Overview
overview
10Static
static
10Debug/Crystal.exe
windows7-x64
10Debug/Crystal.exe
windows10-2004-x64
10Debug/Crys...re.dll
windows7-x64
1Debug/Crys...re.dll
windows10-2004-x64
1Debug/Crys...pet.js
windows7-x64
3Debug/Crys...pet.js
windows10-2004-x64
3Debug/Guna.UI2.dll
windows7-x64
1Debug/Guna.UI2.dll
windows10-2004-x64
1Debug/Micr...re.dll
windows7-x64
1Debug/Micr...re.dll
windows10-2004-x64
1Debug/Micr...ms.dll
windows7-x64
1Debug/Micr...ms.dll
windows10-2004-x64
1Debug/Micr...pf.dll
windows7-x64
1Debug/Micr...pf.dll
windows10-2004-x64
1Debug/Monaco/fgd.html
windows7-x64
1Debug/Monaco/fgd.html
windows10-2004-x64
6Debug/Mona...dex.js
windows7-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...n/mime
ubuntu-18.04-amd64
3Debug/Mona...n/mime
debian-9-armhf
1Debug/Mona...n/mime
debian-9-mips
Debug/Mona...n/mime
debian-9-mipsel
Debug/Mona...me.cmd
windows7-x64
1Debug/Mona...me.cmd
windows10-2004-x64
1Debug/Mona...me.ps1
ubuntu-18.04-amd64
1Debug/Mona...me.ps1
debian-9-armhf
1Debug/Mona...me.ps1
debian-9-mips
Debug/Mona...me.ps1
debian-9-mipsel
Debug/Mona...DME.js
windows7-x64
3Debug/Mona...DME.js
windows10-2004-x64
3Debug/Mona...dex.js
windows7-x64
3Debug/Mona...dex.js
windows10-2004-x64
3General
-
Target
CrystalUPDATED.rar
-
Size
11.5MB
-
Sample
240615-begetstcmg
-
MD5
c4c793cef987e26464a0e2175bad3a4d
-
SHA1
ea9951d2d76a9435f13a5d5032ba6abf6c4d10da
-
SHA256
57f487f0d8eddd22ea6c42f697c612d3969e8cba20925cb72a1b8568b67b3003
-
SHA512
23ab84985bc9fb40655f6fb0ecb7eb48f133be4c4be83ccb52fff35225de47aadb6a394a027cfc7ec370e5c9a234f38e04e2c246443d161e40405719381174f6
-
SSDEEP
196608:ozhyrqZFHiXs4opYKvXUnIaR7tDzZq2cZSCfPwMUlAc4xN/jnAUN9AxIfg+HM+aX:KIrqHj4opZvYIaRpVq+Cn72AjN7nAUvO
Behavioral task
behavioral1
Sample
Debug/Crystal.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Debug/Crystal.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Debug/Crystal.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
Debug/Crystal.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Debug/Crystal.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.52/adblock_snippet.js
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Debug/Crystal.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.52/adblock_snippet.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Debug/Guna.UI2.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Debug/Guna.UI2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Debug/Microsoft.Web.WebView2.Core.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
Debug/Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Debug/Microsoft.Web.WebView2.WinForms.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Debug/Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Debug/Microsoft.Web.WebView2.Wpf.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Debug/Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Debug/Monaco/fgd.html
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
Debug/Monaco/fgd.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Debug/Monaco/fileaccess/index.js
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Debug/Monaco/fileaccess/index.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral20
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral21
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral22
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral23
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.cmd
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.cmd
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral26
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral27
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral28
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral29
Sample
Debug/Monaco/fileaccess/node_modules/accepts/README.js
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Debug/Monaco/fileaccess/node_modules/accepts/README.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Debug/Monaco/fileaccess/node_modules/accepts/index.js
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Debug/Monaco/fileaccess/node_modules/accepts/index.js
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Debug/Crystal.exe
-
Size
144KB
-
MD5
9e353bbaf855fd44edba02d747b6e9f4
-
SHA1
289146c6c89604690048b018638e147e8a53cbed
-
SHA256
2d0efe812711be404787e0c6832284bbacb0e16e35d241cb29d88f44e8bc336e
-
SHA512
13ebe39c7665b2d17d83f2df9d4241bcc2ddc7e086ab8b7b031ed56f8356611b92901f70e202d44e2d2d349e9c135202592dcc0ce3a45017576e0cde7d7760e5
-
SSDEEP
3072:kjWWh/jzNFzkIbdb3gAp4bTv4A8D625U7N4MDaAiDmbUaXVNXa6fm:kjXzFzZdbQTbj4+PZ3DaAiDmbUUVN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
-
-
Target
Debug/Crystal.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
-
Size
2.6MB
-
MD5
0ee2b50c85a110689352fccfa77b5b18
-
SHA1
d9ecc4b12d2d50e3cbce40e75edad804c9988b25
-
SHA256
62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
-
SHA512
a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
-
SSDEEP
49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score1/10 -
-
-
Target
Debug/Crystal.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.52/adblock_snippet.js
-
Size
2KB
-
MD5
4dfa3a341bfcdadb42f25a9a4bfdf152
-
SHA1
94cf328db1e1c355f2e008ac5408d1d929582863
-
SHA256
a12f977a31624efa0d30eaf0a4e613fc1924e7494411fb8584530016b6cae1c0
-
SHA512
5273b146edba6a1465f2360b9be46771f575c43c6240c822cab0ddb475e980d048a8f5f9c87312ce425122d70f7c8f6d6c7b700774746fe9c155c344547c9d67
Score3/10 -
-
-
Target
Debug/Guna.UI2.dll
-
Size
2.1MB
-
MD5
c97f23b52087cfa97985f784ea83498f
-
SHA1
d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
-
SHA256
e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
-
SHA512
ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
-
SSDEEP
49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score1/10 -
-
-
Target
Debug/Microsoft.Web.WebView2.Core.dll
-
Size
557KB
-
MD5
2ab84dc690059b2bd34d2f00561d6af4
-
SHA1
49b665b40a5ae995edfec80caf7e409c9795e9dd
-
SHA256
a1e096c6842b9f443679f47e321379d15e1f93c77fd0b6d32b9eb0e93e25ac89
-
SHA512
80d1c0fbe937655f1e78549c4bdaaa7d8aa55a74945c16f3663fe270c0a715eb7f89dc66490a0164f33444aece768a41e894bdcaa50ce2f88a6dab77b9809afa
-
SSDEEP
12288:vClswUBor3lJrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIf:vSjqA
Score1/10 -
-
-
Target
Debug/Microsoft.Web.WebView2.WinForms.dll
-
Size
37KB
-
MD5
ca1529f9891c243b11934d156dc35bce
-
SHA1
fa82bd19c2835443bc9ea55644017b5d68ff7a4b
-
SHA256
b12d2c15e93a0fc29a731bec998e7ddf073b3ae2454f3afdd9934bbe6a223d4a
-
SHA512
95deee9fbca5bcff0d534f187e003780ff4358a24b5407701a46d5c8109f6d31e7a637b204a30ae5ed6d63caa42a5628a9aab693cbbf892cea60dae05a45c5ab
-
SSDEEP
768:knijOv/1uokD/iyUdcIhtYZDgcEST3p4Jjrjh2jJFSUyauTv1JKia5/Zi/WGQK4W:vOvZyUjhtYZDgcEST3p4JjrjaJFSUya2
Score1/10 -
-
-
Target
Debug/Microsoft.Web.WebView2.Wpf.dll
-
Size
50KB
-
MD5
e65623626760be48a2ac3b508f11ba68
