General

  • Target

    MechvibesPlusPlus.Setup.2.3.1.exe

  • Size

    60.5MB

  • Sample

    240721-p62fza1gnd

  • MD5

    3fd78c313de61c78bbcc6bd157f0def6

  • SHA1

    1a6e48bca9763dc39225c6a5c4b864fb6b89e44e

  • SHA256

    b4ca27ed5abdbded7bc47d28b35925bbf0a31e17689e959b6e74cff96a2ca670

  • SHA512

    9bf57188b435c0498892b2bb9101b28f041f572b58e2f21d1a80a022c6e1554997e8ac05fbab620c96dd0d50b2bd91db657a8cbba95d0107b386292e2882d7c2

  • SSDEEP

    786432:wWt+2Xr4NAE3rjFgUIOhIenFkS9LQL7Z0/uNlY7UOBrTpmOBqDJbSUYJVsmbk+Fz:wIb4n3FNhF+NlMUORT0OBqbSzltm+M3q

Malware Config

Targets

    • Target

      MechvibesPlusPlus.Setup.2.3.1.exe

    • Size

      60.5MB

    • MD5

      3fd78c313de61c78bbcc6bd157f0def6

    • SHA1

      1a6e48bca9763dc39225c6a5c4b864fb6b89e44e

    • SHA256

      b4ca27ed5abdbded7bc47d28b35925bbf0a31e17689e959b6e74cff96a2ca670

    • SHA512

      9bf57188b435c0498892b2bb9101b28f041f572b58e2f21d1a80a022c6e1554997e8ac05fbab620c96dd0d50b2bd91db657a8cbba95d0107b386292e2882d7c2

    • SSDEEP

      786432:wWt+2Xr4NAE3rjFgUIOhIenFkS9LQL7Z0/uNlY7UOBrTpmOBqDJbSUYJVsmbk+Fz:wIb4n3FNhF+NlMUORT0OBqbSzltm+M3q

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      75ed96254fbf894e42058062b4b4f0d1

    • SHA1

      996503f1383b49021eb3427bc28d13b5bbd11977

    • SHA256

      a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

    • SHA512

      58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

    • SSDEEP

      192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      MechvibesPlusPlus.exe

    • Size

      95.3MB

    • MD5

      31ac13a3f6a69bb1db4c06daa7f0236f

    • SHA1

      cebb4ad7d2c54b42f2895e17af6ce13cd05504bc

    • SHA256

      6cf0a9f1347096e3f025600f57eaf77ee65723e7ec689ab8c9ce34af0fc9a2da

    • SHA512

      c7086dc75cfbf1f27c6ebe4faaba44b4a4e122616b7e9ae6125edc9349b2bf7eb3b2ad12f59e1e232d8fac4d7b5b9a2084784fdf7cfbca9ce153d9a9f748b427

    • SSDEEP

      1572864:luGxHtZysTFRtQKPAlQeoIXqrZglK2pJ:EdmlZ+K

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      natives_blob.bin

    • Size

      81KB

    • MD5

      f8ac49858ca8739658ff44c296f8aba6

    • SHA1

      427b4da3bd619d85381c36d61daf2ce392e07909

    • SHA256

      354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317

    • SHA512

      52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313

    • SSDEEP

      1536:+bz4Oif2sMnL8gDpKD0rrr/4or06mGsY3csV3/EBSee0fHVvJ4TGD3zT+2/ei7gP:+bz4Oif2sMHEBSx0fHVvOT6jTVeikwVK

    Score
    3/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/build.js

    • Size

      3KB

    • MD5

      9ea78b067ebadd8c8677da14ae782d9b

    • SHA1

      fe94bbf7f3a59f2bcb46524ee91d44339af5f0ce

    • SHA256

      a48159229aa653155c01a773ca64120699fd1675466003d0a6929d8ae95be77d

    • SHA512

      ce3934dfb2ee3105210e7086aee97e570f75276558e0551fa8a79b5263cb9db4d07b29b5f6e38538f7c80c821b33c67c2e37b665eba18b146f2e2b3ee45a6a5b

    Score
    3/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node

    • Size

      88KB

    • MD5

      68389741ade0312d0eb345900230339f

    • SHA1

      c47f47cd5c47267b86dafbcdbc13c5f39ca36fb5

    • SHA256

      490ae1fa4377258b6f159a863c98da006098bfdcb22c142769a5df6c77597cae

    • SHA512

      798bd0b8d190b8b637a2386127c0b30d4bddbd9dccdefcd261951137c1e85794362d40cf5c40034d0632fe6e3b8ef1d1a17dbc8e8a7f2860377c19a518e375d5

    • SSDEEP

      1536:tp2Nk0OQVbCeCEQhM5lfm5u+x8LaFS8KaxKWy:tp2Nk0OQIeC3M5A82FS8Lx/y

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/iohook.node

    • Size

      38KB

    • MD5

      7d3309184c3fe31421ecf440b8f22bdc

    • SHA1

      1cadaba47a7ad6cc6a48d666c71dd06125278a1d

    • SHA256

      bcaba6a47a20d7f7e270a3106b7aa5b0452677b9bbb2c8658ff2ef5467f7ba5f

    • SHA512

      1032800dc7755aba8a20da4f9cbad6cd4fe43fd970c0bca4857e4b4d9b1ecc1435a6c6cabccb7d2e78cab3bebd3737e068166ef05de7548fdcfb1fcdeafdda4c

    • SSDEEP

      768:+GcjpGnFTOMATZerDvyjbuApiD4RsWYTL1XGO6DOQXZxDB:NcjpGFTOzJbuAMD4RToLQvZpB

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/uiohook.dll

    • Size

      29KB

    • MD5

      23bc8e664d518e9ae62d2071ed109a37

    • SHA1

      247382dd6ee33146526b176cf31d0e4457771f3e

    • SHA256

      55f23fa8941eda217857158c7430b0ed18cad0db2f9d73cd70cd9cd7a8594520

    • SHA512

      dca29e89c59721be236a140e31b8c2597e748d70637cefccf0a6b17083ba791259d94e1f400d579f9f2d462d589eec2caa9067d09821a385c49b39e6777060d1

    • SSDEEP

      384:GuJUTodSQCYR5U9ukNYMD4PV1aDH7JC1iXCoRQgMnqwlQ4YTMCw:GwUMZCYk2dPzat8iXCH7OL

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node

    • Size

      88KB

    • MD5

      10a8b3e7c4bdc0113cba7f221f14b764

    • SHA1

      c0d264ab699e7c2e5247b3256139dccb88606282

    • SHA256

      07ea8c9eb84199df173646302fb6bf94c6bc9b7b6f73337a2b436602a6288c87

    • SHA512

      aa02a19cbf77ece634bed14a47330b30d583733053426a68eb750e38b3b95c5f388d0e17491357ecd1b76da75612fd48f872f76daab9e88b110d69e9582dd4df

    • SSDEEP

      1536:R8z0FkgHQHUzAhKh7Pi8PBE8IxAKajKgQ:az0FkgHQ0zvh76sy8IxALjlQ

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/iohook.node

    • Size

      36KB

    • MD5

      ec78ce962fc4672ba77b1ad1395365e3

    • SHA1

      c76b5b024cd9607763ec5c92191c19abcb409937

    • SHA256

      dfeeb05b98a526bc268df1b0080fba7a57a79f97cfa270e90c40ddb9cf3631ef

    • SHA512

      602a03ca01cf5515d0cc707477a5b66f25a08460acef5188a7bdeb073b376191f9ed689cf8f609755e65cbf7b14dbd764cb07bfc39bbe30ee58ff7ef78598487

    • SSDEEP

      768:ktdsIErBwre7kB/xJlq8U6ipeAq4KnOXCWvffzRZKG6BeHXyc:ktdsIE1wC7KZJlqzlQAq4KnOi+y

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/uiohook.dll

    • Size

      29KB

    • MD5

      2707825c2eb326c02505e73bed7145fc

    • SHA1

      0f88a54520335844ae1ecd4e5728984ec67c48af

    • SHA256

      e19eed495d1157d66cfb31d8b3b27a0eff342e6f609b9c56c914ea034615285d

    • SHA512

      0b39b701862f2e640a87f52f7a5bb1ca272fc031e38f3946faa44080c59b413f01acb92149084de3a769a0bf39b8942b6835eca55194ecbf312e238a5eb0a0e4

    • SSDEEP

      384:G6JUTodSQCYR5U9ukNYMD4PV1aDH7JC1iXCoRQgMnqwNQ4YTMCw:GMUMZCYk2dPzat8iXCH3OL

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh

    • Size

      382B

    • MD5

      17ce128289a3d19b931e6cd436bfdb14

    • SHA1

      581d5a68cfa8ec97caf34b15d4e411ff08a20f56

    • SHA256

      7b230bef0652681969d8dba281d5e3b750fdd822087e5dbd78b4030b5e1174ae

    • SHA512

      0b8e4d5a029bbc54433e106de14baceb0f874eb28e6ea939ece7eeb1cedb54cd0b5c08e8babe508bd25516ca8b032dff386b83192c93ba3db7127096c5905b00

    Score
    4/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/docs/.vuepress/config.js

    • Size

      554B

    • MD5

      ab33ff1b4da12354f3a08e3cb56ec3bf

    • SHA1

      97a77df1c3c1aff75f8de8985a7512ce9c9dce3b

    • SHA256

      e96f8f268cf98859131f3c0bee3a9ebb4da7fb4037a1220a7c36b3927a9300a0

    • SHA512

      6143710ddff51f876c75f4f84cbc200beca6516a836e09f268c6f668c5d298dc84ec967d5319853b60abd28eeab194c4c2db7e8a4ac2aff15e2d14c2a804f15c

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
7/10

behavioral12

Score
7/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
4/10

behavioral28

antivm
Score
4/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10