241b6778b05e6b49fe9a86753a2730e2e4912c91d0588cf36b36364b74fd4872

Sharing

Copy URL

Twitter E-mail

General

Target

Nowy Archiwum WinRARa (ZIP).zip
Size

279KB
Sample

240817-zgcfnawamc
MD5

6a1f16392bee41e0f0fc3cf8a069c9b1
SHA1

cd56085123e88283e8e53b83ef87bf80919c36f3
SHA256

241b6778b05e6b49fe9a86753a2730e2e4912c91d0588cf36b36364b74fd4872
SHA512

9c0700ca1e3cb71fb4879838300ca6437fa4849bd3e8c13fb4dae6e79743dd7f6bbcaa29099123170b88422dd3dd9d55bfc1ca39a562d6c997b8de190de55b9b
SSDEEP

6144:yV/ION1p1il+PlPiCf2iChJP3GXiQOWDbhMBYmRDGfPLzpfX45y1Ug:yV//pCjiqfGSvWdKGnLlf45A7

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  Nowy Archiwum WinRARa (ZIP).zip
- Size
  
  279KB
- MD5
  
  6a1f16392bee41e0f0fc3cf8a069c9b1
- SHA1
  
  cd56085123e88283e8e53b83ef87bf80919c36f3
- SHA256
  
  241b6778b05e6b49fe9a86753a2730e2e4912c91d0588cf36b36364b74fd4872
- SHA512
  
  9c0700ca1e3cb71fb4879838300ca6437fa4849bd3e8c13fb4dae6e79743dd7f6bbcaa29099123170b88422dd3dd9d55bfc1ca39a562d6c997b8de190de55b9b
- SSDEEP
  
  6144:yV/ION1p1il+PlPiCf2iChJP3GXiQOWDbhMBYmRDGfPLzpfX45y1Ug:yV//pCjiqfGSvWdKGnLlf45A7
Score

1^/10
behavioral1 behavioral2
- Target
  
  Bootstrapper.exe
- Size
  
  796KB
- MD5
  
  76639ab92661f5c384302899934051ab
- SHA1
  
  9b33828f8ad3a686ff02b1a4569b8ae38128caed
- SHA256
  
  6bb9ad960bcc9010db1b9918369bdfc4558f19287b5b6562079c610a28320178
- SHA512
  
  928e4374c087070f8a6786f9082f05a866751ea877edf9afa23f6941dfc4d6762e1688bbb135788d6286ec324fa117fc60b46fed2f6e3a4ab059465a00f2ebee
- SSDEEP
  
  12288:THeLH6iTPSE54sgweI9oaQJj3r+piq+77xOZ+eMm:THeLHdTSEeyoaQJj3Spiq+77xd
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  DISCORD
- Size
  
  103B
- MD5
  
  5aa26de003aeebae624a08de919c52b5
- SHA1
  
  ff1a4dd7673a6b604324e1363738658cc4d565c0
- SHA256
  
  335052f362ac50a1d52e8268ebc4323f59644ef7988cb29ea485d57745667bd2
- SHA512
  
  43220140c68668fd309ce343c06e22910dbe6b74818a9a0f07da052cd8d6020524311c6c00201fc3bceb6f18743ba07ae65e2d4900dd79fab7218bef5caf192c
Score

1^/10
behavioral5 behavioral6
- Target
  
  workspace/IY_FE.iy
- Size
  
  687B
- MD5
  
  c5c3186c368b9a666a5c8fd03ab0b536
- SHA1
  
  cb90e617357906a891674c4dbf9f953a15575931
- SHA256
  
  59ad4bfd0faa4f0e3d1a37c64d92d67973bd4bdb3d00d5b215cc1f0d66736b31
- SHA512
  
  d57a52fcd5768cc11aad3f22b88d23a89812f17dbb12b6a45446390d6e14dd66db8cc6255648c7935babdcc27ce30034da1b43f1aa5ae01418f74bc68eef9197
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  workspace/KavoConfig.JSON
- Size
  
  2B
- MD5
  
  99914b932bd37a50b983c5e7c90ae93b
- SHA1
  
  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
- SHA256
  
  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- SHA512
  
  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  workspace/Speed Hub X V4.lua
- Size
  
  77B
- MD5
  
  28fb2557492a529d7a361b1d4e8e3bdb
- SHA1
  
  83024fc72d7df9c9464130aaa52aad1c7ce08984
- SHA256
  
  4228e62be1c9efbc06b7562b12e16a8f4732e98ad3cb5112a15c081a337fd120
- SHA512
  
  60a7ba6bb89871812f0f67597532d66ddbc986e87f75feaa0ba6c89ec4531f657f3e996f0308d2d1bc86800348d74db00d33bcf6d88e784c7a1e849bc4c0a8c0
Score

3^/10
behavioral11 behavioral12
- Target
  
  workspace/ZapHub/ZapHubFolder.zaphub
- Size
  
  2B
- MD5
  
  a12a3079e14ced46e69ba52b8a90b21a
- SHA1
  
  ea424d38af72dd1366a08aad1f47eca3e7ec3d24
- SHA256
  
  bf5505174a73b2832a95fef91403b87f99df3b1d283ad26729e4cfd22e96f208
- SHA512
  
  f7db63c86b4c0f51c0df36f662efcc951873ec8cb4def6db122dc85a19b49e6ae01a725d9feafa8e635752eaba3a6b4c339e538f6ba9f3e791338f82513d14a1
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  workspace/flingv2.iy
- Size
  
  1KB
- MD5
  
  419b6fb4c7c0c4ec709016d209547b12
- SHA1
  
  ee7d337f2f6ee1e3e726aff3e4b42a7108341e1e
- SHA256
  
  431863734bcdcf923b00a5add50bfaa48e81ce3c3fefc1074376cd9416ce6fa8
- SHA512
  
  ef3f53664aa834d2c28958debe75c454e38962d376886610f94e4a1d0001c0fe98b96e3392518f6bc50f8314e9afad398e6793572f899d5692873a7d96d36abc
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  workspace/shaders.iy
- Size
  
  4KB
- MD5
  
  43bdf71967d5101120a08dbd5ebdc5d2
- SHA1
  
  b78a6a7bd230b3a9419ff8b4d74d5ad8bb37e3ee
- SHA256
  
  da94b7ae9e7e2b9e0b5ea47dcf50d420bd63ba5cbde73c3e39e3d1b534b96ae4
- SHA512
  
  eb1d3613082c33a0401a9eeed520025a04b37c73284c9d47ba08a29a8141703168a1d3a57b020350ebdcb82929cfafa2a257d202ab575736871e27b2fa3b9b9c
- SSDEEP
  
  96:P+pZeGnhcI3L/Dm0C/sBAurNY/OV7Nde+LBU3lMueI:P+pkGhcI3Lrm0CUBAyN+OVhde+LBU1M+
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  workspace/walkerps99.txt
- Size
  
  1KB
- MD5
  
  bae90e66a08ca9c0e942382a73e7eddb
- SHA1
  
  995668e7f0e40c7c8e703a3924d5322ad0f652b0
- SHA256
  
  e33bf4f7ac0bdbace901f28b31b90dbccd36c7fcd7347f183efa2365b5ca0ca5
- SHA512
  
  1b284ad9187a83cba58c0f76397bb6f9cd9ba136b19f808bb18d4e688a35a1ad80c6d32198efe92d9ce62622d74ca22413bf804903aea0fbb4d383881e69ea9b
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20