eb727d2b531794bdc03a85897edc699e2fa1d1412789a4250a92b4929f137bfc

Sharing

Copy URL Twitter E-mail

General

Target

incognito.zip
Size

19.2MB
Sample

240605-a9eztaaa35
MD5

e8ad742226ce407cb5c387c911767271
SHA1

c91ef32b43466eb4a199890c11e30bc52778a173
SHA256

eb727d2b531794bdc03a85897edc699e2fa1d1412789a4250a92b4929f137bfc
SHA512

068ab573f4c6bee9e024017e5bec093fd7112fb23bedc8d21e9bf0f57537644a59864e0c14301ee343efdb849e91ed645ee22991cecb554657bbb757e8a23a4c
SSDEEP

393216:MuD3c7A/mLfnrCi/uyqISF9MkF4QM+SwCurPi+V+tRJjLb1YfSt:LDWLNuyqISY/QMf46+Utf/bf

Score

7^/10

Malware Config

Targets

- Target
  
  incognito.zip
- Size
  
  19.2MB
- MD5
  
  e8ad742226ce407cb5c387c911767271
- SHA1
  
  c91ef32b43466eb4a199890c11e30bc52778a173
- SHA256
  
  eb727d2b531794bdc03a85897edc699e2fa1d1412789a4250a92b4929f137bfc
- SHA512
  
  068ab573f4c6bee9e024017e5bec093fd7112fb23bedc8d21e9bf0f57537644a59864e0c14301ee343efdb849e91ed645ee22991cecb554657bbb757e8a23a4c
- SSDEEP
  
  393216:MuD3c7A/mLfnrCi/uyqISF9MkF4QM+SwCurPi+V+tRJjLb1YfSt:LDWLNuyqISY/QMf46+Utf/bf
Score

1^/10
behavioral1
- Target
  
  incognito/autoexecute/test.txt
- Size
  
  69B
- MD5
  
  8117b088670ace343038cc9e404d5448
- SHA1
  
  b293a8ea46badf3268312b03ffdcbd87936070d2
- SHA256
  
  f7a90e5208841b920b622e0c94eb32653daa297c07d3f8e4abd532201dd5165f
- SHA512
  
  574acf89b137f2ea2259ec704e76ac04fab40a4166f1b5957fc5701bffbefb25ea8d5e1efadc5a2c7249acd6bde419c759589b37f073b162b25bed29ee677d26
Score

1^/10
behavioral2
- Target
  
  incognito/bin/api-docs.json
- Size
  
  5.9MB
- MD5
  
  19c541f355cad5fb427a38317479b698
- SHA1
  
  aebc5b3b123ab962606b6072806027d9b6c758e9
- SHA256
  
  6c003208304e585290c9a655c51e5789c4f3e4241a9abc0139a9dbeb5d2884b1
- SHA512
  
  78e3cbe554cdf02457a3892033ebd9f74c5b4446e306248594d682918ea5dc6e52cafe72b3bdf59fda1f9f5b3879576ca1ef2d35cebc66f1d55543b618bcf7e5
- SSDEEP
  
  24576:7ccjk1+ox2ptidmo2KtMTdxsuBqXhGz+rM:hiVuBqXhGz+rM
Score

3^/10
behavioral3
- Target
  
  incognito/bin/incognito-luau.dll
- Size
  
  1.3MB
- MD5
  
  157fd035b2a344a94166d7db3756df0e
- SHA1
  
  f221d28c1deb80b4e8d9201226435aefce6b0f75
- SHA256
  
  8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
- SHA512
  
  fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score

1^/10
behavioral4
- Target
  
  incognito/bin/save.json
- Size
  
  3.1MB
- MD5
  
  5d7839f72ea689bcfa6fad9b305abbc6
- SHA1
  
  509e73572dfc9d293b5fae34c73ca440d45c74ea
- SHA256
  
  843566b87c7a36dfbb29f5f4ad173fcac9e11584e2adac90804e31b79623b053
- SHA512
  
  c6cf25e307e6ef1eedb9d39687fedccc97db8749c94eb249da307fb962d5602aba002d3dc3721b9ad2fdc8439144e7b31a0073560e129dfc924dabb340d506f6
- SSDEEP
  
  49152:cRBRfzcEF23E43ETim0A8bCeFJj2rA8LT:U0ETimA2J
Score

3^/10

execution
behavioral5
- Target
  
  incognito/scripts/test.lua
- Size
  
  15B
- MD5
  
  45952b4f4540d4ea32b1a56b40dfcb54
- SHA1
  
  c43f61758aede460274cbe0a7a52ed3a8e06201a
- SHA256
  
  819627eee839b974a3a9905ea4f98b1fce63b9ef68a9a1030b39c52ec2046999
- SHA512
  
  5fae4efa4037c96b3012e825e1041ecb419b8b6ce6eeb2f4667228874ddb7be48137d9118dc676e6d1f430e71f68809837e4caea8fd65f6100624e63abb81e8a
Score

