2890303e8efcfd4ddc9d25bf35e608c36a48413d6d03e4d2a7adfcc92516b8b5 | Triage

Sharing

General

Target

51f15751eeb03c95bfaf4d29ad1a33a5.bin
Size

63.1MB
Sample

240707-dvx4mavcqa
MD5

51f15751eeb03c95bfaf4d29ad1a33a5
SHA1

940bbd587507df6fa83ad4d8dd45980493084ad2
SHA256

2890303e8efcfd4ddc9d25bf35e608c36a48413d6d03e4d2a7adfcc92516b8b5
SHA512

527c5a48af28d3dcc61c50370fcdf11d25027f8d981ce80f5fb0261cfb4ad844388e372abadeeae646c8f28f49cb6cfb18079c346024bb058c05583a5f25f159
SSDEEP

786432:8T+Neb4YJvUd57Bmp8EQXEnn+dFTDPJCSH+bxPWmQiuBIACEo19KIM3Z6DtWHBQ/:8T+ubJvm21QXEnn+dB+bxfuByx0B6ma

Score

7^/10

execution pyinstaller

Malware Config

Targets

- Target
  
  CODE/local_graphics.exe
- Size
  
  96KB
- MD5
  
  38e6636a34430c2bad246b8e72e455bd
- SHA1
  
  e25e2da7877f0eac5c8dd56975ec250edb1e49e7
- SHA256
  
  f675b60b0b1f89a370e73ef2d3127f5046290f554571d91bb0eee8651c8894cd
- SHA512
  
  326f9c40aa19d897e85ca3b498030d93af356589e099830b80527ad7d109469feb16cd1b8ebb5246d9b9d5746539506f2f3976b83f2b53b9b06e722e2cd031f8
- SSDEEP
  
  1536:hrdBfgDmi+R/cAfeNuUDrcI2hSd+VPqGhEpaH4O+/zDv:hZKmi+R68UkI0Bf4p/z7
Score

1^/10
behavioral1 behavioral2
- Target
  
  Spellbound.exe
- Size
  
  8.8MB
- MD5
  
  63cad0105fa7baa9319a6a13eb5fc270
- SHA1
  
  27985e131dddfdc39fd7d81616ff92051315a06f
- SHA256
  
  54cdaaca82e2204949bad083bbeb4281e366811af70e8b5942c3493bf0c0ff5d
- SHA512
  
  48cc72c34cf78469f9d765b516ff2aa5e8da5862b600307cb811e6dced443a58b574c7b3be573312549f8553f540fdea4dae799a80bd92a505562fddf09993df
- SSDEEP
  
  196608:8mhu2rwuLIoBA1HeT39IigQh1ncKOVVtgSE37LHtQ1NQnp4V:ZQ3Iq1+TtIiLv0VlC76uY
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  index.html
- Size
  
  462KB
- MD5
  
  13cebc8e31d9be9ccfd4956fd7c37385
- SHA1
  
  3788327e575e02df72a0b40ac9f946b94dffc073
- SHA256
  
  023e7936371f358229b005b9bed1ef6e406bd01e28ff87acfc75b655a090021e
- SHA512
  
  3f540dd7eb78f25e420e509ba50394a92fca0c194cce34ed7089994d781ea8a25d96037930ec0ecba155cc18efabb7bcdd6bd96f89d700e1defd382242ad199e
- SSDEEP
  
  6144:16cZfa0eOssBf0mo7TBlkldTuVemndaHmRyTarZTR61:E6p0m2TBlklNugmndaHmRyX
Score

1^/10
behavioral5 behavioral6
- Target
  
  resources/AmaticSC-Regular.ttf
- Size
  
  139KB
- MD5
  
  04b6b0803b089211561d2fd5e5d9af80
- SHA1
  
  9aa9f1b9ddbd8340e415b538c513ee2ab92ee2e2
- SHA256
  
  f3772587b6b7bab9d32ee774ff26687ee21be817720b62cc23d8e113a1b62ef5
- SHA512
  
  a52f542d06f53db70fcce40f4119848486efc0ade2d34034edf5819303f51296af114639f99ee54705aadf8f341fa400d8c1b59fdfc5ca4eebef19f72272d422
- SSDEEP
  
  3072:W5Tz4iKxKXF9DD/dQNZdtG33WTArhEoQ+QaDnCPdrr0/:STMiKxaRTdoZGHWTArm+QaDnCPlc
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  resources/bodyPartAlignments.js
- Size
  
  147KB
- MD5
  
  acda087afc384ee2d02daad11c24ab1f
- SHA1
  
  33bbb00ef8d8de230b8a34299650910101783e07
- SHA256
  
  c1b224fa842a8b8fc8632e306b8fafab5defc4d27665404cb953401291341609
- SHA512
  
  1296a09595289d0ddde724aaa650f32e6c241dfa44988f82988fe94f54592c84ad3222e02fd8a1e95ec8218eeefc437077717c088f9e788476a5f8e54175d086
- SSDEEP
  
  768:BmJLHIHB5KPD4EXI2ubbf5ab55S6TMY8MMrCt8yKi8ukm5bDtmvzqvx82b8l:/hQPVxuvy55S6TYMQiD2RGbRmNl
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  resources/conversations.js
- Size
  
  331KB
- MD5
  
  7f691b16f6b7b9645a7a23d28a0d63c3
- SHA1
  
  4db82e98f040c6e8007fe6710143eb0f4cf4546a
- SHA256
  
  00d8c05cc35e580b7eecee9de1f554b6bedb72141a839a603961745a1fe0c389
- SHA512
  
  6cd07170e55d0e62b6eeb18f196809b6992da83a338e3e538ef78556ed98fb22703feda9aa9905dea0123cff05e25b6cbfc0b09cc5340ff1885dea728febfeae
- SSDEEP
  
  1536:hVPPwmDRxXfB/3JcLkIuqtMTFVl0vCjy/wVw4wbwYw0S/6liYVUmhm2mkmbUzUdB:hVVIuFcCnyZi
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  resources/fontfaceobserver.js
- Size
  
  5KB
- MD5
  
  e664395e802e0be6cdeca1d83a7bccad
- SHA1
  
  364c18ce0121eb5f7edc67683c5606afdb0b06d9
- SHA256
  
  b9ecedccf36e31d3d73e2b7a44bcf0b3b37f4d9c6dcac2c52bc5d1476c9ebbde
- SHA512
  
  c86caed01b382adb765aec2ce8264839ee5792c637d00197b2ab9f1dc84ab837ae93a4f06b73e205b17527c4b475d3096b6eb4c98dcff404ff795fec50a0bff7
- SSDEEP
  
  96:55KLpcDC0wqV6vulR08UTWBg7Zo+TvVfZUlYsOgqdD0GCpV7:D8F/NvopUTWBgFlT9fyYsOTCpV7
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  resources/fontfaceobserver.standalone.js
- Size
  
  4KB
- MD5
  
  8c4c6213e5c7faa69bef73b3ab9bcf1f
- SHA1
  
  9ad812a31fea502c44779ee9e2bb79f48c59cec4
- SHA256
  
  6e0bda5a19038dedcbdc2d14b82f4f603465bf11bab04fa7ebc8e1e1b796b67b
- SHA512
  
  02d1a4415c39755651f1446249c30917f3b8e95079238251a3ec2c2d2c022afb67942c25595ff9f5ec5c8e0d7e8459ae5ee421c18be80037e555b3787cc00a36
- SSDEEP
  
  48:55dCntOFC1CpHFTWBPo6EZohVaTvoyrYZQZNt7FUlHahtS+2XAA/qHZrDZ98GHiT:552UTWBg7Zo+TvVfZUlYsOgqdD0GCpV7
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/jquery-3.6.0.min.js
- Size
  
  87KB
- MD5
  
  8fb8fee4fcc3cc86ff6c724154c49c42
- SHA1
  
  b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
- SHA256
  
  ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
- SHA512
  
  f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31
- SSDEEP
  
  1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  resources/pixi-filters.js
- Size
  
  83KB
- MD5
  
  d82a39463009ad7894e9a51666f99470
- SHA1
  
  7253537b98fc7d9fcf9e100bd38d0a0333f34ad7
- SHA256
  
  5035a63c732704ff4b5eeadbbd89e474bc7234c071bb0d37f931b1443c2063c2
- SHA512
  
  d440e28e5040422525a3c740a3edd28351cf0fa60aa58a9096b2077a97f300fab4b2ddfaedcb399ee4ce6d543badda6ac1ec61069896e3b1718a38bd8c123e69
- SSDEEP
  
  1536:tILOBkzR5k4Y6rTEXXmJ4+LIxmPfw6f2YWNryeUXrbUwtb0JuYhlmTUMjvTFWSgj:t+GO/mXXg3VbYuYhlmTHvTFWSgj
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/pixi-filters.js.map
- Size
  
