816e1ec14fc61f8e87196a68174f4a6c69696ce41f3c9b156c2864c862551348

Sharing

Copy URL

Twitter E-mail

General

Target

816e1ec14fc61f8e87196a68174f4a6c69696ce41f3c9b156c2864c862551348
Size

7.4MB
Sample

240812-pha9wa1bkm
MD5

8fa67c0d61c271ea8669d4c06080e369
SHA1

6dde35072bfee5a739c7db565800790aae446138
SHA256

816e1ec14fc61f8e87196a68174f4a6c69696ce41f3c9b156c2864c862551348
SHA512

9456275bdd6898fe183fcbad6bbdd903b2cf37177535132acba214061fb395e9553dafa7d781702a6b4ecc1f7068d38cae4d224ccbd4ec635577c49160107d72
SSDEEP

196608:5PoxldACVs3bxwJxvU79V91ugBKSE/dLpydgYxt0PrvjsA:5QxfoxwJxvUx1RAdFyDyvgA

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  7z.exe
- Size
  
  574KB
- MD5
  
  42badc1d2f03a8b1e4875740d3d49336
- SHA1
  
  cee178da1fb05f99af7a3547093122893bd1eb46
- SHA256
  
  c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf
- SHA512
  
  6bc519a7368ee6bd8c8f69f2d634dd18799b4ca31fbc284d2580ba625f3a88b6a52d2bc17bea0e75e63ca11c10356c47ee00c2c500294abcb5141424fc5dc71c
- SSDEEP
  
  12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Foolish.dll
- Size
  
  538KB
- MD5
  
  8cb5244e37c9854bdd1bfef79f6aeeec
- SHA1
  
  0d223402ab60f3c47da356e1af6d59314e12c1fc
- SHA256
  
  1591e9766840d92d36d60f10f9566217187e13ec7ce247649ffea9b64075ef59
- SHA512
  
  93011abd5c24732fd44514861dc229020f04999637c17f0e689f3abb8a8d9b5b0fcbf7ad33e17c926848ea554df6b08ccfa3aba4704dab79e172d529620b67c9
- SSDEEP
  
  12288:88lx4pFlccoadzXJFYPlbDtgpM7h4Ig5c/5FiGGkNN9:2peSJkJm25gG/5FiGGK
Score

1^/10
behavioral3 behavioral4
- Target
  
  Foolish.exe
- Size
  
  139KB
- MD5
  
  f100c747eef93b70fe521c6bc16b4ed5
- SHA1
  
  170038b3d7c86c3fc1d7ba4ea12dfb94cba2e411
- SHA256
  
  bc40d1b3b26dfacb870a693b90522b01754e1aa81a94543a25b9a662a82b6ec4
- SHA512
  
  55c293eb21521d4765e7d82fd8a35da28013451142d0e3bff116a6882ba7540383ac417606758b8d645c3ed7ecc8cf6b8c36f7b2684065f482d8ba86fe120b2d
- SSDEEP
  
  3072:rAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJw8lWW:rAi4pxpRkyHRZa0Gl278IVNcqcW
Score

1^/10
behavioral5 behavioral6
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral7 behavioral8
- Target
  
  Proxy/BouncyCastle.Cryptography.dll
- Size
  
  6.7MB
- MD5
  
  cc6288f17e55ca037d75b4fccc51f889
- SHA1
  
  3be1a72156992196ff7b623f458b02c34803f3ea
- SHA256
  
  82153c0e68834a0f40e20038425429a3e3f9cf4dabbc9191b476cfe5618a141d
- SHA512
  
  da583281e1397b46eeaf7c0c961f8e38468351a1e011387730f68f2acd9098c01e52ad1b7805425e9d8d26a5c7319dc52c034d1e56f9cdb4a96b14bdc91a478b
- SSDEEP
  
  98304:PWabnH8E4ByIbDSF9bTjno+adQ6Z5EgveHluvNoT4S9tomfTYFNUWZ:VHwBWbQrdQ8rvsluv67amrYn/Z
Score

1^/10
behavioral10 behavioral9
- Target
  
  Proxy/DotNettyAll.dll
- Size
  
  877KB
- MD5
  
  91944a40d7705db80a607b0f3d727611
- SHA1
  
  6fad0f8eb1875bedbd15f4e6b470463e179a3591
- SHA256
  
  b4012434a68c6f3fe0378667d95012ee93ba09c5dbdaa1b6e156dbe2cd6da688
- SHA512
  
  e32b227bd98b1c11d3d7dd83abc196c52a5e1ab1b0d7bd5662c1a9b0a0b20c5cd530d2ae3be8c05f40e3f8559e2f9272870f9291b964171e5b06873bbfa0d221
- SSDEEP
  
  12288:puTOEZhcmyrLhBMVK+mdQ1PTXuSzEzJH8Z8oQmGAG4ab:p92LyrLhiI+md47uSQzJH8ZfGAGRb
Score

1^/10
behavioral11 behavioral12
- Target
  
  Proxy/FoolishProxy.dll
- Size
  
  511KB
- MD5
  
  790a5cdabce28f0cbaae0acafca85193
- SHA1
  
  bbe70e4cf5733b0827d7ef57b4c60a503862153a
- SHA256
  
  83abef281bc9281a6383d3f3ac26bed8b30f9dcc13a4d2ff11555623f991b608
- SHA512
  
  86355779f315aaf88a58d84127bb9cd79cee3405135249d6592c4e4541de3c007b00010be60cb4c962c7c36c901bbe5542b931d4f19325a86245c033d4b46814
- SSDEEP
  
  12288:KsZ35thUbBlf3M+b9gDnx7qyX8j0etw9us8v3mOU9:H5thUb8+b9gDnwj0j9uH3mV9
Score

1^/10
behavioral13 behavioral14
- Target
  
  Proxy/FoolishProxy.exe
- Size
  
  139KB
- MD5
  
  073e2c8ceefddef0f5c1ae44462989e8
- SHA1
  
  42dda036aceaf8f238c8fd476fa0aae37d4cd67c
- SHA256
  
  f34e1d27e4bed80c461413baa5f21ac484eebe829bef0389371bae780568987f
- SHA512
  
  99b62056868ae12ae1f5cfa964addf74378cd23274cd6bd582a81293f6bd0e6058f01d77e595a110758b87d88b5b01e1f1b2b8ad3276d33ee8fabd87be77526f
- SSDEEP
  
  3072:qAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJc8lWJ:qAi4pxpRkyHRZa0Gl278IVNcmcW
Score

1^/10
behavioral15 behavioral16
- Target
  
  Proxy/Google.Protobuf.dll
- Size
  
  354KB
- MD5
  
  615383c38e3cf0fa6a3b088eb194b8c8
- SHA1
  
  70da11dde6ca9ff5b0cfcc2707869255630bd4cc
- SHA256
  
  c477770e91001f3ae4566345cd41d5a214f733049732e420d051bdd40fb186ee
- SHA512
  
  1245455ad5706da621e1cad55eb502db92ecef6436f1f7b17669ab99c09b0cc22e377eab68b0e8ea1f3960561ddfa412ca7aa524e5d0de75e22ba1aad89d07af
- SSDEEP
  
  6144:tI120bK4gORpRQzOIFyl5yu+hNXrSS39WQ:a12PSFF63rl39WQ
Score

1^/10
behavioral17 behavioral18
- Target
  
  Proxy/ICSharpCode.SharpZipLib.dll
- Size
  
  252KB
- MD5
  
  900bf2b7812788efb97eb6b1b63814a0
- SHA1
  
  f77f5a3f19f1ea332384517400684e5c2365e14a
- SHA256
  
  32ea2d0ce3512e74f1c7ad82591fe67e6b8939d76a8a4ff9c93ead030131e71c
- SHA512
  
  35d93d9281ad8eb191217dc78b84418a4a4d862c4ba43f27eb5e89a1f9273f008cbea08c87c72b3439eb7d9b51dbc8106a361b53d94ee7a877267cbb69678ad5
- SSDEEP
  
  6144:lA/WW316O2rkD3xTxVmLiJyTve+ewWotaDEimWkfzRVtyu5u:dW3ND3xT+LiJy7rewWZDtkfzR+A
Score

1^/10
behavioral19 behavioral20
- Target
  
  Proxy/Microsoft.Extensions.DependencyInjection.Abstractions.dll
- Size
  
  36KB
- MD5
  
  7a85e3d542f0beb784ae530934e46b32
- SHA1
  
  c3437c618d19fab03ef8be27715489c1b2169342
- SHA256
  
  b12db9299b54c424a99a8ddf049d6c77e13c0d8f5a654c6d7cd49f5c43f89633
- SHA512
  
  6fcda67d7aeb705ca7f88fad8ee571fd6daca73ae85c15d9314122b9ce8d5b054f0de28b2e1d66230455262efa98cc542ec22f4b450ce27b50e929690a46393d
- SSDEEP
  
  384:spaVqDsqqR33I+HwlrW2hAiL/G44snTNaU4iwXCkWGLWLW5QHRN7WDqlkQE0:9VqDhqR33I+QlJPbG/Wa2wXC3q86wx
Score

1^/10
behavioral21 behavioral22
- Target
  
  Proxy/Microsoft.Extensions.DependencyInjection.dll
- Size
  
  70KB
- MD5
  
  74836783c4ee6085fa2d472ecf7a499c
- SHA1
  
  e9cf8641f55e4c2dae293265b8b7355dfae2382f
- SHA256
  
  8a5b6aaac6614a4a8030594f3942f08d02815f0a0c9da4567fd091c26cb71cb5
- SHA512
  
  8f76e8eb452598eb45811eaa0be83a02f5014b8d84c2182931a3603793c5cb2f3279a677bc9d9d14634edff844b6f0626f782f144c10431e1e7cf7d8f93b4507
- SSDEEP
  
  1536:rNVgt7GFQ5Ma8zU2nOjAPzc4HnIDyPTlY0hWlFuD3pr:rPgKS5Ma8qj5cwyPTlbY+t
Score

1^/10
behavioral23 behavioral24
- Target
  
  Proxy/Microsoft.Extensions.Logging.Abstractions.dll
- Size
  
  47KB
- MD5
  
  54a4cc6f56e8a72c0597fe353c43268d
- SHA1
  
  16dd53e54408d82ca089b3bc38b3c210a25078f7
- SHA256
  
  04c07f84d516a134d6cfc3787e725427629126b1c250e1b013552177ef6cc4ed
- SHA512
  
  c7bd540fe353f5aebb098e9b1d0c4f92036d29b06e43b64d10dcb508ba69c8a98578b2a1dd00cfc917be78e727c723a80a08e45f5f532a62bf6f2631b5c946f4
- SSDEEP
  
  768:T37xotVSDFeCB8ykLWdedqe46v95LIIIIIIpJJOyZMPYcioSSJN8Fq0:hotKAGkagdqe46vVXZc+kOFP
Score

1^/10
behavioral25 behavioral26
- Target
  
  Proxy/Microsoft.Extensions.Logging.dll
- Size
  
  33KB
- MD5
  
  0b9bc78d988243d6bd874124d4cd33c3
- SHA1
  
  583b057a705b926709cc63119e62a6c587062aad
- SHA256
  
  c28bbb58b76486d7c4bb416c3ce63cb8ec58030c4203dc496e9c6dc2804cb95c
- SHA512
  
  dc1f87826d8209de6aeec9a30db500d7acec534cf051af0c7c5822aeb972c9efd21229a4ae6f32d41b13b6d2380732d9035628344fb5ae1e650628800933d573
- SSDEEP
  
  384:6Skjd9RHzRgPOtikgovoVN0IeY8Pt+ZM+qTEPCWnnOIsy8fP4ej//WrVkVW8QHRU:mDHtbS3IcZKYZsy6f/ZV8ni1
Score

1^/10
behavioral27 behavioral28
- Target
  
  Proxy/Microsoft.Extensions.Options.dll
- Size
  
  49KB
- MD5
  
  503389357c5fd71e05def5cc40116e13
- SHA1
  
  7e88384c11bfd7d2f3d043ed11a339c18ed86c7e
- SHA256
  
  9cc498d811082c4c58487c171ba6e9ff2078b27b159e1d3a7200f166c46f1598
- SHA512
  
  64975ee7ab640a5499c9c269fbfb363dbe41bd98604d8a088bfd4064220edc75b2dfc2fa86889880b3d00229d8066301746383ed2d3fed154db51aa6258c8b9c
- SSDEEP
  
  768:Ctd/yZ8bAzn33QcSg1E0Oby1ny5hBaU+yMbrJF8BK1pJT8CA:Zz3dbO2Yforb7N1/ACA
Score

1^/10
behavioral29 behavioral30
- Target
  
  Proxy/Microsoft.Extensions.Primitives.dll
- Size
  
  37KB
- MD5
  
  6a449a62c08814f7711978b3fd46e51c
- SHA1
  
  05e7cfbda32d2b43d94c79847a17acbe1bc45ed0
- SHA256
  
  5b6bd49b64088690dd79c25ed4e316a9902d8354509d6e1a1f19e1b4e8d6b2b2
- SHA512
  
  5a7ec4dc15c62bca315513427fc731f3d2384b3ee8269a2c321c88dd21b547924aa80b55ec5c2a62c8e2781950f35e410e996471c2a619d445cd3577fb1c7769
- SSDEEP
  
  768:bLR77vh7Y+LtCODOF0tWNsGkmuiac0LVNx8JGW:9jh7Y+LtC6OF0twsNmuiiLTah
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32