d0200960720f50b4215d408883809c6391989366721c6ce73a3377818fcafe1a

Sharing

Copy URL

Twitter E-mail

General

Target

COVAULT-19_server_4.zip
Size

1.6MB
Sample

240404-f2zxxafg5x
MD5

78270b791677da9f8551981ac2133474
SHA1

779e48b14c595d280c9fdaca22c2d5dc741d1b4f
SHA256

d0200960720f50b4215d408883809c6391989366721c6ce73a3377818fcafe1a
SHA512

76ceb2bb83829533c8e8cb2d237f13be95eb8e255e2d2d89fe0ebdb16b85bad31d3499ee259401b3c1f9352405a200ddf4179e03d2761f63ab3710df917633df
SSDEEP

49152:rT3qIzkaR5AFMSHML6kn+rPGI+1VnX0L2VB5rysv2I:r2V7cL6tbGI+1VX0CVB5ry01

Score

3^/10

Malware Config

Targets

- Target
  
  COVAULT-19 (server)/COVAULT-19.deps.json
- Size
  
  13KB
- MD5
  
  77b946036651a45b9a940361b668ff4c
- SHA1
  
  8e8f9e4ecfbd67c785e26c6a8e148cbe3cc98be3
- SHA256
  
  738a01d18ef137469d5cb7b9abdfddc4e8eb7ee0d6bb342d95a325f6341caf7f
- SHA512
  
  2a8eb839c1e1ef13256f0216dd43072b748dc2558fab29f67fb2d3c4d4a748af759a056811b3dded34bd721699cae731bac2869fd6aecfe6d74ed9f44b53cc92
- SSDEEP
  
  192:Y1DCqRRCcpUytCVqKAKKrRGXV5vfa4X3T7:YYGRCcpUywGbrcFY4P
Score

3^/10
behavioral1 behavioral2
- Target
  
  COVAULT-19 (server)/COVAULT-19.dll
- Size
  
  487KB
- MD5
  
  995531160eafcdcf7e1a860ba96abbd3
- SHA1
  
  b4981b47b374e3d66fae7bc894ab8cfdacc9414e
- SHA256
  
  6e9d8ac34e819e4e6822ce776fd711c7a61f1fd5c4699f4779cffe64f2818d98
- SHA512
  
  9f0d2f207c0cd544581288a2cd52fa3971eebf435b87dcbfadf58c1e9165bbc5fed4ebc5facc83e65f7346b67422fb959d38cd3270f8771a7e4157d32fad70a3
- SSDEEP
  
  12288:eH02rhrrYOQX3P1Xm1Op7/OdogdwiKB6NrfTkvnR/2x:eXrWX3PAm7mdogo6rfTEW
Score

1^/10
behavioral3 behavioral4
- Target
  
  COVAULT-19 (server)/COVAULT-19.exe
- Size
  
  517KB
- MD5
  
  6f47cbc498ca869d95a2b98c1958110e
- SHA1
  
  1b98c2946eb7a130ce03fa3168fac65b1db4ddbf
- SHA256
  
  569d2dda14d54d9cf6a064138b9ae0f08b44023219eb71c9729ee4397311113d
- SHA512
  
  771b95f0b16fa15843cd5121e26fb2a1f7b06f4864e2a4a601fae9f7193b32801ab419ff67d00f544814c5d63ab8592b59567f46245d87134bc777118df59b51
- SSDEEP
  
  12288:MLDnyp4enDbOQX3P1Xm1Op7/OdogdwiKB6NrfTkvnR/2x:MPyp4eDjX3PAm7mdogo6rfTEW
Score

1^/10
behavioral5 behavioral6
- Target
  
  COVAULT-19 (server)/COVAULT-19.pdb
- Size
  
  44KB
- MD5
  
  063fd1d52fa5897fe9e148344d4c5f79
- SHA1
  
  32b3a23a726efb1b603d2e33407f76c54b83fb74
- SHA256
  
  fe8f065a1964d28b9e6928b456f4bad0d7aaf36adb72a292f9ed58d9d852dee8
- SHA512
  
  0bd57a2b8ee395fa913930ce641edb59c385cd6c0d619479343370883f676f260d379cfa1a7d5bb89eb27d3e9a53c4622c38a2f71159560abd2df751582b2b63
- SSDEEP
  
