Resubmissions

18/04/2024, 09:57 UTC

240418-lzcx9ahg47 7

18/04/2024, 09:53 UTC

240418-lwy2baah9w 8

General

  • Target

    Loader.zip

  • Size

    11.1MB

  • Sample

    240418-lwy2baah9w

  • MD5

    442f33d16593f36a5b2dfd97ec03c156

  • SHA1

    39252f6ef78c27e8dba9fa68403c04199bc25751

  • SHA256

    be5c9e6777d553873639e727b3b98c629f7d8e3fb86d818d1561e055a1557116

  • SHA512

    9d4f2e61abec3c2bec283928ca9250370c09214db2281c55bc74171b1eeeb01fdf8f34029a0f76b26f06cf6309500a6d534cf4f4ab68d7613dca2a7d938fea5c

  • SSDEEP

    196608:bnj7kEM/ezwqL9NF/Ro7RWXBifqENPd2Ccho9nI3ZVkh6L/k5aAch+4a:bjgGzzL9q7RWXUFUHo9Iw6LsXF4a

Malware Config

Targets

    • Target

      DeepwokenMaster/Bloxstrap-v2.5.4.exe

    • Size

      7.6MB

    • MD5

      dbb820772caf0003967ef0f269fbdeb1

    • SHA1

      31992bd4977a7dfeba67537a2da6c9ca64bc304c

    • SHA256

      b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc

    • SHA512

      e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f

    • SSDEEP

      98304:XNd5DSd5DxTsed5D2ZT00UuOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTl1:X+sdtObAbN0u

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      DeepwokenMaster/Loader.exe

    • Size

      7.0MB

    • MD5

      a3664d37321d58e90f0cd8d988216063

    • SHA1

      3261f93f6e3a83167a0d734d38ec36fff5d416aa

    • SHA256

      63de4d3384ad10cd476d63b6c4df1a550ec99b21007660f2c2cb3455c021e202

    • SHA512

      f52472a992ee6e2921256311855ebb9201a342e66f7a0068f259a6035eeb3ea7c91cbea549e5b732e9b19d4343f482da052cb62dc83e35bb90a62d01dad7b0cf

    • SSDEEP

      196608:FP7+g/XnJYCdS7bIn7IaAlyH0F1OMI/P:5JZbS7Ua401M/P

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      DeepwokenMaster/README.txt

    • Size

      929B

    • MD5

      92ccbd2d1a6876758f2a555eeecb2584

    • SHA1

      1c7ca8dc5ab0ffec45b0a95063c089cd47d689c4

    • SHA256

      ff44b1725bab097b922a2a6ddaec34a0933b0cbc2c5b39ff134500bde58e1f9e

    • SHA512

      b71bbd125d616f6c87e6efe618fd766a9ca8361cdf3f9623b1a345de77d3f8a3bdc5cb2a45b2b8e24d20a969220d16513ec4c6165c38d7497796f465585aa806

    Score
    1/10
    • Target

      DeepwokenMaster/bin/FastColoredTextBox.dll

    • Size

      323KB

    • MD5

      8610f4d3cdc6cc50022feddced9fdaeb

    • SHA1

      4b60b87fd696b02d7fce38325c7adfc9e806f650

    • SHA256

      ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9

    • SHA512

      693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09

    • SSDEEP

      6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO

    Score
    1/10
    • Target

      DeepwokenMaster/bin/Microsoft.Expression.Interactions.dll

    • Size

      105KB

    • MD5

      3034cc0d5cf3731ed90153aa616f3f59

    • SHA1

      aace8d26358d9829f0e6632bddf183534acfec0d

    • SHA256

      63cd5e8a60d77d1007352538a4285c60c0c3efb9c771035589105a284e4f63a9

    • SHA512

      88589b022d713d565342e331394ed5600d1fe346aa788e45e16cf51221ce898f10bd28c6a09fdc44d9ad94f25b4ed22c6f0eb28fa832863c01732def5b6c6086

    • SSDEEP

      1536:hf+YSZc1rj0oek7u05g3XG5rs+eUvNL3NX5S8caZkvsd65FAU9Qyx1NElSJK/Tr:R4ZYrj0oeOg325ragNDNP+AUzqSJMr

    Score
    1/10
    • Target

      DeepwokenMaster/bin/Newtonsoft.Json.dll

    • Size

      492KB

    • MD5

      5e02ddaf3b02e43e532fc6a52b04d14b

    • SHA1

      67f0bd5cfa3824860626b6b3fff37dc89e305cec

    • SHA256

      78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb

    • SHA512

      38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c

    • SSDEEP

      12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH

    Score
    1/10
    • Target

      DeepwokenMaster/bin/Siticone.UI.dll

    • Size

      1.3MB

    • MD5

      750c58af2e56b6addecffcf152520ab8

    • SHA1

      14995e7f1d12498606d9d209d78d55fe6fd87802

    • SHA256

      27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

    • SHA512

      2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

    • SSDEEP

      24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb

    Score
    1/10
    • Target

      DeepwokenMaster/bin/System.ValueTuple.dll

    • Size

      77KB

    • MD5

      99cec77dbee0ab10b9fc4d52a1d414be

    • SHA1

      c83d024e80c36b663458d478dfdb067336e2d616

    • SHA256

      d6fb0dcfee1490a8168117ed1b55758f11db38475417b3668d19f89dcb55cbdd

    • SHA512

      988b0ff9ede87fe7538b2e0cdd684962965b4fc2a4f0fc92726248f249cacb7c5674f3978d2d7cbed68991c71e0b0339d6edda57384097a4da8efd7d77b43cd9

    • SSDEEP

      1536:h784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaA1VUF:h7N1r9KGI04CCAP

