f350bc1bfee147221881ea40a05aaa188806bf1461c2175dfcd1b0be127fff2b

Sharing

Copy URL

Twitter E-mail

General

Target

McTools 2.zip
Size

5.0MB
Sample

240530-n3aneagc7z
MD5

6852d1cf5e48b45c446f793a1d4f5852
SHA1

c0a0375d3999a7c95b6f844f658bcb51b007e31b
SHA256

f350bc1bfee147221881ea40a05aaa188806bf1461c2175dfcd1b0be127fff2b
SHA512

7f46bdebb417a1133545393ecbc8100dacb34ee4ed82631e826a9b0f97e03aa350542b35a094703b56af414120ba8a88778e904c6b99ea962dca80cd021150b5
SSDEEP

98304:LzHfzH/HzHaPiZebEzHfGNocKgVX9GI+WKAjlLhWixFf7Xaw81zwMIPYwU:LLfL/LAiZMELsoWX8I+mldWixlXaw81z

Score

4^/10

execution

Malware Config

Targets

- Target
  
  McTools 2.zip
- Size
  
  5.0MB
- MD5
  
  6852d1cf5e48b45c446f793a1d4f5852
- SHA1
  
  c0a0375d3999a7c95b6f844f658bcb51b007e31b
- SHA256
  
  f350bc1bfee147221881ea40a05aaa188806bf1461c2175dfcd1b0be127fff2b
- SHA512
  
  7f46bdebb417a1133545393ecbc8100dacb34ee4ed82631e826a9b0f97e03aa350542b35a094703b56af414120ba8a88778e904c6b99ea962dca80cd021150b5
- SSDEEP
  
  98304:LzHfzH/HzHaPiZebEzHfGNocKgVX9GI+WKAjlLhWixFf7Xaw81zwMIPYwU:LLfL/LAiZMELsoWX8I+mldWixlXaw81z
Score

1^/10
behavioral1
- Target
  
  McTools 2/McCrypt/Keys.cs
- Size
  
  9KB
- MD5
  
  05feaf15d25e391d738cf801f83fc106
- SHA1
  
  a7a6f0ef61a59462ca39783d45be01f77ac2a000
- SHA256
  
  07553a38df5579fd7825bda72ca7316260f25b76c892bb45d7f32a9a49f11b5e
- SHA512
  
  1e80ed9825e7d2a870fb3807736cd61d0575c075d788dc792cc381d3ee275987bdbc4306582ac5d05a33dbca1fd4d6c478d6b4d29bc9ca9b4e037768d64cc8ab
- SSDEEP
  
  96:eo4hU2nF4GN1C2NcfFvyWXmzpKoGT562FojXzwmdCSByW1yWxkpDWVtKVJMe9uKD:Mb6VtWzp862mXz/XbkpDct6Mej94+x
Score

4^/10

execution
behavioral2
- Target
  
  McTools 2/McCrypt/Marketplace.cs
- Size
  
  14KB
- MD5
  
  63ed98d86aec7d2d06b9c5c1a29d712e
- SHA1
  
  08d4728fc311b799b6ad57fe2854c06755a4a3f1
- SHA256
  
  d07691253015cc95a7fc8ce375b072cb3770c23657f32807f627b3ad31372915
- SHA512
  
  2d69ae6dad503617e9f5e9fb7c1d31d6ae5165b024936bf1486a58609923e04e7abe819970f054aac50fa499342e886b26199188c566389f7d60f893d04bedff
- SSDEEP
  
  192:MUFnq8DkqQnXoBJMXiyfgBUytGMiRuSLuyQcI+B9asYmHaGQMaUgMqyyg5RO:M8xBWg5tGM8uunDBKmHaGQMaUgM7jC
Score

