fc1d85df03403733ae26aa5a49618fa8b43c17ea2a22da028f7896d139f54deb

Resubmissions

08/06/2024, 19:39

240608-ydcftaga47 8

08/06/2024, 19:34

240608-x97q6afb9y 7

Sharing

Copy URL Twitter E-mail

General

Target

mLink2-V2.1.1.exe
Size

121.6MB
Sample

240608-ydcftaga47
MD5

4457d58c96d75dd2863f6697fbc4932b
SHA1

5ceb315714adffa18dccb698cd9241d8d51c4e11
SHA256

fc1d85df03403733ae26aa5a49618fa8b43c17ea2a22da028f7896d139f54deb
SHA512

14e17f0567eb19edbd408e4bd3d1f968e0b6646541282623e0e0d5b5befad5d1d16e5813bed05a66328d759a813a46f2b930577400fc3d554863b02d53820ba5
SSDEEP

3145728:Qy8W+HGZaon3/8Q/Id9UkwD2p5365DZrdIW2gDqz59:7BGjonJwdg053Ezqd9

Score

8^/10

Malware Config

Targets

- Target
  
  mLink2-V2.1.1.exe
- Size
  
  121.6MB
- MD5
  
  4457d58c96d75dd2863f6697fbc4932b
- SHA1
  
  5ceb315714adffa18dccb698cd9241d8d51c4e11
- SHA256
  
  fc1d85df03403733ae26aa5a49618fa8b43c17ea2a22da028f7896d139f54deb
- SHA512
  
  14e17f0567eb19edbd408e4bd3d1f968e0b6646541282623e0e0d5b5befad5d1d16e5813bed05a66328d759a813a46f2b930577400fc3d554863b02d53820ba5
- SSDEEP
  
  3145728:Qy8W+HGZaon3/8Q/Id9UkwD2p5365DZrdIW2gDqz59:7BGjonJwdg053Ezqd9
Score

8^/10

discovery execution
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/demos/rmt
- Size
  
  5KB
- MD5
  
  b91b4e8cc3fa480964cd84cb432b8351
- SHA1
  
  ca4d12775376d7a33389e8e8967453ec775f0602
- SHA256
  
  b1d563b779280299eed96610244125b0cc908c5c830ae1de2765c1b074de0478
- SHA512
  
  95a6ced3cfbee4f9d98de41a049f39ce44a8aec217f70a7a0e4a113ef4a35377bfa4bebf96faf6c9ccd4473a6ad65596acb4eaa27c1df066c3d924c82c9688cc
- SSDEEP
  
  96:cec3+zp0A66cybXk07POdXOdndrvd7sdgdhd7d+oQqsQeoTHyfNRaiksRiIXaQ7L:3cOz7bzPOdXOdndTdgdgdhd7daqjeouD
Score

1^/10
behavioral2
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/demos/rolodex
- Size
  
  8KB
- MD5
  
  b59111e73a4ff4bdc12ac586c8116f4e
- SHA1
  
  9903594bba634fd1c75b9697ae46ad589f324622
- SHA256
  
  f62500d07a6fdaf903f0f8ef8901985fb45725b7de522590ddcf6f1d15ca91ae
- SHA512
  
  db8e212ebbb0f5a142186f09c0d78873666bc261bae08d77720182dfd512d8ac4b0b12658da2a7b166da7f7c58349816315c12d4c76ade6bb954f3fe5a6b7a24
- SSDEEP
  
  192:W43Lk8ASWGL2IT7kbzbY++5Odr9zGVepS:JASWGL2ITotJGwM
Score

1^/10
behavioral3
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/demos/search.tcl
- Size
  
  4KB
- MD5
  
  7924170dddefc4cf2f24b7e72243fe88
- SHA1
  
  223f5467adc73cad40e29a1a468dd899a9b83284
- SHA256
  
  7716ea5f9fcf0ff244012666654e92578d1679bf5dd762a439b9f9a5be21467f
- SHA512
  
  6ae176340c8255d1d998d2e51f9de130e3a22857d7d1d8bf1ccd0a3bb64c9f610fdd3897c4f8a9442c870e858a413cbf8687deb508563c6f4427e7d483e37ad5
- SSDEEP
  
  96:BOSxvcqBSVop5HTWW6dk6x3zqgben3FUCDx+TrdDGsYo8HAuCVpzJlO9:BO7qPXiZdAHdWY47G
Score

1^/10
behavioral4
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/demos/square
- Size
  
  1KB
- MD5
  
  73fa72665e40a9ec55222c7513a5c96a
- SHA1
  
  f2b9124661583ee43793b79dcc1f985cb20abd41
- SHA256
  
  da85f40a193c79f2efc803931aa763639c8fe182639b546253958f2c2d90fcbf
- SHA512
  
  efdbd45ea0f83f57080ab76a7ce48bf7c19a75aecbb87a74b47e06a1c98c55dfe2fa88ac4ab3353b68fd0a278596a6608dee081f3518f4c6d9d250e57e72cb4b
Score

1^/10
behavioral5
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/demos/style.tcl
- Size
  
  6KB
- MD5
  
  a160ffa0a65af1221979355bc70dce95
- SHA1
  
  7bfe597113864f0b4670c4d84266310df00d7fe7
- SHA256
  
  41e80dd275b5a4e2c432a9991e82a1bb3ca028535ae5d187bb51dc36c0d0e660
- SHA512
  
  5ad380c89a086d9858ac7c1fd507bb24ea3832c3133fb9c06c77744eefde78ba727f54487ce299dd7337b3ad8960f34badf50d3289860d5909c1e97e3953a512
- SSDEEP
  
  192:xOqzpm64/ErQcHu9LTfprN6WGSopWjXF/Cz3WO8Iaz1/ar1npTWD/uxM6ytcwag6:x1a/fIx
Score

1^/10
behavioral6
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/demos/tcolor
- Size
  
  10KB
- MD5
  
  97b924609dfb991a4b3140f5b412fe55
- SHA1
  
  f37b753c3d0b1b9661ab79fc391de10e0dad3522
- SHA256
  
  ac9ef647e540271eefdef438792ac673e0470ae63a35b51b0fbc963d0737a4ba
- SHA512
  
  5ca46d5cdcd660b1cf16fe81b565a2baad6d63d8b31e3e6bb6a43cde96f44e0aa273dce3f746205ba4850a1550bd59c1337871cdef1ea77caf6b3ebbdffa0034
- SSDEEP
  
  192:DcI9Tiu4iEpDCC9IZJGGpiUHF1RU8fIY6ahdmkZo0gI6neQJ+gPNiAORVLd1ZaK2:DcI9TiurEpW/JGGl1RPmahdrZo0k+gAm
Score

1^/10
behavioral7
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/demos/textpeer.tcl
- Size
  
  2KB
- MD5
  
  a16b50b1a5591814fc705c79c667b299
- SHA1
  
  c50271760859a938cbfee8c27c4377fb3164b1e2
- SHA256
  
  1b4f5c83a97cdd234d28784e109e0a4c3d73778a2e082599e23c239807513d0f
- SHA512
  
  bdadfb7e7cf160857d5f94aa3eda593527707ed236d53a0ca3869adc9b4a4223934a1feef4f7a76c6a4ad1491f4f038408c5fbc15f27102f5b69bf1a0d8a6f73
Score

1^/10
behavioral8
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/demos/timer
- Size
  
  1KB
- MD5
  
  ff4e73f84e446aef7f57f7a6cc4de96a
- SHA1
  
  a0b695bf0ce4725a717b455c71b5132f0c3b990e
- SHA256
  
  5b3f35108dedc05037876be974bbfe18899509c203d5ba4a15e225fbe81d1a59
- SHA512
  
  2452d543c638b5c88bf5f30e8bc94ce18dc2a89571f952d86b7b3d3c1688b3a870a611d71c6adeedb564eba1ad94f73aad878ef8fc387a0a214a35ea56df5c69
Score

1^/10
behavioral9
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/palette.tcl
- Size
  
  7KB
- MD5
  
  a2dd6dabe64d0456954897c5da6b4361
- SHA1
  
  3d630d9e4d4cf6921afbc6ec78dc17f8d03ce98e
- SHA256
  
  b82067bda6b5615d393692bafa62baf1c47c11f763fbc7e9f3a201821c5ae155
- SHA512
  
  d7a8cdce230ab8444f080cdaa314214f00cbd2ecc488fb09c76e02a1e86a659e8fa95d80b7ecefecb3c9f415f44b1f69477c7dd175c985fa7ed6e1875d25467c
- SSDEEP
  
  192:ZUW5yUd51URCJWgWWWuWVWUKoDOdnAjLDlJymGH91QOWJCy3XZQRr:ZLXaCI3dFUlPdnAP69WJor
Score

1^/10
behavioral10
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/safetk.tcl
- Size
  
  7KB
- MD5
  
  efc567e407c48bf2be4e09cb18defc11
- SHA1
  
  ededb6776963b7d629c6ace9440d24eb78dea878
- SHA256
  
  9708f5a1e81e1c3feaf189020105be28d27aa8808ff9fb2dcca040500cf2642a
- SHA512
  
  bda5f92bd2f7b9cd29c5a732ec77a71291778a0ec3eabe81575c55de3e207f663ba28da4c95174045a74efff71b95d907c9d056baa9e585e6f6dc14a133760bc
- SSDEEP
  
  192:keEoaa0QfsimXZrjpgj47e5QeO9uMfUKvLAN6Zo:keEoRHsiWddgkoiUeG
Score

1^/10
behavioral11
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/spinbox.tcl
- Size
  
  15KB
- MD5
  
  9971530f110ac2fb7d7ec91789ea2364
- SHA1
  
  ab553213c092ef077524ed56fc37da29404c79a7
- SHA256
  
  5d6e939b44f630a29c4fcb1e2503690c453118607ff301bef3c07fa980d5075a
- SHA512
  
  81b4cec39b03fbeca59781aa54960f0a10a09733634f401d5553e1aaa3ebf12a110c9d555946fcdd70a9cc897514663840745241ad741dc440bb081a12dcf411
- SSDEEP
  
  192:aR1yvxxVRQRrclOniQ14Yvg5bbVFMio1UF9w9P75uaMY+c6RhO1ON6Ql4qRiZ0NO:MyF5XVF61iwZ75/YRhO464z8wdEt
Score

1^/10
behavioral12
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/text.tcl
- Size
  
  32KB
- MD5
  
  3eefef5b426e3353edc6f60d9213e6ce
- SHA1
  
  e9c33ef1beb4d98cae8a1e1ccd3f7262983a114a
- SHA256
  
  034ba3ebc3abccf977e8639544be6f4bb9feded66aedec8bdf09a0ce60726cc5
- SHA512
  
  a1cd825659720b8f2c406b07872ba2f683930fe7c1d5a03eb45f7dc511b899d0450ca211883e97d28529fc0988ee3c8b1c8f6b24d9b30e712e261ea7e0bfc2ff
- SSDEEP
  
  384:ThZXGSuWlNGbXBFFRzGagUNKEFx8wredko/gVVFaO/9bembFWaHnla98ffliqiPp:TYaNGtF6uNdyy4Ona98fflUAlde
Score

1^/10
behavioral13
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/tk.tcl
- Size
  
