9c7c57c4de010e15d30c61f85921ad3535d53fc9430266dde90514cd04a2fe10

Sharing

Copy URL

Twitter E-mail

General

Target

Elsify v2.2 by FrostChanger.rar
Size

9.2MB
Sample

240906-nyerkathqq
MD5

494b2c9b9b8033b42b39df451630323d
SHA1

1b6d823973978739fc783b49cbdffda352e2b00b
SHA256

9c7c57c4de010e15d30c61f85921ad3535d53fc9430266dde90514cd04a2fe10
SHA512

2091842480f54aa8fb110c62af4681ccc73152d74b6eba2230711e96c887249dec4686034f10398fd5f0219459921f2ae7e9ad05f1ccc084f91b9498d014eb9a
SSDEEP

196608:atHTKh0Kw5JfdRHIh27W9gC5ouGMa9dUGL/8XD:th0K2Rn7BClMYGQz

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  DiscordRPC.dll
- Size
  
  80KB
- MD5
  
  9ed0cc60faa1ca995f75dc8b4bf407c4
- SHA1
  
  87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
- SHA256
  
  acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
- SHA512
  
  9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
- SSDEEP
  
  1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9
Score

1^/10
behavioral1 behavioral2
- Target
  
  Elsify v2.dll
- Size
  
  10.0MB
- MD5
  
  6648e7297021062f58750aab38566a9a
- SHA1
  
  1692474c42eb5176a388e6d54635165a0bdb8c78
- SHA256
  
  b7914592b44887528911b7d41d9ca02c9b095116ec66d7971c82d28fb6c65922
- SHA512
  
  82e340dd9e523b20c71328215b6509a27bab6debf85daa07e366af138d8c8c12cf3172b86f521b9e0b5a2cce815748b1f6de6e3e90ccb84cad5647b88c8fe775
- SSDEEP
  
  196608:ZBWT3RKt6/+jgd4Yuh5PnWPFBN6casJKyilOZ7LMgdcS/:6EtM14Yuh5P8FBB3Kyd7ZcS/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Elsify v2.exe
- Size
  
  253KB
- MD5
  
  9e95e8f56cb6f3d1cdc6ccb08a76c912
- SHA1
  
  151a1f3272d55f1dcbeef162b7f70d04025bc098
- SHA256
  
  595fd61801d2ea5739d688e2b22a83f2917bc532fe82c02734972ccc159497a8
- SHA512
  
  026f1f2e86b684a069eca4626a7ff209bcd8017cd9e47bc96c6d13dab5e2811e3ab830211495971ce29e9884b17d0e0928e4b68692dd12ee5ef0ace5145d7907
- SSDEEP
  
  3072:MguAgTsGLYEZl70PsLko1Gs2T/0oim/JbRZzlZ2pqqJhBbC:M5twsLko1Gs2T/pPlZ2wqJhB
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  Microsoft.IdentityModel.JsonWebTokens.dll
- Size
  
  66KB
- MD5
  
  ffaa906b13eb79f905da09e68d151bc5
- SHA1
  
  b2c3b80be2280ca4d8a66065bf4adfe61453700e
- SHA256
  
  234df630ac0506de9f21eebba175aa3efbb2a64b32fa35a3c4904316db3dffe5
- SHA512
  
  4e42a6fc1c3855b68f43383c7c26928ede60425abf6ae3e76c6a2e42791ee45a3f4022776116562583481745f3e342b91c98a6660d9c8d1c1691863de63592c6
- SSDEEP
  
  1536:4m6516C8j4O537NPkeDuttJ6gjakdzwuGFzdd:4mqECF037NPkVjxtgZd
Score

1^/10
behavioral7 behavioral8
- Target
  
  Microsoft.IdentityModel.Logging.dll
- Size
  
  30KB
- MD5
  
  33614db74c23e3435074dea95f2be9e2
- SHA1
  
  e9258118f3c8f80f2e5126ac803e554d285187dd
- SHA256
  
  5273a1f5fe963b4306f441a3d28abda9bb13b644cbbfd4e356238f716eccb7dc
- SHA512
  
  1177baf97bc25a8b21e0d163ec27a4e7d06193ae6a80657e7af3537dbfbd69eb6c1a7aad8a868e9432e3c7c4dee7a877e000502f134d72ee3d66ee1d2e6d4e76
- SSDEEP
  
  384:Zdhs0NuLp2xU6dZG5gl++pci2FBX85bKdQlRhVE7czWi74WTyHRN729a/P/R9zdk:vS0NVU6dn2nX88y+7QJu4OPZ9zdk
Score

1^/10
behavioral10 behavioral9
- Target
  
  Microsoft.IdentityModel.Tokens.dll
- Size
  
  899KB
- MD5
  
  42f2465b06876e610763171b0a814aa6
- SHA1
  
  7cbdfeb7216c5c413071f808770900015f579241
- SHA256
  
  d1abc76c88611f87db27606b0190a487fc557aff696b31c3248368748126c536
- SHA512
  
  449ac37ed012b31c2b3885d40bd46130980a9f9f11916e9702fd5bfcb94b2264b3f4705e86ddc37a5fb8baee8dcdc4906f18ba962757d7c9179d5dc34bf76612
- SSDEEP
  
  12288:5gK72IeY7KCwQtyiTsv1jfn8U17LYffuJw/5MdtQnB6jadbW:5x6EwQtDmYB6jIbW
Score

1^/10
behavioral11 behavioral12
- Target
  
  Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral13 behavioral14
- Target
  
  RestSharp.dll
- Size
  
  186KB
- MD5
  
  74f7189e0d8462b4766ceda305b5e6a8
- SHA1
  
  27bc0b6410917ddd63b3a61230e61ee56b85886f
- SHA256
  
  44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640
- SHA512
  
  22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6
- SSDEEP
  
  3072:P2SM9KBg52ArSQIi+N2/4CBUBu4UH/vammBktTqTLJ1qI:u551KBa75fv2
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16