Overview
overview
7Static
static
3mayberat.exe
windows7-x64
7mayberat.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CablyCode.exe
windows7-x64
7CablyCode.exe
windows10-2004-x64
7LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3resources/...ple.js
ubuntu-18.04-amd64
3resources/...ple.js
debian-9-armhf
4resources/...ple.js
debian-9-mips
3resources/...ple.js
debian-9-mipsel
3resources/...eg.exe
windows7-x64
1resources/...eg.exe
windows10-2004-x64
1resources/...dex.js
windows7-x64
3resources/...dex.js
windows10-2004-x64
3resources/...all.js
windows7-x64
3resources/...all.js
windows10-2004-x64
3resources/elevate.exe
windows7-x64
3resources/elevate.exe
windows10-2004-x64
3resources/ffmpeg.exe
windows7-x64
1resources/ffmpeg.exe
windows10-2004-x64
1resources/....de.js
windows7-x64
3resources/....de.js
windows10-2004-x64
3resources/....es.js
windows7-x64
3resources/....es.js
windows10-2004-x64
3resources/....fr.js
windows7-x64
3resources/....fr.js
windows10-2004-x64
3resources/....it.js
windows7-x64
3resources/....it.js
windows10-2004-x64
3General
-
Target
mayberat.exe
-
Size
96.6MB
-
Sample
241028-smwyxsznfz
-
MD5
7f0426b32ef966ddf1f54b55b85795a3
-
SHA1
926a5a60d84a57fd4ad8e7799dec0908d1df3a88
-
SHA256
5b1837ae007673dabb9766256f9ac6bc89d1e4519418d493d8629a80af641bd5
-
SHA512
1bb1ca97b248c0af57dc6dc7d31d03f27442361529e3179741c2842ce1dde381f99d1538e35aadf777851d5e6f12a9dae7172d1d873a23181e6bc801c7d7fe1b
-
SSDEEP
3145728:hPZ+8KLNuFjHczIYVp5WnPqfNiaJynL5Zn2jQv0nZnZFg7:hPqpSHcM+6AN5oL5Zn2j205ZFk
Static task
static1
Behavioral task
behavioral1
Sample
mayberat.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
mayberat.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
CablyCode.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
CablyCode.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
LICENSES.chromium.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/example.js
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral12
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/example.js
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/example.js
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral14
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/example.js
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral15
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/ffmpeg.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/ffmpeg.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/index.js
Resource
win7-20241023-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/index.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/install.js
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/ffmpeg-static/install.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
resources/elevate.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
resources/ffmpeg.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
resources/ffmpeg.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
resources/public/vs/base/common/worker/simpleWorker.nls.de.js
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
resources/public/vs/base/common/worker/simpleWorker.nls.de.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
resources/public/vs/base/common/worker/simpleWorker.nls.es.js
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
resources/public/vs/base/common/worker/simpleWorker.nls.es.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
resources/public/vs/base/common/worker/simpleWorker.nls.fr.js
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
resources/public/vs/base/common/worker/simpleWorker.nls.fr.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
resources/public/vs/base/common/worker/simpleWorker.nls.it.js
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
resources/public/vs/base/common/worker/simpleWorker.nls.it.js
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
mayberat.exe
-
Size
96.6MB
-
MD5
7f0426b32ef966ddf1f54b55b85795a3
-
SHA1
926a5a60d84a57fd4ad8e7799dec0908d1df3a88
-
SHA256
5b1837ae007673dabb9766256f9ac6bc89d1e4519418d493d8629a80af641bd5
-
SHA512
1bb1ca97b248c0af57dc6dc7d31d03f27442361529e3179741c2842ce1dde381f99d1538e35aadf777851d5e6f12a9dae7172d1d873a23181e6bc801c7d7fe1b
-
SSDEEP
3145728:hPZ+8KLNuFjHczIYVp5WnPqfNiaJynL5Zn2jQv0nZnZFg7:hPqpSHcM+6AN5oL5Zn2j205ZFk
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
CablyCode.exe
-
Size
120.4MB
-
MD5
a6d28da9149348d445e0d33caf177e6e
-
SHA1
574c8526d52df90c07054882f325001c32b9dbf4
-
SHA256
bc65e803c03507caf65fc3b6d33e40a25482386b2a567f35967176ab93e1328f