3^/10

execution
behavioral3
- Target
  
  McTools 2/McCrypt/Utils.cs
- Size
  
  2KB
- MD5
  
  d270d27148f8074d16b8d9faa19bfb36
- SHA1
  
  61e2703183e61b33702d0cc95bea354f2a456128
- SHA256
  
  7cae573072bcddb96f61e230ad978c8635724ed162b324803a617c1c9412f62b
- SHA512
  
  af498d5f3631336028c6b3990608a28d3ce01ef83eda79755e5e3b0526c58a6371346a765a7e085b8dd8aad44dc7ac51ae898fce9d7385dc37bf257fc9b35351
Score

3^/10

execution
behavioral4
- Target
  
  McTools 2/McCrypt/bin/Debug/LibMcCrypt.dll
- Size
  
  23KB
- MD5
  
  8cac54c71b58c67db54ea6ef0ab9e350
- SHA1
  
  14a6720174eea0dbb0de70f56e8a7f5b22df362c
- SHA256
  
  b05d7f7f63a959fdd96ae2bf82cce8ff55c8129d726dfe1634e36e3385efaf33
- SHA512
  
  092ed5f3610b5381b1ac388b4e77acbd215303ddc31e16f28815e3c6de5611cda1422619f8d6bfb498ea49b07f36425193f83de1baa1f5ffcb9a1d41d2ecc12d
- SSDEEP
  
  384:Za2VK+oPpedFDdmPNUf6KjXjc0vH+qKb8xTxrRdJSx/KhAlRQj:Za2U/KXcceoXbSBKi4
Score

1^/10
behavioral5
- Target
  
  McTools 2/McCrypt/bin/Debug/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral6
- Target
  
  McTools 2/McCrypt/obj/Debug/LibMcCrypt.dll
- Size
  
  23KB
- MD5
  
  8cac54c71b58c67db54ea6ef0ab9e350
- SHA1
  
  14a6720174eea0dbb0de70f56e8a7f5b22df362c
- SHA256
  
  b05d7f7f63a959fdd96ae2bf82cce8ff55c8129d726dfe1634e36e3385efaf33
- SHA512
  
  092ed5f3610b5381b1ac388b4e77acbd215303ddc31e16f28815e3c6de5611cda1422619f8d6bfb498ea49b07f36425193f83de1baa1f5ffcb9a1d41d2ecc12d
- SSDEEP
  
  384:Za2VK+oPpedFDdmPNUf6KjXjc0vH+qKb8xTxrRdJSx/KhAlRQj:Za2U/KXcceoXbSBKi4
Score

1^/10
behavioral7
- Target
  
  McTools 2/McDecryptor/Program.cs
- Size
  
  8KB
- MD5
  
  282673d5ac3851342e68fce48f8e8636
- SHA1
  
  1fa80c61c58b925401c7ff06daa0d2bd3934861f
- SHA256
  
  1fb1ff74c755123f20081741de4bba020ebde5ab3b521d1b477f73b968d86af1
- SHA512
  
  3795e3110dd6e4472f3a334716f709b5844345873cdb1eef9693bbc4a8320ee7d4e87e4092e3d72fc2e1b603b8addd327ea19bd3c7c1e7267dbf340ec5a7653e
- SSDEEP
  
  192:9PhRShpiZHdH8j2MVnlddM8vlzhBSnf5MnDQ3j69op6Sx3W0N:9P9M55MWLBuMc3W0pxm0N
Score

3^/10

execution
behavioral8
- Target
  
  McTools 2/McDecryptor/Properties/Resources.Designer.cs
- Size
  
  3KB
- MD5
  
  1fe5f792ebd629e2020e04ae26dfe933
- SHA1
  
  29bb8b54391d81be8dfca0da371cd5c42c4c2bc5
- SHA256
  
  fba4d50b71f4b22eeb70984bcf91e30ff0b0ede08f21720a4817f8447285b7fa
- SHA512
  
  1b68b64aa31e59bf9afb6a7f05cf2b3bac7bcb7097ae51e7e0ca227b36929e6e03d361e2245497fddd2b0832c3f436676e4fae2a25a3ded4945f313cb2a1d7a7
Score

1^/10
behavioral9
- Target
  
  McTools 2/McDecryptor/Properties/Resources.resx
- Size
  
  5KB
- MD5
  
  4c96ff1f906c3fdcf4b33620187f64da
- SHA1
  
  345db85ef6c62c7a37fb4c509e0d8093e3afd441
- SHA256
  
  419d0733192e32a4705cc59f6a65ab053721537ecbfccdf5c0e4258d418531cd
- SHA512
  
  6d2d357226a265bbeb398739adc31cd5b9ace296f61c327674390366a0167c734f09467ba5213bf5b918081b8d901b095b3817bfa633df2dc102673f66b276a2
- SSDEEP
  
  96:ECf+lbD5X5LPXCazYV5Lv6K6uOidfaxwsxuUPFC3qxdRMvDbu8KsrbEKAy202lU3:Zf+tLPfYnLvFVOiFQaUD7UgGGrh+
Score

1^/10
behavioral10
- Target
  
  McTools 2/McDecryptor/bin/Debug/LibMcCrypt.dll
- Size
  
  23KB
- MD5
  
  8cac54c71b58c67db54ea6ef0ab9e350
- SHA1
  
  14a6720174eea0dbb0de70f56e8a7f5b22df362c
- SHA256
  
  b05d7f7f63a959fdd96ae2bf82cce8ff55c8129d726dfe1634e36e3385efaf33
- SHA512
  
  092ed5f3610b5381b1ac388b4e77acbd215303ddc31e16f28815e3c6de5611cda1422619f8d6bfb498ea49b07f36425193f83de1baa1f5ffcb9a1d41d2ecc12d
- SSDEEP
  
  384:Za2VK+oPpedFDdmPNUf6KjXjc0vH+qKb8xTxrRdJSx/KhAlRQj:Za2U/KXcceoXbSBKi4
Score

1^/10
behavioral11
- Target
  
  McTools 2/McDecryptor/bin/Debug/McDecryptor.exe
- Size
  
  21KB
- MD5
  
  2eccdeb9175a640da817c7f56df44bbd
- SHA1
  
  37d353caa37e0466123a55729fcfd6a492dd17f9
- SHA256
  
  c5ab6a6c06eb4b86e17030fffeb8d8ddb970e7cb780b01955a74f51c77da9b6e
- SHA512
  
  2f6638eef02a894f80e22b1eb177ced00312bcda47e99b92a5f8f6149902d80cf687ab2e9e192588fd285eed00fa290174df532706ad8b451985bc439d54486c
- SSDEEP
  
  384:s6cq5YsO6rDl5YYOlhu+u2sVaiPow9Q7CNpvAN6vfr45ITrw:s6cqTnXl5Yy5Vaigh7CaqR3
Score

1^/10
behavioral12
- Target
  
  McTools 2/McDecryptor/bin/Debug/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral13
- Target
  
  McTools 2/McDecryptor/obj/Debug/McDecryptor.exe
- Size
  
  21KB
- MD5
  
  2eccdeb9175a640da817c7f56df44bbd
- SHA1
  
  37d353caa37e0466123a55729fcfd6a492dd17f9
- SHA256
  
  c5ab6a6c06eb4b86e17030fffeb8d8ddb970e7cb780b01955a74f51c77da9b6e
- SHA512
  
  2f6638eef02a894f80e22b1eb177ced00312bcda47e99b92a5f8f6149902d80cf687ab2e9e192588fd285eed00fa290174df532706ad8b451985bc439d54486c
- SSDEEP
  
  384:s6cq5YsO6rDl5YYOlhu+u2sVaiPow9Q7CNpvAN6vfr45ITrw:s6cqTnXl5Yy5Vaigh7CaqR3
Score