  768:Z6BBrHayRMNecIy0BTtJLoXz1saxXwwwwQFrU:Qr6yRMENBTtJkX+mwwwwQFrU
Score

3^/10
behavioral7 behavioral8
- Target
  
  COVAULT-19 (server)/COVAULT-19.runtimeconfig.dev.json
- Size
  
  326B
- MD5
  
  c3e9e8dc7d81f82783046b1ebc69a5a8
- SHA1
  
  f4a9fabf4fd3c7620e809b47a51c44bfa2d3923c
- SHA256
  
  e56023444c905bb08648059f8caa12fc93fa0760a226b8f53d2fa3be88f0b89f
- SHA512
  
  f85e09a7b4f6ed885dc69ae8c7f31653afe558140bd86c36ec328644d4be46150eb36eb572122c1a6d3d5de86083d4ddbb6f022e83da8a5cf370d4bdc1b9a70e
Score

3^/10
behavioral10 behavioral9
- Target
  
  COVAULT-19 (server)/COVAULT-19.runtimeconfig.json
- Size
  
  260B
- MD5
  
  8ca3b7795e000c8aeb8da3e7a4ecbeea
- SHA1
  
  3af08e88a8c7d3b31135ec105105d8ecf1a8af8d
- SHA256
  
  2c6dd6135c044b210aa1168389205f5c4c2b6d721328f15a69d4dbde3510030b
- SHA512
  
  3cc0a89c936708ed7c744630ca2e8c734b3cb2356cfb52a7b77779f88d838635f4d5c896ae18964f4c87b1da6b50d416ccbcea7ede5a605350180ed3fda5349d
Score

3^/10
behavioral11 behavioral12
- Target
  
  COVAULT-19 (server)/Microsoft.Win32.Registry.dll
- Size
  
  40KB
- MD5
  
  e1d9a5b63a29e0be888ca6952700ab83
- SHA1
  
  819607a0c5acd057219e22cc1174a2e3078b9d6f
- SHA256
  
  340933ad6701077ae9b8035e4671803d86074ab32f2de8165acfdb954bd260f6
- SHA512
  
  5e153bc90195e20e503c8c04b1361598947de3500c8c6f6fd6baf0e245aa5afc7d84bf55787d11914a28c0e8186a29360a94fcc8b816f482045b7032ea8738d3
- SSDEEP
  
  768:JipxaP/LOgSJzldoB7ViedPHAsmlxPvyyE:AaP/ybu7ViCPHZmlx3yT
Score

1^/10
behavioral13 behavioral14
- Target
  
  COVAULT-19 (server)/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral15 behavioral16
- Target
  
  COVAULT-19 (server)/System.Diagnostics.EventLog.dll
- Size
  
  49KB
- MD5
  
  14b8ab0f426d52342f2098023b287623
- SHA1
  
  d79df6f5f70373e70202782aad9edd76db95939e
- SHA256
  
  c476fbc42f2a4161833020ea65e8a895561f6b64c6f531d52dda4324d27b4d8b
- SHA512
  
  8237d400336afd2e4faddf139e74935e5a9b530684fdea37843d2aaa73bd8e1505a3acabb7368551c6ec53bd7877ca75f3c6541c1f81d8964772d1d5cf9d7b88
- SSDEEP
  
  768:etd17d/cc2PK5SUizOAFipsH+MKmL+7NQ1OaY7pykJ:KF/cc26whifMmNP7pykJ
Score

1^/10
behavioral17 behavioral18
- Target
  
  COVAULT-19 (server)/System.Security.AccessControl.dll
- Size
  
  54KB
- MD5
  
  2aa3be1a5e32b7fc89ee5460a2c4db18
- SHA1
  
  ff27582916b77d75df896399ede0b9e8ffe369ef
- SHA256
  
  93084849c17a21f641c13c9f17545cfe18c1ec097561f3f0ebbbe26f358ba120
- SHA512
  
  f470fe10e0033a8d96de8a747243eb1f90e07108873270d4ca538a02f46ab20232fd715b05a2f23357c0d58b0c845c4e7ea35f453b90aeda2942f36d57d6d498
- SSDEEP
  
  768:dfYY2UVC44RvZy5cgPWOUl9QR2OreWBkyNFazSuVN:WYtV+hy7WOUlYbrlAzhVN
Score

1^/10
behavioral19 behavioral20
- Target
  
  COVAULT-19 (server)/System.Security.Principal.Windows.dll
- Size
  
  36KB
- MD5
  
  a1f634780387ab0b5219a8741366f4a2
- SHA1
  
  0cf42e1bd78443ae1d6c16223a7ff463c5105d21
- SHA256
  
  7828dfd952a9fd49404477baff714849177d9f18c0654adafadbdcafb4b21f47
- SHA512
  
  77a1a74ed08c746c0de4d523d0128233ebe8af601127bff5a2531a8f062ac83d2e6c792b54ab17ecb0cd4ef4a9ce3216975953ceae8ebaf26374bf809a79bfd0
- SSDEEP
  