    Score
    1/10
    • Target

      DeepwokenMaster/bin/System.Windows.Interactivity.dll

    • Size

      54KB

    • MD5

      580244bc805220253a87196913eb3e5e

    • SHA1

      ce6c4c18cf638f980905b9cb6710ee1fa73bb397

    • SHA256

      93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf

    • SHA512

      2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

    • SSDEEP

      1536:BYQaIZaEmaOQxn6JxKjtlMZAnuETAV+w4:aIhOQcSLAj4

    Score
    1/10
    • Target

      DeepwokenMaster/bin/WPFSpark.dll

    • Size

      161KB

    • MD5

      12bcf281c0eaad470e7aac6bf6f9c2c0

    • SHA1

      8271c9eb67217b10a7dd0a2749232e6282201de5

    • SHA256

      3883c938b4314caa30562893e122cc14cb54c0ddc96da085358c493169c44261

    • SHA512

      ac357b097af5d7b5d8ce7e7cbb87eab6710e16b502bb52181f72c52696d1646759d8e57f7bbd7baaae16c02376d97672ea7f6e3357150ccc59b6d892a884a7b4

    • SSDEEP

      3072:qbHZHvFmBSM0QZk6jGMKP15DEP037wvcozX+WtAELevcHzYkh9R2/dL8dDxV4cC0:qbHxvK0l6yMKt5DEP03svcozX+WtAEy1

    Score
    1/10
    • Target

      DeepwokenMaster/bin/crosshair/crosshair.png

    • Size

      1KB

    • MD5

      1d1a527703d23df3c3b3dadc7ec94588

    • SHA1

      4556f16602160c97ae212e5df6cb00c535ec7893

    • SHA256

      4dbb2d9ceb09d883c96112a5515d74a64392266b81af75986ff13c8b78da2ff3

    • SHA512

      ae7934fa2597f5f5facf9c1086ea699f4e38e9d8354383d5a08ce4fbccfb4309fc0f527f0c8cc1c6415eeb43da8da63704db8602f0f571cda1877b6603dbc15b

    Score
    3/10
    • Target

      DeepwokenMaster/bin/lua.xshd

    • Size

      4KB

    • MD5

      08713090c9ca001ca19735d0d23f93bb

    • SHA1

      1731d4f285aad168fb4a802019634ff9775f28e5

    • SHA256

      c1af5d8d18e066f0c2d535b656174ae8cdbe5f0fffe548e96d3fd2602fe7f9b3

    • SHA512

      e048b451e8d65818331c5a9d0bca7aa90b3a532274138e0ed5a20285ae969490c77f6088f25dd6ef85df19e9cdb257f007dd2c4ac8aa08b1aa7ea092ef282128

    • SSDEEP

      48:dtQxg02ZkNYDNYtJzbxb38J4JiFXiDSCEBZl3S5wk:4gJD+JF8JbXiOC2b3mwk

    Score
    1/10
    • Target

      DeepwokenMaster/configs/CUSTOMAP.txt

    • Size

      36KB

    • MD5

      e4f35f36eda4eba87a1e9635a0e4a487

    • SHA1

      459225cd61a70cdbfc3f6390b47a7292eeb71d39

    • SHA256

      785c5a6727f8ecd3ac60da0baf00974abe2119aa39dd11de3960db47e61bfb00

    • SHA512

      38fdc9630045c9c9f16c2034357c8c5fbcba4d72deaf75306c6e843c7355a958c78ed527773183f36b2ab21de47661d2358261a217d3ce45a05cf7b3b72f35a6

    • SSDEEP

      768:rZK8pB7LnKiAET7UIQ2dHEEQKx8Qh/c/MBUuVGFrPCwn/ERb8DcR/ML9GTRzvvIZ:rZK8pB7LnKibT7UIQ2dkEQKx8Qh/c/M6

    Score
    1/10
    • Target

      DeepwokenMaster/configs/Settings.txt

    • Size

      75KB

    • MD5

      8ef272e8190a15fe07d71a96450db4d1

    • SHA1

      0e6c2d66aa4ce2cd0e3c2e2d6f8baf17dfdaf144

    • SHA256

      a2e4fd608607a88b7786c06ff622ddbcf00282d4322c87fd7b790b4adaece255

    • SHA512

      5f2028f84b47348f0d0652af794ad87dcd6b7666fb7b5f34f03c7904bdd93af8a3a3988703524955e04f578ebc83bd06dcd931784956135f92c36b905a2c9040

    • SSDEEP

      1536:9O7C4s0CDdACU2ACOazCxXRCnHVCY+RC5zVCJVnChlSCfGkCW/zCStKC4GzCAfzK:6CCCyCEClCzC1CtCvCnCKCzCKCRCnCQK

    Score
    1/10
    • Target

      DeepwokenMaster/configs/teroll_HVH.txt

    • Size

      75KB

    • MD5

      1fb7e0443cefe3f72d5d545bc14b6cd1

    • SHA1

      15b3317f9032b994918c50ed4a215f2107cde23d

    • SHA256

      c537dc9cba19adf849369280bd333b17227bfafa3b5a742985cb2d273c868dea

    • SHA512

      7873cd715833c02398bf00440cf0ba4d6b9ca430ef739a3fdc678f1458eef9cf5c7741f578c72aad045fb8232449ae73b992c909b07e619f180115c6e61f6e51

    • SSDEEP

      1536:s5Y+NYCEJYCAGlCXJYCDxYCv+ECcKrCUqxCpJYC/GZCB5rCzKrCjKrCLKPCzErCT:L5CDC5C2CKCNCnCVCACQCPC6CKCiCACT

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.