  179KB
- MD5
  
  5329c10507d6f73c8bcb7cfc52373a43
- SHA1
  
  b5e5f43ec5e34390bd778cb0cd6afb2d08fc4bd8
- SHA256
  
  b643d0445ca2c539447055d802e79b1f3a1546ace73911da9532c61705830442
- SHA512
  
  2c53c79da11c786eceee02b98bc3ed28e542b764f22b4ec325db5a57f97fc982e39c9190f0d2804ae9641ab3f378c32f58f96fa7b59e62e18c061938b6d63660
- SSDEEP
  
  3072:WUh6J2mjL82K4vD9+GC9CCnnPhtHTdbuP5DOh9IS84MuNov:WUh8KgS30
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/pixi-gif.js
- Size
  
  13KB
- MD5
  
  3a7a426ddff44596bdc51aa70d581813
- SHA1
  
  b2e69746402c39573f98af58b7ae7985568d1a7e
- SHA256
  
  dfbb18e74d34b5523fd0084c67dfe0c6e6ef17a759715c97285964d19779531f
- SHA512
  
  3f4ae708f2f6cde2805ae9727aa93cdac6257c1d09f245d2dadd82962acf1131a21cd4b027d3d613930e811a02ecd51e4ff302f3ca371658ee61af409ecc4050
- SSDEEP
  
  384:EJc0mKM6itUeDqjrZvwpfmXscMoutK8yywjWX:ac0mKM6veDqj9vwpfCscMoutK8yycWX
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/pixi-sound.js
- Size
  
  39KB
- MD5
  
  754c3dec4f23bc66e1af7bac1e221f0f
- SHA1
  
  d419973c149b70bcf0180ea5ae48ae779e9652a2
- SHA256
  
  6c7ec69a2db2bb76f330d92c3529b3cd6174e6e124cf79ca3de7d81bb87972a2
- SHA512
  
  73ad1a59e5e9e715272b2f73b2d679866ccecdebc659dc04f59a7ba976ac55198540cd4e7ea79da7902bc6f3ccc54e7b00843f8de1381e9cf608619e7d1a12ae
- SSDEEP
  
  768:ay3X4x5bBAWlPzQoqfrqD1W7PmY8Ims99stwagBV/B4B4l:Yx5tLUYO9stwagBV/B4Bi
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  resources/pixi-sound.js.map
- Size
  
  175KB
- MD5
  
  adc33c51426a0553955bb64f5628eeae
- SHA1
  
  e6545359b49567c2d239419832a9d97ca5d46d2e
- SHA256
  
  4c7710623e59a258ec291c84f97244e4448c13e675836af99213e91e62142107
- SHA512
  
  ed672c8d0d757e4d872aa88969376def69c69cab711681b5ba16f0228249462c309ec46e77fdd1e437cbbcd360444dea4bd69e920a3e11acf3c96fdae0a638ef
- SSDEEP
  
  3072:ihNc8E+cho8rmFYHN5kgBXu2LnhvrFTGza9SNlLX2y:ihS8E+c28rm+HNb+yBrFTGzZN12y
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  resources/pixi.js
- Size
  
  1.7MB
- MD5
  
  b41c0fa0642f9bcb9dfced3f0d12842e
- SHA1
  
  ed5612e909f5199755c0c9c7f1fd3e1a63afc6a6
- SHA256
  
  1d2d92612c975412062ecd5be19ad20f882af806630ecad1eaa46e2b499e3191
- SHA512
  
  fd0ef3c3e0580acdeac9bed94f3a199fd0c1eb7cee0cc19a423cf7055e9483a71bb58d9c2c5a27d7fae03f849a741f33171eb2b1e03298aca69fe31c8a76f024
- SSDEEP
  
  49152:AzMeOzEAxAGZ5gyQQgTGzkswlrFsa1TEe9WycPxL3avuagOFYwChMKIx3MjFBnqJ:S
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  resources/pixi.js.map
- Size
  
  2.9MB
- MD5
  
  40ed0739a90417ec3e67bb2025cdd445
- SHA1
  
  432e18f16c5638eb805d2e1b8a5926b65d33b806
- SHA256
  
  0063f226fa6b35b6b0a78aa5982c65ca029c16a978ca7de20eed355ddd5f06bc
- SHA512
  
  6688cff424cb92a1ced3dc7e592359974d932e3e9b66ea0fabac2f47cfcdf379f0d8415582015eb885a5fd524f39dfd1c95af9084a015a02bfcafd600801d9c9
- SSDEEP
  
  49152:MzEIpzEvdwEXLEa0OIVHzEhq5J423oPxTBjyoQbvQaP2QgS9O9xa0mcSOKKcnjkq:y
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32