Overview
overview
10Static
static
10Cxdyz/Flexer.exe
windows7-x64
1Cxdyz/Flexer.exe
windows10-2004-x64
1Cxdyz/Flexer.exe
windows7-x64
1Cxdyz/Flexer.exe
windows10-2004-x64
7Cxdyz/Flex...pet.js
windows7-x64
3Cxdyz/Flex...pet.js
windows10-2004-x64
3Cxdyz/Guna.UI2.dll
windows7-x64
1Cxdyz/Guna.UI2.dll
windows10-2004-x64
1Cxdyz/Micr...re.dll
windows7-x64
1Cxdyz/Micr...re.dll
windows10-2004-x64
1Cxdyz/Micr...ms.dll
windows7-x64
1Cxdyz/Micr...ms.dll
windows10-2004-x64
1Cxdyz/Micr...pf.dll
windows7-x64
1Cxdyz/Micr...pf.dll
windows10-2004-x64
1Cxdyz/Mona...sample
ubuntu-18.04-amd64
1Cxdyz/Mona...sample
debian-9-armhf
1Cxdyz/Mona...sample
debian-9-mips
1Cxdyz/Mona...sample
debian-9-mipsel
1Cxdyz/Mona...sample
ubuntu-18.04-amd64
3Cxdyz/Mona...sample
debian-9-armhf
3Cxdyz/Mona...sample
debian-9-mips
3Cxdyz/Mona...sample
debian-9-mipsel
3Cxdyz/Mona...sample
ubuntu-18.04-amd64
1Cxdyz/Mona...sample
debian-9-armhf
1Cxdyz/Mona...sample
debian-9-mips
1Cxdyz/Mona...sample
debian-9-mipsel
1Cxdyz/Mona...sample
ubuntu-18.04-amd64
1Cxdyz/Mona...sample
debian-9-armhf
1Cxdyz/Mona...sample
debian-9-mips
1Cxdyz/Mona...sample
debian-9-mipsel
1Cxdyz/Mona...sample
ubuntu-18.04-amd64
1Cxdyz/Mona...sample
debian-9-armhf
1General
-
Target
Cxdyz.rar
-
Size
49.4MB
-
Sample
240808-pjlr1axbke
-
MD5
088d234249d5d06d664147c5f6af7e6d
-
SHA1
e5063390e93e539cb4245d6e6134cf897c03f939
-
SHA256
7e8e1b0b4ce282e22661de58d25566dbb93667614e5feb10d462b7dfed2ef9db
-
SHA512
83050f0923904b108b75274d0dac2f649db539970b8a7900b4322036340412f5a0fde37eb580a006dc9b590c5427f758312ec442a396da31e772d5bb03042673
-
SSDEEP
1572864:VI75bzmoo4AEGAVtUBZqB5YBFJPiBjiMqR:VI753mNzAVt5B5CbPojw
Behavioral task
behavioral1
Sample
Cxdyz/Flexer.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Cxdyz/Flexer.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Cxdyz/Flexer.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Cxdyz/Flexer.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Cxdyz/Flexer.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Cxdyz/Flexer.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Cxdyz/Guna.UI2.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Cxdyz/Guna.UI2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Cxdyz/Microsoft.Web.WebView2.Core.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
Cxdyz/Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Cxdyz/Microsoft.Web.WebView2.WinForms.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
Cxdyz/Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Cxdyz/Microsoft.Web.WebView2.Wpf.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
Cxdyz/Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Cxdyz/Monaco/.git/hooks/applypatch-msg.sample
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
Cxdyz/Monaco/.git/hooks/applypatch-msg.sample
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral17
Sample
Cxdyz/Monaco/.git/hooks/applypatch-msg.sample
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral18
Sample
Cxdyz/Monaco/.git/hooks/applypatch-msg.sample
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral19
Sample
Cxdyz/Monaco/.git/hooks/commit-msg.sample
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral20
Sample
Cxdyz/Monaco/.git/hooks/commit-msg.sample
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral21
Sample
Cxdyz/Monaco/.git/hooks/commit-msg.sample
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral22
Sample
Cxdyz/Monaco/.git/hooks/commit-msg.sample
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral23
Sample
Cxdyz/Monaco/.git/hooks/fsmonitor-watchman.sample
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral24
Sample
Cxdyz/Monaco/.git/hooks/fsmonitor-watchman.sample
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral25
Sample
Cxdyz/Monaco/.git/hooks/fsmonitor-watchman.sample
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral26
Sample
Cxdyz/Monaco/.git/hooks/fsmonitor-watchman.sample
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral27
Sample
Cxdyz/Monaco/.git/hooks/post-update.sample
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral28
Sample
Cxdyz/Monaco/.git/hooks/post-update.sample
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral29
Sample
Cxdyz/Monaco/.git/hooks/post-update.sample
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral30
Sample
Cxdyz/Monaco/.git/hooks/post-update.sample
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral31
Sample
Cxdyz/Monaco/.git/hooks/pre-applypatch.sample
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral32
Sample
Cxdyz/Monaco/.git/hooks/pre-applypatch.sample
Resource
debian9-armhf-20240611-en
Malware Config
Targets
-
-
Target
Cxdyz/Flexer.dll
-
Size
331KB
-
MD5
6a0e13b24da1aaaa245bca6bbd7ab8a5
-
SHA1
5b3e5151d93afaf3aa2c7c662646b7ddb21696e5
-
SHA256
4800934f54a511a3e446aabda11315369c045ef80b82bb7550e9822cb2f8d50d
-
SHA512
7bbbaf3b3e6c4a50d3b4813f143febe3c4d48b881a7947ce4307fb73997f81e5107fcce73ee0cbb59f49035b78ff0f7b350bb89325c8bcd9363b393bdf2d680d
-
SSDEEP
6144:UAAbpw+JSN6nGQ7BU0wrlEVhY4AAkGcBaA7WCwmuoNCYH7UFfowKW+H2Fz:TADJSN6r7BUVBEVhVAAkGcUA7WVV0CqF
Score1/10 -
-
-
Target
Cxdyz/Flexer.exe
-
Size
143KB
-
MD5
d0b566a81cc36166344998426d351695
-
SHA1
79d9be955801bb25ffafc3a216a80cde82de1519
-
SHA256
b2a9cad37ba737f306f2523f8d46866705ff038e437cb342eb2255c1f9329a89
-
SHA512
5df8e27cff7e6716b49899c0d55d1962243b008b6cee775559198c318e2797f8c159d4469d03e9b2b552ad4d4f4d59903426383fba30ca436280bc19b002a4f6
-
SSDEEP
3072:HAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJs8lWxj:HAi4pxpRkyHRZa0Gl278IVNc+cWx
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Cxdyz/Flexer.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
-
Size
2KB
-
MD5
f5c93c471485f4b9ab45260518c30267
-
SHA1
ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
-
SHA256
9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
-
SHA512
e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score3/10 -
-
-
Target
Cxdyz/Guna.UI2.dll
-
Size
2.1MB
-
MD5
b429ae86c5be521bc8ca3b164cec3acb
-
SHA1
387560073ff5a1f2191abc6f75fc34532bbb6dd2
-
SHA256
3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579
-
SHA512
eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1
-
SSDEEP
24576:DgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nFwHQL:DA+NOpXm1mnj0cP+DkhMAiawnFV
Score1/10 -
-
-
Target
Cxdyz/Microsoft.Web.WebView2.Core.dll
-
Size
557KB
-
MD5
b037ca44fd19b8eedb6d5b9de3e48469
-
SHA1
1f328389c62cf673b3de97e1869c139d2543494e
-
SHA256
11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
-
SHA512
fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
-
SSDEEP
12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score1/10 -
-
-
Target
Cxdyz/Microsoft.Web.WebView2.WinForms.dll
-
Size
37KB
-
MD5
8153423918c8cbf54b44acec01f1d6c2
-
SHA1
f0c3c5412b809725e6d4809230adb15cc7d83ad2
-
SHA256
5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
-
SHA512
f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
-
SSDEEP
768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score1/10 -
-
-
Target
Cxdyz/Microsoft.Web.WebView2.Wpf.dll
-
Size
50KB
-
MD5
4a292c5c2abf1aab91dee8eecafe0ab6
-
SHA1
369e788108e5fb0608a803fa2e5a06690b4464b5
-
SHA256
b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
-
SHA512
ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
-
SSDEEP
1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score1/10 -
-
-
Target
Cxdyz/Monaco/.git/hooks/applypatch-msg.sample
-
Size
478B
-
MD5
ce562e08d8098926a3862fc6e7905199
-
SHA1
4de88eb95a5e93fd27e78b5fb3b5231a8d8917dd
-
SHA256
0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7
-
SHA512
536cce804d84e25813993efdd240537b52d00ce9cdcecf1982f85096d56a521290104c825c00b370b2752201952a9616a3f4e28c5d27a5b4e4842101a2ff9bee
Score1/10 -
-
-
Target
Cxdyz/Monaco/.git/hooks/commit-msg.sample
-
Size
896B
-
MD5
579a3c1e12a1e74a98169175fb913012
-
SHA1
ee1ed5aad98a435f2020b6de35c173b75d9affac
-
SHA256
1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437
-
SHA512
d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb
Score3/10 -
-
-
Target
Cxdyz/Monaco/.git/hooks/fsmonitor-watchman.sample
-
Size
4KB
-
MD5
ea587b0fae70333bce92257152996e70
-
SHA1
118ff5509f187039734d04456bf01e44c933ac19
-
SHA256
f3c0228d8e827f1c5260ac59fdd92c3d425c46e54711ef713c5a54ae0a4db2b4
-
SHA512
f5a4d2bff93161eb61b9902ff74d5ee20de3316f2b1c5ad49299deaf1adf231848c5501b6e4a840e5b898791f86c66eed6f3b05ff573073674177a33a1f2ae9c
-
SSDEEP
96:GFCscBOvOFXDgRvi/3eCwX9PlkRo/j5SpoNOBoi+geBIzCa:GFCsEOmWRamCwX9PqRo7geEk3IzCa
Score1/10 -
-
-
Target
Cxdyz/Monaco/.git/hooks/post-update.sample
-
Size
189B
-
MD5
2b7ea5cee3c49ff53d41e00785eb974c
-
SHA1
b614c2f63da7dca9f1db2e7ade61ef30448fc96c
-
SHA256
81765af2daef323061dcbc5e61fc16481cb74b3bac9ad8a174b186523586f6c5
-
SHA512
473ad124642571656276bf83b9ff63ab1804d3c23a5bdae52391c6f70a894849ac60c10c9d31deff3938922ce83b68b1e60c11592bbf7ea503f4acd39968cefa
Score1/10 -
-
-
Target
Cxdyz/Monaco/.git/hooks/pre-applypatch.sample
-
Size
424B
-
MD5
054f9ffb8bfe04a599751cc757226dda
-
SHA1
f208287c1a92525de9f5462e905a9d31de1e2d75
-
SHA256
e15c5b469ea3e0a695bea6f2c82bcf8e62821074939ddd85b77e0007ff165475
-
SHA512
cb78aa7e9b9c146e5db65d86dd83f04e2b6942a06fab50c704a0fd900683f3b6ad1164e74afe2f267f6da91cdff0b9ab07713e12cefc6f8d741b5df194f4fda6
Score1/10 -