Overview
overview
7Static
static
3Multi-Acco...er.zip
windows7-x64
1Multi-Acco...er.zip
windows10-2004-x64
1MapiProxy.dll
windows7-x64
5MapiProxy.dll
windows10-2004-x64
5MapiProxy_InUse.dll
windows7-x64
5MapiProxy_InUse.dll
windows10-2004-x64
5Multi-Checker.exe
windows7-x64
7Multi-Checker.exe
windows10-2004-x64
7NiceRAT.pyc
windows7-x64
3NiceRAT.pyc
windows10-2004-x64
3libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1libotr.dll
windows7-x64
1libotr.dll
windows10-2004-x64
1libssp-0.dll
windows7-x64
1libssp-0.dll
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 19:27
Behavioral task
behavioral1
Sample
Multi-Account_checker.zip
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Multi-Account_checker.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
MapiProxy.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
MapiProxy.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
MapiProxy_InUse.dll
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
MapiProxy_InUse.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Multi-Checker.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Multi-Checker.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
NiceRAT.pyc
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
NiceRAT.pyc
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
libEGL.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
libEGL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
libGLESv2.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
libGLESv2.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
libotr.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
libotr.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
libssp-0.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
libssp-0.dll
Resource
win10v2004-20240226-en
General
-
Target
Multi-Checker.exe
-
Size
21.0MB
-
MD5
2aa51ae0643a06cd3e3b325509556a24
-
SHA1
6613b96beefa44956f9aa9d254269b47d4662c97
-
SHA256
7161f93257f2f8475da822eb8945b04da9bef19f3b87a55f57d701185fa4e12e
-
SHA512
d9c85b7b4f57d28bade3543811d170c8a7890d2a75b97ec18f3b4fb92b7b1eb6e6e2a01e484391cbed5fa43327a40fdf8a97a4b648b8ec3e357f7dacf3cdfa91
-
SSDEEP
393216:REkZQtss27ZNL01+l+uq+VvbW+eGQRg93iObIhRS/1pBLzrq+6oAd8XTN:RhQtsnB01+l+uqgvbW+e5R49MhRy7/em
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
Multi-Checker.exepid Process 1716 Multi-Checker.exe 1716 Multi-Checker.exe 1716 Multi-Checker.exe 1716 Multi-Checker.exe 1716 Multi-Checker.exe 1716 Multi-Checker.exe 1716 Multi-Checker.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Multi-Checker.exedescription pid Process procid_target PID 2104 wrote to memory of 1716 2104 Multi-Checker.exe 28 PID 2104 wrote to memory of 1716 2104 Multi-Checker.exe 28 PID 2104 wrote to memory of 1716 2104 Multi-Checker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Multi-Checker.exe"C:\Users\Admin\AppData\Local\Temp\Multi-Checker.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Users\Admin\AppData\Local\Temp\Multi-Checker.exe"C:\Users\Admin\AppData\Local\Temp\Multi-Checker.exe"2⤵
- Loads dropped DLL
PID:1716
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5b5060343583e6be3b3de33ccd40398e0
SHA15b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb
SHA25627878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7
SHA51286610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282
-
Filesize
20KB
MD52e8995e2320e313545c3ddb5c71dc232
SHA145d079a704bec060a15f8eba3eab22ac5cf756c6
SHA256c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c
SHA51219adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49
-
Filesize
22KB
MD554d2f426bc91ecf321908d133b069b20
SHA178892ea2873091f016daa87d2c0070b6c917131f
SHA256646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641
SHA5126b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06
-
Filesize
20KB
MD5d1b3cc23127884d9eff1940f5b98e7aa
SHA1d1b108e9fce8fba1c648afaad458050165502878
SHA25651a73fbfa2afe5e45962031618ec347aaa0857b11f3cf273f4c218354bfe70cb
SHA512ee5e0d546190e8ba9884ab887d11bb18fc71d3878983b544cd9ab80b6dd18ad65e66fe49fe0f4b92cbc51992fb1c39de091cf789159625341a03f4911b968fa2
-
Filesize
20KB
MD536165a5050672b7b0e04cb1f3d7b1b8f
SHA1ef17c4622f41ef217a16078e8135acd4e2cf9443
SHA256d7ab47157bff1b2347e7ae945517b4fc256425939ba7b6288ff85a51931568a7
SHA512da360ff716bb66dd1adb5d86866b4b81b08a6fe86362fded05430f833a96934ccdada1b3081b55766a4a30c16d0d62aa1715b8839ea5c405a40d9911715dae68
-
Filesize
5.5MB
MD565e381a0b1bc05f71c139b0c7a5b8eb2
SHA17c4a3adf21ebcee5405288fc81fc4be75019d472
SHA25653a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a
SHA5124db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39
-
Filesize
1002KB
MD5298e85be72551d0cdd9ed650587cfdc6
SHA15a82bcc324fb28a5147b4e879b937fb8a56b760c
SHA256eb89af5911a60d892a685181c397d32b72c61dc2ad77dd45b8cac0fbb7602b84
SHA5123fafea5ff0d0b4e07f6354c37b367ada4da1b607186690c732364518a93c3fd2f5004014c9c3d23dde28db87d1cb9ae1259cda68b9ba757db59a59d387ac4e02