722944284358b6e0b07d91524f7defd19b8cae3246c4e812147575432baf2afc

Sharing

Copy URL

Twitter E-mail

General

Target

Krampus.rar
Size

5.8MB
Sample

240807-sdsj5stbmf
MD5

5233ef4feae855b4716111f6e1f2347e
SHA1

a220baf15d0122821164aaf431601394473da632
SHA256

722944284358b6e0b07d91524f7defd19b8cae3246c4e812147575432baf2afc
SHA512

76a6faab525a72bb013ff46339cc4bb7154c799bce99379d40b03d77b10b0a6b16426c400e127414a2893aedfcdf7cb41284072b24f956d3f73aabd5b25e5dae
SSDEEP

98304:QA/B7+WfLbxoJ0V2FHGrOxczxsEdOa+ZfxOkTL9YcZCbyQ0EuDfLBfawUCy+:QA/ZffRS08mByeObJLv4yQ0PjBBDy+

Score

7^/10

Malware Config

Targets

- Target
  
  Krampus.rar
- Size
  
  5.8MB
- MD5
  
  5233ef4feae855b4716111f6e1f2347e
- SHA1
  
  a220baf15d0122821164aaf431601394473da632
- SHA256
  
  722944284358b6e0b07d91524f7defd19b8cae3246c4e812147575432baf2afc
- SHA512
  
  76a6faab525a72bb013ff46339cc4bb7154c799bce99379d40b03d77b10b0a6b16426c400e127414a2893aedfcdf7cb41284072b24f956d3f73aabd5b25e5dae
- SSDEEP
  
  98304:QA/B7+WfLbxoJ0V2FHGrOxczxsEdOa+ZfxOkTL9YcZCbyQ0EuDfLBfawUCy+:QA/ZffRS08mByeObJLv4yQ0PjBBDy+
Score

3^/10
behavioral1 behavioral2
- Target
  
  krampus.exe
- Size
  
  5.6MB
- MD5
  
  e3f7cfc15aecea1f817fd9e1c91b2b33
- SHA1
  
  4427bc42173e964762c4f003628502ec601d45c0
- SHA256
  
  64706688105210a3c3d265aceb11475e38bc1f35ffcd72a8d38bacc0806653eb
- SHA512
  
  ed233e15a3d3947feb95c388355d7a8b05a06b2c74997b80dba331facf991f57ae252976a2465bec74c13075d06fa5cdc1930ee8e87da830e6bd1821f8eb2733
- SSDEEP
  
  98304:R4UGDPt5D8brm4+Bo4M4du9I0y1ZKnnyZhK9iYRiBSqXGijc/Elh:R4/PD8m4IAOsI0fyiwS/iYsh
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  libcurl.dll
- Size
  
  557KB
- MD5
  
  bc4f7edf27ec19d796c2b9720a0d0711
- SHA1
  
  b7e49d641660d18c0977401e8b83cafa7475b2e9
- SHA256
  
  fd1facd293ffb60699ec797b8ff3553d3165f83d8e4f14ebbcfe3f3af87cb3cb
- SHA512
  
  e5deb07db01ee273a96e6684ab04bf425fedb0933f3f7db2eecfa3ae9e678fc1402bc1e7dc19fe0cb87f240af39f69d52f7003e84d809fd475d672f02a2a6d50
- SSDEEP
  
  12288:E/4zHAn7aOe5hR+e+VTXtz3m5+LIbaaDMhg2/FOhGteRl:TzAn7aZB+BBz38aaDMhg2/FOhGy
Score

1^/10
behavioral5 behavioral6
- Target
  
  scripts/Infinite yield.lua
- Size
  
  632KB
- MD5
  
  317fec7c823a6ba4ad613220b587a0e8
- SHA1
  
  3884e8a9a9122e7912c76c919f20c1b9d274f505
- SHA256
  
  5573cc6f439511c5ec73b0c88af87bce49cac37475aa32da5b75b931f632a3dc
- SHA512
  
  d5adc2137051ab321197d0a2261ab991f5bf16e0271485c64b66679d863efb58191fe269fc40aa39feefd380b28d33168a6910b7ec40dedd2974e6d1d2db0bad
- SSDEEP
  
  12288:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOCBkVgfgLcbVgBe28Vk9Gm1OvClEjmD1Szi:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOC0
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  scripts/autosaved.lua
- Size
  
  352B
- MD5
  
  e906943cedc44e56ecf91b457b0b0755
- SHA1
  
  a02973b507ac830e67398cc139aec40ff3ffb36f
- SHA256
  
  1dc93276797a5b17678afc3b8d7b7d748bba2a7fc10455ca40cec200e3a0daec
- SHA512
  
  97333725d482108001863642bcd6567a1cb711373ddc24f19cf14047e2fe5bf74f8c57e5aeb400295a8dde5f3387e8fd6dd34ce2205183193ecd1463bdf5a085
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  scripts/betascript.lua
- Size
  
  352B
- MD5
  
  e906943cedc44e56ecf91b457b0b0755
- SHA1
  
  a02973b507ac830e67398cc139aec40ff3ffb36f
- SHA256
  
  1dc93276797a5b17678afc3b8d7b7d748bba2a7fc10455ca40cec200e3a0daec
- SHA512
  
  97333725d482108001863642bcd6567a1cb711373ddc24f19cf14047e2fe5bf74f8c57e5aeb400295a8dde5f3387e8fd6dd34ce2205183193ecd1463bdf5a085
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  scripts/dark dex.txt
- Size
  
  645KB
- MD5
  
  3b197580bc3f733104cefb809baefedb
- SHA1
  
  6ab37d242167c1462be7df91cd3d6234f5e52d6d
- SHA256
  
  1dfba38f54830a63fe32c5f0c993bdaea6216716644cdd20fa6965566c30b44e
- SHA512
  
  1c383faaf26e90561eb0e69cfb9e87b4bff4f738d24ccdcb6ef984bd9b073ab0c333a41cc7bcc9ebecf67e92694388cb664956da66214e7ad77d3ef329267791
- SSDEEP
  
  6144:Avs1iT4p2ilg+ilbGXjI0QVpEkIQDEnE1TcO6qGqnGBsILk3RlZwLtv4/QM03XIo:Ks1iT4p2ilgOtv4YMRM
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  workspace/.tests/appendfile.txt
- Size
  
  5B
- MD5
  
  5bd32867974e965ea9367a4804572aac
- SHA1
  
  15e7abaa6f9886dfa139ed1c381882ce95b3c75a
- SHA256
  
  9076524bf5f0c8044a54a681be6089b006f6471933d5f552d28ff47d9adf6af5
- SHA512
  
  ea605af2aa32b6d6031414079927187cfc6fb465e4c8bf0d0d2f3f33870581154c54851267ba5a9c184be691d2d5197906e122ec56ec2b4ecdd1cf02b40da76e
Score

1^/10
behavioral15 behavioral16
- Target
  
  workspace/.tests/delfile.txt
- Size
  
  13B
- MD5
  
  6cd3556deb0da54bca060b4c39479839
- SHA1
  
  943a702d06f34599aee1f8da8ef9f7296031d699
- SHA256
  
  315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
- SHA512
  
  c1527cd893c124773d811911970c8fe6e857d6df5dc9226bd8a160614c0cd963a4ddea2b94bb7d36021ef9d865d5cea294a82dd49a0bb269f51f6e7a57f79421
Score

1^/10
behavioral17 behavioral18
- Target
  
  workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral19 behavioral20
- Target
  
  workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral21 behavioral22
- Target
  
  workspace/.tests/readfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral23 behavioral24
- Target
  
  workspace/.tests/writefile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral25 behavioral26
- Target
  
  workspace/4483381587.rbxlx
- Size
  
  123KB
- MD5
  
  cf2569d11765a4b9f80950fad360b059
- SHA1
  
  3f880661d1997218f99dc83bbea98b2a6fd550ff
- SHA256
  
  96533399c8c8a60a6b083cc4310175009b2c51193d93e2e78563526cc00369e4
- SHA512
  
  280ce7e125498309cbc6dae546ce61f9a40745108779987e20c795c47eaea7deab37e73b9345854462d3c8ae3edf0e5fe9904fecec2028f68ad0024e9dfe6e97
- SSDEEP
  
  192:fIdAHP9VLMP838hQy4ioBU4mW7Kc+KcJKBmW7Kc+KcJK5mW7Kc+KcJKfmW7Kc+Kv:wdAHPfLMPauQyQBU+s0
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  workspace/4483381587.txt
- Size
  
  84B
- MD5
  
  03ca8a512c715def65332cb5bf18073d
- SHA1
  
  4e97155327d65f8c22b702fa541e50a960e6ad30
- SHA256
  
  a6fce8e857e3003af2f32b7e159fc85f93a49b74fdaf305c5752d2bf4546cd75
- SHA512
  
  54d2141080aeae8d7e00d6b46376dfb4dd82f32d077188379abc8ba5953bde7031105033bf212d5df872d9c978cb6d0dbc4b973e01d5d8941dd67367fb63d060
Score

1^/10
behavioral29 behavioral30
- Target
  
  workspace/5972698540.rbxlx
- Size
  
  9.4MB
- MD5
  
  02202c7b8652c63a685f1c95354f6dc6
- SHA1
  
  bc1ad1ba92ed8db4996f49d6608fbffc6815fd18
- SHA256
  
  881badb8cfb346b25575c5ddf7ba6f2195a2947ebedf9e2450abefe10b94d253
- SHA512
  
  e7fb58a1d8e78df7879b8eb667360f9978ea2c8537f47afb7ad38877ba214fa88c6d75040db2c04eb2379d82fb46977d431e4bade149f629b339ac4ce13351b7
- SSDEEP
  
  196608:hhjDn+cccccccccqqqqqoqccqqqqqqv5Du7ccccccLLccccLLcccccLLccccc77g:0
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32