General

  • Target

    mayberat.exe

  • Size

    96.6MB

  • Sample

    241028-smwyxsznfz

  • MD5

    7f0426b32ef966ddf1f54b55b85795a3

  • SHA1

    926a5a60d84a57fd4ad8e7799dec0908d1df3a88

  • SHA256

    5b1837ae007673dabb9766256f9ac6bc89d1e4519418d493d8629a80af641bd5

  • SHA512

    1bb1ca97b248c0af57dc6dc7d31d03f27442361529e3179741c2842ce1dde381f99d1538e35aadf777851d5e6f12a9dae7172d1d873a23181e6bc801c7d7fe1b

  • SSDEEP

    3145728:hPZ+8KLNuFjHczIYVp5WnPqfNiaJynL5Zn2jQv0nZnZFg7:hPqpSHcM+6AN5oL5Zn2j205ZFk

Malware Config

Targets

    • Target

      mayberat.exe

    • Size

      96.6MB

    • MD5

      7f0426b32ef966ddf1f54b55b85795a3

    • SHA1

      926a5a60d84a57fd4ad8e7799dec0908d1df3a88

    • SHA256

      5b1837ae007673dabb9766256f9ac6bc89d1e4519418d493d8629a80af641bd5

    • SHA512

      1bb1ca97b248c0af57dc6dc7d31d03f27442361529e3179741c2842ce1dde381f99d1538e35aadf777851d5e6f12a9dae7172d1d873a23181e6bc801c7d7fe1b

    • SSDEEP

      3145728:hPZ+8KLNuFjHczIYVp5WnPqfNiaJynL5Zn2jQv0nZnZFg7:hPqpSHcM+6AN5oL5Zn2j205ZFk

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      CablyCode.exe

    • Size

      120.4MB

    • MD5

      a6d28da9149348d445e0d33caf177e6e

    • SHA1

      574c8526d52df90c07054882f325001c32b9dbf4

    • SHA256

      bc65e803c03507caf65fc3b6d33e40a25482386b2a567f35967176ab93e1328f

    • SHA512

      65e28675b32f8b116f61650baf4bc9a58500eb8e169eb69a6932d031d7c534c36869f4aa832d3f32225c9814b0dc226d4a752db7e2bb7a6b2084a12aa655c9cd

    • SSDEEP

      1572864:o1f0+Sva7Hdp1Nhn+aCdrvdYrZ/7/lbg8udR8SnuSE49z:Nasulbg8yTnbEOz

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      LICENSES.chromium.html

    • Size

      4.5MB

    • MD5

      d4a79b5d46f0931b9eb7125fd40baff0

    • SHA1

      3a38fb263dde2251b9fe157b5fddec7acb07c53e

    • SHA256

      03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f

    • SHA512

      17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339

    • SSDEEP

      24576:thgBBmnLiLArZ62BrcrnKHq/kUkBAwi9QxruE:rYBmLAehN6KK+xV

    Score
    3/10
    • Target

      resources/app.asar.unpacked/node_modules/ffmpeg-static/example.js

    • Size

      1KB

    • MD5

      a0dac6c6614152385816d58991e931dc

    • SHA1

      03fabf242302a3aeb41e1038d12d3a462373aa41

    • SHA256

      05efb45cbf30cbcb3279c90db71163568ed2102656857ed2c08eb46a89fd9053

    • SHA512

      df2f0257cac1ef370f1f5ca6f6170c6866f452042c518f9e16c2487d0d560f5f31e7441a2d4ad5417599dec0ba472c21fd9d2ec6bdbcb7cef0760c43cc45ea9f

    • Target

      resources/app.asar.unpacked/node_modules/ffmpeg-static/ffmpeg.exe

    • Size

      77.4MB

    • MD5

      5b19d3cffebcf8746b52c39f90208a88

    • SHA1

      bb008c51dd6b223eac88373241ccb54587a4243b

    • SHA256

      e9fd5e711debab9d680955fc1e38a2c1160fd280b144476cc3f62bc43ef49db1

    • SHA512

      136c242ba9f3ef8d21972c26b08c253f5d49f75bb8fc28bab477cb781283e0ff48f89fd11c9df848dcbb6203fdfae8055bc3f1514272cdf994a3f6f8dfeac80b

    • SSDEEP

      1572864:Jgfb1P0bQyTwdcYS/aEHBt6w5Hnflkg+rkVRJsZRw+cJfagAoCFhk:GW

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/ffmpeg-static/index.js

    • Size

      1KB

    • MD5

      8082fc131318e583743f19a53a3bb0d6

    • SHA1

      a5769352b2789bc846dd01951e3a1fda9e74e80a

    • SHA256

      ca4ca945d60557d20f99c11fdcd338f85a55ff38b19868b1e8755b7a5c350a9d

    • SHA512

      5189743bab5e9aca4149bfae1471b0b120b8ed1acd11665e15872b458c407ac0106008444cd876c1bf1809d163cdcf6e4344190cc51ad83ee6915e8e973608c4

