General

  • Target

    Release.zip

  • Size

    9.1MB

  • Sample

    240806-r4d9rs1hqn

  • MD5

    39f94b3934c37e20ad404840281d10ce

  • SHA1

    537841ac93567cd0a4ac2494197341208df76442

  • SHA256

    7643f989a6b22411ac72a4c17ae5ddee007440bd794d1d3be416bb5b45b53f9b

  • SHA512

    a63726c804a3772d49c2111fb18130762c9db6b3bedd8c07a064c1d33a2e0a2ca76e55351102993abe8d9d6758c217ed0eb8af4526ab86fa8ad0c8b93ad1a296

  • SSDEEP

    196608:Jy/QEcnNVmUhiF5sBio1UOQi9dq9ogl8fR60r:n1M5sb6ekSglMR60r

Score
6/10

Malware Config

Targets

    • Target

      BetterFolderBrowser.dll

    • Size

      12KB

    • MD5

      fff67e7d52b58a11d456a1d5cd2ba294

    • SHA1

      6dea84a0a060c39c93b1e3f404270c039d3dbfdd

    • SHA256

      5334c9c4eb567a89e4644df868d7fb6e242a3ea422b2ce9283843970ec756372

    • SHA512

      fc8cc5fbc624559e03e70c48bd4e6e4595b1784fdf2c258b33ddb3410bdd93dcf26f3b5db4e4d0d8f133e8df93fe95ab93a703efa92a0a4133f57f48ebd6ea74

    • SSDEEP

      192:2ZPVABalnP/VYkWdcHIp3RgzK/RGLHdnKuWGIBC0p++kVX805N9:2ABk1W4Ip3ez4RoF2+bR805N9

    Score
    1/10
    • Target

      CeleryApp.exe

    • Size

      8.8MB

    • MD5

      74c366b46a85acac6c83e9671e64dda7

    • SHA1

      dc9a7b4cc7511b701401aa86e0106d3495e3a0fe

    • SHA256

      6a25cc6c05e54ca56e8b51d2b2bd8b9a17a96ecb1d1f6d4442d36378dc809ed1

    • SHA512

      e0df64a74c3c9e1c36f5957d346d961cc92741b1803e05d41454dde4371a0e9420f9e79163bed9fe2d8b588b9da6f2faaa08003ca50be37a6425a8320acd15cb

    • SSDEEP

      98304:wEgLIRfyC7egWJ3iJzdjf4fwraOWcD9XdMPABIw/t6KHDicVwzUs7:wEguhegD4fJOWs9XNBZ16M2cuU

    Score
    1/10
    • Target

      CeleryIn.bin

    • Size

      44KB

    • MD5

      2682352886b9de7763dd637ff940ef97

    • SHA1

      6df1516ed9f1084bd0e7b217996353afa3babb98

    • SHA256

      eab4356a735f604b31f493f2c9f0f98448ebc2671825e348145609fed6e927e4

    • SHA512

      0799a9d1126b444992638bb16e62726d7d49753d74845114f0076fb5d1e7159c83d0f7e62a1a80a9b034a59529ef73b0fd7acfdccc754cc9c3cfd1984ae4ec3c

    • SSDEEP

      384:rVdzew6q0MEe7Tc8cZO1D9WDPAULcRUSoTYVJa51xoVMmA2QdwB5bh1r:5YiXFcZkRcZJTYVJanUNA2jj

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      CeleryInject.exe

    • Size

      5.0MB

    • MD5

      a219324612da6da115423f2118ed7d60

    • SHA1

      e25653239651637604e1b6e65fdd719aee2917ec

    • SHA256

      b3f9cdae756e9cf1f5b8a823648395ed68d82c6a62d606fd0c6eb9a0be10d51f

    • SHA512

      9958ca39f43c7754e6a5586e5cb1a40963a4ec9db898051c327198c31708beb067944d1581355f2bb04e69de62e69de8a6a708213d60d571f74c112b3d489187

    • SSDEEP

      49152:HBAPhbBL8IjBDC0J0S27DGjyclWb53PppOPxjfsRdn6dnndn+dnT0Uf:HnIRZJ

    Score
    1/10
    • Target

      Costura.dll

    • Size

      4KB

    • MD5

      501981c7fc457d59238eb99780efb615

    • SHA1

      f1f25c01f6acf33bdd62c4f82d3ef078e76f0906

    • SHA256

      41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3

    • SHA512

      5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8

    • SSDEEP

      48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2

    Score
    1/10
    • Target

      Dragablz.dll

    • Size

      233KB

    • MD5

      5a9583a7bed76b2e94091f9b74716f68

    • SHA1

      60552dc4ed629b32a7c0e7b31406a21829bdc38e

    • SHA256

      6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338

    • SHA512

      8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5

    • SSDEEP

      6144:fTuK/5J3BPYcKHJv8ahfgfkMMafGfCfDf2fE:fKKhP+Dhfgf7fGfCfDf2f

    Score
    1/10
    • Target

      MaterialDesignColors.dll

    • Size

      295KB

    • MD5

      d2207fccbdd6caa91c43776559ce401f

    • SHA1

      4f78f282a238b21ad1f995f154d624865d08a38a

    • SHA256

      1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0

    • SHA512

      d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e

    • SSDEEP

      1536:1r1In+fq1fDfDemxD0EsXpGX0EOAyzU7fKoVxbzQXT:B1WB1PerAjOAL7fKoVxb2T

    Score
    1/10
    • Target

      MaterialDesignExtensions.dll

    • Size

      349KB

    • MD5

      6da7ae89f1eac96f143dc5200031d8b8

    • SHA1

      d9dc3936bc9a288a727cb2295c3d05899adcc9c8

    • SHA256

      c5b93560fa74b9a05959aae5116da59495d36782d2e17e45f0efcc06ad36ed6a

    • SHA512

      3929f7092a5acb5ae3333e7e0a9ac2a403b78c8c8ad35a17ece25e6688a61a0f7e4b701691b02ad2941c6e15d2262c6f8ae76413af93dc92aa422e1738147e94

    • SSDEEP

      6144:OM2EyV6zxDNFOzaFkpXeRk7ecDfE0MHOZB0zSvo1UvEGK262:nGVcxHOzxpuRk7emfE0MHOZB0zSvo1UJ

    Score
    1/10
    • Target

      Microsoft.Web.WebView2.Core.dll

    • Size

      445KB

    • MD5

      c4b4a5f4f28d47239eb4e37cb3cc8046

    • SHA1

      ed86941cf065f91758d536d8e13cc2542cc38922

    • SHA256

      c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1

    • SHA512

      440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645

    • SSDEEP

      12288:EB7Md7DkbrB3kPo+iKvRFNLe1+imQ9pRFZNIEJdIElxPrEIvLcglxMwCepM1STUH:EeFP7

    Score
    1/10
    • Target

      Microsoft.Web.WebView2.WinForms.dll

    • Size

      37KB

    • MD5

      e6f424ee6036ee7d58283780b705be8c

    • SHA1

      c17fc397711fb2e0c400007620c76e70c956dd9c

    • SHA256

      c9eeff2dd13109f41447a92763d31aaa07369c58a570c18bbb851824a77da98a

    • SHA512

      1d255265115a4a2238a21e3ade35101babcbf9d5de58521365666b9564681119c4b7f20ed6a6c16fb6120ab19106fa40f25421da938b7fee7b8a5e7758f2c22f

    • SSDEEP

      768:ejIHFTA42CL9tcZDgcEST3p4Jjrjh2jJFSgyauYv1JKia5/Zi/WGQKVu6bL7RSOX:AIS3C5tcZDgcEST3p4JjrjaJFSgyau0H

    Score
    1/10
    • Target

      Microsoft.Web.WebView2.Wpf.dll

    • Size

      43KB

    • MD5

      0241e0a42b292e0c9b585470c613ec78

    • SHA1

      74e4ab7e37bff177a394617923baddfcf087c0e1

    • SHA256

      15bcd610a80632ef59d911a8447b11127cdeafbf147c844f1b740735efdf338a

    • SHA512

      bd083301c6f93a1852c76686797919787f439c65ea11d430701257fa4d3791a4eff892b6ceea1c534d832bfbc0b0ecca3f671e3a9c50f34089f919e3756882f0

