Overview

overview

8

Static

static

3

MRON AIO B....0.zip

windows7-x64

1

MRON AIO B....0.zip

windows10-2004-x64

1

ids.txt

windows7-x64

1

ids.txt

windows10-2004-x64

1

noclip.dll

windows7-x64

1

noclip.dll

windows10-2004-x64

1

noclip.exe

windows7-x64

8

noclip.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    MRON AIO BUNDLE 1.0.zip

  • Size

    1.5MB

  • Sample

    240427-z8kakshb5t

  • MD5

    6ab44a48ea58e0571ba0aed9969fa072

  • SHA1

    9afc005af4c6a95c3cd21ccce532c21693054c4b

  • SHA256

    fe829a77277c439004532802334234b9320338d3facd183a1f17dfd225e8df90

  • SHA512

    b6025abfc10af7530a5998d2a03cecbf1ca2101ca4c4571dc08e43dba5cb092ab06888444ceed9cbe00a67c000c7cb7c2c8804cabeff12719eae1ae04bcb9c88

  • SSDEEP

    24576:A+JjSmfBUFKNpFcJZTevGiC5pY8DHMkGR5zENHIWd5idP/PMuTE:A+4mfiF8pFcv/i6pY1kOENoWXS/VTE

Score
8/10
persistence

Malware Config

Targets

    • Target

      MRON AIO BUNDLE 1.0.zip

    • Size

      1.5MB

    • MD5

      6ab44a48ea58e0571ba0aed9969fa072

    • SHA1

      9afc005af4c6a95c3cd21ccce532c21693054c4b

    • SHA256

      fe829a77277c439004532802334234b9320338d3facd183a1f17dfd225e8df90

    • SHA512

      b6025abfc10af7530a5998d2a03cecbf1ca2101ca4c4571dc08e43dba5cb092ab06888444ceed9cbe00a67c000c7cb7c2c8804cabeff12719eae1ae04bcb9c88

    • SSDEEP

      24576:A+JjSmfBUFKNpFcJZTevGiC5pY8DHMkGR5zENHIWd5idP/PMuTE:A+4mfiF8pFcv/i6pY1kOENoWXS/VTE

    Score
    1/10
    behavioral1behavioral2

    • Target

      ids.txt

    • Size

      6KB

    • MD5

      714de55c05d9b9362efc45a284284ca7

    • SHA1

      741dcccffac1458a1e68c4991f2c96b9f09932f2

    • SHA256

      5e014ac2bd7449f5241ba580e2d37759f26bb81cb1213f8a30c037594a452a43

    • SHA512

      e5c2e31bf5c255623fd4007da01d223ddff60f10094243c9e9ac5105c0cff28b6c422e1f8def7e41b0a076ff4e192c5f92cd56225d88209a86ba296a8536da19

    • SSDEEP

      96:yPs3ZCUGZY69LXDah8Jm8BMXB4Ohd4lGNUIIdYrL766qNOGvyeJdbIrY9Dt1:Qs3oUGZY64XyIIwL76vyeJCrYVb

    Score
    1/10
    behavioral3behavioral4

    • Target

      noclip.dll

    • Size

      3.1MB

    • MD5

      dd0c60a28ec914088e5522ef41cc01eb

    • SHA1

      d0ad4ce52dd074a8f972e85ea016e6f73bf37294

    • SHA256

      6fdbc37e9f7938ac9b96eb0b73dd6fe60c5a4e32d978be4db25a93c58711b251

    • SHA512

      346ad9d0c7cd7bfab64f2570df14f6051be9432ad9014da2bae1f69fe96367e5db0015dc1f2ecabc3c35c822c5805ba331917dbcc33e879254b2036fd9427788

    • SSDEEP

      49152:CEUze3FBQ1ZwOcjk8EqEW42dicGgd8I6I+0Ym06IyAGAqI2UWMC8+kyYWgCQdcmt:CEUIZ2wLMHwFYH

    Score
    1/10
    behavioral5behavioral6

    • Target

      noclip.exe

    • Size

      556KB

    • MD5

      e84e4da0f16e40521247870311efd7ac

    • SHA1

      30683171aae1e7dd7288e3b1ad7ef1fbde632365

    • SHA256

      fa4da01ef3e3d6eca87a36ba135e9b2084461a68e975895bc57050f6ab472def

    • SHA512

      0b763636a40bf7bb09521859db1b78ea205bc17a6fe685851a1dce8d3f64a101267c56f706742a7c2dab0e61709924126793853ffa3f84bb706145e6817dbb2b

    • SSDEEP

      12288:VRSNhZBlfA8/C8sSoC+PZE9O2bJIC0fDNNr:VsfA8K8J+O93l0fZF

    Score
    8/10
    persistence

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks