Overview

overview

8

Static

static

1

Payload/Ma...32.png

windows7-x64

3

Payload/Ma...32.png

windows10-2004-x64

3

Payload/Ma...38.png

windows7-x64

3

Payload/Ma...38.png

windows10-2004-x64

3

Payload/Ma...48.png

windows7-x64

3

Payload/Ma...48.png

windows10-2004-x64

3

Payload/Ma...72.png

windows7-x64

3

Payload/Ma...72.png

windows10-2004-x64

3

Payload/Ma...t.json

windows7-x64

3

Payload/Ma...t.json

windows10-2004-x64

3

Payload/Ma...up.css

windows7-x64

3

Payload/Ma...up.css

windows10-2004-x64

7

Payload/Ma...es.xml

windows7-x64

3

Payload/Ma...es.xml

windows10-2004-x64

1

Payload/Ma...pi.cer

windows7-x64

8

Payload/Ma...pi.cer

windows10-2004-x64

8

Payload/Ma...ck.mp4

windows7-x64

1

Payload/Ma...ck.mp4

windows10-2004-x64

6

Payload/Ma.../c.wav

windows7-x64

1

Payload/Ma.../c.wav

windows10-2004-x64

6

Payload/Ma...er.cer

windows7-x64

8

Payload/Ma...er.cer

windows10-2004-x64

8

Payload/Ma...vision

windows7-x64

3

Payload/Ma...vision

windows10-2004-x64

3

Payload/Ma...eo.mov

windows7-x64

1

Payload/Ma...eo.mov

windows10-2004-x64

6

Payload/Ma...al.mp4

windows7-x64

1

Payload/Ma...al.mp4

windows10-2004-x64

6

Resubmissions

15/10/2024, 23:54 UTC

241015-3x4fvsxemq 8

15/10/2024, 23:51 UTC

241015-3v719sxdrl 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    superprivatedontleak.ipa

  • Size

    15.8MB

  • Sample

    241015-3x4fvsxemq

  • MD5

    78cd09fc014a93fc918b58893079c2d7

  • SHA1

    359d210fc60a7dcd2ed43c9ae30768f572f86bd7

  • SHA256

    39eed41a282105d827a5ed1c6bd0e50e5b69d8535f80c2e67aeb2f0da72e1628

  • SHA512

    20b391d9d3a58896efe2682b6b7d62179ec7dbbf41b554ba7b98f46e4b2389815c9b0699444a2474a178af2c1e2f5b0a8dd8505a80123fdc95d0d349d2bf9b74

  • SSDEEP

    393216:K3LNyK57G3YNyKxUfdfS37zBJlPFVrSV84Ka/VLIg:K3RyGG3wy/d6r1rNZSVxKa/N

Score
8/10
discovery

Malware Config

Targets

    • Target

      Payload/Mabz.app/PlugIns/CAREx.appex/images/toolbar-icon-32.png

    • Size

      919B

    • MD5

      a9339478cf5d05939d5cebe34d5a3fae

    • SHA1

      d1c4207ffcf7bab19dcec9ad99cd969e29b5fa58

    • SHA256

      a460e0e0d712743e4441a6606a2c31368b1b4845e6667a5173bf517e2b4a7357

    • SHA512

      c57a5447b5bb763d7d882dec754d2978461cee554e61e233fb1da9181537cfc6bf247b4cd82c6ce3944e57ba4238e5dc29aae87e46b2f9e30fa635c699238e22

    Score
    3/10
    behavioral1behavioral2

    • Target

      Payload/Mabz.app/PlugIns/CAREx.appex/images/toolbar-icon-38.png

    • Size

      1KB

    • MD5

      b8100ef386a5521525696a7fc4608d32

    • SHA1

      79ab3b4e5dffaf624c65fea72bce198e8049ad9a

    • SHA256

      054537770ac24af34e88590141674f92bc004a352fc52c5b8b35be233b772c10

    • SHA512

      8305e93b31bf7fcba7bfb99615f678806e3ed2b5e2bca12e1cf2008fd1f5690904ec6a7adf6b99ef5274b8f0900a324fc04617401e0c281126bcf0c436f41c1b

