Overview

overview

10

Static

static

10

utopiaclient-main.zip

windows7-x64

1

utopiaclient-main.zip

windows10-2004-x64

1

utopiaclie...AR.txt

windows7-x64

1

utopiaclie...AR.txt

windows10-2004-x64

1

utopiaclie...ME.txt

windows7-x64

1

utopiaclie...ME.txt

windows10-2004-x64

1

utopiaclie...cc.txt

windows7-x64

1

utopiaclie...cc.txt

windows10-2004-x64

1

utopiaclie...am.txt

windows7-x64

1

utopiaclie...am.txt

windows10-2004-x64

1

utopiaclie...ds.txt

windows7-x64

1

utopiaclie...ds.txt

windows10-2004-x64

1

utopiaclie...nt.exe

windows7-x64

7

utopiaclie...nt.exe

windows10-2004-x64

9

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    utopiaclient-main.zip

  • Size

    18.7MB

  • Sample

    240815-fvfwfswemd

  • MD5

    82bb2f5378d4faec462c3ef5bd531548

  • SHA1

    80287a1a17eb4d1e3658e309e767e83d33c9b36f

  • SHA256

    fbfa276166fdb9cacadbc96ac83aefa8a6d2a170e47d9fe5bb66a8345b76e316

  • SHA512

    d14b80677f6c218dec61ab3743a5a98923082a3e84bd82124c11c642953e22e257d42f7d41449d70e78ca290e07564944736f5b1f900adf06126c4ae162a9aed

  • SSDEEP

    393216:+DofJHb9LhFXufGdzncep+CvvYQ+mYTdNqEwFiRFF+BEFeH:vfBb99FXufGiUcjmGFsnH

Score
10/10
empyreancredential_accessdiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      utopiaclient-main.zip

    • Size

      18.7MB

    • MD5

      82bb2f5378d4faec462c3ef5bd531548

    • SHA1

      80287a1a17eb4d1e3658e309e767e83d33c9b36f

    • SHA256

      fbfa276166fdb9cacadbc96ac83aefa8a6d2a170e47d9fe5bb66a8345b76e316

    • SHA512

      d14b80677f6c218dec61ab3743a5a98923082a3e84bd82124c11c642953e22e257d42f7d41449d70e78ca290e07564944736f5b1f900adf06126c4ae162a9aed

    • SSDEEP

      393216:+DofJHb9LhFXufGdzncep+CvvYQ+mYTdNqEwFiRFF+BEFeH:vfBb99FXufGiUcjmGFsnH

    Score
    1/10
    behavioral1behavioral2

    • Target

      utopiaclient-main/AR.txt

    • Size

      432B

    • MD5

      27374124d51e427592349be5e134bdf7

    • SHA1

      5098321829550160a64742e0ddbceb9cd54efb2f

    • SHA256

      bdc655f643d9720dccb09507974fe10233e78b4129229c97ebd1e3e1145429fa

    • SHA512

      e4bb84dad6874769b24b8c088192c56f943886b2cc0711502cbefcfe24289ae369104d937413413365e0234a9e79edde4bcd7e7198cced4c3f107b36762f6cdd

    Score
    1/10
    behavioral3behavioral4

    • Target

      utopiaclient-main/README.txt

    • Size

      2KB

    • MD5

      d3aaaac3f1d8ec7400fe7e287dd153bb

    • SHA1

      dc9c94f78a564a89367b3d8c99b7fec3a409c2e1

    • SHA256

      a6e40ba88f65cb0aa1d7f87f93f18edd225dee9d860ec5d0fbaca08ba130bc03

    • SHA512

      df3bc17e991a2da7b665c4f8d4887205b134099b002f7864327421d25fa88438f13486a9bfb5c03caf096a3dc0bd0367435b5c293aaf7289a6941208ce9aae61

    Score
    1/10
    behavioral5behavioral6

    • Target

      utopiaclient-main/gcc.txt

    • Size

      22B

    • MD5

      75003c838a80a4f6be5248f8cf14f52f

    • SHA1

      865d339e48ff01a3b30871c74069511334431caa

    • SHA256

      35af8abfb04068e434cf6277463557b9cd5d430fb063450ed74631e94d3edf71

    • SHA512

      7f91b2098b5f9de15e3156eb8beb137be851cd25fc9ee42349af37bb4ce19a666099b25f923eb0ebec63826638f80356a22c2417d8572b5c987d954a87764af4

    Score
    1/10
    behavioral7behavioral8

    • Target

      utopiaclient-main/spam.txt

    • Size

      362B

    • MD5

      e2ad530ee1bc7f3c7d4fba5a3940c43c

    • SHA1

      a0434d08cd68e89f101a97a0d5ebb18a637968e7

    • SHA256

      e4f31c62cf0f228eab914769d4413dd6c9e734397fe5458455ff5504c21c805c

    • SHA512

      36a631b0ef1e1f9572f97f6dfb2ab367ff6f0b482c85500d3a59495194da791bcf98cd415e874d96d43678094dee8f52bf6c3ec0dca167f6449a3e300decb3df

    Score
    1/10
    behavioral10behavioral9

    • Target

      utopiaclient-main/userids.txt

    • Size

      19B

    • MD5

      20db0ff1a5a17d35e0f41032c7ff3e04

    • SHA1

      dda369616a2c1607b106d8a436353d8eb3aae28f

    • SHA256

      3e7f05cb6db2dfd513f571a2143c533200464f2f324435128c6b0609151d70af

    • SHA512

      339802ea5938af0f8ecd58833227b3e1ba0c52b50f40cfb53e304e07d97cdee26faa88a884555682895d556dc2b35ad1e43000df1e208b2d7b6737860c4968a6

    Score
    1/10
    behavioral11behavioral12

    • Target

      utopiaclient-main/utopiaclient.exe

    • Size

      18.9MB

    • MD5

      03472cdaccde61c4c0f24762ed3e4fbe

    • SHA1

      bbed6a2d3c94d7343813154e9e9426d584b330b9

    • SHA256

      ede680265619987f27b3a8a9da36c79546d45e440045d9a5fd89fb85ee74eef4

    • SHA512

      731d2e5823dfaf10a1cc348c5e1b55299c9d07198545eb19370d2d195042e96c2e8565e1e75c07574aef9bd7279b7ca81a776916ed2a3c1b9d4b0d83347ad778

    • SSDEEP

      393216:vqPnLFXlrFrQ8DOETgsvfGF9gru1fvE4VRfjPG7yPm:CPLFXNFrQhEIUB6frG5

    Score
    9/10
    upxcredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral13behavioral14

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      f21ebb28620e7b90532854f8bf322a5f

    • SHA1

      0d2813510f69ca5a209538ce2101861bb6086e85

    • SHA256

      9eed4d3a6fda183d4123ffa45d653f05f230096d257e6824f639d72c491c5554

    • SHA512

      16e35c90b3e86ace50edc84caf22b246e505a02a446678c4362403d32d75c2fdb11632033873c9fc26a827e7e45bf93ff12db510d27db4114728bf11d72b5b1a

    • SSDEEP

      192:wBmeDHmCD8Ei4cAWdXwwqdcl4laDKJhwTuzMdwqnw:YmeDmoNZWuP2u2SzPqw

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks