100565864eed928d474d1912b9de2f124a2e94f312a454922b4ccdff36860fba

Resubmissions

25-09-2024 10:15

240925-mah9eazdjk 8

19-09-2024 16:05

240919-tjgkhaxdjh 8

Sharing

Copy URL

Twitter E-mail

General

Target

download
Size

67.1MB
Sample

240919-tjgkhaxdjh
MD5

7d658964c1874ca902f3dc0864b00a3c
SHA1

c972667622f44e4cb93a2fc7d9f1a0dc1cbb5edf
SHA256

100565864eed928d474d1912b9de2f124a2e94f312a454922b4ccdff36860fba
SHA512

28adf2797b6acc971d67f75bc2c8ea90693c68e62732f1f5986561b0b9bfc60d0ca4495f6547057a046286328c6a25268c07aadbe5cdacf246ddbbb0c8de086f
SSDEEP

1572864:AK93N+NLkIzv7Bc6hrd3L/HGuIa31UwAQEKhSzqYA8nfndf:AU9+NC69N/muIq1ULQE4SpFf

Score

8^/10

Malware Config

Targets

- Target
  
  download
- Size
  
  67.1MB
- MD5
  
  7d658964c1874ca902f3dc0864b00a3c
- SHA1
  
  c972667622f44e4cb93a2fc7d9f1a0dc1cbb5edf
- SHA256
  
  100565864eed928d474d1912b9de2f124a2e94f312a454922b4ccdff36860fba
- SHA512
  
  28adf2797b6acc971d67f75bc2c8ea90693c68e62732f1f5986561b0b9bfc60d0ca4495f6547057a046286328c6a25268c07aadbe5cdacf246ddbbb0c8de086f
- SSDEEP
  
  1572864:AK93N+NLkIzv7Bc6hrd3L/HGuIa31UwAQEKhSzqYA8nfndf:AU9+NC69N/muIq1ULQE4SpFf
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Kryptex.exe
- Size
  
  130.6MB
- MD5
  
  c46c36539912104dbed62f65d6043774
- SHA1
  
  4526654815356f9fb103fedf29778ba67ea477a7
- SHA256
  
  097aabc30e748b9ff73a47d8466bb825143e22590726f6774e92aab781a18ffd
- SHA512
  
  e7d45415ec3c325ec167c7328412cfe85f373ee818938fae79fe86e1c9b28681562c01def9d7662bd592476fb9649f84c5123b286a91016729d6c252aac6dc4d
- SSDEEP
  
  1572864:b/Q7+OQK1/uUxPhRhAlyqsCHaqVpYCRIZW:06O/s4WllwCRkW
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  LICENSES.chromium.html
- Size
  
  5.2MB
- MD5
  
  02ca1f89c7e4815b82bc8974bffcd183
- SHA1
  
  45bf8a20bad7953b7e16a74348fa034ff5844475
- SHA256
  
  fcbf6d29363d798b931f4fb0dc95b09c1a44c3ccaf79a9651ab280a8562e82b6
- SHA512
  
  024794b3303ff4ea5f3852c505e39e140113264d24e5dc14a365e8a1fb6f9a0683e72098f1923cca187c666b39a904fc18ac53645b8a25bd8a235cf01b661a60
- SSDEEP
  
  12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZs:sFEc5FeWSPPza8yUAmfQRkHmBa7pO
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
- SSDEEP
  
  49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score

1^/10
behavioral15
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  002287b5dfe53d87c189f368c7f785b5
- SHA1
  
  00e6e0e224b5f391c0172008ec78ec5124153649
- SHA256
  
  b453afca000aef28c8f27a315a31f244c46755308dea8d9ad55d19a507471a6b
- SHA512
  
  c2b23dd13e3f1c009e2eb2e4aae7a9a4e713642a9031c1e51125c9f0c6c8c6430a2088dd5c20867a2e948c97ae9a9078535e96b5d06ea6c7bd7f67a2db2104aa
- SSDEEP
  
  49152:yr95TElsdFD2CD+KQQptuogdTSR/T/yN8vKU8vECJNkuz5ytlHajmjuSesJKqn/7:J4JptuhTSAuvv65sJF
Score

1^/10
behavioral16 behavioral17
- Target
  
  libEGL.dll
- Size
  
  432KB
- MD5
  
  6efa8068776b4eadb3b9dfdef089ca68
- SHA1
  
  fa2023ecbcae030cddff3188c9d3c906cc69a64f
- SHA256
  
  fa59945648614e0ebf9f8eaf63500347da59a0d2e7484b6b5d4be6cf6ee917de
- SHA512
  
  70e6749841a384daa65f284c5d7a8afa358b03b38cc091819aa5545960834b9b4a394eccc19c0a1e290c5b33fbaaa56bd1d6d988b5da0a34e2e56dacde5b17d4
- SSDEEP
  
