Overview
overview
8Static
static
3Clumsy0.4v...v3.exe
windows7-x64
7Clumsy0.4v...v3.exe
windows10-2004-x64
8܅�� zF.pyc
windows7-x64
܅�� zF.pyc
windows10-2004-x64
Clumsy0.4v....4.txt
windows7-x64
1Clumsy0.4v....4.txt
windows10-2004-x64
1Clumsy0.4v...rt.dll
windows7-x64
1Clumsy0.4v...rt.dll
windows10-2004-x64
1Clumsy0.4v...64.sys
windows7-x64
1Clumsy0.4v...64.sys
windows10-2004-x64
1Clumsy0.4v...ig.txt
windows7-x64
1Clumsy0.4v...ig.txt
windows10-2004-x64
1General
-
Target
Clumsy0.zip
-
Size
6.9MB
-
Sample
241015-1185eazcla
-
MD5
7aec3f27d7ec6172ed8ddd5e16b402a9
-
SHA1
6d3f60f6353a25e033a3d83ec4a2701b556f369e
-
SHA256
5170cf7842d1beea31099a684797bc0ee656e2e0d700b840ac6349d15d15b90d
-
SHA512
1d2b9ea38c71960653da599b5fc0cecd585f1e4fd08bca855c68a41ec0a598dae52d257646e54ef9479a6efc3b37d44bc18b15c7407c7b0d5a1439305f27efed
-
SSDEEP
196608:tqFhHeN/FJMIDJf89gsAGK5SEQReuAKe3bUF:gU/Fqyf89gsfNZAKh
Static task
static1
Behavioral task
behavioral1
Sample
Clumsy0.4v3/Clumsy0.4v3.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Clumsy0.4v3/Clumsy0.4v3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
܅�� zF.pyc
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
܅�� zF.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Clumsy0.4v3/READ ABOUT UPGRADES FOR 0.4.txt
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Clumsy0.4v3/READ ABOUT UPGRADES FOR 0.4.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Clumsy0.4v3/WinDivert.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Clumsy0.4v3/WinDivert.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Clumsy0.4v3/WinDivert64.sys
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Clumsy0.4v3/WinDivert64.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Clumsy0.4v3/config.txt
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
Clumsy0.4v3/config.txt
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Clumsy0.4v3/Clumsy0.4v3.exe
-
Size
6.8MB
-
MD5
9fd3c49b9da98a810d4f0b392f0ab0d9
-
SHA1
98a44a3fba9cc28e49dfb9f632bbdc7b28f56a14
-
SHA256
b3f7f7969e0785bbcd065f3ae393813b3a8b29a4a1f7a16e0c62f9d9d4746d6f
-
SHA512
2129b5fb23a984eb9a81001c1fc928d893c4c13605f10c156b00101891451f7a4b9f899728412ea9f859ae887701ba7ae8c4979b235c747c2c3e6eb23af1eacd
-
SSDEEP
196608:pqFhHeN/FJMIDJf89gsAGK5SEQReuAKe3bUb:cU/Fqyf89gsfNZAKP
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
܅�� zF.pyc
-
Size
857B
-
MD5
eecc1fcd96fd2815b7757ec6702096dc
-
SHA1
cb017ac39a77fb37302d968c5fbc5dd13c57e3b6
-
SHA256
fe6b9210dc1963a8229c2f83b6b4a8612576c95544b6a3325559b2c25db2daea
-
SHA512
3621e4777b0bda2d1c6ff7c072c7c8c2264635fccfe09274b5cfb4af72e5f17e2e611848c1b14307e782151b221498b0f1aeeb3de09556bbd63964415fb60797
Score1/10 -
-
-
Target
Clumsy0.4v3/READ ABOUT UPGRADES FOR 0.4.txt
-
Size
6KB
-
MD5
2cfa5b3d8ba0c0d8d4e7be670d8e3fa4
-
SHA1
169656d2233c9ca02569e2a26a5051ac5df5740f
-
SHA256
6220d2d0fc51a57072cc3e4243fbcb0fc901fe0d1fb17ee31cec8fe564d49d55
-
SHA512
f51a2a32b0bfab28fbca0b17eb33ee57af95c90bbc45408297d3b16c78ded2a68b822239142f7b5e53a4555443635cf924d0cfa9008afc5a02983e9a06763e56
-
SSDEEP
48:w/MMMMMMMMMMMMjMMMMjMMMMhMMMMjMMMMhMMMMjMMMMMMMMMMMMjMMMMMMhMMML:w3H/8
Score1/10 -
-
-
Target
Clumsy0.4v3/WinDivert.dll
-
Size
15KB
-
MD5
1b1284100327d972e017f565dbecf80e
-
SHA1
5b4f0c122a80478973eb6f9cb3bbcaf186295aea
-
SHA256
9444a6e6b66f13f666f9c60d1935824f61c7256e35a8cf0440e29baa7fbe42c7
-
SHA512
4ccb9e233a3573f6eded0efa8fa54ed929818394cdf2153623d902c749d37751da6f489354aa50968e53d42d5ce339f6368dedb7858a4ff43a1927b4338954a4
-
SSDEEP
384:EHGiP0PYf9pHuGvATXlQRNq/EbUKxcneWuDlE:E9MQf90GvQXlQvAEcehD
Score1/10 -
-
-
Target
Clumsy0.4v3/WinDivert64.sys
-
Size
37KB
-
MD5
3bd5ac2e9d96e680f5dbdd183a58c47d
-
SHA1
83b08cb5e61c7b37bd710ea01196a26fc8f38610
-
SHA256
208c092fe77f161c5a313b916d73fa7f6d10dd289bab8bb5dfb3d59aacb27f25
-
SHA512
6cccd7971f423f72f5dbd01a83a2d27bb2bde63c4d1f5e127d77cfa0df85c289a2c3cd95c110ce38b58b9ea9a49aad18ae50f352ac6b21740d0294f771fbcb78
-
SSDEEP
768:R5VorUqgJs3/KtdrbYiZdNSRUYjbMUYOUaCdHUZ9fdCrYc:vVorUn9cRUuILLd07fdCU
Score1/10 -
-
-
Target
Clumsy0.4v3/config.txt
-
Size
494B
-
MD5
96e1f04ec8c447bc7fa7076556b816b6
-
SHA1
56393dfb14a5bd5ecd33a1b8c7e5b150b068a7ff
-
SHA256
68d9f0a48c33b279478c168578e1d5ff9ff5331be68d686a23c22f36de2a4463
-
SHA512
12e26a747363cb636066ae3a8e391e7d22d2ae6d35064501bdeee01ae65b96d3cb6187578c6537fb4eef8e556524880a48b1556f73c8ff674e69ad33fe0ce5c5
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3