  22KB
- MD5
  
  e8d387da1734fafeed0dd5c3b130166f
- SHA1
  
  ff287e0b0640d71933b782b7ba5c1757d74af612
- SHA256
  
  3b6c2b381474883e9a8e470b414541cf032981831d8e6793335ff055a8291156
- SHA512
  
  2c1d79b63ac82601e018de82b8c2bf119a4ee63c55089b2ad5344da8e4af5e5fd8c64a880207da3bc960831ca8d896b511171345c3c1d6241907310037348482
- SSDEEP
  
  384:d9AlIQ7ylH462gngqeObubqLwvoGah0QSA4jLGn3WB0MCdPAWD+g190K5TzMSW4E:d9OIQulHokh0QzMemB0MCD+g1bz+
Score

1^/10
behavioral14
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/ttk/cursors.tcl
- Size
  
  3KB
- MD5
  
  74596004dfdbf2ecf6af9c851156415d
- SHA1
  
  933318c992b705bf9f8511621b4458ecb8772788
- SHA256
  
  7bdffa1c2692c5d1cf67b518f9acb32fa4b4d9936ed076f4db835943bc1a00d6
- SHA512
  
  0d600b21db67bf9dadbdd49559573078efb41e473e94124ac4d2551bc10ec764846dc1f7674daa79f8d2a8aeb4ca27a5e11c2f30ede47e3ecee77d60d7842262
Score

1^/10
behavioral15
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/ttk/entry.tcl
- Size
  
  16KB
- MD5
  
  661a43bfa54a87494efcac7042666e16
- SHA1
  
  893253ddab43a03b66443ac78a75a9d86f3f3ebd
- SHA256
  
  f3507df2a512edb3b6a5d4f97bd0f389f8f71c5e5c811bc47026817012acc41a
- SHA512
  
  13ba9fc74a511efdca7be2de665902f0c4ae61212b1680381981874afbcabdab225e5189b13e201999e52aac0733937bfd40af072738ea9232eaa940c7ea6de6
- SSDEEP
  
  192:hRy3ALQk3U0oayTUXIQzNiQ2iEL8QmOhQVqknFoTOXyJtcC1JMuZm41ZxO252ExD:GNUXmiEyOFWiTOEtcC1S252Ezp
Score

1^/10
behavioral16
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/ttk/treeview.tcl
- Size
  
  8KB
- MD5
  
  a849bb347443f71bccd36028f08813f6
- SHA1
  
  5ce1c5e891f934612af71348f4ce7d6a60c9399c
- SHA256
  
  3cadaea517d5cbb1f2ae09f8f5caef7b7d0104e71c07be7263d9af158ce2699d
- SHA512
  
  4a8ce4043d221aea26c569a050a21a874779123888a6cf08aacb4beec039d9a17eda17109fd9115e79c1ae05dfd557de774f692a46eff37aecb081743dc53023
- SSDEEP
  
  96:2Ou002WQZ4sNNxjKomA3xj9L/37NbbFqG4eeMxCSbk3TPMrngEibSB1GjwPBKsF0:ZWeZ5BDX+DsXibSQUMHLCGLdE2bZ
Score

1^/10
behavioral17
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/ttk/ttk.tcl
- Size
  
  4KB
- MD5
  
  e38b399865c45e49419c01ff2addce75
- SHA1
  
  f8a79cbc97a32622922d4a3a5694bccb3f19decb
- SHA256
  
  61baa0268770f127394a006340d99ce831a1c7ad773181c0c13122f7d2c5b7f6
- SHA512
  
  285f520b648f5ec70dd79190c3b456f4d6da2053210985f9e2c84139d8d51908296e4962b336894ee30536f09fae84b912bc2abf44a7011620f66cc5d9f71a8c
- SSDEEP
  
  96:53a25129CKELfMonw+PzpaVnNqovaq2126262R2D2q2k2j+/2FhbtpGt0vcWOQRg:53j5MoKE7JEnN7CTMDDA6Tlj+uFhbttK
Score

