Overview

overview

6

Static

static

3

Incognito.zip

windows10-1703-x64

1

Incognito.zip

windows11-21h2-x64

6

Launcher.bat

windows10-1703-x64

6

Launcher.bat

windows11-21h2-x64

6

conf

windows10-1703-x64

1

conf

windows11-21h2-x64

1

lua51.dll

windows10-1703-x64

3

lua51.dll

windows11-21h2-x64

3

luajit.exe

windows10-1703-x64

3

luajit.exe

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Incognito.zip

  • Size

    460KB

  • Sample

    240805-w6gj5ayapb

  • MD5

    0a6757a13623c4d9840b0aca6c243b52

  • SHA1

    35804c36e9bccc5cac2d406d837fcc9e14060ac7

  • SHA256

    11202449315d0f2edb567c5f5e3e4bd403ae0985574344ea8ddf474c1b1fb440

  • SHA512

    0110dfb0886dcb22b0cc9243f36a1ce60929d00712e31e3eb0e268f9c89d42549ad974377fae8ca0c1919c8b33c1277bdbfe7fb34154f26a5ee0cb7dd9b21e3a

  • SSDEEP

    12288:LANUGCFJT0fU0Yz3jBL75xwc4XscIFl4zA6fzvBLrkwRC:LAmFJcKjRdxwr81FlQxfDxrk7

Score
6/10
discovery

Malware Config

Targets

    • Target

      Incognito.zip

    • Size

      460KB

    • MD5

      0a6757a13623c4d9840b0aca6c243b52

    • SHA1

      35804c36e9bccc5cac2d406d837fcc9e14060ac7

    • SHA256

      11202449315d0f2edb567c5f5e3e4bd403ae0985574344ea8ddf474c1b1fb440

    • SHA512

      0110dfb0886dcb22b0cc9243f36a1ce60929d00712e31e3eb0e268f9c89d42549ad974377fae8ca0c1919c8b33c1277bdbfe7fb34154f26a5ee0cb7dd9b21e3a

    • SSDEEP

      12288:LANUGCFJT0fU0Yz3jBL75xwc4XscIFl4zA6fzvBLrkwRC:LAmFJcKjRdxwr81FlQxfDxrk7

    Score
    6/10
    discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      Launcher.bat

    • Size

      724B

    • MD5

      9edcc8710e562b5daeed73acaa17e2fd

    • SHA1

      a3d7d0a26c3a058ff0b3a25c64d43397f1823d95

    • SHA256

      f1ed443faa01092320e04e0231327bd59c6df7344ad0f46ca4885d28aa2afd60

    • SHA512

      312fec45d3897ecc67285694a73d4fc7ef044b6f3aa1e6a9d5a8cee0b1b70204396b43fe014a4680c539427c070f199ff91f151fbdc2ae8e0d97f1b3fca3cb4a

    Score
    6/10
    discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      conf

    • Size

      156KB

    • MD5

      bdec530c93a6d9dea9fb4ea147f1f44c

    • SHA1

      c027d59a30392fcc0be410cb921352360bb08f7b

    • SHA256

      4464be92e1a9c00e808fe6913afe721743e3e5f7693edb944499e3700ea6a308

    • SHA512

      4042aeb8391a61b20f3c9d7581a098e333265583f00f80b70d56a0344c37a60d8c32bd0b9816d499ab27a0aa406e7a3ed3a4a7f87189d8c030de6dc4bfdc773c

    • SSDEEP

      3072:p43rMpuwyY7tqkLl+UW22qluZwtGXYUfacYY63/KeBGI4Co:pirMpuwyY5qigqQatmYUfv63/sOo

    Score
    1/10
    behavioral5behavioral6

    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      luajit.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    3/10
    discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks