sliver | 809631d5c1dfd10a9e185e7ca312eeddcdb46b3ba4afa60ab8cb61accbf3a5fa

Resubmissions

07-11-2024 18:36

241107-w9c14sxcjh 10

Sharing

Copy URL

Twitter E-mail

General

Target

Covid.zip
Size

6.1MB
Sample

241107-w9c14sxcjh
MD5

eaf401c1600c02f02082af187cd5caf8
SHA1

442de34f63c39c8bb4df66b56c2d74cbdb1e97a0
SHA256

809631d5c1dfd10a9e185e7ca312eeddcdb46b3ba4afa60ab8cb61accbf3a5fa
SHA512

1bafa709232a1af604ff57454ca9931e5abf9a2acc0a9d32b08ff54457d26a273bc81fc033831b9a9d4296c6175b89804a73ed663ddb395a6d0c8fd5236db962
SSDEEP

196608:Ibfm/K3CXUxEsuOjzVvKzPnF5tZsWCbOCrGw7:S4KR3KPnF5fDSOCrGw7

Score

10^/10

Malware Config

Targets

- Target
  
  Covid/covid
- Size
  
  688KB
- MD5
  
  84c373d0ad1d9cee4b97d165a6c5d1b3
- SHA1
  
  d0eb9c2c90b6f402c20c92e2f6db0900f9fff4f7
- SHA256
  
  7831806172857a563d7b4789acddc98fc11763aaf3cedf937630b4a9dce31419
- SHA512
  
  076c69547e0325133d50029d24b0623e37bff119aeabee879177c290f86b9983c5bfac388075ec53b06d015eacdb7d99a20637139628e0e62ef931b420da41d8
- SSDEEP
  
  12288:7dsjE55NcCD/YiaN64Jh0nrkqrI8c5dO0+a+x+R62fTUjQX13DEWfDQo9fi:7ajE3dYiqJ+nrkqAZ+a+xiHTUq3DrDQG
Score

1^/10
behavioral1 behavioral2
- Target
  
  Covid/softwareupdated
- Size
  
  11.1MB
- MD5
  
  a8b00268144f3c9c425f738aff3c7544
- SHA1
  
  0cfde0edb076154162e2b21e4ab4deb279aa9c7b
- SHA256
  
  d9bba1cfca6b1d20355ce08eda37d6d0bca8cb8141073b699000d05025510dcc
- SHA512
  
  6e28c2a86b6be5f4aa5f8c61b058511c305e5c0974e8d44f6368945b3e8f95ae64bee739e0465576bda4713a999b9fb1ebb03ddf4957abf68697ebc3ac8b5b19
- SSDEEP
  
  49152:28YmxBrb/TovO90dL3BmAFd4A64nsfJ1uOM5h17KaHtUp4CR0VgVDDLbnCJAp8u2:g62bKjQd/44DAE++WZjHZAx+ffw
Score

1^/10
behavioral3 behavioral4
- Target
  
  Covid/vpn.dmg
- Size
  
  1.2MB
- MD5
  
  c31001dd6ab78d911243c0e29b0dbdd6
- SHA1
  
  563d75660e839565e4bb1d91bc1236f5ec3c3da7
- SHA256
  
  29bb22553c16b32057b30c240b30e2f4fe107d9ccfb6b2d0dbece6f41a2419d6
- SHA512
  
  9bb41b94104051a667cd2abe0618b785d9a764518dc350a472e0c54f8c5fb3d33efd6d5239ad8307cf6870cc37a1ac113d8439c7d4bcd5aba18b92ef11bf3409
- SSDEEP
  
  24576:WBEYQSJso6qMUTGr+rW5D3hl+5P9wAYntG954QoJm3qEUxGFMlpPX:/SJQUTjWB3hc5VNY89NoJcUx
Score

7^/10

evasion execution exfiltration persistence
- Exfiltration Over Alternative Protocol
  Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
  exfiltration
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral5 behavioral6
- Target
  
  vpn.app/Contents/MacOS/vpn
- Size
  
  106KB
- MD5
  
  6d6ee4e9054cd7886902cf5a4ed215fd
- SHA1
  
  b486104d58bd9e267ab761bfdaa7955942bebcb8
- SHA256
  
  6f551940380e2a4d4db3c9b25e85ef9d3c7628dbb60994b0ec066024cd355d45
- SHA512
  
  972a26cd02f96fccd71151cac3fa51afc1c72d89f51886b01e19022f978e6322cda601eb68085b2a35d1a8d600f7b225f65f5e37ef5b340c7ab3baf0d7eac888
- SSDEEP
  
  1536:EI3I09nvBbpIBBRVOAUOaT1CYjLxdC1hngLLFTAI+uIMRDdcC:El0FvB6BRVGOteHC1hngLLFsI+LMRL
Score

7^/10

evasion execution exfiltration persistence
- Exfiltration Over Alternative Protocol
  Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
  exfiltration
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral7 behavioral8
- Target
  
  vpn.app/Contents/Resources/script
- Size
  
  1KB
- MD5
  
  dc57d6b9a90daa5ea1c796ed2e32c0db
- SHA1
  
  fa2556765290b0a91df3b34e3b09b31670762628
- SHA256
  
  4cc4d170209897ce52093a13e2b5a27405efaeb9be1f8e1aaf93226e3451d110
- SHA512
  
  f0828f0f17f27044e12b2bfb0d8400e004535bbf3358e9724f03803d2826e3cb9aa83d532c3979590e4efb88053c6661a1690853f3a75299ea92b0829e73538c
Score

7^/10

evasion execution exfiltration persistence
- Exfiltration Over Alternative Protocol
  Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
  exfiltration
- Launch Agent
  Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
  persistence
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Launchctl

T1569.001

Persistence

Create or Modify System Process

T1543

Launch Agent

T1543.001

Privilege Escalation

Create or Modify System Process

T1543

Launch Agent

T1543.001

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Exfiltration Over Alternative Protocol

T1048

Exfiltration Over Unencrypted Non-C2 Protocol

T1048.003

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Exfiltration Over Alternative Protocol

Launch Agent

Exfiltration Over Alternative Protocol

Launch Agent

Exfiltration Over Alternative Protocol

Launch Agent

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10