empyrean | 3030066111e07266a8f207b603869d70c0c2ccd4159ef979060500c1b931d146

Sharing

Copy URL

Twitter E-mail

General

Target

commet v3.1.zip
Size

39.5MB
Sample

240526-t31gqacg8v
MD5

dd32f58ae1e767118583e57ea9c0d108
SHA1

1629f4145e073dc152327cb57d3a70d49b27916f
SHA256

3030066111e07266a8f207b603869d70c0c2ccd4159ef979060500c1b931d146
SHA512

ffda3299a0591ae1df56032475e384ffb83a8d70cd984ecf6dfc10e386ac9549d59aaa29878d151256c675d949ca29a6e23d091692092ae4da11bab963aa6585
SSDEEP

786432:eVRndPJ5FNkiAWRIoP2qXyvWnk1XBHOECXqVWCaaE8qJG9S+:AndBbRAWRIoP2qXuW8VCXqVHaaEQA+

Score

10^/10

Malware Config

Targets

- Target
  
  commet v3.1.zip
- Size
  
  39.5MB
- MD5
  
  dd32f58ae1e767118583e57ea9c0d108
- SHA1
  
  1629f4145e073dc152327cb57d3a70d49b27916f
- SHA256
  
  3030066111e07266a8f207b603869d70c0c2ccd4159ef979060500c1b931d146
- SHA512
  
  ffda3299a0591ae1df56032475e384ffb83a8d70cd984ecf6dfc10e386ac9549d59aaa29878d151256c675d949ca29a6e23d091692092ae4da11bab963aa6585
- SSDEEP
  
  786432:eVRndPJ5FNkiAWRIoP2qXyvWnk1XBHOECXqVWCaaE8qJG9S+:AndBbRAWRIoP2qXuW8VCXqVHaaEQA+
Score

1^/10
behavioral1
- Target
  
  commet v3.1/commet/commet-grabber/Commet.exe
- Size
  
  38.8MB
- MD5
  
  59f8e658cf34334dd88a8f67da31ba85
- SHA1
  
  bddb50c2de10bd5a1d06c667e7b9c7cdd68fdd89
- SHA256
  
  780329f1842fdde4f7a215ea3c597d5c90e969d538756bb837fa20af17f8947f
- SHA512
  
  c56ccdbdd3d803c3763505bef40258a9c9c10f03f92490c21226e39aa628a1a081664d26543db6007f25d1650233d45c37c327e3ba77df95e2ba57680e3deee5
- SSDEEP
  
  786432:yPLFXNfh50sQhEwLuDtQPux6F2Bf5aFMR8DoewQW650F:2LFdJ5QhE8uDtquGhMR8DdwQW7
Score

7^/10

pyinstaller upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2
- Target
  
  main.pyc
- Size
  
  7KB
- MD5
  
  09c70b0bf3f9b37a57fa2db2b5d01830
- SHA1
  
  84dc12c253e416fce004f4653a8b973828658dea
- SHA256
  
  8bf9762bc76a5df32083fe5b4514d0387f7eeef1972b78a879d158a9d0b79ee8
- SHA512
  
  062c78186bef84e461ab44143cde14c83c5c246ea99cd722a0fcdd9f2e6e841d467fe01fa30261fa1a85b4a2cd39e59a0867697a2929609d01504ccbdfa5b10e
- SSDEEP
  
  96:wNCrhOdjfoUheuwYoiQiCj73RuWdXwywI81B2PN8EaYdJhwA1sfkF+MdwfOn/Kv:wsOjwOD8i6QWdXwhecGJhwPhMdwGnw
Score

3^/10
behavioral3
- Target
  
  commet v3.1/commet/commet-grabber/bin/api-docs.json
- Size
  
  5.9MB
- MD5
  
  19c541f355cad5fb427a38317479b698
- SHA1
  
  aebc5b3b123ab962606b6072806027d9b6c758e9
- SHA256
  
  6c003208304e585290c9a655c51e5789c4f3e4241a9abc0139a9dbeb5d2884b1
- SHA512
  
  78e3cbe554cdf02457a3892033ebd9f74c5b4446e306248594d682918ea5dc6e52cafe72b3bdf59fda1f9f5b3879576ca1ef2d35cebc66f1d55543b618bcf7e5
- SSDEEP
  
