b523bc4dbe80814e438a064130dd30548184db75da6dd6f63d8ff3d9fcfc82e7

Sharing

Copy URL Twitter E-mail

General

Target

Calm Services.zip
Size

11KB
Sample

241018-nhr2ystgpb
MD5

3d637abdf42b4dbf20d8fcb89b6be146
SHA1

00cdf57c42923387be16ead30a9a6a0f839369d4
SHA256

b523bc4dbe80814e438a064130dd30548184db75da6dd6f63d8ff3d9fcfc82e7
SHA512

fda4da3e71ab3100ea653e8ad728b45aac66b49bdc157cd924546578d6ac122f6ff777e4d3e6505eaf8f4964dc53f6c40e225986baa8aa51fd6bdee9f172a716
SSDEEP

192:GWpEmuhaF9vhc63wUEaqKc7UTPy6SBKsUkfvlYH0JAJE4AKkzVEbx:bRhJ3wUE3d72PE9NfvuHljAKkwx

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  Calm Services/Services.py
- Size
  
  5KB
- MD5
  
  a14e84299bd9948b12588cb9f426d8cc
- SHA1
  
  3c0d21e62f1c0450aab13feed043acbdfa2b0869
- SHA256
  
  4b55ac6d83b34a77c2c913b68645997bfb2cf27d50510e483027d9bcc20d9b7f
- SHA512
  
  b27693b7fd60a8c33bfef5ceeae26875753c73406bd1818587d1794dc1cf2265d8d6a7ca931c4427b3580ffdd8f9e51aeb8584efeedc8398adbbebcf3526c248
- SSDEEP
  
  96:ZT+I7nhPnlEs2faZC0amgcL9IJSxVU83n:tNhf6fVmJmJB83n
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  Calm Services/install_requirements.cmd
- Size
  
  83B
- MD5
  
  5193ef4a874c7ba9a57318f0f6555c84
- SHA1
  
  c91cea1bbe7f6134c4eaa3df2a264dc1c1e50a52
- SHA256
  
  e4136a9e152b5680c5b5a5b9b427253c70ee5b25a9b867c497778fca896e215a
- SHA512
  
  e0adf37d6f4c2a9a6e722170c581f938d5f8f5821488ac64718104bde4363ea1cf5de2fa7d255a8166753cf87fb2fd346c8282263d8add6b4164bebbb603e046
Score

1^/10
behavioral2
- Target
  
  Calm Services/util/banallmembers.py
- Size
  
  1KB
- MD5
  
  00a568002134b7028708769b7c8660cf
- SHA1
  
  034e765977c667d2b18369012b6344aa95fd6e4f
- SHA256
  
  40148a83ec4cfd3ca5e6a31dbae4b6259a56ee5b5690bdb02838effc9658c1c6
- SHA512
  
  2da988a39b7fd18ddde41d895d050bd2be099d74ea80c411396f30c2790d291cc512ed866215972b7080ca7796ae3efd10493d0cbde30dc10b508e0eb1b66883
Score

3^/10
behavioral3
- Target
  
  Calm Services/util/createchannels.py
- Size
  
  2KB
- MD5
  
  0c653106330e0fa663c269e116303c96
- SHA1
  
  4fc685ba1ea49618445dc0102c855281398730d0
- SHA256
  
  426f7885fece7197ae8f6c228b68a5dc850f9adb72d2f96287c8409455fc670c
- SHA512
  
  96f97f7d8eee35529457c6696143e778130b2f81c00c4bf780111344b46d21d4cab018ae5bea5d3167f0bc1b475e41ebf05cca2c9cdcf164a95a2f84d493320c
Score

3^/10
behavioral4
- Target
  
  Calm Services/util/createroles.py
- Size
  
  1KB
- MD5
  
  c0c03b15ca47ad96a687cd01e2e66062
- SHA1
  
  ab76822d717e8fa691f0b66289db28246a36f163
- SHA256
  
  9df58f5e154ead6812c786fd94ff23c1a55bdb9cc6b27f87e8cc0470a133ac76
- SHA512
  
  badeefdb8fa21d1d87c79b6c5586cbc167e1d5ea03d50b9af4eb8c54ad7a4382157b56b7c4b498ed1dc563074c94c80fd03ab56e579fbe4dfdf3005150dca202
Score

3^/10
behavioral5
- Target
  
  Calm Services/util/deleteallchannels.py
- Size
  
  1KB
- MD5
  
  fd2807c37ea640b752b2c45a11e34eb4
- SHA1
  
  c38cec98534addb5e90a5ab6afb2654fdfd2d582
- SHA256
  
  847196c08cbd6f2312de8a9db4a052b7fdf72b1860c1c1c55ac3bebb1d786e07
- SHA512
  
  023ec1d44649fc584ae6da9dbfcd8d4ac89fdce3c8344bf0f1481ddc32b3ddc77869423b25165145d858c5e92ee3c8f87c27a34743e4b605b8daecfef0be44a5
Score

3^/10
behavioral6
- Target
  
  Calm Services/util/deleteroles.py
- Size
  
  1KB
- MD5
  
  cb2f5ac831f2d8a35ee9579617f53bfa
- SHA1
  
  5bab80d5f75ade966a88b8d756f98e2339cf43a1
- SHA256
  
  611a8334a33979296d1d3a553571b5cacc8c3442c290896f0f310592abdce472
- SHA512
  
  7b4c0a3b98812e2b8837f9dce28c1153881e4ad358e23cf18b4d882f5daf0cc9b3ec3ac6d289cef93a31ed4a4da0e0d3e8f18ad86ff75fdb0709d822f9b96d76
Score

3^/10
behavioral7
- Target
  
  Calm Services/util/dmspammer.py
- Size
  
  2KB
- MD5
  
  81a14df7f6ea96798f4db4a71be47baf
- SHA1
  
  534c6022e68dbfe6be12c272faac5eda4a4a005b
- SHA256
  
  135d81accb662333db9ae9422e1f7b3274b7cf5e11580a7b599f7a150b6505ee
- SHA512
  
  4e388a86be8df97c5781b12e9d07398d36804c809205fa6b0fda3658a730b05ac84c9a5205b71e78ebcec381d101aace350d30e2df66c962ffecca50e6ccfaf9
Score

3^/10
behavioral8
- Target
  
  Calm Services/util/freeadmin.py
- Size
  
  1KB
- MD5
  
  5870ed27cf532efe9642ad107bb5b8a7
- SHA1
  
  aa363ffb9c1ce3c490125c7c2601647cc99b359f
- SHA256
  
  0397c4a5fa9e2e6c8a4bd57638fd125be8edcdc9fecf1a78671f6c9164cf6852
- SHA512
  
  28addddd2fbbe802b14a40614fba405495a1ff3f00b1b4bfd1c55462e034582eedd605b8231c67d06385ca6734e2125130cac029c4a1e7d1c3218462ec59ee95
Score

3^/10
behavioral9
- Target
  
  Calm Services/util/kickalluser.py
- Size
  
  1KB
- MD5
  
  8e4c39be392cdf9153c37c110af69545
- SHA1
  
  69f4ad928ff387704abc0e76ad5f33e8ba7c53d7
- SHA256
  
  0e186f2c1ad9173f7185634b9de34304ac1647a07f8066f352e7a81777837e9f
- SHA512
  
  82991a0f6ea48bee4af6024c62cee322ecce060ee61fad749e0403436c5e445a250d659a41a3f34620820e9b1c93f2da371d2a3e5ea118f2e4d83b266fa2175f
Score

3^/10
behavioral10
- Target
  
  Calm Services/util/messagespammer.py
- Size
  
  1KB
- MD5
  
  ac441572f7bed960939d7d8fdf2e8391
- SHA1
  
  fa2de0cba0a7a7f2fd91ce5ed860d90b2fb80f10
- SHA256
  
  d82473ac0c4adcf28fe2daac03d5ec3d6b002669e101169b1b998b22f1bed882
- SHA512
  
  5878257b38cf4f5b41411258cad64793974d995cb5243b754a90ff4510178a0c8bbe216041f2ed23693c7b8d61fe5518e53d6812d6cb34cc9b59416f26420863
Score

3^/10
behavioral11
- Target
  
  Calm Services/util/pingall.py
- Size
  
  1KB
- MD5
  
  8140af5df52a36ec91feea8b91f0eb49
- SHA1
  
  11b7e871477ee05f742f760fad7cd0810748e428
- SHA256
  
  41cac663ccc75f483d1c3c5d7f4da32373b6cd799823b1dc3fd19705b57cf54a
- SHA512
  
  943143e1ab11f3a0aff9b34a666dd367e3560f16714aac8434e7631eebe3ece8f0d463f1077fd17f1592ee2f276becebb575ebd05abfca17aa12fbb5acda38be
Score

3^/10

discovery
behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12