Malware Analysis Report

2024-11-15 05:10

Sample ID 240606-t2ztsshf84
Target CollapseLoader-1.2.5.zip
SHA256 9309cbe621ced13494dd892250ea9ef33716713f316c384ad094b7dbd1ff73a3
Tags
upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9309cbe621ced13494dd892250ea9ef33716713f316c384ad094b7dbd1ff73a3

Threat Level: Likely malicious

The file CollapseLoader-1.2.5.zip was found to be: Likely malicious.

Malicious Activity Summary

upx

Patched UPX-packed file

UPX packed file

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 16:33

Signatures

Patched UPX-packed file

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:34

Platform

ubuntu2204-amd64-20240522.1-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:34

Platform

ubuntu2204-amd64-20240522-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:34

Platform

ubuntu2204-amd64-20240522.1-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

150s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 44.241.205.248:443 location.services.mozilla.com tcp
US 8.8.8.8:53 live.thunderbird.net udp
US 8.8.8.8:53 live.thunderbird.net udp
US 104.26.2.27:443 live.thunderbird.net tcp
US 8.8.8.8:53 autoconfig.thunderbird.net udp
US 8.8.8.8:53 autoconfig.thunderbird.net udp
US 104.26.2.27:443 autoconfig.thunderbird.net udp
US 104.26.2.27:443 autoconfig.thunderbird.net tcp
US 104.26.2.27:443 autoconfig.thunderbird.net tcp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 104.26.2.27:443 autoconfig.thunderbird.net udp
US 104.26.2.27:443 autoconfig.thunderbird.net udp
US 8.8.8.8:53 start.thunderbird.net udp
US 8.8.8.8:53 start.thunderbird.net udp
US 104.26.2.27:443 start.thunderbird.net tcp
US 104.26.2.27:443 start.thunderbird.net udp
US 8.8.8.8:53 www.mozorg.moz.works udp
DE 13.32.119.185:443 www.mozilla.org tcp
DE 13.32.119.185:443 www.mozilla.org tcp
DE 13.32.119.185:443 www.mozilla.org tcp
US 8.8.8.8:53 thunderbird-settings.thunderbird.net udp
US 8.8.8.8:53 thunderbird-settings.thunderbird.net udp
US 8.8.8.8:53 services.addons.thunderbird.net udp
US 8.8.8.8:53 services.addons.thunderbird.net udp
US 104.26.2.27:443 thunderbird-settings.thunderbird.net tcp
US 13.224.189.48:443 services.addons.thunderbird.net tcp
US 104.26.2.27:443 thunderbird-settings.thunderbird.net udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
GB 185.125.190.39:80 security.ubuntu.com tcp
SE 194.71.11.163:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 _http._tcp.chuangtzu.ftp.acc.umu.se udp
US 1.1.1.1:53 _http._tcp.chuangtzu.ftp.acc.umu.se udp
US 1.1.1.1:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 1.1.1.1:53 chuangtzu.ftp.acc.umu.se udp
US 1.1.1.1:53 chuangtzu.ftp.acc.umu.se udp
US 1.1.1.1:53 saimei.ftp.acc.umu.se udp
US 1.1.1.1:53 saimei.ftp.acc.umu.se udp
SE 194.71.11.167:80 chuangtzu.ftp.acc.umu.se tcp
SE 194.71.11.138:80 saimei.ftp.acc.umu.se tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:37

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-06 16:33

Reported

2024-06-06 16:34

Platform

ubuntu2204-amd64-20240522-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A