General
-
Target
Crystal disk.zip
-
Size
7.4MB
-
Sample
240420-mqek6aee87
-
MD5
2f151188669b9d920e023752f1aa4d92
-
SHA1
03584a1afac7afc709dd8b8bf5c602845edec7e4
-
SHA256
46a2ef76412b88068194c79780e29ac7307831849da46b189567b11c87b678b7
-
SHA512
def39caade3a44f7184ed9269e6c273e9ff1378cadc0a9eea3978fb73b772bda6b75a4ba4e3e439886c96a20d4b22d85677c579746004c4e10fc9a25f0efd75c
-
SSDEEP
196608:lsY7fJaPeMQTv44K2/SJwM8AWHRZdOJH4S/C5eLr:R7fcPV4K2/FM8hxbOJHH/CeLr
Malware Config
Targets
-
-
Target
Crystal disk.zip
-
Size
7.4MB
-
MD5
2f151188669b9d920e023752f1aa4d92
-
SHA1
03584a1afac7afc709dd8b8bf5c602845edec7e4
-
SHA256
46a2ef76412b88068194c79780e29ac7307831849da46b189567b11c87b678b7
-
SHA512
def39caade3a44f7184ed9269e6c273e9ff1378cadc0a9eea3978fb73b772bda6b75a4ba4e3e439886c96a20d4b22d85677c579746004c4e10fc9a25f0efd75c
-
SSDEEP
196608:lsY7fJaPeMQTv44K2/SJwM8AWHRZdOJH4S/C5eLr:R7fcPV4K2/FM8hxbOJHH/CeLr
Score1/10 -
-
-
Target
Crystal disk/CdiResource/AlertMail.exe
-
Size
81KB
-
MD5
b8369f93200cddfd93e46437a1b099e3
-
SHA1
3f7c589dcd36f733712a1e94611bd39ba7e11971
-
SHA256
abbb2bd38f8e5cfd1fca428e27de421b77beb09f7bb8fdb7d91018a6bce7b098
-
SHA512
7cde6064e5095fcde14128aada6c54168173b0b33b2f11783c6e2eab6b1735d5f834f38a9f034c584d9e781fd7bc8155a3fc1552b950131b3f011478c706457d
-
SSDEEP
768:yw4ni2c0YIz0eXU6tvZ2XWNG52mUBT0iw5dIAXdRCRn75c3ggNWhJ1aSoQuSthBI:GrM1eXTthgWNGhWboL7StvoL7S6
Score1/10 -
-
-
Target
Crystal disk/CdiResource/AlertMail4.exe
-
Size
81KB
-
MD5
4ca37bcaa4e6d83e7d25be1dae022f41
-
SHA1
14625ad67ee56c166e329ca6e6fc992fef1a7fe5
-
SHA256
aaae342e4c84a3540a1220b9ed6d8ed215ab71c05df862349c1980bc044f7f77
-
SHA512
019762e0720158ae4b66fdb27541b4d5b6b00e6b1a6f6c0364677c37bd8f2e378dac6026239c66a5a7654612acd985e5a666f29739d28de9059fca6a2cfac757
-
SSDEEP
768:puwJJMLfzqBV+Ix0eY3nSvV2XWNeHOecV5keEt9IcPHBIpTnDCtgCcshT1aSoQu5:FpBAdeYXSNgWNSEspoL7Sks3oL7SRqZ
Score1/10 -
-
-
Target
Crystal disk/CdiResource/AlertMail48.exe
-
Size
76KB
-
MD5
dd8ff21bfa0454fc8a0eae1567ffff5c
-
SHA1
266a24c1a78cd06504ba88055313de2ff13d8673
-
SHA256
0e4ee8b55078581ebf642e51690049de857200f48d35073cd5f852868ac8cfd9
-
SHA512
fce812ca9aa9fc5e5169e5ccf3e6d74fbc315792facff628b6a0af4c97813b01a9daaf2a80e5bf5685ddfe7589dbe11f018ee48e89040d9d4ac250785d17caaf
-
SSDEEP
768:NwudkcY5QskiQ7evgHK5cxJFlHKriCFZthQFNu+nhXk8TyFbCbYcdqwim5rR8Nhu:ldkVvy7eKCc0C9qngwkL7WM8g2L7Sx
Score1/10 -
-
-
Target
Crystal disk/CdiResource/MailKit.dll
-
Size
837KB
-
MD5
c5cd71489d9c78d85d89a895bf463cc4
-
SHA1
ab017768139d5731756260a8f9674e089347d9b9
-
SHA256
75211b1b7c7af76c7cb09c8ee32f0cad82db86daad15633690ee3c6881a717cb
-
SHA512
8ca003cc5a7b9253320cd66b4dc57bd8ce8b81e7a72e8d30af528b13128cfaa32739f7253f9dbc7844b00ce8a49d00370b9822db7530f0ed916b2b8f32952665
-
SSDEEP
12288:Mz6bczVeI3nauKmSG1iFvbeu4N8OdJVRwwlBhu9hayNuw9K:MBzVrVjiFvbeug8eVRHhu6yNuw9K
Score1/10 -
-
-
Target
Crystal disk/CdiResource/MimeKit.dll
-
Size
1.1MB
-
MD5
007c665a952587526f08fab9c84b0973
-
SHA1
e98a30dbd4421a0b06224eac66e5db3db052de49
-
SHA256
4bde60d1eb8f31844097e609db2874d138ba896d530a195572c19b7ae3014f95
-
SHA512
3ac4d8c322bb0b601e60c9068ad0a83e80543cc0233d16c277d430b015f74a685715dd37a62e13b69505935ab39f204d443615f372329b030bf98a4c89ebc1df
-
SSDEEP
12288:2ojHuG7qgJZ3W4vlnTZ6/hsHH6c/l6gSttAd7b52lD3qWh21UyKCzrZGG5uqgoz:2OzqAZG47lHH6c/l6gQ21XK+rAGE3oz
Score1/10 -
-
-
Target
Crystal disk/CdiResource/System.Buffers.dll
-
Size
20KB
-
MD5
ecdfe8ede869d2ccc6bf99981ea96400
-
SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641
-
SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
-
SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
-
SSDEEP
384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dialog/Graph.html
-
Size
8KB
-
MD5
1f2f281f50cdefb6794c9c87133b89fb
-
SHA1
6aaf495b5eba156f3b6d69395a022251f54e8460
-
SHA256
00ceba3cca57b7ae140f077d6aebb88e172f69b4cc0c8879c5be7f2734a989f8
-
SHA512
c1d8d99104f0dfc0f3417c6c0a2519ab9508aadecc573b6c338614237d6d91ce03825b4b978a3a9a03272759d7d566d1bc7c60b7742b4f83a8ad1b9d943e906b
-
SSDEEP
96:7KkOs1PJEpKltJtAZ29wi7/3j/Rj5LNscioCIq9Xr9MDoevklwew+K:7CMEpKltJw29wi7t1LNsBojvklwew+K
Score4/10 -
-
-
Target
Crystal disk/CdiResource/dialog/Graph8.html
-
Size
8KB
-
MD5
95e946a56eaa284e0167d5669861315e
-
SHA1
80c69fb76714856274183d72da863b65f63dcede
-
SHA256
715663ab9ac4f2b0de86ea36c90436550b648e8d79f35b2099b904071ff3608c
-
SHA512
75fa148c3a38ab07751100d23e574d94ab9073a4a6611f3262a6ebe9e33e509a6e0152c44f87d73448c751c31047fce7f8fbef1bd3eb2c99e340866bbdd8b066
-
SSDEEP
96:7fkOs1PJEpKltJtAZ29Ni7/3j/Rj5LNscioCIq9Xr9MDoevklwew+K:7BMEpKltJw29Ni7t1LNsBojvklwew+K
Score4/10 -
-
-
Target
Crystal disk/CdiResource/dialog/Option.html
-
Size
17KB
-
MD5
1639dc3afebcb77a24f2b76c060681be
-
SHA1
4d5be3e3eab978f344602c9e7f8a5cf981ae7fb2
-
SHA256
1c33000a9201ab7f6fb76a35adecd1a3b4a0ab7e21d4adca9b7ce47eb0438eb9
-
SHA512
badeefa30d01331fc8a0ccbd1478ffb265c602737c341ccb3acd33484bf4e622c27cf4d0896550e3077313b19abe4c127002b30cd8ab57c30cd1d84fd9cb798e
-
SSDEEP
192:u6/T7J+jh5BOfalBZOlVSY7SM+UJBRyHyl:uw7J+jhfOfXp+u
Score4/10 -
-
-
Target
Crystal disk/CdiResource/dialog/flot/excanvas.min.js
-
Size
10KB
-
MD5
08182065d2093c978a9bfa16b0829173
-
SHA1
b72f4f5b78513de55e61ae0f8804757b7be97d9f
-
SHA256
5f94b032a110504b7b261eaf71392fa3e8d82cdc6455c0cba5c9f03cd34ed122
-
SHA512
73edb75f889493c40765f8c34ae02746afab14f98585639279ead7f87232c98122adf9eaeb8d4e585ca45fda9a9b272f126c239a9acf50cf02a77c3e889e6112
-
SSDEEP
192:f0nOGBoKSDDfL8SZy/RJVfGPSfJq2sq2iq23UdFm2lx0fRun7faSpWM35Rfz5wyC:snOhT8Sk/RPePeJq2sq2iq2b2lx0fRu+
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dialog/flot/jquery.flot.min.js
-
Size
43KB
-
MD5
f1843acdb53f2c88903f89e4e175cd32
-
SHA1
6fe88ea552177f7117dc4cffecc5cdd53a250234
-
SHA256
8a0f1dd79995a9308cffdcae12445d9f727d66a450ef5158280e0724de55c32f
-
SHA512
1a0c7e84d6edd2678624c1b9bf4b4cf3bf2c897ae3c5d75a08199f96dd2c9d03b77a43851f033f2ae9cca197f6cba1d996730ceffbdbf5a78aa31ab7d2c5bf48
-
SSDEEP
768:HyGrgyZo3Rf+fHfb0cQ+LObGcMMr6GQbDtvjQa+1w30007ASG:HyGrgymmDXL+Z2GQ/tvjQaWw30007ASG
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dialog/flot/jquery.min.js
-
Size
54KB
-
MD5
a9331828c517ac5d97f93b3cfdbcc9bc
-
SHA1
1be9c3684054001f53fa7ff6d85ec3cb573a9cd2
-
SHA256
d548530775a6286f49ba66e0715876b4ec5985966b0291c21568fecfc4178e8d
-
SHA512
403b7c0dc179ee12b85b76885ecb9a16e1e538572ad866a943f404f674dd3ca8c626b1cb2729fb720a6db3eba4e6ac1ac1de875a4d598f1b76337366d33bdba5
-
SSDEEP
768:NcBsS2y/PUrTsLK88E1o2z33cThrtz00lU3+pSk+f1:NcBsyyT1R2T3Ahrt00lG+ck+t
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/AMD_RC2t7x64.dll
-
Size
194KB
-
MD5
6b2a0c8f3bbb1a9a330af0425d132b2e
-
SHA1
eee430e51bca07a3ff721e84469f92cdb3b090d0
-
SHA256
bdb01316ec6f444049bfef2b13ca34ee2f5f1713df2007e611d3220bc1b3b8b0
-
SHA512
b3f867e17e8efaa4d23c1228269827e37fcd1bb4309add46cebaa7f75801035fcfc1a152f3e707e9f44f342c680b9b1e6ee51607e8403b82fbac810a9fbe93a6
-
SSDEEP
3072:ZLWTDyk0io5FYBd1N6WC73BHQwOuHDAKhYpBwj3m8kefoZfSlf5ZfSA:JWTDNY5FYrvG7CpuHDliJbyN
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/AMD_RC2t7x86.dll
-
Size
153KB
-
MD5
83961471594193b722f0fbc0f21b6944
-
SHA1
9add0f76f63e32558116d97afdec0ea2d6f998a3
-
SHA256
68d7f33a3fa41668a07e4febe68f15d1d0107024cbbafc938a1af283ca0ff07c
-
SHA512
f93f406ff15be88ad23bcd43d1bd14a3fc39578e3c961063dce3c1285583aa1d78d67506c004d4882e2f9c188df1a78f4031a2038702d16dbcccbc94122b3185
-
SSDEEP
3072:Zl5kl59rYRjNgQLfLbOEEdIGy4e/LZvUFPhhz31XNfjZfSzfYZfSp:/u9keQLTbBE+GRachzlXjXk
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMB39x64.dll
-
Size
216KB
-
MD5
fc238a5d2ca00e01946d8727c870c722
-
SHA1
ecff4fdd0da7779883d591650ff2ce8636018b69
-
SHA256
0982c9d669cc4f7ba365afb8077fb05023567aa889dc358cf7a2b982882fe817
-
SHA512
407c817b567e69b8ed8c9a3cf81c7bb78fcbe7fd87e85df5fa66069dcf58f05fd143b3eedea68ef03eccd7efa836d251decc1dca3c47d6f3fbc136eb608b3072
-
SSDEEP
3072:dR3uYTjH1vWMZrxO/RrF0Q9byDj1AoLnhv6nIWmSwXDUBQYnnkfQvZfSU:buuEQNO/hF0Q9uFHnh3HXDcayn
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMB39x86.dll
-
Size
192KB
-
MD5
22a5906eac20548f6226075b1e8c5816
-
SHA1
2f5ab8cadfedb6fbafe93c508295d31a0fe30e2c
-
SHA256
e75febe04858e6b5d081040d52912558eb89f216467704438d0c3eed8d599bc6
-
SHA512
0dbead5b5eea325e438de10467b7c90d60b8b4d1f5b35c96e69887c2589a9bcc808ade5514461aa99eca66df0b686d8a1ccb64d89ff2336292dfd96f0183638c
-
SSDEEP
6144:BH5x6ZaMCvvMHhcmNhw9eE/NGd0kUbiLJ:BH+Phw9ezPUe
Score3/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMB39xA64.dll
-
Size
210KB
-
MD5
83d8fc2aa393d608f883ecb771b8517b
-
SHA1
87625c3806318ea7c77f91b30fd6cc31114eef35
-
SHA256
32a658aa75eb460e1ba289bb5b8315430c9c63a545bac0a0d84a6e52a0ecea8d
-
SHA512
b685d13cb42b651d895c4f50586a5129caeccefa50d3cc3f9f7f315f8f42aafe78ac49e4888e1907d4d154e23f6e87f1c1a6f13e55c6304c9d0c6d486e5ef74c
-
SSDEEP
3072:1ygHrt1f+GjmP9GVcB98MnUEriQihuW60tJdj+V51EfQrSPKl8v7Q+ZfS9:NB1ftjmPGc9ehzryy5KlM9C
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMS56x64.dll
-
Size
216KB
-
MD5
107cd7c06ff1e7aa54b872e110c8b050
-
SHA1
4b3c41e01d7bd7c39199fc94161ea537d8ccc235
-
SHA256
f6efcacb81fa8802275e9ad75cb962dff34d15903bdedfcaed0c59c5ce25ecc8
-
SHA512
e548969d4430616650109b8de425f0bac0f2f99a780204aece008fa4de584a40c0c49d70cf2f6a9e4240e9e122f346d04bd402dad61c83ee0d604d546cf0f564
-
SSDEEP
3072:p537hsYyDqlmpgjeehoOdrN3TK7AFbA0AZcm0jTnI+Gowd7NCT6nnkf5xZfS8e:j7q6g6KsoOlhTK7OFccm+IdoZdi
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMS56x86.dll
-
Size
192KB
-
MD5
f0cfd97b1ebe069f424c116843231183
-
SHA1
e5e921a0ba07b96b1dc5c21c22bee815615cfe48
-
SHA256
fd750e8a7ebea0e61a04cf7ef65aaabbb6e0d3c07b64ebd2df18170c8fcf5347
-
SHA512
48beb5b2bf84fd1b61335fc6c06463efe861a9bdf500d32fc62e89b8eb65f6966c379c9b94a34b20051e792ccb1460ad7d658474269a8848314806265ca3793c
-
SSDEEP
3072:xeCx6ZaMCvvzgGC8OcRG8ogkVrcAku/h4OFgs9YTMhd1FXDrsjbWJoIuye2zcXUE:wCx6ZaMCvvctPcois9Wa1ZAjbNzU1Rc
Score3/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMS56xA64.dll
-
Size
207KB
-
MD5
f340d4ad5af83ea13c14f3648fd9560d
-
SHA1
1b7236acd4e0ed34cfbbea01743aa6d3402365c2
-
SHA256
90682fa446e8b64086e7ee72663bbf5c8b2e160f66dd232280ec937d277c3911
-
SHA512
9417cdc3ab34b3c336c037dba53c2e06987a5800182dcdd1672f13db359998330f0c8c39468df0b38d3f9b803ce3daa9beb6ebfb327fc02af3e24bd5c478fef5
-
SSDEEP
3072:51y7Hw4wtybOdJs9xMn0giQiUFs3VxOVEC0bmQBP/zB3sHcw9G7pmJzZfSg:QhildqwSU6VauN6Hp9G7psT
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMS586A64.dll
-
Size
203KB
-
MD5
f3675a0d04d0a335505cd19b73a187c6
-
SHA1
f3784f7026bc13c3908ba1ebf09ebcdc92a44b04
-
SHA256
cda192ed4afff08f306144b157912d4ea2118af0286bf5ebab61637783b50418
-
SHA512
17f154333ee9ebed0fab108457cefd92742487c1cc917abe505d85da4df353776605aae0e381517d092c4165f928489c3fd08825ed14c750c4a5fb2cf517cc55
-
SSDEEP
3072:VEQPLpLCKw8i15ZqoDSGdWQhefdzDh3jiQi412o02qdIFWG31W3mf5d20F6tq9Y+:VE+L8h1bSGU13h3U4wC/2+6Ru5YeJ
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMS586x64.dll
-
Size
219KB
-
MD5
f0d8afaf305ff5a9f20aefb188e79962
-
SHA1
8c751ea19c7debce38d6f585b3a63cd5e864eec4
-
SHA256
b0ce64dec3f007cd49017dfd9f4b5f6681932298ed73255609b11d77e5399e69
-
SHA512
28caf7b2bf7d60fd6cb83758119784baaab2952284ada542d52eafe6f2923011a1f23dd741b0804bee6fac6213594c93f3a7321903e74cc5cf823efa4ba3a8d3
-
SSDEEP
3072:DZTHdOyWSAWQ1FHOUiyrJPvQGudLwVjH5d16c1RhzTgkcAzF60J0TkfRq1fS:DZT4UQ1FHOpyrJPvad0Vd1F1RvzTA
Score1/10 -
-
-
Target
Crystal disk/CdiResource/dll/JMS586x86.dll
-
Size
201KB
-
MD5
ba1b819d15120df67e73bc6a18d467b8
-
SHA1
60c4bc9fed804cd34480f4cdff937f6ef2f7eb77
-
SHA256
eca1289baa825b8931610cd557a0456a087c0861b2244677aea381f057dcd4fa
-
SHA512
f9e29445786102c41324442c4f7a8346df0cfcc11aa9dd944fd6644c3fee45987341ed994ab09edc6e207664db1c591cefa8c3ce0c2e57af0a410593b54326ef
-
SSDEEP
6144:GlyxCQ2Db9mdjkStTvFZe0cMxAr/3Jt5Qx:FNkStTvgzJX
Score3/10 -
-
-
Target
Crystal disk/CdiResource/opus/opusdec.exe
-
Size
174KB
-
MD5
1f3cf9f2eda491e461a44d956033d7ff
-
SHA1
9b5db2d3b252d9f4c434ecb05306b3f6a05f186f
-
SHA256
d8d8d30847b200f2ce1059726d3874469887e452af3133518eafdf2b2692f260
-
SHA512
eb5e6baeb6385fb1889bff131aa78f71a1235cf7468466bde3344e6b035c65e5d8dfdd18f0f75aa970758132d540009c7f5ba67cfe61a69061702144e7233b54
-
SSDEEP
3072:74UvcpDZ6BNNglpMg4Ewjw60B8EDh7lR84YijJkPxZUOV3:7Cp1A+l8ElZX89P3UO
Score1/10 -
-
-
Target
Crystal disk/DiskInfo32.exe
-
Size
2.5MB
-
MD5
5d14d19f1744c9dd8ae755866906b4e7
-
SHA1
147d8703111d3d9f0238ee723c3eac1d98978e4b
-
SHA256
7e232324354fb547e6ab58ae9bf92de7e94dcbe7fdcd84b52d0b6385ae37c1c7
-
SHA512
9e4db9ced38e1ca2971adb8b70b4e41d2f06a51f3d5e16a14e83d77b946380add4cfa8890ae868973e2509f0e6b5a946f760b054b7f3e915bd95b5fd63edd253
-
SSDEEP
49152:80jwy1SDYkje/zFFDthinmnM4atqZdd1v+0Krbs:zb1UYH/zFYnmnM4aqTPKrbs
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Crystal disk/DiskInfo64.exe
-
Size
2.7MB
-
MD5
aefe7a99ef3c9e40d8be45609d9b8080
-
SHA1
fecb3aea2f282d26b0fd299911b8e6b3853d4436
-
SHA256
a66e2523e65b90b8a6003947422e007714174d606981d0b1124e4bfb37d1418f
-
SHA512
c2f5f2ee63bbd648d6a7a8f57ad3c3066bde323399c984a27101d60de8e08837ced21cc4904fc77e1fcda1578e24076087b3e3aaca172b5cbfac420c65b2cfb8
-
SSDEEP
49152:+dA1UbcDRv5DhBMHhCRLnmnM4atqZdd1v+0Krbm:+deDhk4nmnM4aqTPKrbm
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Crystal disk/DiskInfoA64.exe
-
Size
2.8MB
-
MD5
cf8db49a19947c953d45b5e63fc47a02
-
SHA1
2580b0b3da08d6e86c93915ba5deea3958bba3b3
-
SHA256
18212aa7cce97c29f614775cf74ec014b3ebc11db1599cf04191195c1df6744f
-
SHA512
41e4c530812fa362530cccd5ad9ec27fe6b9a85181153ab8a7e80dc742a3b080c553f073dcb7e4c11b1213f6533ba8c758a394522346da3880639cf5d885e7c4
-
SSDEEP
49152:0bJ9qYpuD1Y7cSPtnmnM4atqZdd1v+0Krb:0bQYIMnmnM4aqTPKrb
Score1/10 -