legion | 7d396a2e388177cfde1f8e462ed0bf581c409874e46db0d09cbf083e67df681f

Sharing

Copy URL

Twitter E-mail

General

Target

LegionStealerV1 Source Code.zip
Size

97.1MB
Sample

241104-w79x3axner
MD5

7f59e5d6dcaa1eaa5a10b86b1ea5c319
SHA1

3a0e4320ff3ae27e4cb5a23c8dff2b717cce4f0b
SHA256

7d396a2e388177cfde1f8e462ed0bf581c409874e46db0d09cbf083e67df681f
SHA512

7616091598c69c446a89644b840b11a5ddb6f1ce7586cbbf873e5af6ba132cf3363fadb2d97924bdd85f93aba2362edc59037a6913b0d44715ddb7b767951d49
SSDEEP

1572864:5jtk7HQW/SpYhJs0sXPzdLwrwtskf2WXPzdc3UDoqKJnZne5paKx13XlyxQ5pDM7:5ju7wWapYDfOrBwrwzf2wri3U9aZnU6h

Score

10^/10

Malware Config

Targets

- Target
  
  LegionStealer V1 SRC/Builder.cs
- Size
  
  12KB
- MD5
  
  053a5e9af2becc72bd49c5e015d89607
- SHA1
  
  5e0fa80185f89fa29ca71491a224ecc7a17f39fd
- SHA256
  
  7705f433f1e77ef2b8a5da38904574cbc3d5f519a9a430916d34135dce735134
- SHA512
  
  099ea9aafcdf61e708d2005b63900a089114b3a82a7a7987ce92a4126e1a36f0299f137b8882185816968730c7950b1196526925512469d7db8ef294a63f79ec
- SSDEEP
  
  192:9bpa2jr+VdDeHWdTd7uPBRqdATqihPyrsta5KfXOro+y7stb8TJ5KuQIO:9Va2WViko+GstATJ9O
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  LegionStealer V1 SRC/Exploits.cs
- Size
  
  16KB
- MD5
  
  341cc80d21e1654eda6675f774f61793
- SHA1
  
  97586ca1fcbf235b4512194c0d2901bedccaafb1
- SHA256
  
  c596b55ba9f853da40eb3726608f014e15b781d0ea08727fc44ce9dde9af0916
- SHA512
  
  2407e3e5769727c3d912aac226f6c6f6866a6c2b560cdec047dc0c9858b856d6387a9c0b7cc0b3be9b9a9729883af73feb2bc98a95a5154c981a1026ddf53706
- SSDEEP
  
  384:KKrqKrQFSaROkQj9OgNrMqG8wx5iiYwkG3t7nm/O:zQFSC0qiOGwJhQO
Score

1^/10
behavioral3 behavioral4
- Target
  
  LegionStealer V1 SRC/Exploits.resx
- Size
  
  53KB
- MD5
  
  0782d11adf8c410154157ca67ac1250a
- SHA1
  
  c478dabb54f8d3c71b31b3e8425418cc8794931b
- SHA256
  
  2aaa23b5c0bb09701d26b2531c674be05c81184afb08b25bd67e2600d153381c
- SHA512
  
  2b8cefdcafc7113ff380ab2cbd5428576a20412d8de2c136c9c6fab31aade903836ba379d6c2d0636a9029e496038115f2a644597dc6b2d1f971d8b397628f5f
- SSDEEP
  
  1536:Kj2v6KyjISj5Ve5rNY44xi10KaIMtuf7PRxHpW:Kj2vy8SjSVei10PIqub0
Score

1^/10
behavioral5 behavioral6
- Target
  
  LegionStealer V1 SRC/Form1.resx
- Size
  
  1.0MB
- MD5
  
  10af683ee0dd39eeab3cdb0d67dbe384
- SHA1
  
  e6dc6c5f54c622405b81b9bb28b285b9837d0249
- SHA256
  
  618c16f01cc2eae2d696fa3e9eae55268a70674bb2e46a982a3d5314fc3015f4
- SHA512
  
  05e7f3a78ec595f0cf8b25afb4b0ca2703f148238fe0df97dbabdfd58651d8e1686edca8508d823da0619eb15ed3b56c8af7e9a2588b815eca2924231ac43efa
- SSDEEP
  
  24576:+W+dtiY4PGOL+37vxiW+dtiY4PGOL+37vxm:We+Qe+o
Score

1^/10
behavioral7 behavioral8
- Target
  
  LegionStealer V1 SRC/General.cs
- Size
  
  7KB
- MD5
  
  1ab39ca87572516793d1c480d5b2d81c
- SHA1
  
  0b501e022306e9e22510cbbe23e0967818abd029
- SHA256
  
  d4ed01bf8cecd6a146dac8ea20faab386aaa7ec534eff3066a5e3c881024cae9
- SHA512
  
  14201e38ee2a7321fb126099730f36e7d2b3ca207b1bbfafed3b082c93e1eaf900d4d7c5c17bac533e8917d04c9f2115a25a515b23ee2305f3e93fbaf70f0cd3
- SSDEEP
  
  96:yo4h4Dcz02nzXVgLUlF3FvFAF2F2F9FbYFJFCFzF0FQF/FVolU82jn1bn7WmXbm4:IKGpRfQolU8QLaEMks2
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  LegionStealer V1 SRC/General.resx
- Size
  
  5KB
- MD5
  
  4eb5913a0e5aa842250f7419538fa230
- SHA1
  
  31fb76e5d9babe97a11fea041081f96ce426107a
- SHA256
  
  4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298
- SHA512
  
  846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
Score

1^/10
behavioral11 behavioral12
- Target
  
  LegionStealer V1 SRC/Main.resx
- Size
  
  2.5MB
- MD5
  
  f772bc41926aa53c753b2f2564d8320e
- SHA1
  
  6b52a5ea244395e837d4401c02bba17f54c27b49
- SHA256
  
  fc1651661f2c7d65e9768fdf3cc973983ad78206d6fc9723d5c915e8e49d2518
- SHA512
  
  aafa7110ddc867e743adec2c180e61332d33d984e446733eeb4743d271ed35a7e5c80edba2d69fcb77ed284d456aa542a9dcd7d05827d812f347634ebad767ed
- SSDEEP
  
  24576:GW+dtiY4PGOL+37vxNZWgo/ed9P4tLznqxc8Cz9iHK8W+dtiY4PGOL+37vxFCvic:ee+ZWHed+tX8CIq4e+uKv9wnqB4KLg
Score

1^/10
behavioral13 behavioral14
- Target
  
  LegionStealer V1 SRC/NewBuilder.cs
- Size
  
  4KB
- MD5
  
  f630a91f5ad64da2d5fde049abec8809
- SHA1
  
  607827cf9910b15d836b6b4e38a4cae41c05db99
- SHA256
  
  31c1472a1a806d30b58c21cbb435d59ec9dd81eeb9f8f74829854758135eb34d
- SHA512
  
  c106b5ce8517f753818c736d940d68483e3da22081babf8397b476b066a93c95ce7ca9130c804ed079b0e738ee2b25b87f6dc114e8e787cc69465c05a6b8b5cb
- SSDEEP
  
  96:Jo4hU2nbXVghQ2jr6VbfoM9s7stb8TJ5y:9bph2jr6VToM9s7stb8TJ5y
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  LegionStealer V1 SRC/Properties/Resources.Designer.cs
- Size
  
  2KB
- MD5
  
  a9a5a90cd90c0ad248d3841c5fc9481e
- SHA1
  
  6026054a7dee142355451d17f2bbb7fd696d5f89
- SHA256
  
  6a8e613673202849e3a3758b9d42ce51d7ece1a13a56ff4839032b9523d4e408
- SHA512
  
  3df6f8f2bbb4706dac53e5b35e055d9bdb788bffb2c8af59447fda7cbc283d10370dbe2b26d5543e07de6bbdde5b40579826618b119ee38bab572d01df28a9d8
Score

1^/10
behavioral17 behavioral18
- Target
  
  LegionStealer V1 SRC/Properties/Resources.resx
- Size
  
  5KB
- MD5
  
  0cd8c971317d19bbed44757809bcb92b
- SHA1
  
  47b15748ecc8e952c5935170090db7c269ce4b4f
- SHA256
  
  66b5ebd1b0fc73f041ba669ce2184f6f471d5e3524efa34ca31233e9f5395262
- SHA512
  
  883dba84bf7daae3ea49f9d54c13dda4f125da82ba63f90eeba0900602896ad9492a0adf7b69b67d838034090af20926af5c2934797afaadb38aa069786c1fc6
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT200qSdvabvDIwQBugqvA:KjrbLPD9sLvIzSvKgIqUEa2
Score

1^/10
behavioral19 behavioral20
- Target
  
  LegionStealer V1 SRC/Sver.cs
- Size
  
  4KB
- MD5
  
  ad570021f48c37ed3248ab1487fa69ee
- SHA1
  
  6be9e24a5a25e7a972c2a2fad97198ea03ea9389
- SHA256
  
  e447e1df5e38c63b54aeb0f75e9146164d62d1cfb79a8f40b085c76ca826d1ce
- SHA512
  
  446fae1ee43ffd025ef8bbe74c2942e128f7befc62186e276a367976be2536059164c6ca8a9d86c949e85cff3ca7f24715cd40806b627dec3262d0f2f9600d45
- SSDEEP
  
