General

  • Target

    CrystalUPDATED.rar

  • Size

    11.5MB

  • Sample

    240615-begetstcmg

  • MD5

    c4c793cef987e26464a0e2175bad3a4d

  • SHA1

    ea9951d2d76a9435f13a5d5032ba6abf6c4d10da

  • SHA256

    57f487f0d8eddd22ea6c42f697c612d3969e8cba20925cb72a1b8568b67b3003

  • SHA512

    23ab84985bc9fb40655f6fb0ecb7eb48f133be4c4be83ccb52fff35225de47aadb6a394a027cfc7ec370e5c9a234f38e04e2c246443d161e40405719381174f6

  • SSDEEP

    196608:ozhyrqZFHiXs4opYKvXUnIaR7tDzZq2cZSCfPwMUlAc4xN/jnAUN9AxIfg+HM+aX:KIrqHj4opZvYIaRpVq+Cn72AjN7nAUvO

Malware Config

Targets

    • Target

      Debug/Crystal.exe

    • Size

      144KB

    • MD5

      9e353bbaf855fd44edba02d747b6e9f4

    • SHA1

      289146c6c89604690048b018638e147e8a53cbed

    • SHA256

      2d0efe812711be404787e0c6832284bbacb0e16e35d241cb29d88f44e8bc336e

    • SHA512

      13ebe39c7665b2d17d83f2df9d4241bcc2ddc7e086ab8b7b031ed56f8356611b92901f70e202d44e2d2d349e9c135202592dcc0ce3a45017576e0cde7d7760e5

    • SSDEEP

      3072:kjWWh/jzNFzkIbdb3gAp4bTv4A8D625U7N4MDaAiDmbUaXVNXa6fm:kjXzFzZdbQTbj4+PZ3DaAiDmbUUVN

    • Target

      Debug/Crystal.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll

    • Size

      2.6MB

    • MD5

      0ee2b50c85a110689352fccfa77b5b18

    • SHA1

      d9ecc4b12d2d50e3cbce40e75edad804c9988b25

    • SHA256

      62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e

    • SHA512

      a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff

    • SSDEEP

      49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl

    Score
    1/10
    • Target

      Debug/Crystal.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.52/adblock_snippet.js

    • Size

      2KB

    • MD5

      4dfa3a341bfcdadb42f25a9a4bfdf152

    • SHA1

      94cf328db1e1c355f2e008ac5408d1d929582863

    • SHA256

      a12f977a31624efa0d30eaf0a4e613fc1924e7494411fb8584530016b6cae1c0

    • SHA512

      5273b146edba6a1465f2360b9be46771f575c43c6240c822cab0ddb475e980d048a8f5f9c87312ce425122d70f7c8f6d6c7b700774746fe9c155c344547c9d67

    Score
    3/10
    • Target

      Debug/Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      c97f23b52087cfa97985f784ea83498f

    • SHA1

      d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89

    • SHA256

      e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd

    • SHA512

      ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512

    • SSDEEP

      49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr

    Score
    1/10
    • Target

      Debug/Microsoft.Web.WebView2.Core.dll

    • Size

      557KB

    • MD5

      2ab84dc690059b2bd34d2f00561d6af4

    • SHA1

      49b665b40a5ae995edfec80caf7e409c9795e9dd

    • SHA256

      a1e096c6842b9f443679f47e321379d15e1f93c77fd0b6d32b9eb0e93e25ac89

    • SHA512

      80d1c0fbe937655f1e78549c4bdaaa7d8aa55a74945c16f3663fe270c0a715eb7f89dc66490a0164f33444aece768a41e894bdcaa50ce2f88a6dab77b9809afa

    • SSDEEP

      12288:vClswUBor3lJrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIf:vSjqA

    Score
    1/10
    • Target

      Debug/Microsoft.Web.WebView2.WinForms.dll

    • Size

      37KB

    • MD5

      ca1529f9891c243b11934d156dc35bce

    • SHA1

      fa82bd19c2835443bc9ea55644017b5d68ff7a4b

    • SHA256

      b12d2c15e93a0fc29a731bec998e7ddf073b3ae2454f3afdd9934bbe6a223d4a

    • SHA512

      95deee9fbca5bcff0d534f187e003780ff4358a24b5407701a46d5c8109f6d31e7a637b204a30ae5ed6d63caa42a5628a9aab693cbbf892cea60dae05a45c5ab

    • SSDEEP

      768:knijOv/1uokD/iyUdcIhtYZDgcEST3p4Jjrjh2jJFSUyauTv1JKia5/Zi/WGQK4W:vOvZyUjhtYZDgcEST3p4JjrjaJFSUya2

    Score
    1/10
    • Target

      Debug/Microsoft.Web.WebView2.Wpf.dll

    • Size

      50KB

    • MD5

      e65623626760be48a2ac3b508f11ba68

    • SHA1

      7d1ae39683fbf4d72ef3c3434ed17e90f7e51484

    • SHA256

      33d0c7ae01120d49569041af217cbdf8ad7e54a3f9013ba6b61e7eafe9a69aee

    • SHA512

      47a472b35c763d282022eff8fa0a8ec5c32cfd5c01dd4914e9f979af16068ae2f8ff4884c638f9307c8ec647350298aa9cb5c7cc9a5f7164b6653f460008e45c

    • SSDEEP

      1536:UpGqPvH+wKi8GDP/ryEH0GBy4JjrD1alhWU6Ozk1FKKa5/Bi/xGCv0Z0D64Y5PWI:Ri8GDP/b0GBy4JjrD1alhWU6Ozk1FKKC

    Score
    1/10
    • Target

      Debug/Monaco/fgd.html

    • Size

      18KB

    • MD5

      a1416c1fe209f7687ff79ab44301b3d3

    • SHA1

      3ba3ff0027a98128edad78f5561cef53c4236791

    • SHA256

      a6897302dba619dd3c156d57fc4b706662bff4df582975c33478b7878b060d2c

    • SHA512

      ce8a9aaf7ba903dfb25df53e04addfedae7ee4fcd07dffd42abf3f275a75b14cb26bb64c9320fd425003c73618b2967bb7be2cfb849050d50dd5308e69842f79

    • SSDEEP

      384:fihTARA5Lmwl1qPeVvW4NVtabVBJjVBd+TI6noaQLR7:fihTjoy+StabVBJ/kkgoaQLR7

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

    • Target

      Debug/Monaco/fileaccess/index.js

    • Size

      4KB

    • MD5

      36076c2f9ed15bf717b1c25ac393cd1f

    • SHA1

      33fdfa81edda4e15e508de82b961cf7a7a61ec09

    • SHA256

      4d5fec3e097af1243af2c83a8e30345177f32742c730d88ef9b12999c0cf66d0

    • SHA512

      2805ef0815ba159bd1f6c8e5c93281ba1c3f10ead8b3f274f6bf165fae87b628ab40079d78c6c4cd103bcee5d177ce7b24da39e1b9775d5f62e2bf10e38e1f04

    • SSDEEP

      96:gFEuLu1uPwXg2CxYAvh7yfWX+DWFq8iT9:4EMe3CxXyfWmWy

    Score
    3/10
    • Target

      Debug/Monaco/fileaccess/node_modules/.bin/mime

    • Size

      371B

    • MD5

      7ab5bfff58b0a878a4614cddbe424702

    • SHA1

      e75ad406ef2f9fcb1a9bde44ba669f416c824c4f

    • SHA256

      394b93eaaac25f18a20d7cdd80920ecca1fe43c8e5b37501389e644944c6e01f

    • SHA512

      36f59fb7f2a1f985210ce39fb90e6e7998e4ba8030f172496eda22a12c66b58c651211d0f682c2b0ec58a6e1ae19d59380d1fe0c6849f15fcf381df60123aaeb

    Score
    3/10
    • Target

      Debug/Monaco/fileaccess/node_modules/.bin/mime.cmd

    • Size

      316B

    • MD5

      2872347ac99221152281bfd56705d437

    • SHA1

      83fa66cd05f64de1ef7f3010344a0f7babe54819

    • SHA256

      cd5ca2f059e780c0a4b1aa9cdd6edc7dc10413d30bf51ad537adbd428e5e7a16

    • SHA512

      3c0b9e12bc1ff8f2bbaa5301d8db78a5c3636dd93f5755728e5b255c4250c0ea9e3c53a545011087b9c2536b1c1676ff01f7eff3015e6e99f2e12c9f15386fe5

    Score
    1/10
    • Target

      Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1

    • Size

      769B

    • MD5

      bef04abf08e89532a476c3e474b5f509

    • SHA1

      bb81073d8e07c483ee29121358871535973336e7

    • SHA256

      a43d8b7d57dbbb21f2f98c331970d011177fa1c6be327aa0dbb84c1ad01e9201

    • SHA512

      e20f86c40ce523477da136cb4aa3f29683dee567a31ebfad666666192417f49568e848cb8844e8dcd32d5501fb7176d47aca54c195324e6d41e73093699788b1

    Score
    1/10
    • Target

      Debug/Monaco/fileaccess/node_modules/accepts/README.md

    • Size

      4KB

    • MD5

      873e624d40d23cf9b54f9d2f74d2c8d1

    • SHA1

      3a884510d2eeed73a4cd5ae0947a6c72cd3c7426

    • SHA256

      c25a1071e5aa1b1b43e10f083e8d97c3dbf1f7700cfa38b5cbc40725662e1ae0

    • SHA512

      a929edeb59edc6f1ef4f7554ddfd0b1b54aa097d4fdf69c5ec25b14c3c722a034d159daf3ad38508efc775fdf8c246507d53021e4ad79f0708c5df94b311a864

    • SSDEEP

      48:ZdC9AIvI6RZK0nwuBGWxGWwsNdXMoNjP601Wrk0aN8F07DaN89JC7aN8fBfuRhpL:/CnQl0JZ15jue/9IQxokXjwiA0

    Score
    3/10
    • Target

      Debug/Monaco/fileaccess/node_modules/accepts/index.js

    • Size

      5KB

    • MD5

      4fe4d2c90a2fd19d6e97443a7d24f815

    • SHA1

      282263f45f6bf80fbf43f4097d53b5b60ff1a05f

    • SHA256

      be2decbd50610e8f995c1e312ee4dd6d7c1244cfdf03ee4c4a3da68e572dada1

    • SHA512

      c795b7285cc92616a46fd1ad2d00ce65fb4b269e6b6fc35315891d119b7c25b7f4573540be0627d577123201d9cfe119c8a53f0e75a8b6ea870f8d89a130c213

    • SSDEEP

      96:oYG1MGmGHqyl8rAyBkmqFxo+uerpDWMlB8fdOGUJTit4UG9bCZhPwA:oYG1Xlqyl88yBD+uerRLD0YQ4rcZh9

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

agenttesla
Score
10/10

behavioral1

agentteslakeyloggerspywarestealertrojan
Score
10/10

behavioral2

agentteslakeyloggerspywarestealertrojan
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
6/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

Score
3/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10