a986aa2f241adf5c499f10d7cc18f1917f20c4536d9799260b12efd7e0dcf3a3

Sharing

Copy URL

Twitter E-mail

General

Target

CeleryRekease.zip
Size

26.4MB
Sample

240427-k18wmsfh91
MD5

4bff106bb1cab9379c7bba2dcf0b5917
SHA1

33eb1d2cbcc4e5e3d28549f8cce5cf0109997fee
SHA256

a986aa2f241adf5c499f10d7cc18f1917f20c4536d9799260b12efd7e0dcf3a3
SHA512

9cb8e1c1cba8b48859123f5a48b756922294b3df9af2ce43bc05863fd8ab967f530f3e99941080c6dc8d91df0c19d5fcf60541d12d8b3fccc9b956f084354258
SSDEEP

786432:UL1CB39LSUHwfZxxBjKA0srrCOKY+EE7g:RB5lHwfZEzsrr34Eog

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  Release/CeleryApp.exe
- Size
  
  8.7MB
- MD5
  
  76a355bac0e92a1a70e72c950f4454b4
- SHA1
  
  b21f1f0649bddd6dd879b25e0c603c04761188fd
- SHA256
  
  ea5493c1b0a0cc6541ad76301b6abd2d94577283f731d4b46328555bf7f437e7
- SHA512
  
  f8115321b930c7d8d7ab592450744e0efd9ca47d907fd23143aeb7edcc79052892f67786681125b569a08b7d238f41ee8cbc2383b00541b3d82ce0d57e2f1688
- SSDEEP
  
  98304:qza5igLIRfyC7egWJ3PJzdjf4fwraOWcD9XdMPABIw/t6KHDicVwzUsSp:q5guhega4fJOWs9XNBZ16M2cuU
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  Release/Costura.dll
- Size
  
  4KB
- MD5
  
  501981c7fc457d59238eb99780efb615
- SHA1
  
  f1f25c01f6acf33bdd62c4f82d3ef078e76f0906
- SHA256
  
  41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3
- SHA512
  
  5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8
- SSDEEP
  
  48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2
Score

1^/10
behavioral2
- Target
  
  Release/Dragablz.dll
- Size
  
  233KB
- MD5
  
  5a9583a7bed76b2e94091f9b74716f68
- SHA1
  
  60552dc4ed629b32a7c0e7b31406a21829bdc38e
- SHA256
  
  6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338
- SHA512
  
  8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5
- SSDEEP
  
  6144:fTuK/5J3BPYcKHJv8ahfgfkMMafGfCfDf2fE:fKKhP+Dhfgf7fGfCfDf2f
Score

1^/10
behavioral3
- Target
  
  Release/MaterialDesignColors.dll
- Size
  
  295KB
- MD5
  
  d2207fccbdd6caa91c43776559ce401f
- SHA1
  
  4f78f282a238b21ad1f995f154d624865d08a38a
- SHA256
  
  1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0
- SHA512
  
  d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e
- SSDEEP
  
  1536:1r1In+fq1fDfDemxD0EsXpGX0EOAyzU7fKoVxbzQXT:B1WB1PerAjOAL7fKoVxb2T
Score

1^/10
behavioral4
- Target
  
  Release/MaterialDesignExtensions.dll
- Size
  
  349KB
- MD5
  
  6da7ae89f1eac96f143dc5200031d8b8
- SHA1
  
  d9dc3936bc9a288a727cb2295c3d05899adcc9c8
- SHA256
  
  c5b93560fa74b9a05959aae5116da59495d36782d2e17e45f0efcc06ad36ed6a
- SHA512
  
  3929f7092a5acb5ae3333e7e0a9ac2a403b78c8c8ad35a17ece25e6688a61a0f7e4b701691b02ad2941c6e15d2262c6f8ae76413af93dc92aa422e1738147e94
- SSDEEP
  
  6144:OM2EyV6zxDNFOzaFkpXeRk7ecDfE0MHOZB0zSvo1UvEGK262:nGVcxHOzxpuRk7emfE0MHOZB0zSvo1UJ
Score

