Overview
overview
7Static
static
3MechvibesP....1.exe
windows7-x64
7MechvibesP....1.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3MechvibesPlusPlus.exe
windows7-x64
7MechvibesPlusPlus.exe
windows10-2004-x64
7natives_blob.js
windows7-x64
3natives_blob.js
windows10-2004-x64
3resources/...ild.js
windows7-x64
3resources/...ild.js
windows10-2004-x64
3resources/...k.node
ubuntu-22.04-amd64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...k.node
ubuntu-20.04-amd64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...ocs.sh
ubuntu-18.04-amd64
4resources/...ocs.sh
debian-9-armhf
4resources/...ocs.sh
debian-9-mips
1resources/...ocs.sh
debian-9-mipsel
1resources/...fig.js
windows7-x64
3resources/...fig.js
windows10-2004-x64
3General
-
Target
MechvibesPlusPlus.Setup.2.3.1.exe
-
Size
60.5MB
-
Sample
240721-p62fza1gnd
-
MD5
3fd78c313de61c78bbcc6bd157f0def6
-
SHA1
1a6e48bca9763dc39225c6a5c4b864fb6b89e44e
-
SHA256
b4ca27ed5abdbded7bc47d28b35925bbf0a31e17689e959b6e74cff96a2ca670
-
SHA512
9bf57188b435c0498892b2bb9101b28f041f572b58e2f21d1a80a022c6e1554997e8ac05fbab620c96dd0d50b2bd91db657a8cbba95d0107b386292e2882d7c2
-
SSDEEP
786432:wWt+2Xr4NAE3rjFgUIOhIenFkS9LQL7Z0/uNlY7UOBrTpmOBqDJbSUYJVsmbk+Fz:wIb4n3FNhF+NlMUORT0OBqbSzltm+M3q
Static task
static1
Behavioral task
behavioral1
Sample
MechvibesPlusPlus.Setup.2.3.1.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
MechvibesPlusPlus.Setup.2.3.1.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
MechvibesPlusPlus.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
MechvibesPlusPlus.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
natives_blob.js
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
natives_blob.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
resources/app.asar.unpacked/node_modules/iohook/build.js
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
resources/app.asar.unpacked/node_modules/iohook/build.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/iohook.dll
Resource
win7-20240705-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/iohook.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/uiohook.dll
Resource
win7-20240704-en
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/uiohook.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/iohook.dll
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/iohook.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/uiohook.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/uiohook.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral28
Sample
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral29
Sample
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral30
Sample
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral31
Sample
resources/app.asar.unpacked/node_modules/iohook/docs/.vuepress/config.js
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
resources/app.asar.unpacked/node_modules/iohook/docs/.vuepress/config.js
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
MechvibesPlusPlus.Setup.2.3.1.exe
-
Size
60.5MB
-
MD5
3fd78c313de61c78bbcc6bd157f0def6
-
SHA1
1a6e48bca9763dc39225c6a5c4b864fb6b89e44e
-
SHA256
b4ca27ed5abdbded7bc47d28b35925bbf0a31e17689e959b6e74cff96a2ca670
-
SHA512
9bf57188b435c0498892b2bb9101b28f041f572b58e2f21d1a80a022c6e1554997e8ac05fbab620c96dd0d50b2bd91db657a8cbba95d0107b386292e2882d7c2
-
SSDEEP
786432:wWt+2Xr4NAE3rjFgUIOhIenFkS9LQL7Z0/uNlY7UOBrTpmOBqDJbSUYJVsmbk+Fz:wIb4n3FNhF+NlMUORT0OBqbSzltm+M3q
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
75ed96254fbf894e42058062b4b4f0d1
-
SHA1
996503f1383b49021eb3427bc28d13b5bbd11977
-
SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
-
SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
-
SSDEEP
192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
14KB
-
MD5
adb29e6b186daa765dc750128649b63d
-
SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9
-
SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
-
SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
SSDEEP
192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
MechvibesPlusPlus.exe
-
Size
95.3MB
-
MD5
31ac13a3f6a69bb1db4c06daa7f0236f
-
SHA1
cebb4ad7d2c54b42f2895e17af6ce13cd05504bc
-
SHA256
6cf0a9f1347096e3f025600f57eaf77ee65723e7ec689ab8c9ce34af0fc9a2da
-
SHA512
c7086dc75cfbf1f27c6ebe4faaba44b4a4e122616b7e9ae6125edc9349b2bf7eb3b2ad12f59e1e232d8fac4d7b5b9a2084784fdf7cfbca9ce153d9a9f748b427
-
SSDEEP
