Overview

overview

7

Static

static

3

ui.exe

windows7-x64

7

ui.exe

windows10-2004-x64

3

data/app.so

ubuntu-20.04-amd64

1

data/flutt...st.bin

windows7-x64

3

data/flutt...st.bin

windows10-2004-x64

3

data/flutt...t.json

windows7-x64

3

data/flutt...t.json

windows10-2004-x64

3

data/flutt...t.json

windows7-x64

3

data/flutt...t.json

windows10-2004-x64

3

data/flutt...CES.gz

windows7-x64

3

data/flutt...CES.gz

windows10-2004-x64

7

NOTICES.z

windows7-x64

3

NOTICES.z

windows10-2004-x64

3

data/flutt...er.png

windows7-x64

3

data/flutt...er.png

windows10-2004-x64

3

data/flutt...go.ico

windows7-x64

3

data/flutt...go.ico

windows10-2004-x64

3

data/flutt...go.png

windows7-x64

3

data/flutt...go.png

windows10-2004-x64

3

data/flutt...s.json

windows7-x64

3

data/flutt...s.json

windows10-2004-x64

3

data/flutt...g.json

windows7-x64

3

data/flutt...g.json

windows10-2004-x64

3

data/flutt...ar.otf

windows7-x64

3

data/flutt...ar.otf

windows10-2004-x64

7

data/flutt...ns.ttf

windows7-x64

3

data/flutt...ns.ttf

windows10-2004-x64

7

data/flutt...se.png

windows7-x64

3

data/flutt...se.png

windows10-2004-x64

3

data/flutt...ze.png

windows7-x64

3

data/flutt...ze.png

windows10-2004-x64

3

data/flutt...ze.png

windows7-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ui.exe

  • Size

    12.7MB

  • Sample

    240428-zbg4ysge23

  • MD5

    c18fa308afaa206d0cfab60ff0528523

  • SHA1

    8cd625628e7307673ae8d1a2c2a632dce9a2bb29

  • SHA256

    06a191350f2df652d86e6f602638635dfdc621b3677419560bcefd980bb288d7

  • SHA512

    1708c369ef981aec4a8d8c91f950df80e2f6c8de334d37fb4d202c6a3db4346f41c713dc457b7f1da827737d0c0dd5d27fd20e6221bd9980724691999772a7f2

  • SSDEEP

    393216:NAROramsFvFOEjP5dT0hu5WOpJyw9Xlo67vc/G8l:NARqq5r56hCbpF267E/Ga

Score
7/10
discoverylinuxspywarestealer

Malware Config

Targets

    • Target

      ui.exe

    • Size

      12.7MB

    • MD5

      c18fa308afaa206d0cfab60ff0528523

    • SHA1

      8cd625628e7307673ae8d1a2c2a632dce9a2bb29

    • SHA256

      06a191350f2df652d86e6f602638635dfdc621b3677419560bcefd980bb288d7

    • SHA512

      1708c369ef981aec4a8d8c91f950df80e2f6c8de334d37fb4d202c6a3db4346f41c713dc457b7f1da827737d0c0dd5d27fd20e6221bd9980724691999772a7f2

    • SSDEEP

      393216:NAROramsFvFOEjP5dT0hu5WOpJyw9Xlo67vc/G8l:NARqq5r56hCbpF267E/Ga

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      data/app.so

    • Size

      8.0MB

    • MD5

      8c7b10725e5138e3754409e66a5f3c4d

    • SHA1

      67fd584587a00cb89c31737070b32e46142705ae

    • SHA256

      41b9cb55847a82626c3f16670053cb8e8897f16dfa199485749e77768d45c3dc

    • SHA512

      a3e66d59364cc5eb9374c5616a2f4f90240a55d112c26d09af80e2bb28ab352516393ddaa6ce726b378e2344e5aaf5d8c65651bb8847f554d09cd6ef68cc8526

