zgrat | e232359fdbaa1d46dcf56a5715a0ba4c700c93fb310f551a4a3afa912afdaed1 | Triage

Sharing

General

Target

Calamari.zip
Size

5.8MB
Sample

240816-wplgrayekc
MD5

5321acff16bbe68a2942c9c655f9e4fc
SHA1

56f82061cb7d044c89470c01e7805cb2365c0bb9
SHA256

e232359fdbaa1d46dcf56a5715a0ba4c700c93fb310f551a4a3afa912afdaed1
SHA512

affb725177d76f3f8f86660f690e0d87a1a52198594334600d5c8b4a1653d6af83caaa74998e1b6c8a0e0891395acd2286cd03ecea26ea7b94694eac35279910
SSDEEP

98304:sz+Uh4HB/jiVvRDHe4HTd2R1QXhHCUvy9eL9ZB1oY5/ZSXX0TFkGaZp3GfcWxfvo:wh4hqHRzo/6ha94B3k+uPZ5ScWNv5m

Score

10^/10

zgrat discovery

Malware Config

Targets

- Target
  
  Calamari.zip
- Size
  
  5.8MB
- MD5
  
  5321acff16bbe68a2942c9c655f9e4fc
- SHA1
  
  56f82061cb7d044c89470c01e7805cb2365c0bb9
- SHA256
  
  e232359fdbaa1d46dcf56a5715a0ba4c700c93fb310f551a4a3afa912afdaed1
- SHA512
  
  affb725177d76f3f8f86660f690e0d87a1a52198594334600d5c8b4a1653d6af83caaa74998e1b6c8a0e0891395acd2286cd03ecea26ea7b94694eac35279910
- SSDEEP
  
  98304:sz+Uh4HB/jiVvRDHe4HTd2R1QXhHCUvy9eL9ZB1oY5/ZSXX0TFkGaZp3GfcWxfvo:wh4hqHRzo/6ha94B3k+uPZ5ScWNv5m
Score

1^/10
behavioral1 behavioral2
- Target
  
  Calamari/Calamari.exe
- Size
  
  154KB
- MD5
  
  3bb68e459405f9d621fea08fca8db99e
- SHA1
  
  a667438af4a30700d229752df30f423f169c1186
- SHA256
  
  0f7071d56098ef0a448b562760ea2f547e4a2f8d26fc4e456b6e6ed47445cc20
- SHA512
  
  69788e7b8a0a5cae8fb85f31cd63c735343b11128da1be0c71414c41973ad9246487915b24eb40436ba104a3851f0848e902f7c9cb9a084255420eff4a49478b
- SSDEEP
  
  1536:A//X0u8/LwqNlRtXCPF9tdyB6nW6b22ehN8OIZG9Fwk0eL/qzCU27yHi+tdGtdtw:A30tT9tXCPLKB6nT6UPk0eT0w2i+ulw
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  Calamari/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

1^/10
behavioral5 behavioral6
- Target
  
  Calamari/SynapseZAPI.dll
- Size
  
  6KB
- MD5
  
  877e3d22c496d3441bb9eb54965babc5
- SHA1
  
  73912c32638e8acb0097b59c25c62b29bc0f47cc
- SHA256
  
  4ee4111409c6d9e9e82b846798ffd1b404d7fce49a0429421c7d5be540edcceb
- SHA512
  
  633a2fab8b13a6ca8e884917c77f0a67e6452164373b9c2fcd0ad7c5e5d329aa2a297e7adee40e047afc71d94b50ecc733783aa9a41a7630d298752ae939a6db
- SSDEEP
  
  96:fW/SK+J1JpYmmmPbtbU1sn/32F0TLVV3wmoeVfjVH:x9myCCn/7LVV5NNj1
Score

1^/10
behavioral7 behavioral8
- Target
  
  Calamari/crashlogs/1812_15316.txt
- Size
  
  29KB
- MD5
  
  d7d212e86ea2413bcf0f5d9f7a04dddd
- SHA1
  
  d5dfdb2364a9b957c9d30fff7b80036e565c8f1b
- SHA256
  
  da85797ae8f87a198dd0d30e9a2e84af5687390aab063bc0a53b7c7fce17d9ac
- SHA512
  
  6cf3c15cf69510652239679fc12f46c2c46af36433796593eccca166d6b85408cddb8e614afeda21e52e172c2eba9ae56c5e187f805ae44cd6908061ec084b21
- SSDEEP
  
  384:jI6yLDHAUjP6yLDHAUjCkw3/uM3N27UEeZMA7DTf4sL:kx1Px1CkwuoXf7ft
Score

1^/10
behavioral10 behavioral9
- Target
  
  Calamari/jacked_up.mp3
- Size
  
  4.0MB
- MD5
  
  66ec6b7ee0786cba5a3ae13e4e4e20ba
- SHA1
  
  612861268f56692069b60a0218826cbf8e593ede
- SHA256
  
  fd0aa203f284a09dab3b6a24118db8ed30ad5fad2591b3367111bf27eb4df617
- SHA512
  
  6ad4182771b0e983394a4446b61eb6b43793b6db85a3e9035823b053594ae88bbd5da595b83e817b4739f2b4c5dd209546e4264a76d397c9ad71771a64329d3b
- SSDEEP
  
  98304:Tz9Vs3NlAYgX+bHn8DqaXP8J3tqnZaAITKdNi5zAwY:TzyNCYbbHEI0ZOTUjwY
Score

6^/10

discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  Calamari/sxlib.dll
- Size
  
  864KB
- MD5
  
  d00e1627d7536022dd81aeb27577221c
- SHA1
  
  56a1f78e5acc89b97b02652f61a154265511ffcf
- SHA256
  
  904a9329bf56d110adec486f37411831a1148934a5ca4bbff9e33a1ca8ce5bcb
- SHA512
  
  d7cb95dd515f1edfde7e17681563bf5b709ac06f33805ce70dbcb76aca4ee34061c5201a54e1a92d67a1fb8f59512c8a64fcbb201fc88e5536001e40489dab69
- SSDEEP
  
  12288:EnfEbmXVMomkzPuY6TZNPERW1v+wUGx6tEhPaZLuabPIkLOh/1K9FaUQmUFv7SZR:WhziXGGv+T8wECFIMOYHUv7S/WkuvA
Score

3^/10

discovery
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14