be5c9e6777d553873639e727b3b98c629f7d8e3fb86d818d1561e055a1557116

Resubmissions

18/04/2024, 09:57

240418-lzcx9ahg47 7

18/04/2024, 09:53

240418-lwy2baah9w 8

Sharing

Copy URL

Twitter E-mail

General

Target

Loader.zip
Size

11.1MB
Sample

240418-lzcx9ahg47
MD5

442f33d16593f36a5b2dfd97ec03c156
SHA1

39252f6ef78c27e8dba9fa68403c04199bc25751
SHA256

be5c9e6777d553873639e727b3b98c629f7d8e3fb86d818d1561e055a1557116
SHA512

9d4f2e61abec3c2bec283928ca9250370c09214db2281c55bc74171b1eeeb01fdf8f34029a0f76b26f06cf6309500a6d534cf4f4ab68d7613dca2a7d938fea5c
SSDEEP

196608:bnj7kEM/ezwqL9NF/Ro7RWXBifqENPd2Ccho9nI3ZVkh6L/k5aAch+4a:bjgGzzL9q7RWXUFUHo9Iw6LsXF4a

Score

7^/10

Malware Config

Targets

- Target
  
  DeepwokenMaster/Bloxstrap-v2.5.4.exe
- Size
  
  7.6MB
- MD5
  
  dbb820772caf0003967ef0f269fbdeb1
- SHA1
  
  31992bd4977a7dfeba67537a2da6c9ca64bc304c
- SHA256
  
  b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc
- SHA512
  
  e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f
- SSDEEP
  
  98304:XNd5DSd5DxTsed5D2ZT00UuOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTl1:X+sdtObAbN0u
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  DeepwokenMaster/Loader.exe
- Size
  
  7.0MB
- MD5
  
  a3664d37321d58e90f0cd8d988216063
- SHA1
  
  3261f93f6e3a83167a0d734d38ec36fff5d416aa
- SHA256
  
  63de4d3384ad10cd476d63b6c4df1a550ec99b21007660f2c2cb3455c021e202
- SHA512
  
  f52472a992ee6e2921256311855ebb9201a342e66f7a0068f259a6035eeb3ea7c91cbea549e5b732e9b19d4343f482da052cb62dc83e35bb90a62d01dad7b0cf
- SSDEEP
  
  196608:FP7+g/XnJYCdS7bIn7IaAlyH0F1OMI/P:5JZbS7Ua401M/P
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  DeepwokenMaster/README.txt
- Size
  
  929B
- MD5
  
  92ccbd2d1a6876758f2a555eeecb2584
- SHA1
  
  1c7ca8dc5ab0ffec45b0a95063c089cd47d689c4
- SHA256
  
  ff44b1725bab097b922a2a6ddaec34a0933b0cbc2c5b39ff134500bde58e1f9e
- SHA512
  
  b71bbd125d616f6c87e6efe618fd766a9ca8361cdf3f9623b1a345de77d3f8a3bdc5cb2a45b2b8e24d20a969220d16513ec4c6165c38d7497796f465585aa806
Score

1^/10
behavioral3
- Target
  
  DeepwokenMaster/bin/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral4
- Target
  
  DeepwokenMaster/bin/Microsoft.Expression.Interactions.dll
- Size
  
  105KB
- MD5
  
  3034cc0d5cf3731ed90153aa616f3f59
- SHA1
  
  aace8d26358d9829f0e6632bddf183534acfec0d
- SHA256
  
  63cd5e8a60d77d1007352538a4285c60c0c3efb9c771035589105a284e4f63a9
- SHA512
  
  88589b022d713d565342e331394ed5600d1fe346aa788e45e16cf51221ce898f10bd28c6a09fdc44d9ad94f25b4ed22c6f0eb28fa832863c01732def5b6c6086
- SSDEEP
  
  1536:hf+YSZc1rj0oek7u05g3XG5rs+eUvNL3NX5S8caZkvsd65FAU9Qyx1NElSJK/Tr:R4ZYrj0oeOg325ragNDNP+AUzqSJMr
Score