    Score
    3/10
    • Target

      resources/app.asar.unpacked/node_modules/ffmpeg-static/install.js

    • Size

      6KB

    • MD5

      56b35ea94b6f92f7bf89272dd0b2958d

    • SHA1

      5485eee0b9405b939cbdc918a3dd2408a91a35aa

    • SHA256

      9801ce3aa35e45f72f7d13339ff04c916011b529040d1a1301c74102ed335fb9

    • SHA512

      a51af6ca4866457b625cf5eca2e776ddf12b27ac46ba66bbddb2cc42ac59b7b880292882276e5653dc7b2e0877124cf2ea97be7e52728d99a6674365daf19802

    • SSDEEP

      192:z9bn0m5t4FQ/FhK1XeV0ArNkosd3X9Bunv:RT0oaFQ/Fo1XmC3Ov

    Score
    3/10
    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    3/10
    • Target

      resources/ffmpeg.exe

    • Size

      77.4MB

    • MD5

      5b19d3cffebcf8746b52c39f90208a88

    • SHA1

      bb008c51dd6b223eac88373241ccb54587a4243b

    • SHA256

      e9fd5e711debab9d680955fc1e38a2c1160fd280b144476cc3f62bc43ef49db1

    • SHA512

      136c242ba9f3ef8d21972c26b08c253f5d49f75bb8fc28bab477cb781283e0ff48f89fd11c9df848dcbb6203fdfae8055bc3f1514272cdf994a3f6f8dfeac80b

    • SSDEEP

      1572864:Jgfb1P0bQyTwdcYS/aEHBt6w5Hnflkg+rkVRJsZRw+cJfagAoCFhk:GW

    Score
    1/10
    • Target

      resources/public/vs/base/common/worker/simpleWorker.nls.de.js

    • Size

      869B

    • MD5

      2cc7c26de2c6539d92e48df01c747212

    • SHA1

      2f412a8c084f7d4007f597775137ed0f6b30aca6

    • SHA256

      1ea09d107089dc1e8bc0ba408fefcbdcbf366c697ba216f88da49330130e0514

    • SHA512

      f7d1e655ac538b8179296c4a84f56a8eb37e6b18d44aced642f46d49377763526af51b314bfbe36533f97a7a16585820a3b44cb86851ae131a4ada74fd9ca139

    Score
    3/10
    • Target

      resources/public/vs/base/common/worker/simpleWorker.nls.es.js

    • Size

      890B

    • MD5

      be65596cf447f87b15945adec9ab6031

    • SHA1

      23d8a0d0ad6f13b2cb9cd360d4e0731846242219

    • SHA256

      56341c7827241a6bf388660a020b45e3f5a191b7da46f7a9bc30fbcc61ff2ebb

    • SHA512

      0b86df2585d1a9abca9a7581d91a77b1ff343a9f4db2d35ce809c6106dc78be3a604ef8e27380c57bd82dfd2400bdb66328e96b94435dcd8089f2f4d6f92f971

    Score
    3/10
    • Target

      resources/public/vs/base/common/worker/simpleWorker.nls.fr.js

    • Size

      904B

    • MD5

      0e0b9d2cd1250ef30f3b462af8600c3f

    • SHA1

      3899fcf4cfa7250bbb0a2e943fc288d40a94bf68

    • SHA256

      4a3afc911e223f70f2ffe4febd392fffff6011607cc9752c4313e951121bc36a

    • SHA512

      602747fa05c86af14e6f11242b0fd2bef2474cec77f6cad2cca9923bac9c0389ae5a970c86c89cb6ff83467446c13b401d529780d86425540f5b1839d2f64704

    Score
    3/10
    • Target

      resources/public/vs/base/common/worker/simpleWorker.nls.it.js

    • Size

      879B

    • MD5

      40dcef8a9c3999ffa8b95f6f4f594f38

    • SHA1

      0c60a08a17b25ac85ef27b06e73f552b5f166669

    • SHA256

      74886ff47cb9ba5dcb72e223887ba3fc91b19f9818aeb9cbfc64a56203f22993

    • SHA512

      75349033883604dc20a0ce9ea3bdd025915971bc09deb01d71ff4bdace16d5cf81affc0ba41831d3900ce7e39ec737c6b881d6b04f34bb8ad5f9932e5234518b

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
7/10

behavioral8

Score
7/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryexecution
Score
3/10

behavioral12

antivmdiscoveryexecution
Score
4/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10