84e87d58486bfe1f752656c84057ccd1638c0b9a9fcaee5b937fe1755a335d74

Sharing

Copy URL

Twitter E-mail

General

Target

offset dumper.zip
Size

1.2MB
Sample

240925-d246hswarb
MD5

49cc63726c02e1123080046ca17a4b3e
SHA1

414d038302ed07d2d5e075c0c6bd15911b405d51
SHA256

84e87d58486bfe1f752656c84057ccd1638c0b9a9fcaee5b937fe1755a335d74
SHA512

0f7b86fc0df304425e3a5ffe7fe4c380bb40cb41f1e1b998002fa5d98ffd450612a50176743ad1cc4230072e85d2ee39bcfb3787675e09f01e105ce119497a7b
SSDEEP

24576:ApClNTuncetClY4FahLONXJNEiygD5pVICyo41MIYtw2DsL528ZJ:DNTatwDFaNONXzi8ICpCYtlsL5xX

Score

6^/10

discovery execution

Malware Config

Targets

- Target
  
  offset dumper/.git/hooks/applypatch-msg.sample
- Size
  
  478B
- MD5
  
  ce562e08d8098926a3862fc6e7905199
- SHA1
  
  4de88eb95a5e93fd27e78b5fb3b5231a8d8917dd
- SHA256
  
  0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7
- SHA512
  
  536cce804d84e25813993efdd240537b52d00ce9cdcecf1982f85096d56a521290104c825c00b370b2752201952a9616a3f4e28c5d27a5b4e4842101a2ff9bee
Score

3^/10

discovery
behavioral1
- Target
  
  offset dumper/.git/hooks/commit-msg.sample
- Size
  
  896B
- MD5
  
  579a3c1e12a1e74a98169175fb913012
- SHA1
  
  ee1ed5aad98a435f2020b6de35c173b75d9affac
- SHA256
  
  1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437
- SHA512
  
  d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb
Score

3^/10
behavioral2
- Target
  
  offset dumper/.git/hooks/fsmonitor-watchman.sample
- Size
  
  4KB
- MD5
  
  a0b2633a2c8e97501610bd3f73da66fc
- SHA1
  
  0ec0ec9ac11111433d17ea79e0ae8cec650dcfa4
- SHA256
  
  e0549964e93897b519bd8e333c037e51fff0f88ba13e086a331592bf801fa1d0
- SHA512
  
  5168643c1768ec83554a9066754507a781b6d14251a46a469222d462efc6ca87a72c90679154e8a723349c91e7772b32ac9b08dfe313cded0ee0a6f17885079e
- SSDEEP
  
  96:GFCscBOvOFXDgRvi/3UCwN4ZlkRo/j5SpoNOBoi+geBIzCa:GFCsEOmWRa8CwN4ZqRo7geEk3IzCa
Score

3^/10
behavioral3
- Target
  
  offset dumper/.git/hooks/post-update.sample
- Size
  
  189B
- MD5
  
  2b7ea5cee3c49ff53d41e00785eb974c
- SHA1
  
  b614c2f63da7dca9f1db2e7ade61ef30448fc96c
- SHA256
  
  81765af2daef323061dcbc5e61fc16481cb74b3bac9ad8a174b186523586f6c5
- SHA512
  
  473ad124642571656276bf83b9ff63ab1804d3c23a5bdae52391c6f70a894849ac60c10c9d31deff3938922ce83b68b1e60c11592bbf7ea503f4acd39968cefa
Score

3^/10
behavioral4
- Target
  
  offset dumper/.git/hooks/pre-applypatch.sample
- Size
  
  424B
- MD5
  
  054f9ffb8bfe04a599751cc757226dda
- SHA1
  
  f208287c1a92525de9f5462e905a9d31de1e2d75
- SHA256
  
  e15c5b469ea3e0a695bea6f2c82bcf8e62821074939ddd85b77e0007ff165475
- SHA512
  
  cb78aa7e9b9c146e5db65d86dd83f04e2b6942a06fab50c704a0fd900683f3b6ad1164e74afe2f267f6da91cdff0b9ab07713e12cefc6f8d741b5df194f4fda6
Score

3^/10
behavioral5
- Target
  
  offset dumper/.git/hooks/pre-commit.sample
- Size
  
  1KB
- MD5
  
  305eadbbcd6f6d2567e033ad12aabbc4
- SHA1
  
  a79d057388ee2c2fe6561d7697f1f5efcff96f23
- SHA256
  
  f9af7d95eb1231ecf2eba9770fedfa8d4797a12b02d7240e98d568201251244a
- SHA512
  
  7cfb0a58abed1915ee1b261a1c661c7e2deea4e9227f77f5875af1a25c82e19245ba12dcb2f5052d994d0e81a3465daf37f9d8c670e17f9c96742f60fdfaaa56
Score

3^/10
behavioral6
- Target
  
  offset dumper/.git/hooks/pre-merge-commit.sample
- Size
  
  416B
- MD5
  
  39cb268e2a85d436b9eb6f47614c3cbc
- SHA1
  
  04c64e58bc25c149482ed45dbd79e40effb89eb7
- SHA256
  
  d3825a70337940ebbd0a5c072984e13245920cdf8898bd225c8d27a6dfc9cb53
- SHA512
  
  e4dc204494f5062efa3032b00c64707a4f38978040482501b3e085f071e3ee5a9737d537e6a52002ceb4ebe2bfe09e555c5d969581e80b3eba2a922015c67960
Score

3^/10
behavioral7
- Target
  
  offset dumper/.git/hooks/pre-push.sample
- Size
  
  1KB
- MD5
  
  2c642152299a94e05ea26eae11993b13
- SHA1
  
  a599b773b930ca83dbc3a5c7c13059ac4a6eaedc
- SHA256
  
  ecce9c7e04d3f5dd9d8ada81753dd1d549a9634b26770042b58dda00217d086a
- SHA512
  
  cc98bbe0e3865e2023af04416e10689e3aecd3f3928cf90c2acc0d3d7306388886779025c8967c8ea198af1f4fe29d16c65d4e1d546c7a8fa513f5ba7df16850
Score

3^/10
behavioral8
- Target
  
  offset dumper/.git/hooks/pre-rebase.sample
- Size
  
  4KB
- MD5
  
  56e45f2bcbc8226d2b4200f7c46371bf
- SHA1
  
  288efdc0027db4cfd8b7c47c4aeddba09b6ded12
- SHA256
  
  4febce867790052338076f4e66cc47efb14879d18097d1d61c8261859eaaa7b3
- SHA512
  
  00d21d5d72386c3d9b5a1c36ba85201f730556a8295d4353af54af7892ab81010d42aff209ec1fda61c54e4dda3737cea5fda64f09d40ce5004ae28239565025
- SSDEEP
  
  96:vJ7EgXasqXq6zaqK1ep8m5MDVUT2bTEwEWDhG38deyig9yhCLtQH:vJ4gXasI1zaqKwUTHhzeyil4tm
Score

3^/10
behavioral9
- Target
  
  offset dumper/.git/hooks/pre-receive.sample
- Size
  
  544B
- MD5
  
  2ad18ec82c20af7b5926ed9cea6aeedd
- SHA1
  
  705a17d259e7896f0082fe2e9f2c0c3b127be5ac
- SHA256
  
  a4c3d2b9c7bb3fd8d1441c31bd4ee71a595d66b44fcf49ddb310252320169989
- SHA512
  
  ee08c11fab7e896b2e09c241954ba7640338b12c75cd8040daf053c31b2f22236d7a0deac736f89d305236312fdb4f560a38d4d8debdcc9dcdd23b2d975907d5
Score

3^/10
behavioral10
- Target
  
  offset dumper/.git/hooks/prepare-commit-msg.sample
- Size
  
  1KB
- MD5
  
  2b5c047bdb474555e1787db32b2d2fc5
- SHA1
  
  2584806ba147152ae005cb675aa4f01d5d068456
- SHA256
  
  e9ddcaa4189fddd25ed97fc8c789eca7b6ca16390b2392ae3276f0c8e1aa4619
- SHA512
  
  50ec8a0dd98427e80a82a8d8ce44462a845876e1594c9d0e89483ce9a8aaad616edea0e5c45c1bb69d8fe7f520c6f2260d6fa350d77b400899c3ae375e965bfb
Score

3^/10
behavioral11
- Target
  
  offset dumper/.git/hooks/push-to-checkout.sample
- Size
  
  2KB
- MD5
  
  c7ab00c7784efeadad3ae9b228d4b4db
- SHA1
  
  508240328c8b55f8157c93c43bf5e291e5d2fbcb
- SHA256
  
  a53d0741798b287c6dd7afa64aee473f305e65d3f49463bb9d7408ec3b12bf5f
- SHA512
  
  586efb6a206f73d8a94561266153a624e2753830bc431a283bed998c46ac00a9df4995ddfd0aa852b1a22b4672c80f2c33cee3fe2e3321e392ff4cef26dbf75e
Score

3^/10
behavioral12
- Target
  
  offset dumper/.git/hooks/sendemail-validate.sample
- Size
  
  2KB
- MD5
  
  4d67df3a8d5c98cb8565c07e42be0b04
- SHA1
  
  74cf1d5415a5c03c110240f749491297d65c4c98
- SHA256
  
  44ebfc923dc5466bc009602f0ecf067b9c65459abfe8868ddc49b78e6ced7a92
- SHA512
  
  a19dbbc2ef6c367aadbfb900ae58c377d88ac9b6c0ac6de49c962d44d993418875f64143defda56bae8d0697dcd15be2928d32aa77508d3958769f18a4a53154
Score

3^/10
behavioral13
- Target
  
  offset dumper/.git/hooks/update.sample
- Size
  
  3KB
- MD5
  
  647ae13c682f7827c22f5fc08a03674e
- SHA1
  
  730e6bd5225478bab6147b7a62a6e2ae21d40507
- SHA256
  
  8d5f2fa83e103cf08b57eaa67521df9194f45cbdbcb37da52ad586097a14d106
- SHA512
  
  be3780974589d06eddba6fa0aa15a3e3dfe390e2827a1a6ae5cb83d6ac47e79ef9b1bbb53f067372f8dc70db0350d3770e78537fd3cfe734200ff824eca4cada
Score

3^/10
behavioral14
- Target
  
  offset dumper/.git/objects/4e/b9f19865434d5fb04fe5766f7ef3ee6c016482
- Size
  
  608KB
- MD5
  
  80b93dc92f8bf30593ee2f58b25546eb
- SHA1
  
  ec2fb97455365ffa892307c133ad0c765217906f
- SHA256
  
  7849af8b5894d5aaed367018feb55552a50055b2800b0b8bede35aa80401789e
- SHA512
  
  738e6d780a591447eeed024820117dbfbfabc24e3578b91d10ca4c3e983b22ae976e3926f887b4ad9bb463d215bafb17f4e98526b296c9149e70c9cc43c2e675
- SSDEEP
  
  12288:Fsc1LXmOqHuuf4TCBb0oriJ8VY8oUZm7mvOKQd5oYEzUT:icF2xJf4+Bb0BJ8VYnUE7CzC
Score

6^/10

execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral15
- Target
  
  offset dumper/__pycache__/main.cpython-310.pyc
- Size
  
  452B
- MD5
  
  6a27aa1da1f5431119417fcc1f2fa0bb
- SHA1
  
  8a6394029f89b761966ac793f3243596afdb1965
- SHA256
  
  9d2e03e62e5a5bda719dcd56603f635b49656a451971eded8afaf6ab64bdab35
- SHA512
  
  250362994ba13720bd1c1eadfca490933e9259b782df35b89c181a0a31354cb8a6e595141ed23e588ea80fa43e378e6b07d0e55bd83200a4d1ef1ecb0c9c2658
Score

3^/10
behavioral16
- Target
  
  offset dumper/bin/luau.dll
- Size
  
  1.3MB
- MD5
  
  157fd035b2a344a94166d7db3756df0e
- SHA1
  
  f221d28c1deb80b4e8d9201226435aefce6b0f75
- SHA256
  
  8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
- SHA512
  
  fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score

1^/10
behavioral17
- Target
  
  offset dumper/downloadrequirements.bat
- Size
  
  37B
- MD5
  
  846cb579798288ed34607a8fbb6e99e8
- SHA1
  
  ef9098004b865af84ddcfb180c93e57a481de765
- SHA256
  
  30cd8027798fa11a9b99ac5a83a28c3ea5e9d36a241e0102fdc07e37cab5c6fd
- SHA512
  
  36254c6c6fb9fbed5ea127e779df1b86ee650bf0322b3c8f0cb627afc001fc9b93e5249046eed6821a9ab3f4aef8dc279044388738572da2dc209eefbe79a577
Score

1^/10
behavioral18
- Target
  
  offset dumper/main.py
- Size
  
  347B
- MD5
  
  a1eb47eff1c56f5a41c14c123893fcce
- SHA1
  
  d7d7dde6f0c03e67e7d0b3bdda6c1fee7323df70
- SHA256
  
  6968550225a6c15218c484b2f7f77e40cecded4790da8d1e9e95b00efad8c55c
- SHA512
  
  8a119a6d96416de6c35722ac605d1946a5fe07dd0c6d2e6789ad9f3b762751fa991e82ca90a21c51881a18d1acfdf9fe801c37fae34069f0010a372c870ae10c
Score