1^/10
behavioral5
- Target
  
  DeepwokenMaster/bin/Newtonsoft.Json.dll
- Size
  
  492KB
- MD5
  
  5e02ddaf3b02e43e532fc6a52b04d14b
- SHA1
  
  67f0bd5cfa3824860626b6b3fff37dc89e305cec
- SHA256
  
  78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb
- SHA512
  
  38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c
- SSDEEP
  
  12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH
Score

1^/10
behavioral6
- Target
  
  DeepwokenMaster/bin/Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  750c58af2e56b6addecffcf152520ab8
- SHA1
  
  14995e7f1d12498606d9d209d78d55fe6fd87802
- SHA256
  
  27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
- SHA512
  
  2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score

1^/10
behavioral7
- Target
  
  DeepwokenMaster/bin/System.ValueTuple.dll
- Size
  
  77KB
- MD5
  
  99cec77dbee0ab10b9fc4d52a1d414be
- SHA1
  
  c83d024e80c36b663458d478dfdb067336e2d616
- SHA256
  
  d6fb0dcfee1490a8168117ed1b55758f11db38475417b3668d19f89dcb55cbdd
- SHA512
  
  988b0ff9ede87fe7538b2e0cdd684962965b4fc2a4f0fc92726248f249cacb7c5674f3978d2d7cbed68991c71e0b0339d6edda57384097a4da8efd7d77b43cd9
- SSDEEP
  
  1536:h784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaA1VUF:h7N1r9KGI04CCAP
Score

1^/10
behavioral8
- Target
  
  DeepwokenMaster/bin/System.Windows.Interactivity.dll
- Size
  
  54KB
- MD5
  
  580244bc805220253a87196913eb3e5e
- SHA1
  
  ce6c4c18cf638f980905b9cb6710ee1fa73bb397
- SHA256
  
  93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf
- SHA512
  
  2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0
- SSDEEP
  
  1536:BYQaIZaEmaOQxn6JxKjtlMZAnuETAV+w4:aIhOQcSLAj4
Score

1^/10
behavioral9
- Target
  
  DeepwokenMaster/bin/WPFSpark.dll
- Size
  
  161KB
- MD5
  
  12bcf281c0eaad470e7aac6bf6f9c2c0
- SHA1
  
  8271c9eb67217b10a7dd0a2749232e6282201de5
- SHA256
  
  3883c938b4314caa30562893e122cc14cb54c0ddc96da085358c493169c44261
- SHA512
  
  ac357b097af5d7b5d8ce7e7cbb87eab6710e16b502bb52181f72c52696d1646759d8e57f7bbd7baaae16c02376d97672ea7f6e3357150ccc59b6d892a884a7b4
- SSDEEP
  
  3072:qbHZHvFmBSM0QZk6jGMKP15DEP037wvcozX+WtAELevcHzYkh9R2/dL8dDxV4cC0:qbHxvK0l6yMKt5DEP03svcozX+WtAEy1
Score

1^/10
behavioral10
- Target
  
  DeepwokenMaster/configs/Settings.txt
- Size
  
  75KB
- MD5
  
  8ef272e8190a15fe07d71a96450db4d1
- SHA1
  
  0e6c2d66aa4ce2cd0e3c2e2d6f8baf17dfdaf144
- SHA256
  
  a2e4fd608607a88b7786c06ff622ddbcf00282d4322c87fd7b790b4adaece255
- SHA512
  
  5f2028f84b47348f0d0652af794ad87dcd6b7666fb7b5f34f03c7904bdd93af8a3a3988703524955e04f578ebc83bd06dcd931784956135f92c36b905a2c9040
- SSDEEP
  
  1536:9O7C4s0CDdACU2ACOazCxXRCnHVCY+RC5zVCJVnChlSCfGkCW/zCStKC4GzCAfzK:6CCCyCEClCzC1CtCvCnCKCzCKCRCnCQK
Score

1^/10
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11