  6144:K+ZHHuv6GHjXvL2WJp+itnoxPicEpzswwSUF4ZTsRDp5O:NdHuSGHbvL9H+AntzpZTKp5
Score

1^/10
behavioral18 behavioral19
- Target
  
  libGLESv2.dll
- Size
  
  7.8MB
- MD5
  
  cdc3935fa97855b4f9d692702ea95ef9
- SHA1
  
  68939afd7f1f4a470d9328b068250c0b5fbab2c2
- SHA256
  
  eea91ba71fdec104e8d7c9fd24687ec4f1c308d79d6730ef58127a92025cc006
- SHA512
  
  3cdbd833e8311023d673315c2aebc8e19a17e5767dfa40ca2646ee094eeef27117961f581aaa4584fc639e9ec0195f98ea5454b397cf1cd2709b7772207381b5
- SSDEEP
  
  98304:Y+zIZmLAOiul8PeakZBd6wGj0f7+qUwrm8:Y+8Zj8kk70Qf7JUwq
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/7x.sh
- Size
  
  235B
- MD5
  
  8a65a1ab93601ddecb93af2a310dd68b
- SHA1
  
  a1d449ca51b5ba67be9cbcaa7901cf9b3f1c0f04
- SHA256
  
  ad693686d24184b7bc49fc357b93fca63d35a62d6509b7225252d7f18701f49a
- SHA512
  
  25844b7975d5567b70d793369342211bac5ceb5d17fee7cc7a0a6a0a2b8d42f4188119544927da81cd88c115fad9d09993f2ef61ee228ed16fc20e0ab323482a
Score

3^/10

discovery
behavioral22 behavioral23 behavioral24 behavioral25
- Target
  
  resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/index.js
- Size
  
  500B
- MD5
  
  9fe8a485038be54d687ad7dd9dff80d3
- SHA1
  
  76fc7b47a329b759539bca0b785ad41c083c29be
- SHA256
  
  48659f660a13b5fa01622f87dc8a5306ce7c232abf93b82a3b2f6e94c2cf5c86
- SHA512
  
  0f3b2ce074ede02079bdab4229f6d4ded5eb7ec64546c3b9f103114aabb35093fecfd04677a0a84d3691fb49bae8a6c5489cee946c7f5f4b86aec3e96434dfac
Score

3^/10

execution
behavioral26 behavioral27
- Target
  
  resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/win/arm64/7za.exe
- Size
  
  1.1MB
- MD5
  
  524a9758f6ec5b54e76f6221751c31e6
- SHA1
  
  1c5d2f285f24f4f4518603459f5965fae982fc40
- SHA256
  
  b286024f80df7b12b99c1bcef3df0eb4a81a1232fa3cbb79ec5980bae86dd39e
- SHA512
  
  dd8d8bb88796b50312a76ed4e8390112a2c29efb05c504ba95532e564df1e80dd2b6266c374f2b68f72436cd1c5c9d29ed020261422c4ea81a9d0f0206115ad9
- SSDEEP
  
  12288:keJk5mmhxMpYcHwTR9rjJf19RVlGVYG4YQTukMef5vxW/gR5HDE1U:RojYYcUlcY99AK18oR5jE1U
Score

1^/10
behavioral28 behavioral29
- Target
  
  resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/win/x64/7za.exe
- Size
  
  1.2MB
- MD5
  
  d99a97798d61a9bc1b930cbe920fafa9
- SHA1
  
  737c4d232278e8926a1a7d4c514b80f3d97be8e0
- SHA256
  
  c88aad41ba22a97c380282583956c12ebff920eb5665c6a84b20ffb8515fb1a0
- SHA512
  
  fa79f2315b607ec8c412079b183e370eadf682cf4f72a4b9071ebe744abbb2bf03f6b54914dcc3d817756a842812892eb3211a87b7a1bdcf9dc01447ef51ec7e
- SSDEEP
  
  24576:JXWmPnP3K4fhiFvAEV0R9TzPeHLSoU1Ja8bF:JXWUny2hiFmR9erSoU17
Score

1^/10
behavioral30 behavioral31
- Target
  
  resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/amd-binding/build/Release/adlinfo.exe
- Size
  
  1.1MB
- MD5
  
  54dad5920a331983f1d5c5d0d936261c
- SHA1
  
  c6e185e00f3196b8d0af2401f42cb051c5b4ad7b
- SHA256
  
  37fdd3b2c7f3be49619bc0ed731d2e33534abb12170698e4ae759fd9143edcb5
- SHA512
  
  cc45cb0aca06841c219c8f8caa4c4e21a2a9a580012bd0b1d67cd5609d8c870a17c7c0154da064a7940f73064146954de38c49637b023d3eeb34a05a1ee0f9ca
- SSDEEP
  
  12288:9b4/LKoFfKhzmiVUUqsJMF4nOYbl7TcFm5kHv/oR9Gpy:9b4/ptKdJs4nOYbdYFL/5py
Score

1^/10
behavioral32