3^/10
behavioral19
- Target
  
  offset dumper/main/__pycache__/__init__.cpython-310.pyc
- Size
  
  156B
- MD5
  
  fd4a1d27f95383a8899116ad4381f4d7
- SHA1
  
  e86ef30d7b47384548596cad3975998e81766946
- SHA256
  
  540ad23df21964ffed79df4fcc148126555fab6afe91e768038e23c0e844d9c1
- SHA512
  
  90db2e0f8b5594809c788b9f6785c4bc5bad14a759f4e9e63c3c17ec5eb272f4835c3c2e7bf52b759e217c7fe41d98bcb11871141760cc4a00e82ec7acb86612
Score

3^/10
behavioral20
- Target
  
  offset dumper/main/__pycache__/base.cpython-310.pyc
- Size
  
  1KB
- MD5
  
  4286f0e9bc18357054b8d0bd998afc50
- SHA1
  
  f40dfdf9bfba41e6333fc433ce69209616ce0bc6
- SHA256
  
  0a9f26ad1d385ad8eba980e8479e927024eb2dbb0b72474915c62d1d54964802
- SHA512
  
  d3999b72fbcae3a2041449f39ed16e2c975bc8017bd701051ba111d0553585b3476abeb4440507e2ddd1516ea1505eeeb99c96c745dccf022f14aec2cd6adc34
Score

3^/10
behavioral21
- Target
  
  offset dumper/main/__pycache__/boundfuncdescriptor.cpython-310.pyc
- Size
  
  2KB
- MD5
  
  0da3a80e9382cefe6b72aafa7a1888ba
- SHA1
  
  3b37fbdedda4d75a268ea4e020b675d38dab629d
- SHA256
  
  25506943068457d1a54afe768a5be95fbeddf35800887012c069d1b5782c8875
- SHA512
  
  dd479f0d4c5bc7eb8a68da1dbf9d5cf2de79027e5fc8584280faf7f9abe96394058eefa0a0508a1d393958cbd7da49534db064ded9e6dad00f791664a7c95ebf
Score

3^/10
behavioral22
- Target
  
  offset dumper/main/__pycache__/bytecode.cpython-310.pyc
- Size
  
  1KB
- MD5
  
  8df97fd17feee736da9e59a14be551cd
- SHA1
  
  1f58cbdf025b67cb70bd9872710ef21acce95a0e
- SHA256
  
  04a47b5c86427550212573955833bf844b2aa4de4b0d80ced111beebe7d80589
- SHA512
  
  16383759779f2f4e57090066e9aa962b5614f5266cacb8ef327db855ef73c4481b4b374d28bb0ce5683bc37436a1bb111578607b062afaa4ee17a245afc3c8ea
Score

3^/10
behavioral23
- Target
  
  offset dumper/main/__pycache__/classdescriptor.cpython-310.pyc
- Size
  
  1KB
- MD5
  
  e130d5b6eeda46c16c0b0eb15f1ba4f9
- SHA1
  
  a422fec2e9b4b9840e0b17fb459a3c0d14d2eb6a
- SHA256
  
  4b1b946f7d461b7b858cefef98738cc23cf1223158157c99e71056072689a3e6
- SHA512
  
  b2076e51724c88a64db54970482a4db79376028c61ed0a5f3ff2fe55f1e0e6212716a26f0b8c43568517317ac628f373a9bcfe80f1e39ce5707785f173a1ed60
Score

3^/10
behavioral24
- Target
  
  offset dumper/main/__pycache__/instance.cpython-310.pyc
- Size
  
  7KB
- MD5
  
  e5750584d38a019229a13bdd11be574b
- SHA1
  
  d380f0ff667717007534374ed5954ae68b864f1e
- SHA256
  
  b8c00ae0199bda98fcccc845bf1b2c3020ca843506e3e9cd2313484982c14a2f
- SHA512
  
  5d48d9ecae78e56cf0a2714f15ebe90ab2be38b9166b6d243492b9e178c374a485c3f0c6283ae97e5bf275dcb5e277debdc403ceb38f317093268a607efe9cba
- SSDEEP
  
  192://eI/PncG8LgPkGWBVWWeO5ApXeVGTqrJSm1/K470kL:XeI/PncG8LgsVCWeO5YXeVGTqAy/K44u
Score