1572864:luGxHtZysTFRtQKPAlQeoIXqrZglK2pJ:EdmlZ+K
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
natives_blob.bin
-
Size
81KB
-
MD5
f8ac49858ca8739658ff44c296f8aba6
-
SHA1
427b4da3bd619d85381c36d61daf2ce392e07909
-
SHA256
354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317
-
SHA512
52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313
-
SSDEEP
1536:+bz4Oif2sMnL8gDpKD0rrr/4or06mGsY3csV3/EBSee0fHVvJ4TGD3zT+2/ei7gP:+bz4Oif2sMHEBSx0fHVvOT6jTVeikwVK
Score3/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/build.js
-
Size
3KB
-
MD5
9ea78b067ebadd8c8677da14ae782d9b
-
SHA1
fe94bbf7f3a59f2bcb46524ee91d44339af5f0ce
-
SHA256
a48159229aa653155c01a773ca64120699fd1675466003d0a6929d8ae95be77d
-
SHA512
ce3934dfb2ee3105210e7086aee97e570f75276558e0551fa8a79b5263cb9db4d07b29b5f6e38538f7c80c821b33c67c2e37b665eba18b146f2e2b3ee45a6a5b
Score3/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node
-
Size
88KB
-
MD5
68389741ade0312d0eb345900230339f
-
SHA1
c47f47cd5c47267b86dafbcdbc13c5f39ca36fb5
-
SHA256
490ae1fa4377258b6f159a863c98da006098bfdcb22c142769a5df6c77597cae
-
SHA512
798bd0b8d190b8b637a2386127c0b30d4bddbd9dccdefcd261951137c1e85794362d40cf5c40034d0632fe6e3b8ef1d1a17dbc8e8a7f2860377c19a518e375d5
-
SSDEEP
1536:tp2Nk0OQVbCeCEQhM5lfm5u+x8LaFS8KaxKWy:tp2Nk0OQIeC3M5A82FS8Lx/y
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/iohook.node
-
Size
38KB
-
MD5
7d3309184c3fe31421ecf440b8f22bdc
-
SHA1
1cadaba47a7ad6cc6a48d666c71dd06125278a1d
-
SHA256
bcaba6a47a20d7f7e270a3106b7aa5b0452677b9bbb2c8658ff2ef5467f7ba5f
-
SHA512
1032800dc7755aba8a20da4f9cbad6cd4fe43fd970c0bca4857e4b4d9b1ecc1435a6c6cabccb7d2e78cab3bebd3737e068166ef05de7548fdcfb1fcdeafdda4c
-
SSDEEP
768:+GcjpGnFTOMATZerDvyjbuApiD4RsWYTL1XGO6DOQXZxDB:NcjpGFTOzJbuAMD4RToLQvZpB
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-win32-x64/build/Release/uiohook.dll
-
Size
29KB
-
MD5
23bc8e664d518e9ae62d2071ed109a37
-
SHA1
247382dd6ee33146526b176cf31d0e4457771f3e
-
SHA256
55f23fa8941eda217857158c7430b0ed18cad0db2f9d73cd70cd9cd7a8594520
-
SHA512
dca29e89c59721be236a140e31b8c2597e748d70637cefccf0a6b17083ba791259d94e1f400d579f9f2d462d589eec2caa9067d09821a385c49b39e6777060d1
-
SSDEEP
384:GuJUTodSQCYR5U9ukNYMD4PV1aDH7JC1iXCoRQgMnqwlQ4YTMCw:GwUMZCYk2dPzat8iXCH7OL
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node
-
Size
88KB
-
MD5
10a8b3e7c4bdc0113cba7f221f14b764
-
SHA1
c0d264ab699e7c2e5247b3256139dccb88606282
-
SHA256
07ea8c9eb84199df173646302fb6bf94c6bc9b7b6f73337a2b436602a6288c87
-
SHA512
aa02a19cbf77ece634bed14a47330b30d583733053426a68eb750e38b3b95c5f388d0e17491357ecd1b76da75612fd48f872f76daab9e88b110d69e9582dd4df
-
SSDEEP
1536:R8z0FkgHQHUzAhKh7Pi8PBE8IxAKajKgQ:az0FkgHQ0zvh76sy8IxALjlQ
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/iohook.node
-
Size
36KB
-
MD5
ec78ce962fc4672ba77b1ad1395365e3
-
SHA1
c76b5b024cd9607763ec5c92191c19abcb409937
-
SHA256
dfeeb05b98a526bc268df1b0080fba7a57a79f97cfa270e90c40ddb9cf3631ef
-
SHA512
602a03ca01cf5515d0cc707477a5b66f25a08460acef5188a7bdeb073b376191f9ed689cf8f609755e65cbf7b14dbd764cb07bfc39bbe30ee58ff7ef78598487
-
SSDEEP
768:ktdsIErBwre7kB/xJlq8U6ipeAq4KnOXCWvffzRZKG6BeHXyc:ktdsIE1wC7KZJlqzlQAq4KnOi+y
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-win32-x64/build/Release/uiohook.dll
-
Size
29KB
-
MD5
2707825c2eb326c02505e73bed7145fc
-
SHA1
0f88a54520335844ae1ecd4e5728984ec67c48af
-
SHA256
e19eed495d1157d66cfb31d8b3b27a0eff342e6f609b9c56c914ea034615285d
-
SHA512
0b39b701862f2e640a87f52f7a5bb1ca272fc031e38f3946faa44080c59b413f01acb92149084de3a769a0bf39b8942b6835eca55194ecbf312e238a5eb0a0e4
-
SSDEEP
384:G6JUTodSQCYR5U9ukNYMD4PV1aDH7JC1iXCoRQgMnqwNQ4YTMCw:GMUMZCYk2dPzat8iXCH3OL
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
-
Size
382B
-
MD5
17ce128289a3d19b931e6cd436bfdb14
-
SHA1
581d5a68cfa8ec97caf34b15d4e411ff08a20f56
-
SHA256
7b230bef0652681969d8dba281d5e3b750fdd822087e5dbd78b4030b5e1174ae
-
SHA512
0b8e4d5a029bbc54433e106de14baceb0f874eb28e6ea939ece7eeb1cedb54cd0b5c08e8babe508bd25516ca8b032dff386b83192c93ba3db7127096c5905b00
Score4/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/iohook/docs/.vuepress/config.js
-
Size
554B
-
MD5
ab33ff1b4da12354f3a08e3cb56ec3bf
-
SHA1
97a77df1c3c1aff75f8de8985a7512ce9c9dce3b
-
SHA256
e96f8f268cf98859131f3c0bee3a9ebb4da7fb4037a1220a7c36b3927a9300a0
-
SHA512
6143710ddff51f876c75f4f84cbc200beca6516a836e09f268c6f668c5d298dc84ec967d5319853b60abd28eeab194c4c2db7e8a4ac2aff15e2d14c2a804f15c
Score3/10 -