Overview
overview
10Static
static
3maple.rar
windows7-x64
3maple.rar
windows10-2004-x64
3maple/Maple.exe
windows7-x64
7maple/Maple.exe
windows10-2004-x64
10main.pyc
windows7-x64
3main.pyc
windows10-2004-x64
3maple/asse...ge.png
windows7-x64
3maple/asse...ge.png
windows10-2004-x64
3maple/asse...g.json
windows7-x64
3maple/asse...g.json
windows10-2004-x64
3maple/crack.dll
windows7-x64
9maple/crack.dll
windows10-2004-x64
9maple/loader.exe
windows7-x64
7maple/loader.exe
windows10-2004-x64
10General
-
Target
maple.rar
-
Size
83.6MB
-
Sample
240717-j92y1swamh
-
MD5
5496bbda0f232739693181b75449651d
-
SHA1
6ead70b12fbe4531997c3ea926c7b063d3774993
-
SHA256
45a32a4a46e916adfb5017ef80f07b7410f04879cd75193fedce951ba1751ced
-
SHA512
e11145b8b3ffcfc43cde8b8f002c5607275ab80bd502126ceee4b616915b1f887a33536b9d1a6ffea82b37e696a23acaa829b7cf58b16d81b1e9236c8a750d72
-
SSDEEP
1572864:juAoNPdn4+nKVQDd75zrPu5IdW6fZoNTLjqCJNekAKSO4OTLgpjK8SAsUja3J8/d:iFznKurPohjqCakQvWgpeThUu3JAtZ
Behavioral task
behavioral1
Sample
maple.rar
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
maple.rar
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
maple/Maple.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
maple/Maple.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
main.pyc
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
main.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
maple/assets/avatars/image.png
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
maple/assets/avatars/image.png
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
maple/assets/config.json
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
maple/assets/config.json
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
maple/crack.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
maple/crack.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
maple/loader.exe
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
maple/loader.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
gurcu
https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendDocument?chat_id=-1002245526003&caption=%F0%9F%93%82%20-%20Browser%20data%0A%E2%94%9C%E2%94%80%E2%94%80%20%F0%9F%93%82%20-%20cookies(0%20kb
https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendMessage?chat_id=-1002245526003
https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/getUpdates?offset=-
https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendDocument?chat_id=-1002245526003&caption=%F0%9F%93%B8Screenshot%20take
Targets
-
-
Target
maple.rar
-
Size
83.6MB
-
MD5
5496bbda0f232739693181b75449651d
-
SHA1
6ead70b12fbe4531997c3ea926c7b063d3774993
-
SHA256
45a32a4a46e916adfb5017ef80f07b7410f04879cd75193fedce951ba1751ced
-
SHA512
e11145b8b3ffcfc43cde8b8f002c5607275ab80bd502126ceee4b616915b1f887a33536b9d1a6ffea82b37e696a23acaa829b7cf58b16d81b1e9236c8a750d72
-
SSDEEP
1572864:juAoNPdn4+nKVQDd75zrPu5IdW6fZoNTLjqCJNekAKSO4OTLgpjK8SAsUja3J8/d:iFznKurPohjqCakQvWgpeThUu3JAtZ
Score3/10 -
-
-
Target
maple/Maple.exe
-
Size
74.8MB
-
MD5
87dbbc1ff26b8f7e5cbe56b8f7d4d406
-
SHA1
c731816d542d527c25b0ce6269a573b8eb486e9b
-
SHA256
f7821841c7f10c253f9e34f91e38cea853244afc0103561647598c707ff26742
-
SHA512
2196b39219865c2efd75fa678b0e4723951a2a2f48094c410ddcff4b9ef59e35cb946788487130085f77826868abfe3e7c35cbb80389c3e4d59adedce860086c
-
SSDEEP
1572864:Aps9Fnab4+6DQSc6JUCSi0HTq1/3LmSGnxnkqbHbcT7IMpeQW/0FKAGCYK:wzx6cSgC0HMVGnDbHbc5peu9GCYK
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Contacts a large (1176) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
main.pyc
-
Size
437B
-
MD5
e3a83cc96bc468e8ed5e99b61ab1b08c
-
SHA1
fc094fba9141e8ace98cce0309e1472b2471b631
-
SHA256
893f6af6a7c380817dd8a1e5f63e72225b82c9775dc8ca40a449ed86c0427932
-
SHA512
6d629486b39cef47bd2ce9b79ff792eebee83e4bdcbb30a756aabcbce75473a732ce2f3e89f0d200a4f9dc98765ce07538a9737cd428b2b372a6d36f4e78630d
Score3/10 -
-
-
Target
maple/assets/avatars/image.png
-
Size
9KB
-
MD5
5f7eb1034bafd175dc02891dd4053fbb
-
SHA1
fa825c4e990621bc21d58d09277643f5eca96f88
-
SHA256
f2eebedf2d777ac44b09f761a61b51b3411d1bc3687a6801ccaec45eaaa689bb
-
SHA512
107f27bc7685473f63eb4e674973cf97a65a3212f4114def849c71eb59e2f13f51c61312b57e490f5565075a74184ace4f6a3c26a1e6c8095803509fe1c4034e
-
SSDEEP
192:ISWi29akgO8zkHdkDcdFVKSkAjtKbO2EaGKkMP4ui6IkULA/:Pr248VHdxFSAjEO2EaNg6Ikd/
Score3/10 -
-
-
Target
maple/assets/config.json
-
Size
149B
-
MD5
ee9db446b33f463ca8f558873c6fff7e
-
SHA1
d40efe04626a430d9c9c1b8db90dbd1110d8e2f8
-
SHA256
09962830609b0d1d5b286ad3e178245cfc152caa278d660b5b0a3dc21559547e
-
SHA512
7babaeb3edf9a7fcb9da804c5c1c53ce8abfeb91f83774a60bd538ca3c0bb4afb29f0afeb4ebb00bb51575a8c8d7011900367b92643925a1e585f2e73fba86d8
Score3/10 -
-
-
Target
maple/crack.dll
-
Size
5.0MB
-
MD5
b5b1b26e855eda6268b9a2008e0fce86
-
SHA1
d7925f7de5835e3564b187d8654bb9305ea945fb
-
SHA256
06dec4f9857f7b9a43157756606546d04a0f34c87681c7db9aab9125a43b33a7
-
SHA512
14ad2e93ed5876dd246ce6f32674e994b4f35a5acbb1ac46388bebc682a70ce4eca974fda102c273c71dae3c9bc7b69f965fd636cb2d5c579de9cd23e8b35799
-
SSDEEP
98304:j+YCYfXbb8DckgAEhxWiHF/5DoNZ2qkFVwz7583lfdmjLdGGf:jP8QDDRF/eNsqgiZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
maple/loader.exe
-
Size
5.3MB
-
MD5
e630d72436e3dc1be7763de7f75b7adf
-
SHA1
40e07b22ab8b69e6827f90e20aeac35757899a23
-
SHA256
59818142f41895d3cadf7bee0124b392af3473060f00b9548daa3a224223993e
-
SHA512
82f0be15e2736447fae7d9a313a8a81a2c6e6ca617539ff8bf3fa0d2fe93d96e68afea6964e96e9dd671ba4090ddbc8a759c9b68f10e24a7fb847fe2c9825a83
-
SSDEEP
98304:MY5XZjNqBeNp4iSgPKpQ9CKhqkaIWvO9SYCxBKXyaxVdb+tSVGHyYDMMl7qg7:MYpMeNp4irCmWISnTz2VtIVDMg7n7
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Contacts a large (1195) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
2Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1