zgrat | e232359fdbaa1d46dcf56a5715a0ba4c700c93fb310f551a4a3afa912afdaed1

General

Target

Calamari.zip
Size

5.8MB
Sample

240815-lgedcswdnf
MD5

5321acff16bbe68a2942c9c655f9e4fc
SHA1

56f82061cb7d044c89470c01e7805cb2365c0bb9
SHA256

e232359fdbaa1d46dcf56a5715a0ba4c700c93fb310f551a4a3afa912afdaed1
SHA512

affb725177d76f3f8f86660f690e0d87a1a52198594334600d5c8b4a1653d6af83caaa74998e1b6c8a0e0891395acd2286cd03ecea26ea7b94694eac35279910
SSDEEP

98304:sz+Uh4HB/jiVvRDHe4HTd2R1QXhHCUvy9eL9ZB1oY5/ZSXX0TFkGaZp3GfcWxfvo:wh4hqHRzo/6ha94B3k+uPZ5ScWNv5m

Score

10^/10

Malware Config

Targets

- Target
  
  Calamari/Calamari.exe
- Size
  
  154KB
- MD5
  
  3bb68e459405f9d621fea08fca8db99e
- SHA1
  
  a667438af4a30700d229752df30f423f169c1186
- SHA256
  
  0f7071d56098ef0a448b562760ea2f547e4a2f8d26fc4e456b6e6ed47445cc20
- SHA512
  
  69788e7b8a0a5cae8fb85f31cd63c735343b11128da1be0c71414c41973ad9246487915b24eb40436ba104a3851f0848e902f7c9cb9a084255420eff4a49478b
- SSDEEP
  
  1536:A//X0u8/LwqNlRtXCPF9tdyB6nW6b22ehN8OIZG9Fwk0eL/qzCU27yHi+tdGtdtw:A30tT9tXCPLKB6nT6UPk0eT0w2i+ulw
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1
- Target
  
  Calamari/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

1^/10
behavioral2
- Target
  
  Calamari/SynapseZAPI.dll
- Size
  
  6KB
- MD5
  
  877e3d22c496d3441bb9eb54965babc5
- SHA1
  
  73912c32638e8acb0097b59c25c62b29bc0f47cc
- SHA256
  
  4ee4111409c6d9e9e82b846798ffd1b404d7fce49a0429421c7d5be540edcceb
- SHA512
  
  633a2fab8b13a6ca8e884917c77f0a67e6452164373b9c2fcd0ad7c5e5d329aa2a297e7adee40e047afc71d94b50ecc733783aa9a41a7630d298752ae939a6db
- SSDEEP
  
  96:fW/SK+J1JpYmmmPbtbU1sn/32F0TLVV3wmoeVfjVH:x9myCCn/7LVV5NNj1
Score

1^/10
behavioral3
- Target
  
  Calamari/sxlib.dll
- Size
  
  864KB
- MD5
  
  d00e1627d7536022dd81aeb27577221c
- SHA1
  
  56a1f78e5acc89b97b02652f61a154265511ffcf
- SHA256
  
  904a9329bf56d110adec486f37411831a1148934a5ca4bbff9e33a1ca8ce5bcb
- SHA512
  
  d7cb95dd515f1edfde7e17681563bf5b709ac06f33805ce70dbcb76aca4ee34061c5201a54e1a92d67a1fb8f59512c8a64fcbb201fc88e5536001e40489dab69
- SSDEEP
  
  12288:EnfEbmXVMomkzPuY6TZNPERW1v+wUGx6tEhPaZLuabPIkLOh/1K9FaUQmUFv7SZR:WhziXGGv+T8wECFIMOYHUv7S/WkuvA
Score

3^/10

discovery
behavioral4