1^/10
behavioral18
- Target
  
  resources/app/mlink-v2/exec/python-env/win/tcl/tk8.6/xmfbox.tcl
- Size
  
  25KB
- MD5
  
  e1f7ae92e5660f48d455afd939f3261e
- SHA1
  
  a8e69557a56f226650cc6444e5cc04705ea38d78
- SHA256
  
  a4fea2cbc0e8f76a3875fb7a60510d975fd361c196e24ce1b860a15fa4bd8c92
- SHA512
  
  1cec12596ebc13ee07ef021d5a3e822d7abe2f8f7f3a72bc6d73e189c9c4e776bbd6684df48bc86cf77217cbb00fbcc28207bd035c9a9f35ba8d60fd69379b40
- SSDEEP
  
  384:obPA7Xi6V2+Bec3ijn7H6HZ1KDRvRcbQ3sd1GkjDo413lK/RIV5MXrSomsjiETwE:orA3TbFc3sd1GkF3cIVfx91w
Score

1^/10
behavioral19
- Target
  
  resources/app/mlink-v2/exec/python-env/win/vcruntime140.dll
- Size
  
  81KB
- MD5
  
  a2523ea6950e248cbdf18c9ea1a844f6
- SHA1
  
  549c8c2a96605f90d79a872be73efb5d40965444
- SHA256
  
  6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4
- SHA512
  
  2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a
- SSDEEP
  
  1536:tBYGvQ2+Ub54AE6ZkJrIriwx0AKGsu0g1kq1ecbRMKlB66M5iEBiA:tB7vQ2+a54AE0sAKxQ1ecbRMKlQoE0A
Score

3^/10
behavioral20
- Target
  
  resources/app/mlink-v2/extension/channel/index.js
- Size
  
  1KB
- MD5
  
  b6ff90c46ead11d2ce4b8881ceece717
- SHA1
  
  43b97c6de698f99765a64d91d52d0ee27a622a04
- SHA256
  
  246b4ac6366b178fda3ac2f9d547125798825898218773fc2ac67e794f3f8e11
- SHA512
  
  788c6a909eb8af89ecc09f76ef61216dfff18320e24fe4869e19598287fcd488da78f3c8d71746f74c79f26836743e1b8cd6279ba5ac82ecd877b7956a5cde39
Score

3^/10

execution
behavioral21
- Target
  
  resources/app/mlink-v2/start-server.js
- Size
  
  14KB
- MD5
  
  2acccfd1f09fde1f7a5a846b37f542d3
- SHA1
  
  279e2c1758df442ee27f80847a66fc89f4d13d58
- SHA256
  
  427cf1c30d363cbe8b7cc119c045cc540fa04c5461150a61d68840102ed1b8aa
- SHA512
  
  1a368f87841f1e94005f0d66681bc408683871567dba382f1338b40f96643139bebc72a8a05aded9db56afada4ecdcd7969c04480c2ba6817200f4b270f8ff58
- SSDEEP
  
  384:DVSlA1r6L/zaVTzjs7STsrGJDn5MMYjAQe:0lA1r6L/zaVTzjsOTsrGJ5MHAQe
Score

3^/10

execution
behavioral22
- Target
  
  resources/app/node_modules/@makeblock/mlink-socket/gulpfile.js
- Size
  
  695B
- MD5
  
  0f3e8e6256aae879b4d9c6f427b2664c
- SHA1
  
  027bb60759d1a16c98136eca8389822b92f5deab
- SHA256
  
  ee4a7a324e4d086a86099c38c38469a5c8043d2c6bc1abad0b3f104d5d7e0818
- SHA512
  
  41b2d3af5427e6db9bda3879ef78bbb77df57f20d138fd0bcf2a6f73837e79df300dd9887d1e46db91983a476d8fd3f1cccee09a172eff34071e615384abcc79
Score

3^/10

execution
behavioral23

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23