9882a822f94ab32f588d8db12165838798c8adefefc5301eb367592662df944f

Sharing

Copy URL Twitter E-mail

General

Target

Chlorine 2.0.zip
Size

8.7MB
Sample

240624-cdc7fsvanb
MD5

283ace63f8098bc81085b1afa4a1b2e1
SHA1

4848409d5dd062eaea4664fb1471da87242f5e5a
SHA256

9882a822f94ab32f588d8db12165838798c8adefefc5301eb367592662df944f
SHA512

1ff5ed7b3d4bccfee9a12817cdc537eb37fe92c082fd445e696ceb4d595f05dffe180464dabe23037b9f46030ed2ed54fe82fba2b8b9856b62013ba3bf6cc3f0
SSDEEP

196608:27moBQnB6ncO7nalux+7j3aucuAcILxZm4Nrzj:poBQicO7allljp4HmUj

Score

7^/10

Malware Config

Targets

- Target
  
  Chlorine 2.0.exe
- Size
  
  1.9MB
- MD5
  
  1104990b3925d6528b9cd8c3ae3baaa5
- SHA1
  
  e229a18f75bcfbc1183af6c42d1cb2ecef2f4b94
- SHA256
  
  1a096a76dbc0cd0845e3408026f3864bbf75fd4cf9cdd70980302a199c8bd60c
- SHA512
  
  3761e28a6c657cadc2477c2709df7c41fd855a1ed8699c0ef5ebb1cce17b770858476b14732ca3af88639bd2389ede33eb94d60653305a5426388cf3f0f45834
- SSDEEP
  
  49152:BopL3S/Zbx81ztV9qDuWQSsQ9THeAyGGGZa:StS/ApPQ+SsuHe+Za
Score

7^/10

bootkit persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1
- Target
  
  source/BitBlt1.exe
- Size
  
  105KB
- MD5
  
  19a8a16e2a0d3225d1fc390c0a11b5dd
- SHA1
  
  ca235475f7a767e10c81426e013ee59106deb306
- SHA256
  
  8d6452b5a2dacbf6a1e064fc959f16a5ec13b5986a2687e70b5458eefdb60573
- SHA512
  
  d470d61fa9b19c34cd9ed916f9a6b44c821ed47082393212c17c743a764d2eed4dea2aae31f37d984f3c359ca646b34f0c6486f5f473d940c675974deb313ec5
- SSDEEP
  
  1536:+85iT6EcrYTyyAmOvu3yUyJCbT4UK7BIR:WGEcxyAF64A
Score

1^/10
behavioral2
- Target
  
  source/Chlorine.vbs
- Size
  
  5KB
- MD5
  
  a10d375e013a00dd14a16bfce7b6d2f0
- SHA1
  
  9c863fddf6a0a5e7b0b2b1cb8268ea1586de5150
- SHA256
  
  16a59e4fd5b0d27325cbf2deeb34f8f49f3368c562e9a5deb934eb234d89ea05
- SHA512
  
  6d839b235c9c4ff3021947debb8b73a512c7b8c140ac35a7f49a127446102b84f16fa11e441cc360beea248180de23305527c1de90f3226ddf332e6863c30378
- SSDEEP
  
  96:Fo7feQCdUFuzxhldtVpdyQJQI1EUgRtCoYkXZ8qw5oHYpw0:9QCdUgxhl3VpdB6I1qrXZ8q2oHYpw0
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3
- Target
  
  source/IconHell.exe
- Size
  
  106KB
- MD5
  
  81e8cdaa48b347db465f23cfbce4b98c
- SHA1
  
  abdf9ecf2b90b807aa7a639cebac52c3d1884176
- SHA256
  
  7ce9c1d958d55a643a5bab6b1930bef02478d8f6543b0df60a1bce1c7e5c2ec7
- SHA512
  
  8e336602174e3c9b3be68fc0864b5ea38244ad269f3410a16c8b9ad8e6cd141b165b4f7fbe787ee2d5205ad6888654e8c4ff3c64122fe3b8796a00b817c106d4
- SSDEEP
  