3^/10
behavioral6
- Target
  
  incognito/thegreatestexploit.exe
- Size
  
  17.9MB
- MD5
  
  985a7c5f0ee35a1984ed8b0c18847643
- SHA1
  
  2bf0487f62ef4a521d3d51b01a4b8b2625de2a91
- SHA256
  
  15aa7b28eb003b5bfea6679de772a34e59372f2155a87ba8f05ce8c4118e2e3e
- SHA512
  
  9230cf00c8145e199586e478e7db307e75d729b98af24ec1b73e4893348380bd81affe436bee7aea8dc2e1b22d0b7e49af98428756a5832df22f5411e6e7a7d8
- SSDEEP
  
  393216:qtabzFXC2ZKqm6GhXcrRwBsoM8km9XWkdQctnGHS4sak:5blKqm6GmSBs12Gkd/tG
Score

7^/10

evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7
- Target
  
  incognito/workspace/.tests/appendfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral8
- Target
  
  incognito/workspace/.tests/getcustomasset.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral9
- Target
  
  incognito/workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral10
- Target
  
  incognito/workspace/.tests/listfiles/test_1.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral11
- Target
  
  incognito/workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral12
- Target
  
  incognito/workspace/.tests/loadfile.txt
- Size
  
  1B
- MD5
  
  8fa14cdd754f91cc6554c9e71929cce7
- SHA1
  
  4a0a19218e082a343a1b17e5333409af9d98f0f5
- SHA256
  
  252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111
- SHA512
  
  711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b
Score

1^/10
behavioral13
- Target
  
  incognito/workspace/.tests/readfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral14
- Target
  
  incognito/workspace/.tests/writefile
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral15
- Target
  
  incognito/workspace/.tests/writefile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral16
- Target
  
  incognito/workspace/EvolutionSettings/invite.txt
- Size
  
  7B
- MD5
  
  ccb0bbf328efa600546a77a7369155da
- SHA1
  
  659743e331bf48624080859839e83a235c60f359
- SHA256
  
  c43c5259f70b2b7f8eb4c1382b4af7b5af4780c7059688b429f2a7f07b4e3298
- SHA512
  
  59f4825a7d32c92f094bf9e6274435d185dc7b4dbf58c1aaeab272d62e1d9391eb53389c4f0edb3dd961ab2c938fbcbfc5da6f2281cbd2fd043f6f634447fc7e
Score

1^/10
behavioral17
- Target
  
  incognito/workspace/IY_FE.iy
- Size
  
  539B
- MD5
  
  291d5636a434c4f1ceb0f3f776c2a51f
- SHA1
  
  ae287e08f71c522a72812f0dace94b8ffb569341
- SHA256
  
  73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452
- SHA512
  
  7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743
Score

3^/10
behavioral18
- Target
  
  incognito/workspace/KavoConfig.JSON
- Size
  
  2B
- MD5
  
  d751713988987e9331980363e24189ce
- SHA1
  
  97d170e1550eee4afc0af065b78cda302a97674c
- SHA256
  
  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
- SHA512
  
  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
Score

3^/10
behavioral19
- Target
  
  incognito/workspace/evolution_quicksave.cfg
- Size
  
  196B
- MD5
  
  c21681c02d0889b43c178f1d6f4540a4
- SHA1
  
  3fb467ba105d855c13ef250adccd7c5d2d3da04f
- SHA256
  
  ce0f420c3e1fafd263db0f63d37481ef41f98efbc2a70b3046e8f373314f617e
- SHA512
  
  ad89abfec00f731633ae5ec7e7ce86fd2923b6b8328854ad582f48be1cc1235746cf846887339263cdc47702a664d8ac617c8a69f94dbed4b2b2c325a61c2c75
Score

3^/10
behavioral20
- Target
  
  incognito/workspace/hitsounds/rust headshot.wav
- Size
  
  14B
- MD5
  
  3be7b8b182ccd96e48989b4e57311193
- SHA1
  
  78fb38f212fa49029aff24c669a39648d9b4e68b
- SHA256
  
  d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed
- SHA512
  
  f3781cbb4e9e190df38c3fe7fa80ba69bf6f9dbafb158e0426dd4604f2f1ba794450679005a38d0f9f1dad0696e2f22b8b086b2d7d08a0f99bb4fd3b0f7ed5d8
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21
- Target
  
  incognito/workspace/test.txt
- Size
  
  12B
- MD5
  
  56cf8ffa2a808d7cf8a10beab3f69333
- SHA1
  
  df4c752a7558004676bbee87e38b92e0b9056d68
- SHA256
  
  edccb27e6980da866b500c16d9910f2976d7811b4271bbd6073632401bd438a2
- SHA512
  
  efb3617007724fa88c9a9921209e2c2a782cf9bb3aa7a340059a3d0281e4e98938fe34eed0335e7760306a988d437674931759f468dcdc73dcd8a3cdb33152de
Score

1^/10
behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22