    • SSDEEP

      49152:xpl7lGiPvy2/qA315JZZTEBMh55iNlni5T7lFxAmMKqy1L/k94Zy5RHfWRyMhOK4:xpVrng7hC8jEb

    Score
    1/10
    behavioral3

    • Target

      data/flutter_assets/AssetManifest.bin

    • Size

      878B

    • MD5

      1e1ff85c90c45e8a30105e442db175a9

    • SHA1

      ec7ce4ff53cf57fd1c2ed3dfc6efe17798c9cdab

    • SHA256

      31109090a7363239ef97370e1328f136f58ab0aca9bce27799c67c8c88e03d4e

    • SHA512

      3151dc0d7188fb529b6e75683b98dba7c3bd8b363be242fdd9528bd94f0362c53c127ff2c9accd8043a4ab4ef02b789d504549a085090e3804232d8918472711

    Score
    3/10
    behavioral4behavioral5

    • Target

      data/flutter_assets/AssetManifest.json

    • Size

      807B

    • MD5

      08a8cb061f1ee7b2f890433b058a6c05

    • SHA1

      315a7d58fd6b7a6c6691fde9a81bac5a5ef07af5

    • SHA256

      60d741d8280042fdccc4f3bf311106f9d2df7ff3a730660e9049795ebe82e9d6

    • SHA512

      11d822976fa9280f305fd3e108fcaa725483e26e6fe86e395df9f6212f16eb6b08ebd849ab168e3d1f6c731723c2a41678fa6da764a24c6a6e46a02b39bc2190

    Score
    3/10
    behavioral6behavioral7

    • Target

      data/flutter_assets/FontManifest.json

    • Size

      208B

    • MD5

      dc3d03800ccca4601324923c0b1d6d57

    • SHA1

      bca264548730f8b1871672891b0ad0c02444bfaf

    • SHA256

      cd7e03645bc44b2dd47b7cb626f51c4ecbf55a197ab77241628b47ac165fbe21

    • SHA512

      eda04affa31ef1d3fe4b081762380a6a5a9364a48e7b6998e870c84495f51a9658724e3f496d90a574f7d5e13740dcf47ccc1c7914b77b6ef0826fe87379cdf8

    Score
    3/10
    behavioral8behavioral9

    • Target

      data/flutter_assets/NOTICES.Z

    • Size

      87KB

    • MD5

      e3ba96a2074bbe1c6a102973bf61c50b

    • SHA1

      6c14e1dc962f05d722030d62d179f5ccda6319f9

    • SHA256

      67f809127a82380c80c3666b43168843635d654ff4a9f79751fcaff6b01f9388

    • SHA512

      9ae7201dad4798e9c3c808b66da7c0305c33fd62ffa6dfbaeccc765d9d222912742437ee5ab0c487baef3bc84c1b4d2a04296cc63687c6f6d6088aa1efd7d945

    • SSDEEP

      1536:m4yWTjL5Nr5gtn1A28J8Liodvnw+3ERyUO0RY/8STTK+EjUDhNqW:KWTjL3mtmJJ8LiodY+0RDO0+7TTK+N9

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral10behavioral11

    • Target

      NOTICES.Z

    • Size

      1.7MB

    • MD5

      d273d5f1d0ab95296f2da0cd9df732ee

    • SHA1

      2ee71ca1373ef30363941ed5ebda030c4447e752

    • SHA256

      dfc4c289f18db5da60f7db1bb15d2cacbeaf45c0a0d8c7cc8fe2812ee68216d2

    • SHA512

      9f5319ebc3b5025ab1f329861a7ab123dc64f2393cac397f6f2ef7b4dbdcbdfb46b525c8e079160b213d73ca7fc6966456aadaca13f601603e615d7a9cea3740