  1536:fP5iTnlcrYJyewO5I+u3yUywCbQkexUTd/ntB:f47lc0yeHIymi/v
Score

1^/10
behavioral4
- Target
  
  source/Vbs_To_Exe/Portable/Vbs_To_Exe.exe
- Size
  
  1.3MB
- MD5
  
  27dd3186c5f51823aaf82b815a3abfd6
- SHA1
  
  c6ab78825bbdd53df4da2fc9a92601659ce05cb5
- SHA256
  
  f50d774a95901ee952e0f6a03b69ff3de9d92c5146a5f8bff49c7a666e8e7825
- SHA512
  
  44d36b4a68fad18ca73351c45e0d85a28011358782c23a8175847d41f4fed80578061cb5d63c63a657f788afa9d669e17d650dfb9f6cfcd4d4fa40c50fde403e
- SSDEEP
  
  24576:kYZgW+HDix/HwuzsUUy1AEWwqYFOv13kpawnPOiDzw3b2yq:DN+HSwO+EWwTwd3kwePOuzw3Jq
Score

7^/10

upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5
- Target
  
  source/Vbs_To_Exe/Portable/Vbs_To_Exe_(x64).exe
- Size
  
  1.4MB
- MD5
  
  77adc429fe1e03c87a3904222f3d2de9
- SHA1
  
  a128892c5d46cda3c82a784fe5d35bd33a0c879f
- SHA256
  
  f8b4428bdc41052de9b9e501eaff1248076f25386e6bd75d67daf30153305e19
- SHA512
  
  c475dd34ebcb03e5dc08e6463c90511e91f7363ba7d69e5c5431d6a534f19fe8bc92985e04957bf43e0f442e0c71a3a4e6997e421876564545e82260e9aacf57
- SSDEEP
  
  24576:yZFGwBcFrb7d1pQkV3KW5G5rJQjs0OmshnUbiXTwwUw8r55dJC+Ulg9Hdyq:yzGpQklVG5dQ40RVbiXTwwAJxUysq
Score

7^/10

upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral6
- Target
  
  source/Vbs_To_Exe/Vbs_To_Exe_(Installer).exe
- Size
  
  2.8MB
- MD5
  
  29299a10993e10d0798f651b0e459170
- SHA1
  
  108c3104feb6cf0ecd4ffd2669ccbdbf916d0c1f
- SHA256
  
  5f810fa0e4a9fce2cf24b39321f3c368a2bff9234bda64dc67408b8ba4e61f61
- SHA512
  
  c06c549d0e7819ca6721f89195d195bed15fde86a843e87a18a4d075506bb10696961105d8ee32ec17a582bdd05828bb6d4340663429b60adddce7a20e46c602
- SSDEEP
  
  49152:z75NjL5dcr1nOVn3bbU2OTGgoHOIlgLT0waL5byMOXOESaj5Bt+sm8Y3:X5NjVdA1OJ3k25LcIbd6tj5OX3
Score

7^/10
- Executes dropped EXE
behavioral7
- Target
  
  source/bsod.exe
- Size
  
  102KB
- MD5
  
  c5fe2c030b263c4be332b61b780577ef
- SHA1
  
  acc07221e662e798e025e9a88c97bf4ce40df730
- SHA256
  
  0424cf4061d629467a43c7da71ac5ce2167f174962fc05aa15a806d5663950ab
- SHA512
  
  49a950aed1dac61ce6cca71490cff8abe69ab40e50ef2ac838f613daec09baa828ad2fdd21d8bee08b38b7692600f93ded1809fd9ea6eb13df120d791d8b3663
- SSDEEP
  