1^/10
behavioral14
- Target
  
  McTools 2/McEncryptor/bin/Debug/LibMcCrypt.dll
- Size
  
  23KB
- MD5
  
  8cac54c71b58c67db54ea6ef0ab9e350
- SHA1
  
  14a6720174eea0dbb0de70f56e8a7f5b22df362c
- SHA256
  
  b05d7f7f63a959fdd96ae2bf82cce8ff55c8129d726dfe1634e36e3385efaf33
- SHA512
  
  092ed5f3610b5381b1ac388b4e77acbd215303ddc31e16f28815e3c6de5611cda1422619f8d6bfb498ea49b07f36425193f83de1baa1f5ffcb9a1d41d2ecc12d
- SSDEEP
  
  384:Za2VK+oPpedFDdmPNUf6KjXjc0vH+qKb8xTxrRdJSx/KhAlRQj:Za2U/KXcceoXbSBKi4
Score

1^/10
behavioral15
- Target
  
  McTools 2/McEncryptor/bin/Debug/McEncryptor.exe
- Size
  
  10KB
- MD5
  
  95ef7e463480a2ff158dbaac05abf3f4
- SHA1
  
  52862dcf3e89ce7b609b914ac876bc611eb52db3
- SHA256
  
  387e213470e20b9d04394eb0c45dcbcd11d7c81bdd2e26e18ca13815c2c38b6f
- SHA512
  
  29c86fa26fe9e0cc01239498b60f80998d80ca75659cb784cb6b62062b636a5112d1e8a0916f13fd3431aa2be33216db1a6b563f6693ec3fa6cee0c63c2570f5
- SSDEEP
  
  96:s6uUSbC5BmTYqEREq7BK/8GUVj6vzDr45IqiSdS6AcgNyszntQMi9zNt:s6ZSgBQZERNK/p86vfr45IKdS7bZli3
Score

1^/10
behavioral16
- Target
  
  McTools 2/McEncryptor/bin/Debug/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral17
- Target
  
  McTools 2/McEncryptor/obj/Debug/McEncryptor.exe
- Size
  
  10KB
- MD5
  
  95ef7e463480a2ff158dbaac05abf3f4
- SHA1
  
  52862dcf3e89ce7b609b914ac876bc611eb52db3
- SHA256
  
  387e213470e20b9d04394eb0c45dcbcd11d7c81bdd2e26e18ca13815c2c38b6f
- SHA512
  
  29c86fa26fe9e0cc01239498b60f80998d80ca75659cb784cb6b62062b636a5112d1e8a0916f13fd3431aa2be33216db1a6b563f6693ec3fa6cee0c63c2570f5
- SSDEEP
  
  96:s6uUSbC5BmTYqEREq7BK/8GUVj6vzDr45IqiSdS6AcgNyszntQMi9zNt:s6ZSgBQZERNK/p86vfr45IKdS7bZli3
Score

3^/10
behavioral18
- Target
  
  McTools 2/packages/Newtonsoft.Json.13.0.1/lib/net20/Newtonsoft.Json.dll
- Size
  
  558KB
- MD5
  
  6355cbc2e2fc439d10b093d2e1fb0f44
- SHA1
  
  3502e1e607e640d53a466ea00cf718354339b8eb
- SHA256
  
  87837943df8c9ed8a759125a5a57dd2d237a2c5eceb742c4353b93d7143b784e
- SHA512
  
  f23ac7b9f948e5c04e5dd6cb7d85165305baa7bef554830bd742e221aca359f5bfb0dece893a8128a6174539a9f32a1070701dd388083e2bbebc4002ed6b0861
- SSDEEP
  
  6144:ndQGX+WzjrOtIldGE1PJCbQ2fT1934zGt2JPyXVo+pyQBnvsJ0unNOqgLXPBl2pa:xX+wrlJyfr2JPTpppURrR1lBNARq
Score

1^/10
behavioral19
- Target
  
  McTools 2/packages/Newtonsoft.Json.13.0.1/lib/net35/Newtonsoft.Json.dll
- Size
  
  495KB
- MD5
  
  283544d7f0173e6b5bfbfbc23d1c2fb0
- SHA1
  
  3e33b2ef50dac60b7411a84779d61bdb0ed9d673
- SHA256
  
  9165e595b3a0de91ac91a38e742597e12ebb2a5a8fa53058d964a06ceaef7735
- SHA512
  
  150b45cd43dc5cf191c85524c15dea09fbb48766ad802851270eaacfd73f3d097fef8dcf0ea042184220e7bc71413677d88a206d8bbe60374986e4789054040b
- SSDEEP
  
  12288:7MzH+hB/pzxJi3X3+b6umJBDARbeqTJge:HLpXk+b6umJBDAJeqtge
Score

1^/10
behavioral20
- Target
  
  McTools 2/packages/Newtonsoft.Json.13.0.1/lib/net40/Newtonsoft.Json.dll
- Size
  
  562KB
- MD5
  
  486015a44a273c6c554a27b3d498365c
- SHA1
  
  cb08f5d7240dfcdcd77de754259b36c0d9a2a034
- SHA256
  
  6a168461c721fd14163751f7839fb8d67483cb5831f1b2b1ab3e96a68b82d384
- SHA512
  
  1578ed43e815017c269d2a37bb9cdc16d51209bfa6bdb7276ad67cbb39955708826973ac7f48c795e6a1361e7d2a14b14b6cea02ee9ecf396a4b02313aada1d6
- SSDEEP
  
  6144:IJj8fixN6WWWgIkPgXCv8YiMvrrN91nU1cysJZx28rs80nnlrautBu+cfImj4yu3:IJjHxN65WCPPvWqFOV6ZxFrvKbByjdu3
Score

1^/10
behavioral21
- Target
  
  McTools 2/packages/Newtonsoft.Json.13.0.1/lib/net45/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral22
- Target
  
  McTools 2/packages/Newtonsoft.Json.13.0.1/lib/netstandard1.0/Newtonsoft.Json.dll
- Size
  
  655KB
- MD5
  
  a8494341b73a5eb47c01be10f7412ee5
- SHA1
  
  130cb87f8ed5b7bb142f3d1523d4fd50024dce91
- SHA256
  
  65cd9c5a731d8761a0753ea6cb5d569e751207b0bbc9fde3c9679d445908027c
- SHA512
  
  730fcff11016f77c47f2ed37a07e96871d9521170e324a4a1d157611131a785738f78be1b8860e5ab77fd934e606afc7ca87d4219c18f645789ca7910c6e3c21
- SSDEEP
  
  12288:yN9pZk5zWS0uWAOwI2EpInqAKCMKYBtAN24+:Mk5z10EOwIjyHP0BtAA
Score

1^/10
behavioral23
- Target
  
  McTools 2/packages/Newtonsoft.Json.13.0.1/lib/netstandard1.3/Newtonsoft.Json.dll
- Size
  
  673KB
- MD5
  
  f8404f5b03f4760e42834c68163813c1
- SHA1
  
  017d0af74be452ad3a06e6cb11604b3c207552b9
- SHA256
  
  814a8147ace7aebc976214107da6e7fc219601257ed1b09ac9d90264d310117c
- SHA512
  
  cfc95adb825a7baa7227fc56ce750f676bdb1d11a67456b2f237dc2f45474c13179bac0df079bdd4a54a873ec4586f1bcc778a1e27cc6f61bdf3f40f31dc4010
- SSDEEP
  
  12288:Y0t+9V6ANvyLC1scj5A6BeopZjNYRjjHD:O6AML/cdjDUjj
Score

1^/10
behavioral24
- Target
  
  McTools 2/packages/Newtonsoft.Json.13.0.1/lib/netstandard2.0/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral25

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25