3^/10
behavioral25
- Target
  
  offset dumper/main/__pycache__/maindumper.cpython-310.pyc
- Size
  
  3KB
- MD5
  
  8d8d29f2eb3048eb459d264e20b53651
- SHA1
  
  9a844e0146b485241be8773bacacf7e59eb41f30
- SHA256
  
  e735bf6e2e40e2f8673537919e59042c1968a0fa98f008f24f775094d09db46d
- SHA512
  
  11de4bf1075a723d5600d5a05f4170a8179ea8dc3aeef6c765a34dfdc219251b27c15b57c49fb9b072dcba420874af8848c58efdb604e01f261d6d180ffc8ee0
Score

3^/10
behavioral26
- Target
  
  offset dumper/main/__pycache__/propertydescriptor.cpython-310.pyc
- Size
  
  2KB
- MD5
  
  6c20c14e05464042c8485ef5c6fe46da
- SHA1
  
  b7bfd563867542fd019cbd08c2ac60d392589449
- SHA256
  
  6a0bbbe5fc8031b7332d12e482546b15a68714f05324fc87ec232ff032ab7c19
- SHA512
  
  c229bd890dfb1827266763684028da8b17f894ceed244f62fdf7692ce16bdf2b6f148e1b7e24bfdce9e86c7dbb78bc60f635c028dafe2c47b54a1371ce62c4dd
Score

3^/10
behavioral27
- Target
  
  offset dumper/main/base.py
- Size
  
  1KB
- MD5
  
  6b479d8b9e42073cbc8d14a5b035bf0f
- SHA1
  
  57b7ae69a482e2884851da349305ea2a64292be5
- SHA256
  
  577a3b1d6d16f94f4c837a5265a8b9a5c4b0bea222a31ddfcec0ce0c8987913c
- SHA512
  
  68c5bbc8883cae017bcc80efb18df271678105373c0305ff64b002642d9e68e300cf1f392beadd19d4fabfe270989ba52e3b9dd263a8d4e0d5e4eb626d30e097
Score

3^/10
behavioral28
- Target
  
  offset dumper/main/boundfuncdescriptor.py
- Size
  
  1KB
- MD5
  
  5b2b8d5ac8d966946303498a6b2edbbd
- SHA1
  
  192b556f52285e548d74638629b54327b179472a
- SHA256
  
  09babd6443fcfb480fcec1a6b85d626ecbad578932370969c8dfc7c6c78ddfc0
- SHA512
  
  7e22cc29eaa4eeda53b5a18df986853c6ba2a7ab0c2d5ab042979ebb3328c49f0b50395e714d79b318852bd7232d18e7e91d27149ce4c2f126bbd6c14edcec29
Score

3^/10
behavioral29
- Target
  
  offset dumper/main/bytecode.py
- Size
  
  1KB
- MD5
  
  59eba785ef15c0498070dd897647daf5
- SHA1
  
  bf28fc2100b94e990c00ee7c27b8ee295cda9c17
- SHA256
  
  aaf905ad9df526b00c31600c0a22dfac8a7c942264d8abfeec4074ba42cfd6c4
- SHA512
  
  775c7a283c8786ec6eacc6be7ca3c80aafcc2e9def4394851c974fceb5741791bbe75f27187075b3339ba2e862124f8c3911deceead806e20a1cf1057ec98298
Score

3^/10
behavioral30
- Target
  
  offset dumper/main/classdescriptor.py
- Size
  
  845B
- MD5
  
  e3f5038ed5ebb10ae62bc7ff9eb22aac
- SHA1
  
  18aef140e00171f1095450a4a5791ac8e18b5739
- SHA256
  
  b46fa78dc7178d80f3a250f2efbadc23e8825e87af6f83a8abb49ab574fd61b5
- SHA512
  
  df8fea7c3e0294dd3792e324e7004f2e9add87cba586d3f61063802f13b2954c84c28f5f52081d1176b79a394f44bc807a8b52a803a29f21350e8b071ad0783e
Score

3^/10
behavioral31
- Target
  
  offset dumper/main/instance.py
- Size
  
  10KB
- MD5
  
  e71f9985998ec2faadd9ef2cf0c8920d
- SHA1
  
  1574de57e58ef4089c2590388cc31f82d12fcd0d
- SHA256
  
  32b4d33870bfc58927927696360c303eb2689307fb48c52886de7f87311cc729
- SHA512
  
  72d2ad92f7819b2b64106db06803380b049fc4adf61c5b91974f4bd69f5fca17fb1684dd224025c0d87c432ff0d4dbf1ed1c688e77912c1ef6bda38b6f8d3840
- SSDEEP
  
  192:C5UoejSd6l/16l/b6l/Q6l/Ge5iyoT8T82n:5oejk65165b65Q65J55o4TH
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32