEEP

      196608:qJO++NWO+P72Rs9NLyZAvdE8ex+YJ9PX3F9rPxTu+Btcxx5qVYtNIL:YHxOc2Rs9NVdE8xc9/3F9rNoxxYYT8

    Score
    6/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral32

MITRE ATT&CK Enterprise v15

Tasks