ea881853f35b6971f49332c5d66e7388b8598e5ac5a0bca24826bc08f22bd4c9 | Triage

Sharing

General

Target

itarmykit-win-x64.exe
Size

89.6MB
Sample

241004-zpcrdswakm
MD5

5e38b780eeb328551089d6d90d8aa93b
SHA1

d8e20e2ac01bec01654f5ff077536c34a79324ee
SHA256

ea881853f35b6971f49332c5d66e7388b8598e5ac5a0bca24826bc08f22bd4c9
SHA512

2fa6e503fed3293cd542c27f11c801d096ef0a3fed49f524431d41e8aa932f77ee2c0829c01d85c61ad5efbd6f45b0d012aa1f08ba1684dbbd83bbaaae713cc0
SSDEEP

1572864:nA/xlZ1DRy+2lduoWWazQZ0fpONinTIXK7hqsRvb58G3IQZubDvWjIaT+:neTTdO4nsa7lZvQDD

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  itarmykit-win-x64.exe
- Size
  
  89.6MB
- MD5
  
  5e38b780eeb328551089d6d90d8aa93b
- SHA1
  
  d8e20e2ac01bec01654f5ff077536c34a79324ee
- SHA256
  
  ea881853f35b6971f49332c5d66e7388b8598e5ac5a0bca24826bc08f22bd4c9
- SHA512
  
  2fa6e503fed3293cd542c27f11c801d096ef0a3fed49f524431d41e8aa932f77ee2c0829c01d85c61ad5efbd6f45b0d012aa1f08ba1684dbbd83bbaaae713cc0
- SSDEEP
  
  1572864:nA/xlZ1DRy+2lduoWWazQZ0fpONinTIXK7hqsRvb58G3IQZubDvWjIaT+:neTTdO4nsa7lZvQDD
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  88.8MB
- MD5
  
  083bc2fc2f9698998464a883884d2815
- SHA1
  
  e9bca5f4aba4a5e65514967b1ad321c30aa8ac59
- SHA256
  
  6730f0b45aaacff014bcb36ba4b3ec1219cb1c369e9c9ed5cc50e22a3c3d72f4
- SHA512
  
  79c8477f346bbccc2554b31eb52791db1af86fbb256694b1ce119d5bc23d85fd206c3bf3443040af4602e4f4ac24a918f302f6c8326458662742794e6530034f
- SSDEEP
  
  1572864:d/xlZ1DRy+2lduoWWazQZ0fpONinTIXK7hqsRvb58G3IQZubDvWjIaTR:hTTdO4nsa7lZvQDu
Score

3^/10
behavioral11 behavioral12
- Target
  
  IT Army Kit.exe
- Size
  
  177.6MB
- MD5
  
  4217586e1c83970b7e9d2a70a242985b
- SHA1
  
  2d9422b72933b3a7231cd0c3e408829bb90bc705
- SHA256
  
  a342c10c468d8f18fff688731e2cbeef6ca06502b9640aa1564ea0f41d45b7d2
- SHA512
  
  8f37c728f2cc38cb52539c599e089aee7761d42e00f3326c986078fcfa7bc2b60beb185bb95c1ffa06789fb9022c500fe5b8f04560e9ba6425023f029358a5b7
- SSDEEP
  
  1572864:R+vbimZ3RqPfrrW/GDt+wy2tXgJdtEaxMz6lMp1rJ/Gk/QeF/anRq9A4CGdhVnau:RA5kyGScXQT
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral14 behavioral15
- Target
  
  LICENSES.chromium.html
- Size
  
  9.0MB
- MD5
  
  f017c462d59fd22271a2c5e7f38327f9
- SHA1
  
  7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9
- SHA256
  
  40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37
- SHA512
  
  72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07
- SSDEEP
  
  24576:G8QQf6Ox6j1newR6Xe1Vmf86k6T6W6r656+eGj7dOp+:fG6eGd
Score

3^/10

discovery
behavioral16 behavioral17
- Target
  
  chrome_100_percent.pak
- Size
  
  147KB
- MD5
  
  3c72d78266a90ed10dc0b0da7fdc6790
- SHA1
  
  6690eb15b179c8790e13956527ebbf3d274eef9b
- SHA256
  
  14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7
- SHA512
  
  b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420
- SSDEEP
  
  3072:Mz8JCGIdkwTPa/XKjKkxP1L2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Mz81Idk8a4Kkx5K18Gb0OV8ld0GecQ35
Score

3^/10

discovery
behavioral18 behavioral19
- Target
  
  chrome_200_percent.pak
- Size
  
  222KB
- MD5
  
  3969308aae1dc1c2105bbd25901bcd01
- SHA1
  
  a32f3c8341944da75e3eed5ef30602a98ec75b48
- SHA256
  
  20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6
- SHA512
  
  f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f
- SSDEEP
  
  6144:HDQYajN6svyABnI86uKkxugx5GMRejnbdZnVE6YoppO4:sfjN6svyABTKkxa6edhVELoXO4
Score

3^/10

discovery
behavioral20 behavioral21
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7b7470c347f84365ffe1b2072b4f95c
- SHA1
  
  57a96f6fb326ba65b7f7016242132b3f9464c7a3
- SHA256
  
  af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
- SHA512
  
  83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
- SSDEEP
  
  49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
Score

1^/10
behavioral22
- Target
  
  ffmpeg.dll
- Size
  
  2.8MB
- MD5
  
  ed10fd2777a030b2895d2f555207f1b3
- SHA1
  
  81448e7a72e49eff746abbedea503139b7eadbdd
- SHA256
  
  996aed5bb751d70e215bcc3e5be2ed28fb54412af05031c592df101b51232e0c
- SHA512
  
  435f33fd11fc25a495726401211ed87771c831eab8916b8bb9520bf0f799646f911b22716f090849bfc85e2372cd28aa1c9de46f9d613929993ef009955173e9
- SSDEEP
  
  49152:nFjQnjfFEokq/eG+xqIiyxU6b+rq+X6CfUBXY/JBY6:nFjE/CxqnyKk+r1/H
Score

1^/10
behavioral23
- Target
  
  icudtl.dat
- Size
  
  10.0MB
- MD5
  
  ffd67c1e24cb35dc109a24024b1ba7ec
- SHA1
  
  99f545bc396878c7a53e98a79017d9531af7c1f5
- SHA256
  
  9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
- SHA512
  
  e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79
- SSDEEP
  
  196608:+SPBhORiYAXHiXUxY/iJ53IWhlVjEeIu2Y6U:++wkpHiXUxY/iJ53IWhlVjEeIZU
Score

3^/10

discovery
behavioral24 behavioral25
- Target
  
  libEGL.dll
- Size
  
  473KB
- MD5
  
  e3f6c7b1316f7ca06ee178377ce16ff7
- SHA1
  
  f546da89ec0d3ef238892be8f2dd697d411518bb
- SHA256
  
  ff6d4f18492a704b4b9d853abdcc73a4fa561b0c685619508e25afaf4e4800b9
- SHA512
  
  cad4026efc48192c4904a4b0ec583d2e24b94f8a5f91824716eddb32477512799b10a4f9cc7a2976a25ca0d333bb1c68bb98b1d0f9bd7020e0e31be7d950720b
- SSDEEP
  
  6144:7TQILNFetxbb8J6AGrIKLD0Rf8KRWAwi+u7fS41stlu9:4IDq58JFGrIKLDWNW2+u7fS41f
Score

1^/10
behavioral26
- Target
  
  libGLESv2.dll
- Size
  
  8.0MB
- MD5
  
  ac216b22cb7ca21d9803ae6b111792e5
- SHA1
  
  f6678626aa522628110315889ca744572549bb73
- SHA256
  
  3cd10952ba73ba4a36f5ec92dcbb0893092bfc8d77a381f6f9f3090b0ecfbb50
- SHA512
  
  df344f79ff5d4e38b451bea948c234b63af0402565097082a082b44a4efb9e0ed367884875cbc817237b7ae7ac126fc7de0e8615504923b8db553c1a3a985a90
- SSDEEP
  
  98304:dAb24VjbjUkC/f5031ZIXytRt1lK6XC3a:dAb24VjbIk2sEol/ma
Score

1^/10
behavioral27
- Target
  
  locales/af.pak
- Size
  
  508KB
- MD5
  
  09455048c30cecbb17d6e0e95e4c01da
- SHA1
  
  6572850b07df45933ed57754f72c44895a7ef662
- SHA256
  
  e973763dcc0ffd7a5afe0a62ec9651c4c3db7fe29a23797fafc34b83512d03aa
- SHA512
  
  f59b68c213815ad81379c964abe6597b900b9fac5fe17e2cb378d015c4803f96b598ef70333d594599b3283a88a9ca9cb2475afc2590eda2ddf7b041ba2368e3
- SSDEEP
  
  12288:507kG+o3LDVy4VGmxu/PS+H2JynCa5eIRVho0vMI5gw2pT+FXZ22h+2pslVtn5ga:pG+o7DU4Vj8/PS+H2JynCa5eIRVho0vW
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  locales/am.pak
- Size
  
  822KB
- MD5
  
  99f01e85f82f70b919f3de6a29bc2255
- SHA1
  
  bd229bbb9a15d128d3dafb107533ed2b74e0b778
- SHA256
  
  fdbbf59c2f6d4e9d6bf8bc7209511850bb337b0a49a25d39779bdd0e105f1682
- SHA512
  
  b3b7199f60af430bc98fc937e12b0a2c67b446f0217e01b543882313336f55def3cc6317cf1ef49766ceb1e171e70cbd78e8acecc3cc1c8409e76f4d98d347a6
- SSDEEP
  
  24576:3oTorJhTCQIymrxn7Kxjkexpzn05C2gMRnVGq+XG/6Kx/Ppp:3G51
Score

3^/10

discovery
behavioral30 behavioral31
- Target
  
  locales/ar.pak
- Size
  
  901KB
- MD5
  
  5fbed215d9555f2be88e8a41407a0a72
- SHA1
  
  744bd7b5276cd4e69a6610d35e3c9e5d62dbe49a
- SHA256
  
  5f1b06de1f8105ccebb79651781fc219013048951a6e1b15a2c4f567ee45e88f
- SHA512
  
  0c0d2d1d3d07528afecf1862011ce2ddd27c9c286b5edeb03cd80a9ffde584bf0a71ba6292c969e3261a958a9bfddd291746253268479c090f54559720dcac36
- SSDEEP
  
  12288:KUsEMBFE/T/RK+EZrpvPUovmbkuESJ5TNphQIfitG8:lsEKo5tQh
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32