egregor | e66fd24e29c4cd33772fbda049a4efc7b55a0c22959d0d56d0fa77bd34040864

Sharing

Copy URL

Twitter E-mail

General

Target

Install Termius.exe
Size

174.7MB
Sample

240408-nwbl5abf5x
MD5

47dd221e93e67afaec0c9da2faad8c2d
SHA1

cc6e78e778a6369022d16e218a8578ec4a7e64bb
SHA256

e66fd24e29c4cd33772fbda049a4efc7b55a0c22959d0d56d0fa77bd34040864
SHA512

30b4246bcdf4c34408fde8b0eb813301135b2e493ea069eda2f20e737bde667574b9c1ff08e2346977e945dc75a1c9e10211418a4d52703485e4906f5db6331a
SSDEEP

3145728:pnTEziz7qeKOmhoSiH9wwDTD5yCeEQ3Tdpf+5bCGMNMkWxoU5oPb60:BA67qJhiSNwHtyZEQ33vDfQA60

Score

10^/10

egregor discovery

Malware Config

Targets

- Target
  
  Install Termius.exe
- Size
  
  174.7MB
- MD5
  
  47dd221e93e67afaec0c9da2faad8c2d
- SHA1
  
  cc6e78e778a6369022d16e218a8578ec4a7e64bb
- SHA256
  
  e66fd24e29c4cd33772fbda049a4efc7b55a0c22959d0d56d0fa77bd34040864
- SHA512
  
  30b4246bcdf4c34408fde8b0eb813301135b2e493ea069eda2f20e737bde667574b9c1ff08e2346977e945dc75a1c9e10211418a4d52703485e4906f5db6331a
- SSDEEP
  
  3145728:pnTEziz7qeKOmhoSiH9wwDTD5yCeEQ3Tdpf+5bCGMNMkWxoU5oPb60:BA67qJhiSNwHtyZEQ33vDfQA60
Score

5^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  6.3MB
- MD5
  
  34999967f735b07e9cbcf6c397cea4db
- SHA1
  
  8001fcdd6ce0c6e5a3d91fd45e4c9726fa67f3e4
- SHA256
  
  c5a05048505c00af46c75fb5ca22057f09dce001eada3a756c3839d59011758f
- SHA512
  
  b6c2f722b6551231801e453bba8f9593d9f1a82edb305869ee07ef77f286968eb6ad5db1abbe750e88c8af973c362ee161aa5c591ea04ff39e4f4b34e6fa4baf
- SSDEEP
  
  24576:/PV05W5WS9YzHIlGMmfu626s6W6a6q5AHWeQFpD:F9n
Score

1^/10
behavioral11 behavioral12
- Target
  
  Termius.exe
- Size
  
  127.9MB
- MD5
  
  d6ac79d520b70b1e97a7efecacf0e39c
- SHA1
  
  a1081041746d5c5aedd755cc86a3c13c57d6d7f3
- SHA256
  
  c49a2a50b1e38ddc9d293a4e87dc25ceecb19019a52b5f8fb9131f64b66d873b
- SHA512
  
  bd8727b95623c12cd83e804f9c516109ad6b3fefe4b633741146890a16f45b2c820b4a368951f30b1df4d69ecb258dbdfdf62ee2a8376a557b96ed7378fa9575
- SSDEEP
  
  1572864:deuFC6t472Ah+FgOqXJniFHUfN8WZis2Vawn0fhj5h8ioZFk5/SDJPtiwhkzLUsj:2SJZqT8Ois+nQAE5m0rWEDFMk7
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  3.9MB
- MD5
  
  ab3be0c427c6e405fad496db1545bd61
- SHA1
  
  76012f31db8618624bc8b563698b2669365e49cb
- SHA256
  
  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
- SHA512
  
  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba
- SSDEEP
  
  98304:q4Xyn7IfxiYMzgom1mEU/AJC/vujMD9rM:809om1hU/Aavu4D9rM
Score

3^/10
behavioral15
- Target
  
  ffmpeg.dll
- Size
  
  2.4MB
- MD5
  
  2132fad8315a47284cb3ffc75b318b28
- SHA1
  
  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
- SHA256
  
  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
- SHA512
  
  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945
- SSDEEP
  
  49152:6KYNFzdKB6gk9BZy67nmzmu7V78UOylBW:6BrzrLbmzm5yn
Score

1^/10
behavioral16 behavioral17
- Target
  
  libEGL.dll
- Size
  
  367KB
- MD5
  
  5c70cc094fc6e108a5689c88f1144a51
- SHA1
  
  460b668e4301e774b79b182756db25fb0b7c206e
- SHA256
  
  c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
- SHA512
  
  3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7
- SSDEEP
  
  6144:Z5Qt2a1DtgDNyJlwMwds3hFQMHkx95NdD0OITw+Knb:Ut2a15ghivwds3fSb5rIS+E
Score

1^/10
behavioral18 behavioral19
- Target
  
  libGLESv2.dll
- Size
  
  6.2MB
- MD5
  
  7b2ce44ad89a57b1183d36e89fd0357f
- SHA1
  
  178f7ed96f5c879b08729acff45bc50cd2ed64c7
- SHA256
  
  9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
- SHA512
  
  9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41
- SSDEEP
  
  98304:FLBnpe7yyxRkfCSC7Kzc2e5+M1E+F+VeNmOeOptkLYhSzchdxPxd:FL9s7TbwCSW2e5+SF+3LYhee
Score