1^/10
behavioral5
- Target
  
  Release/MaterialDesignThemes.Wpf.dll
- Size
  
  9.1MB
- MD5
  
  dd614b113b0fd72554a55eda5dbfcc10
- SHA1
  
  0144a3f8c52dd932bfaca7d7f147f694b5511551
- SHA256
  
  f2cb7b4de690abc21780bbab0f0b39273b6538ab04ef47fbe099126a43b62864
- SHA512
  
  974eaf9906a798c723436b9ab1abae282757596c350e48a6697d84c1bdd50715415d3a70c9a081d4b996f3abbbdc4b26d3c3f9139f8b685cb54bf01376512c51
- SSDEEP
  
  98304:vVDXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCR2fS0:PnJ45/9iD54+V11bFv4z
Score

1^/10
behavioral6
- Target
  
  Release/Microsoft.Web.WebView2.Core.dll
- Size
  
  445KB
- MD5
  
  c4b4a5f4f28d47239eb4e37cb3cc8046
- SHA1
  
  ed86941cf065f91758d536d8e13cc2542cc38922
- SHA256
  
  c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1
- SHA512
  
  440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645
- SSDEEP
  
  12288:EB7Md7DkbrB3kPo+iKvRFNLe1+imQ9pRFZNIEJdIElxPrEIvLcglxMwCepM1STUH:EeFP7
Score

1^/10
behavioral7
- Target
  
  Release/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  e6f424ee6036ee7d58283780b705be8c
- SHA1
  
  c17fc397711fb2e0c400007620c76e70c956dd9c
- SHA256
  
  c9eeff2dd13109f41447a92763d31aaa07369c58a570c18bbb851824a77da98a
- SHA512
  
  1d255265115a4a2238a21e3ade35101babcbf9d5de58521365666b9564681119c4b7f20ed6a6c16fb6120ab19106fa40f25421da938b7fee7b8a5e7758f2c22f
- SSDEEP
  
  768:ejIHFTA42CL9tcZDgcEST3p4Jjrjh2jJFSgyauYv1JKia5/Zi/WGQKVu6bL7RSOX:AIS3C5tcZDgcEST3p4JjrjaJFSgyau0H
Score

1^/10
behavioral8
- Target
  
  Release/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  43KB
- MD5
  
  0241e0a42b292e0c9b585470c613ec78
- SHA1
  
  74e4ab7e37bff177a394617923baddfcf087c0e1
- SHA256
  
  15bcd610a80632ef59d911a8447b11127cdeafbf147c844f1b740735efdf338a
- SHA512
  
  bd083301c6f93a1852c76686797919787f439c65ea11d430701257fa4d3791a4eff892b6ceea1c534d832bfbc0b0ecca3f671e3a9c50f34089f919e3756882f0
- SSDEEP
  
  768:k2TI5VoCjJ4Jd7U2zkQ+Z8cDP/ryEH0yBy4JjrD1h2jVh3URGvkz7FKKa5/Bi/xm:VE5tjJ4Y2zf+Z8cDP/ryEH0yBy4JjrDC
Score

1^/10
behavioral9
- Target
  
  Release/Microsoft.Xaml.Behaviors.dll
- Size
  
  141KB
- MD5
  
  ec5a1abee150abe698689211b07cd1ec
- SHA1
  
  affc3cb47da8fe76986d271cdc3e7ea345cc04e5
- SHA256
  
  b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54
- SHA512
  
  a2b55b4ffc3f11546ed8d3457e98b986c089e25229bd687da35d45d63e4860722e8b13826d3a3daa1be843cf3a4ae3da4cf9b6fdcb5d1a4948648537e683789f
- SSDEEP
  
  3072:UAyazS96IT0O6gAf+LwCMe1u051dXcr9/soMEs5r/j9:tyhYIT0O65cwCMyE
Score

1^/10
behavioral10
- Target
  
  Release/System.Diagnostics.DiagnosticSource.dll
- Size
  
  34KB
- MD5
  
  8d9df432109f1cfdd86723b5f171e3d7
- SHA1
  
  85dc92edd4b0049ed9049e075c4def8a3d64e43b
- SHA256
  
  d22133818a30313e0becf010d78a556a56b34ea361dbd33588c9817631fed540
- SHA512
  
  5c83303934eecfa61c43a071d29c98e5804d37a5dc7f7b035772d6a168b0c5e65dfabef20b46214e65493c4bda44831cafee83615498fbe9e718c884f4650edf
- SSDEEP
  