  96:io4h4Dcz0U2nzXVgoOWFd+Ew75ptqYow1ihJ0fmUJKvX0k:4KGyRVdI7XtDnfm/b
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  LegionStealer V1 SRC/Sver.resx
- Size
  
  1017KB
- MD5
  
  8b1bf053e0962923f2edf6f3ce2d5319
- SHA1
  
  de0950836f93607584b34023b1e20a564d61020f
- SHA256
  
  052b04bb18c67c3c9caf7fb1dee628576be9ed8892b226216399deabdbaa80cb
- SHA512
  
  a27f71faacedf5cd6c7f8237224565f7f35dff4b04b7d99c72362252ccee1b0d3529319d96273815d758a2fd191b6820a217fb0babf35ad7a40a0595f019dc61
- SSDEEP
  
  24576:LQhrAzWqBJyXrT5YEPZky4VhOXxqTHTMYvOjVB:LwnqBMZkl4q7gT
Score

1^/10
behavioral23 behavioral24
- Target
  
  LegionStealer V1 SRC/asamlby.cs
- Size
  
  5KB
- MD5
  
  c54437eea218c3109241012833c2a73a
- SHA1
  
  0ba93124c40fb57d6e21c88cd3e3c59f7ffc6a58
- SHA256
  
  f665c51d2581d7c112905b458eb709d034d51dcdc5b7fe825838d571e3e38411
- SHA512
  
  6271b1529ee69085695685f720d102d36175549291bce16858998c83dbb6e825924378832ea6a990b725a6118e9f5741d35d4fcfac99d147bac62a320deacd9d
- SSDEEP
  
  96:Jo4h4Dcz02nXVL1UVZyHCL47hq7PIIicB28KeKnFV8+:9KGpFuEHWowPIIdseKFC+
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  LegionStealer V1 SRC/asamlby.resx
- Size
  
  70KB
- MD5
  
  c48ea6099e3454742f511c3847b99da5
- SHA1
  
  ed28d365a559d7e3f687d718d28fa879548826de
- SHA256
  
  44607ba78f7cbddab40debbb7716da4df880aa77eb791dc036673341754bccb1
- SHA512
  
  8f099c1b23229233f657ca05ec4ead29584cd6ff9d97ac4f56b4ae659bc491c5966b0b7ff1d3812366c5b54c4e0d52f02ea7621bd98cd4d17568d90a7a115f70
- SSDEEP
  
  1536:Kj2v6TfR8ejXCIC5UBlklMCLgwi/sunde/Zx5/AdQbCdgVWcYa9A:Kj21mCvyBXCMwL7pjUoA
Score

1^/10
behavioral27 behavioral28
- Target
  
  LegionStealer V1 SRC/bin/Debug/My_Stealer_l3gion/legionstealer.exe
- Size
  
  6.1MB
- MD5
  
  7681c2bf57c7ef0640195a82333a90b5
- SHA1
  
  e6ed571b3118c389afa844bcd432623aeba85aef
- SHA256
  
  ec726f4d9f821c282198ab703a469e6f3eaa4e73517eef344b9aab6a3daacbbc
- SHA512
  
  106abcdc8acd1bc882d4501367074d9c6282e341272f336749f523cb5427fb7a6b310fafa79ddc2b10906df011253944d0d71f6625ab0ce314666b5d9d83cd8e
- SSDEEP
  
  98304:s+FPMJeFPMJcaFPMJ9wT7DFPMJkhzHdV5RPdnmCvE/t7ZCWqrxToDqk14SGuA+iO:1gxV5RsJ/tVrMt4qkq9uAmf
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  LegionStealer V1 SRC/bin/Debug/legionstealer.exe
- Size
  
  4.5MB
- MD5
  
  4e3b1a3fbe54f485df9b449f85b2c761
- SHA1
  
  6450824ac372584e5066be766ef503fac3189a09
- SHA256
  
  5f4a0a9db28d595c4035c380e2a5d4d39a284232aa46dd0ddb91baad021abd76
- SHA512
  
  bdcf379cfa1a0ff02126e298db15cd2c9f3d9041ebb934aeb96142ba099926fd2ed3a5a53b271e7ab9d6c4d80cd66a6eb3d3438c34a45b33902afbce98c5dc43
- SSDEEP
  
  98304:e0FPMJ2FPMJcaFPMJ9wT7DFPMJkhzHdV5RPdnASGuA+i1iK8P:dgxV5Rm9uAmf
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32