  24576:7ccjk1+ox2ptidmo2KtMTdxsuBqXhGz+rM:hiVuBqXhGz+rM
Score

3^/10
behavioral4
- Target
  
  commet v3.1/commet/commet-grabber/bin/incognito-luau.dll
- Size
  
  1.3MB
- MD5
  
  157fd035b2a344a94166d7db3756df0e
- SHA1
  
  f221d28c1deb80b4e8d9201226435aefce6b0f75
- SHA256
  
  8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
- SHA512
  
  fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score

1^/10
behavioral5
- Target
  
  commet v3.1/commet/commet-grabber/bin/save.json
- Size
  
  46B
- MD5
  
  877b13372acbf8bf740694d141d1aeb0
- SHA1
  
  0c764bef8a7c94ef610c129720d3d3d9a66fea3f
- SHA256
  
  1bc3e6bcf3d47756fe6e456ce68165d39ea8358186d1a9bb4b2e5911389b22c1
- SHA512
  
  38a6a7e7bf9572daeabbafb7bb1868d09f9b487e84e17da263f627315623952ab203c8dc5e940b6d59d15183bdd43d153a08ae421f12d085480e73fcbc3b5b82
Score

3^/10
behavioral6
- Target
  
  commet v3.1/commet/commet-grabber/dist (the virus will go here)/test.lua
- Size
  
  15B
- MD5
  
  45952b4f4540d4ea32b1a56b40dfcb54
- SHA1
  
  c43f61758aede460274cbe0a7a52ed3a8e06201a
- SHA256
  
  819627eee839b974a3a9905ea4f98b1fce63b9ef68a9a1030b39c52ec2046999
- SHA512
  
  5fae4efa4037c96b3012e825e1041ecb419b8b6ce6eeb2f4667228874ddb7be48137d9118dc676e6d1f430e71f68809837e4caea8fd65f6100624e63abb81e8a
Score

3^/10
behavioral7
- Target
  
  commet v3.1/commet/commet-grabber/src/test.txt
- Size
  
  69B
- MD5
  
  8117b088670ace343038cc9e404d5448
- SHA1
  
  b293a8ea46badf3268312b03ffdcbd87936070d2
- SHA256
  
  f7a90e5208841b920b622e0c94eb32653daa297c07d3f8e4abd532201dd5165f
- SHA512
  
  574acf89b137f2ea2259ec704e76ac04fab40a4166f1b5957fc5701bffbefb25ea8d5e1efadc5a2c7249acd6bde419c759589b37f073b162b25bed29ee677d26
Score

1^/10
behavioral8
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/appendfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral9
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/getcustomasset.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral10
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral11
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/listfiles/test_1.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral12
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral13
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/loadfile.txt
- Size
  
  1B
- MD5
  
  8fa14cdd754f91cc6554c9e71929cce7
- SHA1
  
  4a0a19218e082a343a1b17e5333409af9d98f0f5
- SHA256
  
  252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111
- SHA512
  
  711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b
Score

1^/10
behavioral14
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/readfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral15
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/writefile
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral16
- Target
  
  commet v3.1/commet/commet-grabber/workspace/.tests/writefile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral17
- Target
  
  commet v3.1/commet/commet-grabber/workspace/test.txt
- Size
  
  12B
- MD5
  
  56cf8ffa2a808d7cf8a10beab3f69333
- SHA1
  
  df4c752a7558004676bbee87e38b92e0b9056d68
- SHA256
  
  edccb27e6980da866b500c16d9910f2976d7811b4271bbd6073632401bd438a2
- SHA512
  
  efb3617007724fa88c9a9921209e2c2a782cf9bb3aa7a340059a3d0281e4e98938fe34eed0335e7760306a988d437674931759f468dcdc73dcd8a3cdb33152de
Score

1^/10
behavioral18

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

UPX packed file

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18