    Score
    3/10
    behavioral3behavioral4

    • Target

      Payload/Mabz.app/PlugIns/CAREx.appex/images/toolbar-icon-48.png

    • Size

      1KB

    • MD5

      0978506c772af72e9026f00ace8a7f5e

    • SHA1

      7f1cb3d71824211f3bec27ffeee60d52a5ebc683

    • SHA256

      24b655e5d6be7d991fc349b629f32a1d28b1581089bd9a14365b7795aee09b9e

    • SHA512

      0dbc0d4f2bbbc1ad10805039ea9760968c33d7391e1ed680cce685c3515088749b42a1bc4d1214286c4b6343446abb13b98fa54a7e3487d573d4576b34a87585

    Score
    3/10
    behavioral5behavioral6

    • Target

      Payload/Mabz.app/PlugIns/CAREx.appex/images/toolbar-icon-72.png

    • Size

      2KB

    • MD5

      b0681a5443aefb7f63fa74d495ace9dc

    • SHA1

      a472f7089c233d8df44fdb05bef700daa96b681c

    • SHA256

      4f033b035064bafe02dd25a8ac53701bec37f265a8dd368cb6094b7435f1705c

    • SHA512

      e65ab21f62e2815a0fbc96824e91f4a3312a07559fb98e84e547b10db0ca89189561372e1354dd489c7a44af145217703a02c4953e23c4ccb7d7acc9ee5c61f4

    Score
    3/10
    behavioral7behavioral8

    • Target

      Payload/Mabz.app/PlugIns/CAREx.appex/manifest.json

    • Size

      967B

    • MD5

      6044847516a2c228e140e020196a2949

    • SHA1

      39a86c60b1cc09474be83e98604e10181f89f083

    • SHA256

      bf152e7764ec46874239218b16914cfa6532e608d4313606161f38e390c937a7

    • SHA512

      bb608f423a676f15fbba593ceea7499bee26f3e8953de32ccedcc0ee1cb3a41b669d7c1df4a45de6fe25954cfe85174e3158c4a338d46bcd7e641ffd16eba9a0

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      Payload/Mabz.app/PlugIns/CAREx.appex/popup.css

    • Size

      217B

    • MD5

      ab558e995fb62ca23210fa7fd8847b08

    • SHA1

      997476a90c6ef9c78c388b4da5ce1a226bb1e706

    • SHA256

      2c87c5dda9fc9b3288303f0f0e12882e7ad9061c71493ce86502b2462c96b81d

    • SHA512

      855cfbcd16d712553541eef58f9c6cf644734e3624f7ed4aabeaf51b22107ef6eb62c48d7a83c989b309bc525d3b0484836291cef5e2cc19bc6e9b9b1641c476

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral11behavioral12

    • Target

      Payload/Mabz.app/_CodeSignature/CodeResources

    • Size

      11KB

    • MD5

      a2a62b525d590df0152aa8daaea33766

    • SHA1

      ffbc98739fab40b71b8bd50793f22fe2bcde75e8

    • SHA256

      d55aad32de5aadff881b11b331b9c9e00e27d1eb83db10228c2cc669e51ae7c3

    • SHA512

      42fbf0a552a78892c74443c64c45232e5d9d98ba3e06cb554f462151635ff2f2087f938a37c678ab058032e622bcb52c684f000550a4e2677dd11e7a48df21f1

    • SSDEEP

      192:XYo5fKKQ06VB02MZHDr2W4H0MFVvT533hLG56:oAA08BrAPOVvV33hC56

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      Payload/Mabz.app/api.cer

    • Size

      1KB

    • MD5

      178ef18343ccc9e0ecb0e38d9dea03d8

    • SHA1

      1e7ef647cba150281c60897257102878c4bd8cdc

    • SHA256

      23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522

    • SHA512

      437b9e111eeb78013969f0bfabeecf679556d3fc3f6ef9c3214fd07b58b05c78dc1a9be9b99d211568bdb44a4a33594d8d2308b42ae9bf239682a011178dfa10

    Score
    8/10

    • Blocklisted process makes network request

    behavioral15behavioral16

    • Target

      Payload/Mabz.app/back.mp4

    • Size

      1.1MB

    • MD5

      47bf44170a778891f33ba0303eb1f8ca

    • SHA1

      7a9fd4e37fb3ad35dce325a3de1e672e5c0f41ab

    • SHA256

      72eaa3f85cdd325c38987925c84af255ba88fece77c3ea94d0fc679ad71ac9f8

    • SHA512

      dac266eb49bf0ccb59425e798d9d79889fe7e34eb6b0bf4782d7afb57c0fb7926396ea9db51dd527c9b1a2af0b99d5927ff888cd97a4d3017b6e31b279e7b8aa

    • SSDEEP

      24576:LGJgV9LV1Yv1x0xw24+Ub984a2aecGpuTZ:aCLLPQ1IU+698maZ

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral17behavioral18

    • Target

      Payload/Mabz.app/c.wav

    • Size

      212KB

    • MD5

      b8c0604cd7f46d8f9c8fd1afcd3e7e96

    • SHA1

      abafdb5022578082234542383b8111ab6985b485

    • SHA256

      3b06f7a05a673513e18612a6c39b5c93110459a75b4a4c8d66855224840ec4cd

    • SHA512

      c7b5cf20a7ac2b0510ff2fb6c561c9bf9222b29c44b5534315e2bebe3b806c57f4701834804eeed900c14d3edc6db3dc1e0b1407749121c2154e636fe8090efd

    • SSDEEP

      6144:4FUgpNiyW3QbLHUq2A43b2UFXvoZOyaesYX+:4FUwcy1/HUM45VoZDa/YX+

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral19behavioral20

    • Target

      Payload/Mabz.app/cer.cer

    • Size

      1KB

    • MD5

      acabe82fe29920e0921554434db0875f

    • SHA1

      7cb5e00d0371cf0211ec8661288d0adde586770b

    • SHA256

      90e7c8a23644b56f1de2c7bce574d76afef014a09876f77a9084b7a9a53a96ea

    • SHA512

      5273a6a9c650e80c47857eea0ee5a6f8e7e87c58240d506f1ecd63e06e665a77b631229306bf272fec13b48e3acf4ad45838fbccb976973c3a010f7c9cd22024

    Score
    8/10

    • Blocklisted process makes network request

    behavioral21behavioral22

    • Target

      Payload/Mabz.app/embedded.mobileprovision

    • Size

      18KB

    • MD5

      912025cdbe6b676e279ae5a0bf2bb5f0

    • SHA1

      5d99d7fd06bdd1d2c64f0c3be45ff086f8e201b6

    • SHA256

      a9dbc218bdb8783cab7aa6040628d3f93a250cc829e26efdefb31236c7e706bb

    • SHA512

      311d7fd91a4d901adfd2bb0dee70f0dc7d5268e325cf9af1327b95a15f377ca1a18f99b1042e4d7e0e02b57c2fee1ea3dcc08ae079f21fb595e973fd0d3b5b0a

    • SSDEEP

      384:mhMELWBP9qBVDDou9701cihVO8QQ8BLPs0t0I2/mW8h:ODLW9CD8u97eO8QQOPs0tI8h

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      Payload/Mabz.app/onVideo.mov

    • Size

      4.6MB

    • MD5

      b61a8e8b22a2e8437bec98bc0dfc836e

    • SHA1

      f11ea0029ef2af666c1b0407f56c8a632f1b2fa9

    • SHA256

      22f52fa85bd35a90cc6c008f34434c436bdefc14c01177a8c25ba9bd2e7401e5

    • SHA512

      4d217faa7f664e61b20a397e61c629f2729289d22b6c6811c92d02f38891ac3f84107064a4b91eb83e339b5291f93c78dda49af7b5173c583bfeeebcfb6005ce

    • SSDEEP

      98304:P8myUtCEPbJt6DOWvwIm+m9r53wf2YGgcMuy4A:lymPlb+Ir9JMu6

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral25behavioral26

    • Target

      Payload/Mabz.app/tutorial.mp4

    • Size

      3.5MB

    • MD5

      2e37677355c16b4a441e43bccf55e604

    • SHA1

      61a7a6e2c923fe63cbdc05da5f515998d905265b

    • SHA256

      f1a150e78f4a91dfcf483b4e8dd3bc1ea523311f1e3b9c3e0f96ffd75ee56d20

    • SHA512

      bafa238484487e8d45db3e623597f59d6bab25e0e4084fe790f585218bab3df096fb04883484f25216171063eb9bae4b181fc8c597aff90cb3c76a365bccb879

    • SSDEEP

      49152:O008n1RUPi7cefz7KXxrzWFkqpjvGPuMO88rQsNhTfZeOUAIbcty2ysyrJL1wC6I:T0IqPve3kIvpju8rQShTBeOvYRL56I

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.