  384:iQobG82oiaPaf/gn5LQ0+0zdQUv2CtyW8fiFISWbW9pWJbWivT1Nq0GftpBjAvnC:nA299fI5dxzL2CC11vimvnEBBNFT
Score

1^/10
behavioral11
- Target
  
  Release/bin/Monaco/.git/hooks/applypatch-msg.sample
- Size
  
  478B
- MD5
  
  ce562e08d8098926a3862fc6e7905199
- SHA1
  
  4de88eb95a5e93fd27e78b5fb3b5231a8d8917dd
- SHA256
  
  0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7
- SHA512
  
  536cce804d84e25813993efdd240537b52d00ce9cdcecf1982f85096d56a521290104c825c00b370b2752201952a9616a3f4e28c5d27a5b4e4842101a2ff9bee
Score

3^/10
behavioral12
- Target
  
  Release/bin/Monaco/.git/hooks/commit-msg.sample
- Size
  
  896B
- MD5
  
  579a3c1e12a1e74a98169175fb913012
- SHA1
  
  ee1ed5aad98a435f2020b6de35c173b75d9affac
- SHA256
  
  1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437
- SHA512
  
  d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb
Score

3^/10
behavioral13
- Target
  
  Release/bin/Monaco/.git/hooks/fsmonitor-watchman.sample
- Size
  
  4KB
- MD5
  
  ea587b0fae70333bce92257152996e70
- SHA1
  
  118ff5509f187039734d04456bf01e44c933ac19
- SHA256
  
  f3c0228d8e827f1c5260ac59fdd92c3d425c46e54711ef713c5a54ae0a4db2b4
- SHA512
  
  f5a4d2bff93161eb61b9902ff74d5ee20de3316f2b1c5ad49299deaf1adf231848c5501b6e4a840e5b898791f86c66eed6f3b05ff573073674177a33a1f2ae9c
- SSDEEP
  
  96:GFCscBOvOFXDgRvi/3eCwX9PlkRo/j5SpoNOBoi+geBIzCa:GFCsEOmWRamCwX9PqRo7geEk3IzCa
Score

3^/10
behavioral14
- Target
  
  Release/bin/Monaco/.git/hooks/post-update.sample
- Size
  
  189B
- MD5
  
  2b7ea5cee3c49ff53d41e00785eb974c
- SHA1
  
  b614c2f63da7dca9f1db2e7ade61ef30448fc96c
- SHA256
  
  81765af2daef323061dcbc5e61fc16481cb74b3bac9ad8a174b186523586f6c5
- SHA512
  
  473ad124642571656276bf83b9ff63ab1804d3c23a5bdae52391c6f70a894849ac60c10c9d31deff3938922ce83b68b1e60c11592bbf7ea503f4acd39968cefa
Score

3^/10
behavioral15
- Target
  
  Release/bin/Monaco/.git/hooks/pre-applypatch.sample
- Size
  
  424B
- MD5
  
  054f9ffb8bfe04a599751cc757226dda
- SHA1
  
  f208287c1a92525de9f5462e905a9d31de1e2d75
- SHA256
  
  e15c5b469ea3e0a695bea6f2c82bcf8e62821074939ddd85b77e0007ff165475
- SHA512
  
  cb78aa7e9b9c146e5db65d86dd83f04e2b6942a06fab50c704a0fd900683f3b6ad1164e74afe2f267f6da91cdff0b9ab07713e12cefc6f8d741b5df194f4fda6
Score

3^/10
behavioral16
- Target
  
  Release/bin/Monaco/package/dev/vs/base/worker/workerMain.js
- Size
  
  537KB
- MD5
  
  6dcbb695dfdfff091a88c7c5d7abaf06
- SHA1
  
  9c8fc639955005c5f4f871dac88d535f3f8a16c1
- SHA256
  
  90445461e39687ceb89adcc0cc24a507d05757a82d2d922e326a2062b6f6a8fc
- SHA512
  
  14e719ff411846e214a210c0bb95dc1b0a25ed9c309e572c7c0cb2786165e299b34a9724def728d6d795e61f6f59db30e6dc98ccce21b5c8df69734e138ed422
- SSDEEP
  
  6144:wRIlnOy7KlzfH0+RqlT3+RRl/U+RqlCb+R6lp2NHEyaNyT34OfTkVDhuYG2:Rlgl7b2NHEyaNyTG7
Score

1^/10
behavioral17
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/abap/abap.js
- Size
  
  23KB
- MD5
  
  50f649f3e45a1f5c7f71f409bd5fb8a1
- SHA1
  
  1cce5441dee1f76bf158fbc0462c8e13e6b0ce54
- SHA256
  
  c7bc6470bfb0d82dbc422ca008dfb8b25fb02c8216cc3ee91e9e3971764efb2b
- SHA512
  
  0a74cd41751261daccf256af483197a844085c335c77076225801db48d580da92e295435057dfa4050ad84d1e6937779bf3849b3dbc5564159d4a7d35d5ef9b3
- SSDEEP
  
  384:rg0l1E3cOjsKpYDsv2JgYHb4AxJYmF7piUIFTyyxlcQMnOsjY:rgetOjs8M9gYHMANeJg6l0Y
Score

1^/10
behavioral18
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/apex/apex.js
- Size
  
  9KB
- MD5
  
  96d8e2d7e01af1bf87b50e397ef14e1d
- SHA1
  
  c58411cd9d819eca280d7aac743afb8c48941345
- SHA256
  
  12a9de1bd5188e228d1b225b93bc1de7545aa3eeb5df2942d1b30de8b4102279
- SHA512
  
  6c9920794f054f2a4c388dd22b0ffce9440fb04ea49b43b86d1bb9e7ed519255c2735a6fcd5be6e7835e5cbea99e7f44f67bf14ef540ba958d5193b76af1b1dc
- SSDEEP
  
  96:HDGkOt8DdWFF80lbEjNVhEB9ogBUqjoI0cai81ISgI/3kl0OsMCkwnI6NkPN8jhY:rOScFTbEjNVhEB9ogGTvcai81IIeZsw
Score

1^/10
behavioral19
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/azcli/azcli.js
- Size
  
  2KB
- MD5
  
  42a923c820d332ddff89a68c376d4657
- SHA1
  
  23ea23fa0dd03085bb92aa095bbc62d9df8a8722
- SHA256
  
  09f4dd1e73f6ba879f28fb7e07930279ab4c5a295483799c53c6417fae7b8d32
- SHA512
  
  253b80f3ee5a929f865f53ac237f673a3d505ce14cd80eb7f78e25c86a6dba58c4f87842fe2482932cac50ef4eb45733435da310f1cafcd863d15159f5fcdceb
Score

1^/10
behavioral20
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/bat/bat.js
- Size
  
  4KB
- MD5
  
  c0ea60d00820705cac4d2857da94e7f8
- SHA1
  
  b84fdfc23fb97f37e9134089aac916392a943635
- SHA256
  
  794ce7c333161e68fff0c6a4a1bc7cdc678073147dc48e1a49aa5313483fc4ab
- SHA512
  
  b5e2330432aba944abec1dd0450169d8c1060e42b52efb2c4aaab5750d1d7ed691d6524cd9c3249dd14de8bdc039acc08c3e969b06784c9f3236b72cfa79b24f
- SSDEEP
  
  96:HDGk28EmF+z+lDHm3vPP3jq8tHEDwrORJC3MB/mMw:rZEm3DG3rBGZW
Score

1^/10
behavioral21
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/cameligo/cameligo.js
- Size
  
  5KB
- MD5
  
  c6716edf2144eeca4ea7830baa11ba15
- SHA1
  
  b7c99a58b05afdc387621c30f7c693e304131b78
- SHA256
  
  fd96854fe7970a6e9839396e8daaed9412cdc531e36baf2dfbaa2f6b61937b22
- SHA512
  
  9c2c181cb9b46dc0121ad1ab647471dea5f4461c97d4c500cabf4e6cdff2e4fbf2a480e725955c02a351886cbff923bd97dac22a1a4de4d89901d15e77b75884
- SSDEEP
  