-
SHA512
65e28675b32f8b116f61650baf4bc9a58500eb8e169eb69a6932d031d7c534c36869f4aa832d3f32225c9814b0dc226d4a752db7e2bb7a6b2084a12aa655c9cd
-
SSDEEP
1572864:o1f0+Sva7Hdp1Nhn+aCdrvdYrZ/7/lbg8udR8SnuSE49z:Nasulbg8yTnbEOz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
LICENSES.chromium.html
-
Size
4.5MB
-
MD5
d4a79b5d46f0931b9eb7125fd40baff0
-
SHA1
3a38fb263dde2251b9fe157b5fddec7acb07c53e
-
SHA256
03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f
-
SHA512
17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339
-
SSDEEP
24576:thgBBmnLiLArZ62BrcrnKHq/kUkBAwi9QxruE:rYBmLAehN6KK+xV
Score3/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/ffmpeg-static/example.js
-
Size
1KB
-
MD5
a0dac6c6614152385816d58991e931dc
-
SHA1
03fabf242302a3aeb41e1038d12d3a462373aa41
-
SHA256
05efb45cbf30cbcb3279c90db71163568ed2102656857ed2c08eb46a89fd9053
-
SHA512
df2f0257cac1ef370f1f5ca6f6170c6866f452042c518f9e16c2487d0d560f5f31e7441a2d4ad5417599dec0ba472c21fd9d2ec6bdbcb7cef0760c43cc45ea9f
-
-
-
Target
resources/app.asar.unpacked/node_modules/ffmpeg-static/ffmpeg.exe
-
Size
77.4MB
-
MD5
5b19d3cffebcf8746b52c39f90208a88
-
SHA1
bb008c51dd6b223eac88373241ccb54587a4243b
-
SHA256
e9fd5e711debab9d680955fc1e38a2c1160fd280b144476cc3f62bc43ef49db1
-
SHA512
136c242ba9f3ef8d21972c26b08c253f5d49f75bb8fc28bab477cb781283e0ff48f89fd11c9df848dcbb6203fdfae8055bc3f1514272cdf994a3f6f8dfeac80b
-
SSDEEP
1572864:Jgfb1P0bQyTwdcYS/aEHBt6w5Hnflkg+rkVRJsZRw+cJfagAoCFhk:GW
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/ffmpeg-static/index.js
-
Size
1KB
-
MD5
8082fc131318e583743f19a53a3bb0d6
-
SHA1
a5769352b2789bc846dd01951e3a1fda9e74e80a
-
SHA256
ca4ca945d60557d20f99c11fdcd338f85a55ff38b19868b1e8755b7a5c350a9d
-
SHA512
5189743bab5e9aca4149bfae1471b0b120b8ed1acd11665e15872b458c407ac0106008444cd876c1bf1809d163cdcf6e4344190cc51ad83ee6915e8e973608c4
Score3/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/ffmpeg-static/install.js
-
Size
6KB
-
MD5
56b35ea94b6f92f7bf89272dd0b2958d
-
SHA1
5485eee0b9405b939cbdc918a3dd2408a91a35aa
-
SHA256
9801ce3aa35e45f72f7d13339ff04c916011b529040d1a1301c74102ed335fb9
-
SHA512
a51af6ca4866457b625cf5eca2e776ddf12b27ac46ba66bbddb2cc42ac59b7b880292882276e5653dc7b2e0877124cf2ea97be7e52728d99a6674365daf19802
-
SSDEEP
192:z9bn0m5t4FQ/FhK1XeV0ArNkosd3X9Bunv:RT0oaFQ/Fo1XmC3Ov
Score3/10 -
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score3/10 -
-
-
Target
resources/ffmpeg.exe
-
Size
77.4MB
-
MD5
5b19d3cffebcf8746b52c39f90208a88
-
SHA1
bb008c51dd6b223eac88373241ccb54587a4243b
-
SHA256
e9fd5e711debab9d680955fc1e38a2c1160fd280b144476cc3f62bc43ef49db1
-
SHA512
136c242ba9f3ef8d21972c26b08c253f5d49f75bb8fc28bab477cb781283e0ff48f89fd11c9df848dcbb6203fdfae8055bc3f1514272cdf994a3f6f8dfeac80b
-
SSDEEP
1572864:Jgfb1P0bQyTwdcYS/aEHBt6w5Hnflkg+rkVRJsZRw+cJfagAoCFhk:GW
Score1/10 -
-
-
Target
resources/public/vs/base/common/worker/simpleWorker.nls.de.js
-
Size
869B
-
MD5
2cc7c26de2c6539d92e48df01c747212
-
SHA1
2f412a8c084f7d4007f597775137ed0f6b30aca6
-
SHA256
1ea09d107089dc1e8bc0ba408fefcbdcbf366c697ba216f88da49330130e0514
-
SHA512
f7d1e655ac538b8179296c4a84f56a8eb37e6b18d44aced642f46d49377763526af51b314bfbe36533f97a7a16585820a3b44cb86851ae131a4ada74fd9ca139
Score3/10 -
-
-
Target
resources/public/vs/base/common/worker/simpleWorker.nls.es.js
-
Size
890B
-
MD5
be65596cf447f87b15945adec9ab6031
-
SHA1
23d8a0d0ad6f13b2cb9cd360d4e0731846242219
-
SHA256
56341c7827241a6bf388660a020b45e3f5a191b7da46f7a9bc30fbcc61ff2ebb
-
SHA512
0b86df2585d1a9abca9a7581d91a77b1ff343a9f4db2d35ce809c6106dc78be3a604ef8e27380c57bd82dfd2400bdb66328e96b94435dcd8089f2f4d6f92f971
Score3/10 -
-
-
Target
resources/public/vs/base/common/worker/simpleWorker.nls.fr.js
-
Size
904B
-
MD5
0e0b9d2cd1250ef30f3b462af8600c3f
-
SHA1
3899fcf4cfa7250bbb0a2e943fc288d40a94bf68
-
SHA256
4a3afc911e223f70f2ffe4febd392fffff6011607cc9752c4313e951121bc36a
-
SHA512
602747fa05c86af14e6f11242b0fd2bef2474cec77f6cad2cca9923bac9c0389ae5a970c86c89cb6ff83467446c13b401d529780d86425540f5b1839d2f64704
Score3/10 -
-
-
Target
resources/public/vs/base/common/worker/simpleWorker.nls.it.js
-
Size
879B
-
MD5
40dcef8a9c3999ffa8b95f6f4f594f38
-
SHA1
0c60a08a17b25ac85ef27b06e73f552b5f166669
-
SHA256
74886ff47cb9ba5dcb72e223887ba3fc91b19f9818aeb9cbfc64a56203f22993
-
SHA512
75349033883604dc20a0ce9ea3bdd025915971bc09deb01d71ff4bdace16d5cf81affc0ba41831d3900ce7e39ec737c6b881d6b04f34bb8ad5f9932e5234518b
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Virtualization/Sandbox Evasion
1System Checks
1