a5f647be9200c9cd82fd0bdd8b86fa6a8ed958fbc7e1651ea7e921c282a17f1f

Sharing

Copy URL

Twitter E-mail

General

Target

Obsidian-1.6.7.exe
Size

235.7MB
Sample

240723-x33tmawfne
MD5

10c9af896fed767968d8cb2a4c746d61
SHA1

b3024d7d6af4bf5342fcc1f51a41a5f9861f8c44
SHA256

a5f647be9200c9cd82fd0bdd8b86fa6a8ed958fbc7e1651ea7e921c282a17f1f
SHA512

4b759fb874759b7843ef034630f3396c889bbffd624d31206f8083d64973d88932dd7b48d67ccdbd9147ae5b0102dc55cca92385be5fb050548f80a37ff668ae
SSDEEP

6291456:SC4P708jjjYRCJyC4Pc0L2Muzez4tL9qu39qKfC4Poo0D6Zu5W3OmWR:N4AqQRCJt4RFuu4ZLZq4aG34

Score

6^/10

discovery execution

Malware Config

Targets

- Target
  
  Obsidian-1.6.7.exe
- Size
  
  235.7MB
- MD5
  
  10c9af896fed767968d8cb2a4c746d61
- SHA1
  
  b3024d7d6af4bf5342fcc1f51a41a5f9861f8c44
- SHA256
  
  a5f647be9200c9cd82fd0bdd8b86fa6a8ed958fbc7e1651ea7e921c282a17f1f
- SHA512
  
  4b759fb874759b7843ef034630f3396c889bbffd624d31206f8083d64973d88932dd7b48d67ccdbd9147ae5b0102dc55cca92385be5fb050548f80a37ff668ae
- SSDEEP
  
  6291456:SC4P708jjjYRCJyC4Pc0L2Muzez4tL9qu39qKfC4Poo0D6Zu5W3OmWR:N4AqQRCJt4RFuu4ZLZq4aG34
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  resources/app.asar
- Size
  
  1.1MB
- MD5
  
  ae88a8d64e1895255602ac0ea99db927
- SHA1
  
  dcbb38f9b916df806b334b283a01573106584093
- SHA256
  
  9f1c7548f6f93ac18d7bb3a786695ed01fd68da5284e21e5c60075a147c80a0f
- SHA512
  
  444da752b3acd2f875158b25ada8889833ed4db7a7b399f8853bc1cb7ffb13af571314d3c8c441bf09074685eb6627586d9503eb546aafddaf85c2968d31c811
- SSDEEP
  
  24576:r9Ho8mhRN/QNpDNsmHr7N11YZmJEQ6dOJnwFfG67UzI/6438tqB9Q3eOPahWdRHU:r9Ho8mhRN/QNpDNvHr7N11YZmJEQ6dOS
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  resources/app.asar.unpacked/node_modules/btime/binding.node
- Size
  
  93KB
- MD5
  
  92518e9486898caadab20f578866eeab
- SHA1
  
  0c590b8b83cb243077798fd8bee36cab1d31735e
- SHA256
  
  86ea41a05a9aa5b54857944546aa812a728bdf8bb45875ff8f367fe9a4862c2f
- SHA512
  
  46df97783522b800161d7ef32e89f270f8bf4ea9e3008bb457c6e7279ff7eec4c389adba10b984d1a38b183990c8aabf9b712c42b4b7753b2d92c5f3761fcc86
- SSDEEP
  
  1536:CaUwZMhP8dcaF6PWY9+fmtTiiFaE1cLAJuKBCtXZGsWVcdBOy9PqQd5:lUJ8dpF6P904iiFaAuKBWX9BOy9PqQd5
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  resources/app.asar.unpacked/node_modules/get-fonts/binding.node
- Size
  
  99KB
- MD5
  
  2e126e5d659ad37958cc1b667404dc2d
- SHA1
  
  4ada8d8bc3d66d78bbbce0d9a35e48127b1fa4e4
- SHA256
  
  7035ae018021e11fcfbbb9c78eee0028368501cc4e0f5a092586d6b47e3d8405
- SHA512
  
  5cf2c83a059c8aec23a2dd91167aa5cd2d53428e52e3ece470c54321698d9aa74aeca7f8d74570eddf0483dd811946c47575c17836ca5bea33038dd78b37d2d3
- SSDEEP
  
  3072:ltYi/MAtrSWZKJ/uaxbIdAnyllAnPhlZ:liinoWZo/uaxeWPhlZ
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  vk_swiftshader.dll
- Size
  
  4.5MB
- MD5
  
  446d5a73e94eb63354962f4b47bac3e0
- SHA1
  
  03545bad9ad5cee5c5343573a7bdfd09df33b1d6
- SHA256
  
  c1dd9b019c4fc4b687621e9697f311d573c2e0fad05681d9dea92208357c0564
- SHA512
  
  554035ff365c6acbfc9c0286a1c6b18061008ce078b0160852c2a942e00fe39309e5594fabae3228e176048b44f175fbe8218949ddb25a3bcc20b2a648dc8ac8
- SSDEEP
  
  98304:TKC4zb7tmZgiuLPOq28XOQnvaoNWs9JWIUH/:TENPOejnvaoNWsa
Score

3^/10

discovery
behavioral17
- Target
  
  vulkan-1.dll
- Size
  
  837KB
- MD5
  
  d4dd691d7962992156fcf9af59c601d7
- SHA1
  
  aea697e93767ff69e0764111f4c39c183c3b7416
- SHA256
  
  ec8018288db78b8d2749c670669bda01158cf128df43558a890c2d565908cc51
- SHA512
  
  08bd5ec0cadd375a349318b6bac90752daadef288ced3913328746b019ad6b7d6373df6ce363a69c24a7af566a2c7cb8560f57fba4c8b7ce456304f31176f743
- SSDEEP
  
  24576:171Qa4cB5VMA/rel7/6Z5W1DYsHq6g3P0zAk7R4ZEcO:1maRVMA/E6Z5W1DYsHq6g3P0zAk7RIM
Score

3^/10

discovery
behavioral18
- Target
  
  LICENSES.chromium.html
- Size
  
  9.8MB
- MD5
  
  0ff177fbf2a3873dd573077840e0b8f5
- SHA1
  
  03d06bc7cd894399a5fc6600a0210f6e3226f92a
- SHA256
  
  c4771c9158e31855293ee565db76c9b2c52f84c8a37eda4700cfb149a17fd7eb
- SHA512
  
  3264becd3103c905ab7f9cc034320885f18cbecaa45f582a4a9567ca4bcd620d64dc59fb03532964e775c35f07928a4497f5529cf1b9dc18379e4e9cff02ff8a
- SSDEEP
  
  24576:K+QQM6Ms6x5d1n+wRhXe1BmfL6k6T6W6b6f6V6GeGj/3BIpx:LUzeGdY
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Obsidian.exe
- Size
  
  168.6MB
- MD5
  
  6b3e671d285ce41b4cffce8801e33823
- SHA1
  
  1b498e965ef09e49432c247d2797de6530991a19
- SHA256
  
  2156f15d12da8cc292fe0cc1884f32410fa187fede67beb6102cfcdc6442fbe2
- SHA512
  
  55826ccafe3c762f14b87c3e35b24f209f13acef7c3012c6ccdd99da0ca8fdbacd863ad5e59eb58dfffd1a7f861569275905257792b89170be726cd02ce87b91
- SSDEEP
  
  1572864:+lQpYev78Sb44qXDyALwp/bOrCDvQSTDlsySb65hutPJEfZMq38H6m/02km5p+Wr:8eHpSGDqMnyiL0Kc
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  ba11365527f99b6f87695bedfd0669b9
- SHA1
  
  ac4a855a1cbcac5791ca557d32814eb095771b29
- SHA256
  
  6393c206e93fe57a3888cc794108ff8bac825ad8f1baada48ec02ca474ddcb8a
- SHA512
  
  97e82c93f054a2b40612a2d719791485156a69a6bbc2d4c24d498ddda559886f29bac1bd5be5f7d55e5892501c601eba7903f5189576a93f564cd862e3043414
- SSDEEP
  
  49152:TCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRNZ:KG2QCwmHjnog/pzHAo/Ay
Score

1^/10
behavioral22
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  55ce3dbee30681dcc0c831c69a1df138
- SHA1
  
  cfbca094beaab8306c07940b9c15d019405996e6
- SHA256
  
  0eb65055867ba5413d61490017df4e68e5d5ce70a7b97c35a17f62d86b6df08d
- SHA512
  
  ef29dbaa780a3eb9aee2399009e2a8ace55fe1b680d61fe7253c24e11a7373408f792a7c20457459b228fdc7e217be953fb543df105f537e7c156996922057ed
- SSDEEP
  
  49152:1C8lp7/1UNZrhOP9YJQHUOWwGen6yfW0OfShPdb5xV:ihOVYJiUOWwQaPBV
Score

1^/10
behavioral23
- Target
  
  libEGL.dll
- Size
  
  491KB
- MD5
  
  41a94c707a10b0b3e7856ce85c15da43
- SHA1
  
  8aac38bb57f26b88b09c8f8a9a945c4db26becc8
- SHA256
  
  9e46e85474f2fea425b11e23a1d7432a94060589f15d36eda1b859c7448d0dfa
- SHA512
  
  978b78abc86a53bdee5035450203893af3df09b912dd55d0363892f2930e10cb5a2c32619a4516d028de67a31441c3146cb149c2fb40ffdc23a1913e921df5f5
- SSDEEP
  
  6144:qmfOX/zRR8yWTDLMoqbAIbqkpXy0/KQPJjIJAGyYhY:3czRSyWTDY6IlpXy0/3hOHyu
Score

1^/10
behavioral24
- Target
  
  libGLESv2.dll
- Size
  
  7.6MB
- MD5
  
  e3f0ad50d545a27ce052cb5b7863a05c
- SHA1
  
  9c3445aaba37c871143a227854292599001840ca
- SHA256
  
  7a580bb001748527a3c5d15fe229019d58a00d22aacdb6a674db0ebcd0e0131c
- SHA512
  
  0ac5b62a7fee6fee8e95fd117e72da1216106a57dc4666bd803a4a9d304cbff39d6be0bc8cbdd94d46e596d1f07cbcc99519d35bac13d74e896a4aaac8e95f28
- SSDEEP
  
  98304:olaVNd6hP9OPvwfWm6sGnoDgCXm3o7KXWR:TClGwpvGngCuKO
Score

1^/10
behavioral25
- Target
  
  resources/app.asar
- Size
  
  1.1MB
- MD5
  
  26097e720dd807a5f20d5b27fcd706c0
- SHA1
  
  369d23f64e586e9670507b87ca42459a0955e9db
- SHA256
  
  4e6cab84d7d1ff5f63e6cb8fe742e99a8522cf4ee0d3e6c22495fb49928d2ad0
- SHA512
  
  b5ef1b6b01dcf7ee51b2da07e6a44b0345282f93df8f2fb8db192f913dbd630147389a9c25ec3305cb59e4449e799ed900193aff1d3d7d01de1637d39c16dc6b
- SSDEEP
  
  24576:/9Ho8mhRN/QNpDNsmHr7N11YZmJEQ6dOJnwFfG67UzI/6438tqB9QbeOPahWdRHL:/9Ho8mhRN/QNpDNvHr7N11YZmJEQ6dOp
Score

3^/10

execution
behavioral26 behavioral27
- Target
  
  resources/app.asar.unpacked/node_modules/btime/binding.node
- Size
  
  118KB
- MD5
  
  e9adc55381174562a26b0212966c7969
- SHA1
  
  3119dd90d115dcba46010abc0281f90bf7568400
- SHA256
  
  98087173112cf7e08fa742d4b9a07ace1f3305480384f67e000d7df086ba2f7d
- SHA512
  
  2fbef59d96bc60404dc4063f1e5f313e236b7d65f97d61a3061ca3bab7669736b8139367ef9a16e54d723bcef33d294a867124cedc6df8921936cc805d43cd31
- SSDEEP
  
  1536:guNqtRgWgxuKXjCeESPmvceBTHLAVW84/JRsW/d09dlARhtwAB7T:5NVWgbXueESveBHLAV2/vMywAB7
Score

1^/10
behavioral28 behavioral29
- Target
  
  resources/app.asar.unpacked/node_modules/get-fonts/binding.node
- Size
  
  125KB
- MD5
  
  671f821115e0499d4ebed86c83c100ed
- SHA1
  
  f268e65c5db56d67dd764ca4793e6fa39f7ea585
- SHA256
  
  a63da776e0a10bfee9109ee03ff3fe3b14fa82b4166de48857243a1ea7991890
- SHA512
  
  d2f95820bf3f8252486ed8b4d2b6ba0f1cb89a9c97dd9d3267f2f2039940ff066c5b4614d7a404ae43347eea0d5523bd3b258ad24157ec62e4780db43418a20b
- SSDEEP
  
  1536:/7fuD1g0RHZIvUq+caOuFFhK5ySskeOTwyvJcEOeJgJsW9d09dlsH+PvKi:/7f8RHlq+caOSa5ylQTwyvJCeeMKe6i
Score

1^/10
behavioral30 behavioral31
- Target
  
  vk_swiftshader.dll
- Size
  
  5.1MB
- MD5
  
  d96100628e1061d3fc99301012b49f44
- SHA1
  
  fd820523f89eca5540fe9334d814c3e306ad97b9
- SHA256
  
  c4636e1c13dc5f037806d7fd80e8e076e3aa14f1b58be51412cf266f35add848
- SHA512
  
  f1aefb6a58fb9b57ea292567811a485d3f05e88d14284b76f7864e94bc07deb076296a645ee6ceeec1f930012ff78800c31db11e9a38390af58234a181f470ee
- SSDEEP
  
  49152:9oaTaX1+4J7dN1uB/t4ABL5V1v+3+mFcpZBqtpM5KZwFlox0ikAiJb1XQGBliYD9:jeX1+qULMSx17nb24Z
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Network Share Discovery

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32