  96:HDGku8EiuNOcSuKjSap12fi/4OkwnI6N7eHCi:rhEiuSuhV8Is7i
Score

1^/10
behavioral22
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/clojure/clojure.js
- Size
  
  20KB
- MD5
  
  672e3b1b27b133f9bf523fed06b174d7
- SHA1
  
  2544e09064a4b5efb8577b3d059293e8487b3160
- SHA256
  
  cdc784ca79feaede6b98aafb4a9b09bc519261b44e0d58597d47ae1bd9b514f3
- SHA512
  
  2afb794f3b3c22d7993bcafddd57360d865554c7f2a112745542924b401e29ea9908cfcf3e7e0cc93b44644a6692cb39a6e9e01dde7e10c4f4db0576e16aa76a
- SSDEEP
  
  384:rqsXVeI2xzyOz3WNE4mWmh6WgcV8K8beAb:rqoeI2xzyEomzg4O
Score

1^/10
behavioral23
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/coffee/coffee.js
- Size
  
  8KB
- MD5
  
  778339eb31afb7882486697d98c53b3a
- SHA1
  
  94cd80e7ccbc14d86e2514f6736c376c145120ca
- SHA256
  
  dcdd9bf38160bbaf18d8f2a976d04bb17ba143a4924058466b82dda2c1be3bcd
- SHA512
  
  a0d65efe6ec6ec9053550c56a55d9f34713dd7e62856ca2a381162c573ebd5a6b36d859c5893734be7cb8a5b4019034b91da7f8bf72b01fc3e2d5adf32d05ccf
- SSDEEP
  
  96:HDGk08NBI0D/F8R5HFK3JPElZGHf4VTi8jQ5CQFvmieiadR0cRvv0e3v0mB9ME/Y:r/V/A5lIPmggVO8jQ5CQFvmieRRvHs
Score

1^/10
behavioral24
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/cpp/cpp.js
- Size
  
  12KB
- MD5
  
  4267c07dc0ea63d7ebea810584cd60fc
- SHA1
  
  6583cf1b42a9cd826f4785de661b35f49e8c0e3c
- SHA256
  
  7c0cf17651cf97b42714a99c06354822f98c676ea6f929bc25fa038e53a1fb48
- SHA512
  
  38b2cce9bd4d9485c9f0d4d2f2b54867ad0f4f5cd1ac4ab31b75f7be89a380864baebab8ba5ebf5d95f06d727b45cdd532c3527303f116cb745b20124e6ca845
- SSDEEP
  
  96:HDGkK8EFFBRSsIvp2qwdDAi9DYuOUphQbMgI/3klnnZHXkwnI6NvRwk8i8vLRsfC:r9EFJvIcqyDAiSuOUpK/IGasn0b
Score

1^/10
behavioral25
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/csharp/csharp.js
- Size
  
  10KB
- MD5
  
  213e7ed72b84eff30fd439aef1331fd4
- SHA1
  
  bbc95ab1948a1e6ab7a677b7bfdba09b57b1be06
- SHA256
  
  00e7837542dd16369d97e515d9063c015fd6bf143842723d1420f04769b4f9c6
- SHA512
  
  2dd5e536dbd93bebe19a6c5bb55c8e224ed5ccd1c3d34e8f3cb7b3f1a6a37b74d485c9940542aebb5d87393bbb462dcf3e35ab83a9faae16caa6e4a8cd2d7c1d
- SSDEEP
  
  96:HDGkyr8NlWFFYUlSjKjYrA9+GPHWpfFQjY5pHU6TGUdkwnI6NHnc3BxBvrOESOFb:ryAyFviRAtHsuW4s12/t
Score

1^/10
behavioral26
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/csp/csp.js
- Size
  
  2KB
- MD5
  
  79cd5272313cb73c70fba578ca644f4b
- SHA1
  
  6c41a20753948f5ef9276221b0232b2226027281
- SHA256
  
  cfbf56a632a506ef3caf41caccdbca476aa976c09ee3b4f8a10db6fa22e92620
- SHA512
  
  bdc3da4f897da8d36af2d0dde70cf61a3a96d83a85d9f31fe13eb58b8a9c6e603b25c73c1b7299a09fe20ebae9f070ad5f67c810f7193c7762026f133b6e50d6
Score