-
SHA1
7d1ae39683fbf4d72ef3c3434ed17e90f7e51484
-
SHA256
33d0c7ae01120d49569041af217cbdf8ad7e54a3f9013ba6b61e7eafe9a69aee
-
SHA512
47a472b35c763d282022eff8fa0a8ec5c32cfd5c01dd4914e9f979af16068ae2f8ff4884c638f9307c8ec647350298aa9cb5c7cc9a5f7164b6653f460008e45c
-
SSDEEP
1536:UpGqPvH+wKi8GDP/ryEH0GBy4JjrD1alhWU6Ozk1FKKa5/Bi/xGCv0Z0D64Y5PWI:Ri8GDP/b0GBy4JjrD1alhWU6Ozk1FKKC
Score1/10 -
-
-
Target
Debug/Monaco/fgd.html
-
Size
18KB
-
MD5
a1416c1fe209f7687ff79ab44301b3d3
-
SHA1
3ba3ff0027a98128edad78f5561cef53c4236791
-
SHA256
a6897302dba619dd3c156d57fc4b706662bff4df582975c33478b7878b060d2c
-
SHA512
ce8a9aaf7ba903dfb25df53e04addfedae7ee4fcd07dffd42abf3f275a75b14cb26bb64c9320fd425003c73618b2967bb7be2cfb849050d50dd5308e69842f79
-
SSDEEP
384:fihTARA5Lmwl1qPeVvW4NVtabVBJjVBd+TI6noaQLR7:fihTjoy+StabVBJ/kkgoaQLR7
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Debug/Monaco/fileaccess/index.js
-
Size
4KB
-
MD5
36076c2f9ed15bf717b1c25ac393cd1f
-
SHA1
33fdfa81edda4e15e508de82b961cf7a7a61ec09
-
SHA256
4d5fec3e097af1243af2c83a8e30345177f32742c730d88ef9b12999c0cf66d0
-
SHA512
2805ef0815ba159bd1f6c8e5c93281ba1c3f10ead8b3f274f6bf165fae87b628ab40079d78c6c4cd103bcee5d177ce7b24da39e1b9775d5f62e2bf10e38e1f04
-
SSDEEP
96:gFEuLu1uPwXg2CxYAvh7yfWX+DWFq8iT9:4EMe3CxXyfWmWy
Score3/10 -
-
-
Target
Debug/Monaco/fileaccess/node_modules/.bin/mime
-
Size
371B
-
MD5
7ab5bfff58b0a878a4614cddbe424702
-
SHA1
e75ad406ef2f9fcb1a9bde44ba669f416c824c4f
-
SHA256
394b93eaaac25f18a20d7cdd80920ecca1fe43c8e5b37501389e644944c6e01f
-
SHA512
36f59fb7f2a1f985210ce39fb90e6e7998e4ba8030f172496eda22a12c66b58c651211d0f682c2b0ec58a6e1ae19d59380d1fe0c6849f15fcf381df60123aaeb
Score3/10 -
-
-
Target
Debug/Monaco/fileaccess/node_modules/.bin/mime.cmd
-
Size
316B
-
MD5
2872347ac99221152281bfd56705d437
-
SHA1
83fa66cd05f64de1ef7f3010344a0f7babe54819
-
SHA256
cd5ca2f059e780c0a4b1aa9cdd6edc7dc10413d30bf51ad537adbd428e5e7a16
-
SHA512
3c0b9e12bc1ff8f2bbaa5301d8db78a5c3636dd93f5755728e5b255c4250c0ea9e3c53a545011087b9c2536b1c1676ff01f7eff3015e6e99f2e12c9f15386fe5
Score1/10 -
-
-
Target
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
-
Size
769B
-
MD5
bef04abf08e89532a476c3e474b5f509
-
SHA1
bb81073d8e07c483ee29121358871535973336e7
-
SHA256
a43d8b7d57dbbb21f2f98c331970d011177fa1c6be327aa0dbb84c1ad01e9201
-
SHA512
e20f86c40ce523477da136cb4aa3f29683dee567a31ebfad666666192417f49568e848cb8844e8dcd32d5501fb7176d47aca54c195324e6d41e73093699788b1
Score1/10 -
-
-
Target
Debug/Monaco/fileaccess/node_modules/accepts/README.md
-
Size
4KB
-
MD5
873e624d40d23cf9b54f9d2f74d2c8d1
-
SHA1
3a884510d2eeed73a4cd5ae0947a6c72cd3c7426
-
SHA256
c25a1071e5aa1b1b43e10f083e8d97c3dbf1f7700cfa38b5cbc40725662e1ae0
-
SHA512
a929edeb59edc6f1ef4f7554ddfd0b1b54aa097d4fdf69c5ec25b14c3c722a034d159daf3ad38508efc775fdf8c246507d53021e4ad79f0708c5df94b311a864
-
SSDEEP
48:ZdC9AIvI6RZK0nwuBGWxGWwsNdXMoNjP601Wrk0aN8F07DaN89JC7aN8fBfuRhpL:/CnQl0JZ15jue/9IQxokXjwiA0
Score3/10 -
-
-
Target
Debug/Monaco/fileaccess/node_modules/accepts/index.js
-
Size
5KB
-
MD5
4fe4d2c90a2fd19d6e97443a7d24f815
-
SHA1
282263f45f6bf80fbf43f4097d53b5b60ff1a05f
-
SHA256
be2decbd50610e8f995c1e312ee4dd6d7c1244cfdf03ee4c4a3da68e572dada1
-
SHA512
c795b7285cc92616a46fd1ad2d00ce65fb4b269e6b6fc35315891d119b7c25b7f4573540be0627d577123201d9cfe119c8a53f0e75a8b6ea870f8d89a130c213
-
SSDEEP
96:oYG1MGmGHqyl8rAyBkmqFxo+uerpDWMlB8fdOGUJTit4UG9bCZhPwA:oYG1Xlqyl88yBD+uerRLD0YQ4rcZh9
Score3/10 -