  768:Ur8Jx0w6kYq/fru6/EBiOBGyU3J8R64N3:NYq/fL/EB9BGyMJA649
Score

1^/10
behavioral21 behavioral22
- Target
  
  COVAULT-19 (server)/System.ServiceProcess.ServiceController.dll
- Size
  
  32KB
- MD5
  
  81d2db93fd0ac4c7130d49b6d1e16ad8
- SHA1
  
  e26df3ca56328570d82e5c4464f5be1c7e22f421
- SHA256
  
  fe8f5811cc2312916402d720bedef088aa277673ddcac9318a790279e77810f4
- SHA512
  
  010db23754959b5565571ed17baf621493146b0cdbff3d1d4296134e53e6cb5dce138b48aa0a06a8d592871ec1bff20982437a8eabfb7f3ac8872efca5cc52a2
- SSDEEP
  
  768:C40Smq62df/uxb7aYN92D1NltSvL7iJZE:0h2Nuxb7aYN0pSvL7iJZE
Score

1^/10
behavioral23 behavioral24
- Target
  
  COVAULT-19 (server)/WindowsFirewallHelper.dll
- Size
  
  199KB
- MD5
  
  af6bfb45c96b2474bfe8c8fde7728091
- SHA1
  
  1b94512ac341650a73e5b99c93e36e471a044055
- SHA256
  
  0aa29831929aca3f7f621563bac395e8b50f9eadd99edf61fd30c8f758c9b189
- SHA512
  
  97a8ab795b50d58416c061d73a052b7ddc421d789d64252e809662ac9fa2f35aee44ea323f8ea9c9d4b278a72cb64fac61e4a4fbde7c8cb6aca1eafeb21f9579
- SSDEEP
  
  6144:nxtZOq63JJIBgrf/9HNclgH59x32ZKPu:nxOqfgUgH3F2ZKPu
Score

1^/10
behavioral25 behavioral26
- Target
  
  COVAULT-19 (server)/runtimes/unix/lib/netcoreapp2.1/System.Security.Principal.Windows.dll
- Size
  
  36KB
- MD5
  
  0035b12417dfd1d22d43d696968cb54f
- SHA1
  
  76ae451be0b87ac0a7cd5de80edbe117ae191535
- SHA256
  
  f470c7ee0f99f5ceaa25f51970988cfbcddbe0f8dd8491ca3e9cf4f9f52fdb75
- SHA512
  
  600a2ce00f779d0a2f87ca23cf3c6d280067666879a3978923056b094815830aea9caba7a5e32bfc6a0b973c8d2a6d706eea1f73658ead840cc05ae705841f43
- SSDEEP
  
  768:hr8Jx005YLlU2mM0faosEbTnQD+o3J8RkK4Rw:4YpFosEbTQD+oJAkKIw
Score

1^/10
behavioral27 behavioral28
- Target
  
  COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Diagnostics.EventLog.dll
- Size
  
  127KB
- MD5
  
  9fb98981ec44d65d5a8fd867d7704dfb
- SHA1
  
  7558a89c885ebad2fe4fdec28c1eb7235a751c7d
- SHA256
  
  351f8619c3dafbad38ac8c89349b4c15073a944b2906b42cc7efe6353d21a985
- SHA512
  
  b0226ad2487ee124953205079f7d13efdd8c4ec92a184a5687607ce78022ce5899bf079aff7a04685b5c44798483642f0996871ceebe094d8965d6ecf1833576
- SSDEEP
  
  3072:GH/D1R8EYgMivs+qA8fb/+kPbPH5+LKlwnO4S5llBkQ7cEZ7A:GrQLgMivs+qdb/+kPl+4p4Sb7HZ7
Score

1^/10
behavioral29 behavioral30
- Target
  
  COVAULT-19 (server)/runtimes/win/lib/netcoreapp2.0/System.Security.AccessControl.dll
- Size
  
  99KB
- MD5
  
  5ca4f84f2270a788fa2beef07a4789b1
- SHA1
  
  10471c83f8f24880edc09ccfde4464119ca7e9fa
- SHA256
  
  94d32fbe707c5a162c1f7e37b092f0ec39f5c03152609a140c9f85aa4f8768ec
- SHA512
  
  e5b7f40396515db845e48967f704438ea06359a4e4ff728fe98e44807a935bf44aa0e1c26d1976a4ee8d587f970cdb40f95f0659910fcda6f8f935968882042a
- SSDEEP
  
  1536:f8dCzHuriAqBpmBe2mmEdrrrzDhHbVudX0lqxDU:UMzHu+AOmBlmmEdrrrzDh7VudEqB
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32