    • SSDEEP

      768:k2TI5VoCjJ4Jd7U2zkQ+Z8cDP/ryEH0yBy4JjrD1h2jVh3URGvkz7FKKa5/Bi/xm:VE5tjJ4Y2zf+Z8cDP/ryEH0yBy4JjrDC

    Score
    1/10
    • Target

      Microsoft.Xaml.Behaviors.dll

    • Size

      141KB

    • MD5

      ec5a1abee150abe698689211b07cd1ec

    • SHA1

      affc3cb47da8fe76986d271cdc3e7ea345cc04e5

    • SHA256

      b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54

    • SHA512

      a2b55b4ffc3f11546ed8d3457e98b986c089e25229bd687da35d45d63e4860722e8b13826d3a3daa1be843cf3a4ae3da4cf9b6fdcb5d1a4948648537e683789f

    • SSDEEP

      3072:UAyazS96IT0O6gAf+LwCMe1u051dXcr9/soMEs5r/j9:tyhYIT0O65cwCMyE

    Score
    1/10
    • Target

      System.Diagnostics.DiagnosticSource.dll

    • Size

      34KB

    • MD5

      8d9df432109f1cfdd86723b5f171e3d7

    • SHA1

      85dc92edd4b0049ed9049e075c4def8a3d64e43b

    • SHA256

      d22133818a30313e0becf010d78a556a56b34ea361dbd33588c9817631fed540

    • SHA512

      5c83303934eecfa61c43a071d29c98e5804d37a5dc7f7b035772d6a168b0c5e65dfabef20b46214e65493c4bda44831cafee83615498fbe9e718c884f4650edf

    • SSDEEP

      384:iQobG82oiaPaf/gn5LQ0+0zdQUv2CtyW8fiFISWbW9pWJbWivT1Nq0GftpBjAvnC:nA299fI5dxzL2CC11vimvnEBBNFT

    Score
    1/10
    • Target

      bin/Monaco/index.html

    • Size

      13KB

    • MD5

      8132342ce4b039603cbb3b1a32ab859b

    • SHA1

      66c46050a6e5b08758c00455ae26a6c66e94ce4c

    • SHA256

      3818906ed429acd27aabad7ec8771893d60658ea31b8d0c92418b96de8ee94e6

    • SHA512

      44d93118187e703af1fc1627de7e97c39072e666c9086b1b4c00a7eadce1913c84dc97e8f80e2b514154ef66b23baddbfd71a2faa250735ddf4d2bc12709cef4

    • SSDEEP

      192:oL3bXRggAbYm/9mv2Oxr09VpDwFgBsK7u24FzTkcmc/VT+9taAc4dReigXN:2RggAbYmbD9V9wFgBs+SFN

    Score
    3/10
    • Target

      bin/Monaco/vs/base/worker/workerMain.js

    • Size

      174KB

    • MD5

      9ce9e46b6d66d8b2dbcabba577cad2ed

    • SHA1

      397b0e9e7b2bee37a8444e84bb9788a0bdcb023e

    • SHA256

      19b566655d73370a820a7d6fffe7af03dba3af4997016c0983be5bd188603ec2

    • SHA512

      f322ea669fa81397066edef062721ae3dd515b3d61c4ad7bef0db0eb3a53f056da298fd4f761bd3e5d613e6f5803a7c35ed056085ac3b97e06c7bfd47fffad49

    • SSDEEP

      1536:mi5eQeCEwCP1m9JXKmA1xKzyOQJf9X2K7eM9bWXsUK5QSkSoIMQwr+ZjtQYyeTMO:mHTdkKmA1yyOQJl2K7ns6dZ/RVaNzY

    Score
    3/10
    • Target

      bin/Monaco/vs/basic-languages/lua/autocompletes.js

    • Size

      2KB

    • MD5

      eb6fde8de905af68c855a2506c8a8204

    • SHA1

      32b172578f398151be79f78bdeb15eeff4a83020

    • SHA256

      1fbe4337327ef99c9caba74678cfff28652606fd667dbca34f12e809738010d9

    • SHA512

      6e95ecdfbabf20c2e717006ea00fa92d79e577cf262460cef7f3db7bb4fa87585bed99b6a1bd1d865c5e5184044b0244aa0823580c9444b1f2ff013057f54235

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

discovery
Score
6/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10