  1536:L45iTwUcIYgyL6Onu3yUyJCbcVjc7ACwG:LJMUciyLZpDlG
Score

1^/10
behavioral8
- Target
  
  source/mbr.exe
- Size
  
  1.3MB
- MD5
  
  7a2bd73519cd758b01e8c3b28311cac1
- SHA1
  
  a2255b0aa4ea8e5ed139a2e9a1aa64307f7eb5ee
- SHA256
  
  24706c7d79457b47edca4623fbdef2c2ef1f56e905838c70ac44dc4cad539238
- SHA512
  
  aa5b48cf7685f0dc66ba3146e396fc3c8c3d4a70b0ab4ccf3bf183bd4e2b198909c09b82459694dc49040a775c74802abf32dd3252209051af7969796c674ea2
- SSDEEP
  
  24576:RT3LlvRiQNGYXCI+b1w30WgvZef6YhuQ5O3h3JMtbu:dXNGDIu8NyMtbu
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral9
- Target
  
  source/mousedraw.exe
- Size
  
  104KB
- MD5
  
  f7db0edd465e545dcd947f4beef32779
- SHA1
  
  a02d2dcbe4ea1146b726a6191354340f8dd41f6a
- SHA256
  
  9bbce9c9e1b513084b8a206e935b2512a341fd81688e71735ef27511d0378d47
- SHA512
  
  6d40cf365a30277328f9103083e939ac8fedf860ffef6d0c5bd80d708e0f73d606f456d37aa1fa5e69964ac2e20c263fbaa755a9c28eff962395e3509a7a4e25
- SSDEEP
  
  1536:h5iTgocXYpySNFO8u3yUyJCbAV0R7nghC1ed:i8ocKyStOV5ed
Score

1^/10
behavioral10
- Target
  
  source/msgloop.vbs
- Size
  
  336B
- MD5
  
  d95b234c9cef8f7f398d758564bf5821
- SHA1
  
  cd499485f7b128d2b475bc92311a45cd8c8b6de7
- SHA256
  
  33923a07189189bcb897d6617457ece2a93c0fc9f5de8a786c39c874af9a0630
- SHA512
  
  51dfccb4975eb385d20cf58af02ed4e19d954777fdcc289a00409d94611d177efc20307312d42fc8e03590d0afc02bf78802830847bd8f0e8a6485bcb9ef8154
Score

1^/10
behavioral11
- Target
  
  source/noise.exe
- Size
  
  102KB
- MD5
  
  3c285eec317672f7eb27ec27244cbe59
- SHA1
  
  3bd2512ea461dd67babad9b398128c70a3dde059
- SHA256
  
  81cbb8c54d2dfdda281e37aff08f9f98afab3f415fbe3c7b5242c1b85495e715
- SHA512
  
  590ec0ed53848bee0ae82e0ecc62c48d66f0380ca04c6e425cc97bdd05f1b2cddeecf2e58d58dbfee4872500a425b7d5d1401f955d65d891114f61cd7baaf5d7
- SSDEEP
  
  768:nnv5ybtwpM91ivG4Wl7fCwjfecgIxpYcQm7yyZqOyWOjonu3yUyJCbfw287Vg+J0:Y5iTsUczYayEqODu3yUyJCbfw287a+0
Score

1^/10
behavioral12
- Target
  
  source/sussywaves.exe
- Size
  
  105KB
- MD5
  
  632da6456dceea4819027bad982ab3cb
- SHA1
  
  9a5da49ddc3458b72fa3eae77332cac643508ad3
- SHA256
  
  13304570c6ccb706114aaae4602be5c85fa1862e1ed0200b3f0de514b14fcd41
- SHA512
  
  cceb677651a8f7df59c8a22a076a69be31bc3a72992fbce6373d6908a33a0e2e1b7c669f664a9617933197ec7ff1b6e96fcc8613329b750dc143273f90991a55
- SSDEEP
  
  1536:m6oKCb5iTEkcLYTyBNOUu3yUyJCbot0D7Kg:RokcYyBnGig
Score

1^/10
behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

UPX packed file

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

Loads dropped DLL

UPX packed file

Loads dropped DLL

UPX packed file

Executes dropped EXE

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13