3^/10
behavioral20 behavioral21
- Target
  
  locales/de.pak
- Size
  
  367KB
- MD5
  
  cfc9d90273c31ccf66d81739aa76306a
- SHA1
  
  ecab570041654b147b3dd118829e2f7ae668f840
- SHA256
  
  8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a
- SHA512
  
  c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380
- SSDEEP
  
  6144:F+QNkAjzYyqSFaPjON3Be0mzBWCj0Xs5HgIxBI0gql:cQLjMyvFaCN3mzBd5xy0gql
Score

1^/10
behavioral22 behavioral23
- Target
  
  resources/app.asar.unpacked/node_modules/@termius/keytar/build/Release/keytar.node/index.js
- Size
  
  432B
- MD5
  
  ee6e2efa222bb1474534f6a2310bcbe3
- SHA1
  
  99d9649ed2e04ca0dc2a7604d14acc4f6bdad1ed
- SHA256
  
  83675a6e76853196f742a0186b7425c6cb6a31ce76306ff7336a16b060dc96a9
- SHA512
  
  38ba306c3d06babd3585c607263ead4f6bc0d3bc5e642ad45821a07162a05e18ce1b9e38d9ac014ef29da8426bfac882afa0564f198bd70644e60ca257f454b1
Score

1^/10
behavioral24 behavioral25
- Target
  
  resources/app.asar.unpacked/node_modules/@termius/keytar/lib/keytar.js
- Size
  
  1KB
- MD5
  
  c02c937c0597ff8d0fe9824fb7a7ae9a
- SHA1
  
  ac0a580385a7d812c6e1eed071ccbd6c7ead4488
- SHA256
  
  e858194902d632e217b60b913829865749568fd43aee2d65bf7ffcefd7b1d6ae
- SHA512
  
  eb1cf4966e868c5997e59e7862d6857e0a6b85315e2e196704e999fb64523318ff160570aaba78b48dcc498667fde928fc26b597a1fb9122750a2cd6ac033d8b
Score

1^/10
behavioral26 behavioral27
- Target
  
  resources/app.asar.unpacked/node_modules/@termius/keytar/win-ia32/keytar.node
- Size
  
  115KB
- MD5
  
  da698607c47fc6c765ab1fae782521d8
- SHA1
  
  7b277fc7b086016f176e42b925f215898f38d666
- SHA256
  
  bbd551f2950a407a834c15eeb7c71a818a6fd866dd24b16fc0ba135407f84fdd
- SHA512
  
  3a0a2d44f6746dcc3d983637a703cf005428e18025324c344593d3430e9eab98ec756fb9456fc393da5bf61b2744582d82634199241ef80a8675d20ba522f421
- SSDEEP
  
  3072:BKHnhWXw0a4PvawDIjHpl0whj4g8X/TNptYtPd:cHnh8w/IaVp14vPtY1d
Score

3^/10
behavioral28 behavioral29
- Target
  
  resources/app.asar.unpacked/node_modules/@termius/libfido2/index.js
- Size
  
  486B
- MD5
  
  33eb3f81c315aa1cab4dfa57e28b8c57
- SHA1
  
  ed240e139d672e27c73f8987564328253fc6fa52
- SHA256
  
  7823e992fe7f6c4e8951b3ef32302fcd1c719bd8301511e36b9781cbac50b05e
- SHA512
  
  d4842523b4650017fd2dd06d0974e04bd87b1222a1143ac6c87b6a2cd5e6c51b050bcd1aed36af83cb87ed783037507ef80c87261330e12d2cbefef42f99169a
Score

1^/10
behavioral30 behavioral31
- Target
  
  resources/app.asar.unpacked/node_modules/@termius/libfido2/win-ia32/cbor.dll
- Size
  
  180KB
- MD5
  
  e004b0df1216acd143851c4b69b7dea3
- SHA1
  
  aa4b8f9d4f29b19e521a0c766714c02e0e3d70ed
- SHA256
  
  db32c80110d514e6c4357d201107a9277c2269b05aadb6a451df6fcf6b611377
- SHA512
  
  2d8eba626452b1c3f14a57db72bf66f546bfffc6ff92c7b05ec22b0082c9cf3439c991c026d4ed417835818e11b95bb408a69f20f9676d3f5afd9374f725df94
- SSDEEP
  
  3072:5fzKUbDcqIfV4E54DIPQePucoINTpuqc2lv9HGjCv+GcAgnXl61x8aZTTVAopszI:5K9GjNWUXkyaZTppeiexh
Score

3^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32