Overview
overview
8Static
static
3Clumsy0.4v...v3.exe
windows7-x64
7Clumsy0.4v...v3.exe
windows10-2004-x64
8܅�� zF.pyc
windows7-x64
܅�� zF.pyc
windows10-2004-x64
Clumsy0.4v...rt.dll
windows7-x64
1Clumsy0.4v...rt.dll
windows10-2004-x64
1Clumsy0.4v...64.sys
windows7-x64
1Clumsy0.4v...64.sys
windows10-2004-x64
1General
-
Target
Clumsy0.zip
-
Size
6.9MB
-
Sample
241015-139hyszdma
-
MD5
7aec3f27d7ec6172ed8ddd5e16b402a9
-
SHA1
6d3f60f6353a25e033a3d83ec4a2701b556f369e
-
SHA256
5170cf7842d1beea31099a684797bc0ee656e2e0d700b840ac6349d15d15b90d
-
SHA512
1d2b9ea38c71960653da599b5fc0cecd585f1e4fd08bca855c68a41ec0a598dae52d257646e54ef9479a6efc3b37d44bc18b15c7407c7b0d5a1439305f27efed
-
SSDEEP
196608:tqFhHeN/FJMIDJf89gsAGK5SEQReuAKe3bUF:gU/Fqyf89gsfNZAKh
Static task
static1
Behavioral task
behavioral1
Sample
Clumsy0.4v3/Clumsy0.4v3.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Clumsy0.4v3/Clumsy0.4v3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
܅�� zF.pyc
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
܅�� zF.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Clumsy0.4v3/WinDivert.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
Clumsy0.4v3/WinDivert.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Clumsy0.4v3/WinDivert64.sys
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Clumsy0.4v3/WinDivert64.sys
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Clumsy0.4v3/Clumsy0.4v3.exe
-
Size
6.8MB
-
MD5
9fd3c49b9da98a810d4f0b392f0ab0d9
-
SHA1
98a44a3fba9cc28e49dfb9f632bbdc7b28f56a14
-
SHA256
b3f7f7969e0785bbcd065f3ae393813b3a8b29a4a1f7a16e0c62f9d9d4746d6f
-
SHA512
2129b5fb23a984eb9a81001c1fc928d893c4c13605f10c156b00101891451f7a4b9f899728412ea9f859ae887701ba7ae8c4979b235c747c2c3e6eb23af1eacd
-
SSDEEP
196608:pqFhHeN/FJMIDJf89gsAGK5SEQReuAKe3bUb:cU/Fqyf89gsfNZAKP
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
܅�� zF.pyc
-
Size
857B
-
MD5
eecc1fcd96fd2815b7757ec6702096dc
-
SHA1
cb017ac39a77fb37302d968c5fbc5dd13c57e3b6
-
SHA256
fe6b9210dc1963a8229c2f83b6b4a8612576c95544b6a3325559b2c25db2daea
-
SHA512
3621e4777b0bda2d1c6ff7c072c7c8c2264635fccfe09274b5cfb4af72e5f17e2e611848c1b14307e782151b221498b0f1aeeb3de09556bbd63964415fb60797
Score1/10 -
-
-
Target
Clumsy0.4v3/WinDivert.dll
-
Size
15KB
-
MD5
1b1284100327d972e017f565dbecf80e
-
SHA1
5b4f0c122a80478973eb6f9cb3bbcaf186295aea
-
SHA256
9444a6e6b66f13f666f9c60d1935824f61c7256e35a8cf0440e29baa7fbe42c7
-
SHA512
4ccb9e233a3573f6eded0efa8fa54ed929818394cdf2153623d902c749d37751da6f489354aa50968e53d42d5ce339f6368dedb7858a4ff43a1927b4338954a4
-
SSDEEP
384:EHGiP0PYf9pHuGvATXlQRNq/EbUKxcneWuDlE:E9MQf90GvQXlQvAEcehD
Score1/10 -
-
-
Target
Clumsy0.4v3/WinDivert64.sys
-
Size
37KB
-
MD5
3bd5ac2e9d96e680f5dbdd183a58c47d
-
SHA1
83b08cb5e61c7b37bd710ea01196a26fc8f38610
-
SHA256
208c092fe77f161c5a313b916d73fa7f6d10dd289bab8bb5dfb3d59aacb27f25
-
SHA512
6cccd7971f423f72f5dbd01a83a2d27bb2bde63c4d1f5e127d77cfa0df85c289a2c3cd95c110ce38b58b9ea9a49aad18ae50f352ac6b21740d0294f771fbcb78
-
SSDEEP
768:R5VorUqgJs3/KtdrbYiZdNSRUYjbMUYOUaCdHUZ9fdCrYc:vVorUn9cRUuILLd07fdCU
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3