    • SSDEEP

      12288:km6p4Rwhzo054PRWvJ+ZoCt8mY3sdWXLKaBVBQeyPL/Z+8srLKSTfxkwVnBJ9GPE:S

    Score
    3/10
    behavioral12behavioral13

    • Target

      data/flutter_assets/assets/Banner.png

    • Size

      148KB

    • MD5

      a7262f4198b9971d85dc64dc69e5c21c

    • SHA1

      f7c9237b7ab53399d3f94a62c37f27e1e60d06ad

    • SHA256

      7c656bebd4ccc20a854c95c4082a3aee2955c8b02b4719e776cd645eda9382cc

    • SHA512

      3f131a8573ee39c9a96cdbd61da0084126e350b297d7239592c912e7ab328c2ac41c1599a80b67fced3f2ac249ad3eb0ccf7e5d73d863756060c8e01cbadea48

    • SSDEEP

      3072:E73dMF7LygQfH0VJdYu20F9mWaTd+HCjhjQKOoVGCad:E6ifU/ky2h0KOOI

    Score
    3/10
    behavioral14behavioral15

    • Target

      data/flutter_assets/assets/Logo.ico

    • Size

      146KB

    • MD5

      dafe4dfb00de5157a1ad8b8412bf294b

    • SHA1

      42ebc1500e23a8c708246ff0aadb2d8f82f0af0d

    • SHA256

      77df9eb84b8f1a9cecc96a4e07d85e8efd8c8446a949c044f2a1c00adc91e67f

    • SHA512

      47ac4877be1596a1620b959c6608873bd04c41808e82be61c2549c2ff2043928ed6d493acc7af0ce8ebcf283464c1f09b08ff263feb4e435ced6ca6d83262571

    • SSDEEP

      3072:3lPKi7m8KbmdyVLxbaBJe5ZBGhzOj2vGDiH3Mqmy:3lPu8KqdyVL8BJeLB2zOjZmWy

    Score
    3/10
    behavioral16behavioral17

    • Target

      data/flutter_assets/assets/Logo.png

    • Size

      369KB

    • MD5

      66b2e231bb458ba990db4264fc33a8a2

    • SHA1

      176089b7928351b306e4f3ffd3f380daebdd77e3

    • SHA256

      f79f963e3252c8955eae8c78d8a2dd082bbb3e4654d464af1124ef40fa5741a6

    • SHA512

      5a9306e0ed1fab63b0a37f62f7baf9ccbd0acb63b97f58d2d9c04c64233acdb020c3364a025ec476c8e06182fcc11d43b89a0127990586c8c53111d5d5c6a07e

    • SSDEEP

      6144:35bzZ54LuEMeSFVqtbNWVoyJAwW+GgKh+7RSphD5TEPiLqsCWDJeJ4+bEmUfoym:ZyQYN5yJsMK8d+1dhCxJ4OEZg1

    Score
    3/10
    behavioral18behavioral19

    • Target

      data/flutter_assets/assets/animations/success.json

    • Size

      12KB

    • MD5

      36ba0c9961f80adb7c58ef450fbcd79b

    • SHA1

      d8af03f91df9d777bb68a06583d32d2498e0ea87

    • SHA256

      1584e226904a5456af0ceb35d0a1cb57b714d92908ef386b975d75619104a9fd

    • SHA512

      ba4281ac74a54d51942a4813e3fab86d114b335211b77b97e4dc56c7d0a96334940199616eed00c8f0314eaa096e1850dbef4a7f1ed345eaac4bf38ecf44f4a4

    • SSDEEP

      192:NWOEuyrOPSY7nITOOGFCoCOOxOeOYWOoyrO9YGYvjIi00G16k87E71iM:Uec4ITXGAoCXxb8bc4hh6/7Gn

    Score
    3/10
    behavioral20behavioral21

    • Target

      data/flutter_assets/assets/defaultConfig.json

    • Size

      3KB

    • MD5

      9d4f94e11ff2843e59a2b2e4aafcffc7

    • SHA1

      e48a5c3a82fbef78913a8bf536b0903a98d65c0b

    • SHA256

      e73f55889a262c66ab13688b71f8ccd6289849b12c29df1176fcebd6100b1b40

    • SHA512

      9f83c1bf6c2f1217f8b5414b8f207e90382166d000edef8e75f282f271d0023dfdf9a9155efeea8a83d42446638a9fde8980094ba3dfa73756239293e1d25b82

    Score
    3/10
    behavioral22behavioral23

    • Target

      data/flutter_assets/fonts/MaterialIcons-Regular.otf

    • Size

      1.6MB

    • MD5

      e7069dfd19b331be16bed984668fe080

    • SHA1

      fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4

    • SHA256

      d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453

    • SHA512

      27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

    • SSDEEP

      24576:PsSIRolMKvGXtkXKLkMp2fXrNsAxI6zD2/qxDoq4eeeDrG2eOeGr2lkzhlTMrRoV:P9njdzbwc9

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral24behavioral25

    • Target

      data/flutter_assets/packages/cupertino_icons/assets/CupertinoIcons.ttf

    • Size

      276KB

    • MD5

      6d342eb68f170c97609e9da345464e5e

    • SHA1

      3fb6dbfe8477121c2a0881f533a2f24ee0485985

    • SHA256

      c7a357fad8f2102890b72cdb6e3c98f14db3a19ec60db26d13e4fe93f773808d

    • SHA512

      67e157249b029211dc76e573b4b77cabfb458ad702827b5e21d43aa4db8aca803d71943c7dcb242a4d2a35e1e6debe9aa16317839041e25fecf167192ab58543

    • SSDEEP

      6144:W6dfXjvunBmDKBpPPiPPXQpVes0hMVSW3o0LUcwFHOaXVe:W4fT1DKBpPPiPPXQpVes0ekW3oqUcwVG

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral26behavioral27

    • Target

      data/flutter_assets/packages/window_manager/images/ic_chrome_close.png

    • Size

      298B

    • MD5

      75f4b8ab3608a05461a31fc18d6b47c2

    • SHA1

      d54d970bf54be147f45230d5adf4265d8e6be381

    • SHA256

      70fe0130bbbd928d04cd33a49ecde422ec54fd748b7a4e983f4e31be6e73f5f5

    • SHA512

      3dfd36c0b364f954377b2c8c84a6d77d5b6045f4bd3fcd7e73f6ea2f3555bcead39227348700be16ec6be08c7ca62d49cd9251190aa4ddd4680afaa8b38055c0

    Score
    3/10
    behavioral28behavioral29

    • Target

      data/flutter_assets/packages/window_manager/images/ic_chrome_maximize.png

    • Size

      271B

    • MD5

      af7499d7657c8b69d23b85156b60298c

    • SHA1

      ca38312a38bfc6acceed24961ca4b7f83177eeb3

    • SHA256

      93f2ed012ec01288b78ad4816ef254261e9ff25e8a9858359b45431c9a5de5f4

    • SHA512

      3ef964d7d017088d1227409e74b98b21df381a7db558e868aed7a34780f38b329775c11b8dd77ea8d5e1089ccd6b78fe3ea4397bd54e0c0a19f64ca7119843b3

    Score
    3/10
    behavioral30behavioral31

    • Target

      data/flutter_assets/packages/window_manager/images/ic_chrome_minimize.png

    • Size

      166B

    • MD5

      4282cd84cb36edf2efb950ad9269ca62

    • SHA1

      28255b717348279c856cb77c632281a47e7896d1

    • SHA256

      0976edbb9977136544af17de125f345a41065694de92036d9365817ea6d8f05a

    • SHA512

      3b1fa86fbe4780b9864a3c5f4bc4a456139246d8950ebf6d1ff7ad77349e9be700d57bb7a28b3bb61a9fb76d68e3a9771058ddf45b202c14dd79bafa4fd75e3f

    Score
    3/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

5
T1012

System Information Discovery

20
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

discoveryspywarestealer
Score
7/10

behavioral2

Score
3/10

behavioral3

Score
1/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
7/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
7/10

behavioral26

Score
3/10

behavioral27

Score
7/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10