Overview

overview

10

Static

static

10

Calamari/Calamari.exe

windows7-x64

6

Calamari/Calamari.exe

windows10-2004-x64

6

Calamari/S...ET.dll

windows7-x64

1

Calamari/S...ET.dll

windows10-2004-x64

1

Calamari/S...PI.dll

windows7-x64

1

Calamari/S...PI.dll

windows10-2004-x64

1

Calamari/sxlib.dll

windows7-x64

3

Calamari/sxlib.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78720bce4f27771c9331991c901a19e033f7cb816928c3f151a2e37654c208af

  • Size

    1.9MB

  • Sample

    240906-tnmx3swelf

  • MD5

    2db85e154219ebf9b9a3371230b2a0f8

  • SHA1

    200274b9565cdf111e648ff193c88431f2304216

  • SHA256

    78720bce4f27771c9331991c901a19e033f7cb816928c3f151a2e37654c208af

  • SHA512

    b02ad64cf90f3fe312dd9ad63f5faa1da4e7c385a096d65fa1af4e6ef9589776538ee310cf86daff3c60e0da81bf203cab26f32bfab82e36a4eb00e643aca8a9

  • SSDEEP

    49152:sS90kzTYFkG4337liKzvpRRGKF/sc+gIxfv4XeT:sU0TFkGaZp3GfcWxfv4uT

Score
10/10
zgratdiscovery

Malware Config

Targets

    • Target

      Calamari/Calamari.exe

    • Size

      154KB

    • MD5

      3bb68e459405f9d621fea08fca8db99e

    • SHA1

      a667438af4a30700d229752df30f423f169c1186

    • SHA256

      0f7071d56098ef0a448b562760ea2f547e4a2f8d26fc4e456b6e6ed47445cc20

    • SHA512

      69788e7b8a0a5cae8fb85f31cd63c735343b11128da1be0c71414c41973ad9246487915b24eb40436ba104a3851f0848e902f7c9cb9a084255420eff4a49478b

    • SSDEEP

      1536:A//X0u8/LwqNlRtXCPF9tdyB6nW6b22ehN8OIZG9Fwk0eL/qzCU27yHi+tdGtdtw:A30tT9tXCPLKB6nT6UPk0eT0w2i+ulw

    Score
    6/10
    discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      Calamari/ScintillaNET.dll

    • Size

      1.3MB

    • MD5

      9166536c31f4e725e6befe85e2889a4b

    • SHA1

      f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

    • SHA256

      ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

    • SHA512

      113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

    • SSDEEP

      24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC

    Score
    1/10
    behavioral3behavioral4

    • Target

      Calamari/SynapseZAPI.dll

    • Size

      6KB

    • MD5

      877e3d22c496d3441bb9eb54965babc5

    • SHA1

      73912c32638e8acb0097b59c25c62b29bc0f47cc

    • SHA256

      4ee4111409c6d9e9e82b846798ffd1b404d7fce49a0429421c7d5be540edcceb

    • SHA512

      633a2fab8b13a6ca8e884917c77f0a67e6452164373b9c2fcd0ad7c5e5d329aa2a297e7adee40e047afc71d94b50ecc733783aa9a41a7630d298752ae939a6db

    • SSDEEP

      96:fW/SK+J1JpYmmmPbtbU1sn/32F0TLVV3wmoeVfjVH:x9myCCn/7LVV5NNj1

    Score
    1/10
    behavioral5behavioral6

    • Target

      Calamari/sxlib.dll

    • Size

      864KB

    • MD5

      d00e1627d7536022dd81aeb27577221c

    • SHA1

      56a1f78e5acc89b97b02652f61a154265511ffcf

    • SHA256

      904a9329bf56d110adec486f37411831a1148934a5ca4bbff9e33a1ca8ce5bcb

    • SHA512

      d7cb95dd515f1edfde7e17681563bf5b709ac06f33805ce70dbcb76aca4ee34061c5201a54e1a92d67a1fb8f59512c8a64fcbb201fc88e5536001e40489dab69

    • SSDEEP

      12288:EnfEbmXVMomkzPuY6TZNPERW1v+wUGx6tEhPaZLuabPIkLOh/1K9FaUQmUFv7SZR:WhziXGGv+T8wECFIMOYHUv7S/WkuvA

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

System Location Discovery

2
T1614

System Language Discovery

2
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks