Overview
overview
6Static
static
3DiscordRPC.dll
windows7-x64
1DiscordRPC.dll
windows10-2004-x64
1Elsify v2.exe
windows7-x64
1Elsify v2.exe
windows10-2004-x64
1Elsify v2.exe
windows7-x64
3Elsify v2.exe
windows10-2004-x64
6Microsoft....ns.dll
windows7-x64
1Microsoft....ns.dll
windows10-2004-x64
1Microsoft....ng.dll
windows7-x64
1Microsoft....ng.dll
windows10-2004-x64
1Microsoft....ns.dll
windows7-x64
1Microsoft....ns.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1RestSharp.dll
windows7-x64
1RestSharp.dll
windows10-2004-x64
1General
-
Target
Elsify v2.2 by FrostChanger.rar
-
Size
9.2MB
-
Sample
240906-nyerkathqq
-
MD5
494b2c9b9b8033b42b39df451630323d
-
SHA1
1b6d823973978739fc783b49cbdffda352e2b00b
-
SHA256
9c7c57c4de010e15d30c61f85921ad3535d53fc9430266dde90514cd04a2fe10
-
SHA512
2091842480f54aa8fb110c62af4681ccc73152d74b6eba2230711e96c887249dec4686034f10398fd5f0219459921f2ae7e9ad05f1ccc084f91b9498d014eb9a
-
SSDEEP
196608:atHTKh0Kw5JfdRHIh27W9gC5ouGMa9dUGL/8XD:th0K2Rn7BClMYGQz
Static task
static1
Behavioral task
behavioral1
Sample
DiscordRPC.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
DiscordRPC.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Elsify v2.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Elsify v2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Elsify v2.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Elsify v2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Microsoft.IdentityModel.JsonWebTokens.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Microsoft.IdentityModel.JsonWebTokens.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Microsoft.IdentityModel.Logging.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Microsoft.IdentityModel.Logging.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Microsoft.IdentityModel.Tokens.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Microsoft.IdentityModel.Tokens.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Newtonsoft.Json.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
RestSharp.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
RestSharp.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
DiscordRPC.dll
-
Size
80KB
-
MD5
9ed0cc60faa1ca995f75dc8b4bf407c4
-
SHA1
87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
-
SHA256
acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
-
SHA512
9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
-
SSDEEP
1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9
Score1/10 -
-
-
Target
Elsify v2.dll
-
Size
10.0MB
-
MD5
6648e7297021062f58750aab38566a9a
-
SHA1
1692474c42eb5176a388e6d54635165a0bdb8c78
-
SHA256
b7914592b44887528911b7d41d9ca02c9b095116ec66d7971c82d28fb6c65922
-
SHA512
82e340dd9e523b20c71328215b6509a27bab6debf85daa07e366af138d8c8c12cf3172b86f521b9e0b5a2cce815748b1f6de6e3e90ccb84cad5647b88c8fe775
-
SSDEEP
196608:ZBWT3RKt6/+jgd4Yuh5PnWPFBN6casJKyilOZ7LMgdcS/:6EtM14Yuh5P8FBB3Kyd7ZcS/
Score1/10 -
-
-
Target
Elsify v2.exe
-
Size
253KB
-
MD5
9e95e8f56cb6f3d1cdc6ccb08a76c912
-
SHA1
151a1f3272d55f1dcbeef162b7f70d04025bc098
-
SHA256
595fd61801d2ea5739d688e2b22a83f2917bc532fe82c02734972ccc159497a8
-
SHA512
026f1f2e86b684a069eca4626a7ff209bcd8017cd9e47bc96c6d13dab5e2811e3ab830211495971ce29e9884b17d0e0928e4b68692dd12ee5ef0ace5145d7907
-
SSDEEP
3072:MguAgTsGLYEZl70PsLko1Gs2T/0oim/JbRZzlZ2pqqJhBbC:M5twsLko1Gs2T/pPlZ2wqJhB
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Microsoft.IdentityModel.JsonWebTokens.dll
-
Size
66KB
-
MD5
ffaa906b13eb79f905da09e68d151bc5
-
SHA1
b2c3b80be2280ca4d8a66065bf4adfe61453700e
-
SHA256
234df630ac0506de9f21eebba175aa3efbb2a64b32fa35a3c4904316db3dffe5
-
SHA512
4e42a6fc1c3855b68f43383c7c26928ede60425abf6ae3e76c6a2e42791ee45a3f4022776116562583481745f3e342b91c98a6660d9c8d1c1691863de63592c6
-
SSDEEP
1536:4m6516C8j4O537NPkeDuttJ6gjakdzwuGFzdd:4mqECF037NPkVjxtgZd
Score1/10 -
-
-
Target
Microsoft.IdentityModel.Logging.dll
-
Size
30KB
-
MD5
33614db74c23e3435074dea95f2be9e2
-
SHA1
e9258118f3c8f80f2e5126ac803e554d285187dd
-
SHA256
5273a1f5fe963b4306f441a3d28abda9bb13b644cbbfd4e356238f716eccb7dc
-
SHA512
1177baf97bc25a8b21e0d163ec27a4e7d06193ae6a80657e7af3537dbfbd69eb6c1a7aad8a868e9432e3c7c4dee7a877e000502f134d72ee3d66ee1d2e6d4e76
-
SSDEEP
384:Zdhs0NuLp2xU6dZG5gl++pci2FBX85bKdQlRhVE7czWi74WTyHRN729a/P/R9zdk:vS0NVU6dn2nX88y+7QJu4OPZ9zdk
Score1/10 -
-
-
Target
Microsoft.IdentityModel.Tokens.dll
-
Size
899KB
-
MD5
42f2465b06876e610763171b0a814aa6
-
SHA1
7cbdfeb7216c5c413071f808770900015f579241
-
SHA256
d1abc76c88611f87db27606b0190a487fc557aff696b31c3248368748126c536
-
SHA512
449ac37ed012b31c2b3885d40bd46130980a9f9f11916e9702fd5bfcb94b2264b3f4705e86ddc37a5fb8baee8dcdc4906f18ba962757d7c9179d5dc34bf76612
-
SSDEEP
12288:5gK72IeY7KCwQtyiTsv1jfn8U17LYffuJw/5MdtQnB6jadbW:5x6EwQtDmYB6jIbW
Score1/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
679KB
-
MD5
916d32b899f1bc23b209648d007b99fd
-
SHA1
e3673d05d46f29e68241d4536bddf18cdd0a913d
-
SHA256
72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
-
SHA512
60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
-
SSDEEP
12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score1/10 -
-
-
Target
RestSharp.dll
-
Size
186KB
-
MD5
74f7189e0d8462b4766ceda305b5e6a8
-
SHA1
27bc0b6410917ddd63b3a61230e61ee56b85886f
-
SHA256
44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640
-
SHA512
22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6
-
SSDEEP
3072:P2SM9KBg52ArSQIi+N2/4CBUBu4UH/vammBktTqTLJ1qI:u551KBa75fv2
Score1/10 -