1^/10
behavioral27
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/css/css.js
- Size
  
  8KB
- MD5
  
  d4edbc51c51d0d21faa30ad73255f214
- SHA1
  
  26b62053ac2848c9149e317080bb1b181a08fd92
- SHA256
  
  d1c5c95b6a340b513a40c2561379647384842764a6b382dace0f327ec97502c8
- SHA512
  
  fef4dca1ddd45fa96c2bcc390b30d2b2752eaafc131244180bdc5de0fe34785fa020d34191d0746c37713550506af3f0affaff1ab2ce8190d884a00ff74c8c27
- SSDEEP
  
  96:HDGkO8NwqVSRaZ90jedTLxzJH+xqOB+dwDMS84:rBeqGw9z1X0p
Score

1^/10
behavioral28
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/dart/dart.js
- Size
  
  9KB
- MD5
  
  344862a7ac127396fa25152f9d3d3d02
- SHA1
  
  4d1062a142abc7d382ac9e65c1414c99078940b7
- SHA256
  
  6393139aa7fa19c2aa3207460a0b7ab5538ce96b470f7bb2cfd0dc6162da4361
- SHA512
  
  81613a29a27354bbce1e9bbba06f062e406037e6ebd8abd25fe97ead8ad02b361b4e570ecdd453056fea103a133a95d8cee7831407cee311754f0338c00a22a6
- SSDEEP
  
  96:HDGkG8EFF4fLlvGfI9Bm+amOg/kl03U5UOBSPkwnk6NGY6ZZKgDzbHTdpB:rpEFcefI9BMgEBUseAYurzbHTdpB
Score

1^/10
behavioral29
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/dockerfile/dockerfile.js
- Size
  
  4KB
- MD5
  
  cf73abbd1d975417c865e4e4d00ce365
- SHA1
  
  01a9fdfeefed907138b4d96823c134e1732c1ab7
- SHA256
  
  0c306c90e5a5165651068da54b1922490dbbed7715d93e1f5ef9174f441621c3
- SHA512
  
  e6255e4157e6fac1d7fc595475662250946b1e3c6b80c02b7adc49d4f15cd41284c2320be9bfffaa4bb17456cfb56435dd7d2866913a7ca51109311f4a351982
- SSDEEP
  
  48:V1DGkmMU8XwQuiXdiXGG0dRtm2nWqiOnDSE6S4V0a3MDqli3MDSR:HDGko8XF8GHdDWsnDt1o3Mei3Me
Score

1^/10
behavioral30
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/ecl/ecl.js
- Size
  
  12KB
- MD5
  
  55f87d589e0801ab8fe8adb8618171ab
- SHA1
  
  143e038412e32315470856a7580d8e96982eb1f4
- SHA256
  
  38774e75e5e769c8bd82c74334d49cc6c18c2ea838ad9c36ad3232b7fa3f0282
- SHA512
  
  d2cdead9bb49c74d7fed217b2054c3ca0f42b141ba034d274ae400c807e9cb1a09d1aeca07fb728565e9476ca4b05eb0f489fee4352a070857eb918ba47fa30c
- SSDEEP
  
  192:r5EFwuvU+fiXz+wcQz40RX9AwDj34fUx3hbJT2sSe:rSFDvUYiXz+Pw408w9hJT2sSe
Score

1^/10
behavioral31
- Target
  
  Release/bin/Monaco/package/dev/vs/basic-languages/fsharp/fsharp.js
- Size
  
  6KB
- MD5
  
  3090e722cdf0df15b2b713b7e6352dc8
- SHA1
  
  e94d218475dc232b0e99d428b9b03fa2793d37a5
- SHA256
  
  0e82a6d4ff12f383f2b91d55061e017eccb96e33ba2116cb9de7f3f4f909af2e
- SHA512
  
  ca1c2039a0a3136540b61e4c9f3ffad24e2aff5efaaf23a72e8e0639b05c0edcb3bf7c15bda1dd42b77b64e952eee87b3f72939d243744cc437bd406260b58c9
- SSDEEP
  
  96:HDGko8EiF+QRF/vO89sEXP9Z7KjkwnR8dRpmMwq:rjEiNFXOXE/pD
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32