4ab756f03eb0b4b9a9440403bafe4bc4f37d418555dc2e40ef451aa87dd5176b

Sharing

Copy URL Twitter E-mail

General

Target

4ab756f03eb0b4b9a9440403bafe4bc4f37d418555dc2e40ef451aa87dd5176b
Size

1.1MB
Sample

240708-sdnaesxbqh
MD5

73e48895042775035f99fc6f50e5c21e
SHA1

8671ba7617c3e492ff2b7bc4c8600284eb061f16
SHA256

4ab756f03eb0b4b9a9440403bafe4bc4f37d418555dc2e40ef451aa87dd5176b
SHA512

0bc06dd004d5058b545149937646f24a932f391229ba4e118487db570500ffca9a2552caaacffba7d938a3335cc85989ddc33abe73f473531031beb7d2af20b8
SSDEEP

24576:pTc2WterC5qDmNowrhS4Cn+OLrqS4knMrbxPqPveNXYamNJqktrRfuGFf:lc4DWVS49wWIMRqnsIamz3RRf5f

Score

10^/10

Malware Config

Targets

- Target
  
  Solyum-defibot/BuyTokens.py
- Size
  
  1KB
- MD5
  
  24c430c9a4adb0d6160c613f4b7cf084
- SHA1
  
  2f597aa7d20f9b22b965ffc233cd08a06925d014
- SHA256
  
  7ca1b917cea7fb9753b3625822b7b59e0c512e4433bfa0e2d1d121da202e79c0
- SHA512
  
  01b57771ad3d491404424ab11aed9e74dd8182ff25c441af5966a8ae0c4b0def53edcd289f9c7c28778bf3d7fabb1f3f10bc35dfbd0b19ce960de6853aa1adc2
Score

3^/10
behavioral1 behavioral2
- Target
  
  Solyum-defibot/Solyum-Defibot.exe
- Size
  
  1.1MB
- MD5
  
  2d07c9c42e4a2f393b4e6137246e1642
- SHA1
  
  63abb368c6887dd18f5e116fe1ee1d618f583de5
- SHA256
  
  3b2d9552c63d3f16ccd2b16e2581bf02035149a52f221ffbaa6a3db26338f997
- SHA512
  
  cfda66e2dc130b13e70d2f3acb9480b13d23893440490db404be23be1c5687e3f540b4abf3066c2ae2114b45a03e8eb1eea92f33fb858135afc551876172c29f
- SSDEEP
  
  24576:VrsoKXlm3qDmGVwfMSjHn+zLrqi6knEM0ePqPvF8ZK2wcJqkgbBMYTuKOQ:gDOESjeXW8EWqna82w+3QTp
Score

10^/10

discovery spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  Solyum-defibot/config.py
- Size
  
  525B
- MD5
  
  be657d24dc3dbc29777efd83ef7ed77e
- SHA1
  
  06a3f942c471f9f606505bedc7f84cb2d74b9111
- SHA256
  
  bb830591290a969839a50a1a109bbc80c3789b6424a322b05f140c86f2693048
- SHA512
  
  7ca5c64276c50bdb8b0ee0ef7e4c759af077123a3254cde03282265c51b1bcd2020053012dd8dd93f3afcd27acd9b9ba4d1dc1555091c76caabf9b9e0fc21936
Score

3^/10
behavioral5 behavioral6
- Target
  
  Solyum-defibot/en-GB/helppane.exe.mui
- Size
  
  9KB
- MD5
  
  929f36ee929bbb04b86112291ea975c5
- SHA1
  
  ab2d970cc4ad52abeeda0b70dcd3792a96c68406
- SHA256
  
  fe2939c16e9bc9f91faf5d61085f9b91301f9eb1392239f032e0bddf4d1bad24
- SHA512
  
  db9c86c29bc30242e5f7810cb883ba43bd6070c81503f81dc3803e8e730530910784faa4ac12b430d3898c39db0c91593c9bc0b923f99a178fc495e3aa022482
- SSDEEP
  
  96:Ukh3Wm2GvqdJxWkQKMWFNXLl8XOfVjzERB2KAJzXkWzEEwF3Bl3gkxGtylPn3PnF:BhmPz9XLbV0ezUW4EG3BMWhUJW/
Score

1^/10
behavioral7
- Target
  
  Solyum-defibot/en-GB/hh.exe.mui
- Size
  
  2KB
- MD5
  
  0729bcf4b7cb80a8e9093514ca5a057f
- SHA1
  
  1a3949be1c45a89e973fe18a2ee9c9df805ad472
- SHA256
  
  21d8210a1b309071096b6ca599a4a7b6ac9ffcc7f1a0395d4129ad4dbeb88d3a
- SHA512
  
  72a402b528f86fd5394aeacfb42af67eb66b1a677883b616cbe704f3bf130f22bd5c2ec94b4c28bc86749147b447dcb381058512beec337a712dd666ae8bd34a
Score

1^/10
behavioral8
- Target
  
  Solyum-defibot/en-GB/twain_32.dll.mui
- Size
  
  6KB
- MD5
  
  5652dfb9a4cbf00e225f7b488d5b2671
- SHA1
  
  6a3bd24b388fdd747d0eccc4e099081b494545d2
- SHA256
  
  c73d4968b14bebda6582b40cd009b9e2410587308b174b5de6a0b7831257cb78
- SHA512
  
  560e79f12be4ea406a8a5e4726e8da4cf852cb9199faed3b91cfdbf6ae04b0ab951012fffae234d8e5b391e91c944f8dc98dd04779bf3ce6b2895f6b91d84a6a
- SSDEEP
  
  96:DOqPatY0y78mXatY0yAwHCtyxilA+XwU1gaDnFT:DOqPmmX79Xh05
Score

1^/10
behavioral9
- Target
  
  Solyum-defibot/en-GB/winhlp32.exe.mui
- Size
  
  3KB
- MD5
  
  23c962f30e895b0f600f4b5f915dda40
- SHA1
  
  a142f9274d8daad1c7e4ae6a563e8e5334189d74
- SHA256
  
  dc9267e13fa700b27d93a29fdc4d4ddcbab8c5cb2bb1209ea1210200d007c8b7
- SHA512
  
  cdee313a6ef9c1b62d334d688e4ae2cf70826c71bb580c1c6bedc92a8b07dafeed05e0df42d99d84d9fe2d3be878f168105e9e4bd175b11a0cd0c0bbaa3ce9d1
Score

1^/10
behavioral10
- Target
  
  Solyum-defibot/en-US/bfsvc.exe.mui
- Size
  
  2KB
- MD5
  
  e62921ddd6c8d1d7f361736590b69e73
- SHA1
  
  675fd1675def0a03051314cd9712395c866cab77
- SHA256
  
  5a4af1d7ed7e9441ed811391c9e58e7d86aea6f03402d9300d34db0cec432a43
- SHA512
  
  4d1aabae4249ee5d2d7135464946ebab734a04a672626d39e319ac0b6d119934014f36375cc76ae0ee1da8f21bc16208a0ea612fddc53016d59af7c19112a9d8
Score

1^/10
behavioral11
- Target
  
  Solyum-defibot/en-US/regedit.exe.mui
- Size
  
  45KB
- MD5
  
  88a2ed43574de136c27f0f41eac68ac5
- SHA1
  
  2a62f25080548e25804c9fc8d56b0240bf41f788
- SHA256
  
  47b0c0ede5085c760e16e197ca01bb769b62763c8376179e1a3652b41457a600
- SHA512
  
  5326c57bba377c567d0a30e1fbcee719e2e2d7f44445ed1bc3baf736afa6b51a502a97aec4036b07456399db7ffa6c945cbd8f89f473d46532fe25a087177fcc
- SSDEEP
  
  384:hOObLCCxCdiMHz+hpyJO4Oq+jfqqm5yeGzLIkeMmvdoJ7/Y8NbzWBLWW5:hTi2iO4Oq+GqmjuEkeFJU6x
Score

1^/10
behavioral12
- Target
  
  Solyum-defibot/exchange_api.py
- Size
  
  1KB
- MD5
  
  67c132b7e925a5cd290e3496d3fbcd9f
- SHA1
  
  92a78d34eae3e7d4e8d2e3bfb46740cd839ad86c
- SHA256
  
  23d9613338e2bf4ce0bbc4b77a87eff33ae709b6f11532496c038218a350c4d0
- SHA512
  
  70736d82a4f48ef816aae80853485f0873fdb2b6c47bb13794bb611b29b57f97983210ce57878634d23d98ecf3fa1ecfe9df4c3bafeb864780cd432e6f9e1d83
Score

3^/10
behavioral13 behavioral14
- Target
  
  Solyum-defibot/sol.py
- Size
  
  1KB
- MD5
  
  ec1552daeedc38ed2c58e1e82b3d7ecc
- SHA1
  
  416321e58853dd0be23339299ab96cf20dd99556
- SHA256
  
  89880d6fb60b7aa260fce68eb994893c6b92e73f1d9f6210708e60a714176d43
- SHA512
  
  237d6f33cb947924bbd20867db9047e506e1546063d35e2db9a6e4965ce92f839ef0e623becd633d98fc6a93afb241a6b5b389526c1cabed52490a965692bef9
Score

3^/10
behavioral15 behavioral16
- Target
  
  Solyum-defibot/strategies.py
- Size
  
  283B
- MD5
  
  5d68eb025ed0f645f90403839c99d686
- SHA1
  
  446c7c65b48a009cf5fb4a24a0e4690698bdbe64
- SHA256
  
  9abba4c23ab69815fc3515753bdbbc979a7b4a6b9fd67b29dfd442b6ec50d781
- SHA512
  
  3b7e0187e812150777223ed1c947bd32b55f0bd05828baae0f7e579775d54416bc352fa8c86e0d367bae05d8bd7439bb8ca2ec63d4173ce3d87d9b18d76743fe
Score

3^/10
behavioral17 behavioral18
- Target
  
  Solyum-defibot/trading_bot.py
- Size
  
  1KB
- MD5
  
  d19cad05b3477aa3f230c4eb3c73e9cc
- SHA1
  
  441a2c15490469d674b63c3b53cfebe8a662ab9a
- SHA256
  
  0a0a389152d63e633694a9a8a707c4bc56347c6a09929d4e0479806fb39ab901
- SHA512
  
  d4b01efb5c8e539af9e678b1bb4dae94440a18a59b039b3d7f3d48100e8f8e5c115c567371ce18e32ea2ee766eee5ba3388de7b9648478a4aec793c503179675
Score

3^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20