mofongoloader | 73b6df0add9bc6b5792d274d316ecd70d636847db25ce6f3e63e77fb72369037

Sharing

Copy URL

Twitter E-mail

General

Target

새 폴더 (2).zip
Size

60.4MB
Sample

241112-g4tpcaxane
MD5

eb8a382123a3636f81b31c3e6086d411
SHA1

987e2abc6f859f21e4073fbd896c88683fcd9ac3
SHA256

73b6df0add9bc6b5792d274d316ecd70d636847db25ce6f3e63e77fb72369037
SHA512

2695047c269213e0abd9fbd151d8721f7c282b90ef951cffe47e0b29727ea68c08c96059f5907cd7326b45a375a8030f991e73baf3f5e8e9003589ad2ba99123
SSDEEP

1572864:MSfVw4VJDATTOJAIPN29bKI6L5qneN2mP7YXW9I:Pm4VJDAT6JAoN29bkeXx

Score

10^/10

Malware Config

Extracted

Family

mofongoloader

https://securetestconnect.app/connection/test

Attributes

user_agent
UA/1

Targets

- Target
  
  48db28a1f4bd01050aa13f021c3b1dfd7aa7ed807592e0a23f3c7afbb7db78c5.exexx
- Size
  
  674KB
- MD5
  
  ab860c777ce9ad76b1c478623e3cda2a
- SHA1
  
  38dfc133a769a459ee322488a96179d71da56892
- SHA256
  
  48db28a1f4bd01050aa13f021c3b1dfd7aa7ed807592e0a23f3c7afbb7db78c5
- SHA512
  
  f23b09e3da1c1f7941a87b57e91ea0988524ad2a2b2aa56114331590e1da0d1d3da98a10626b48ecd995d54d02652236cf03f0707b4132b4c56e8b8d50d25548
- SSDEEP
  
  6144:GvZCqtNVfi0ZzEGFwMHViJ1bK+zjD+FM0kz6kUJYeASlF/+xZRtiKzvzaOchY5:GvZCCukzEGCMHViPbK+zWFPkzNzDKO5
Score

1^/10
behavioral1 behavioral2
- Target
  
  595539b2009fdf8e53a409f7a21b779e7a670ca61f0a8dc216b226d753a54e6e.exexx
- Size
  
  28.7MB
- MD5
  
  a75bd304b668cfa64640b22e4c231349
- SHA1
  
  2a72f8bb89047305062d53337098c5e0573d9ff3
- SHA256
  
  595539b2009fdf8e53a409f7a21b779e7a670ca61f0a8dc216b226d753a54e6e
- SHA512
  
  60f35560be97a8674c5c1e1916340655f619702dc6d95cfa32a4c7fad284e27b45a5dda5fc79a2ce0d8e0a87583ca1caa0ecae54ece10a1f5abdd5b9cdc41471
- SSDEEP
  
  786432:kxZADx6Nw9CJarloXOqTIzauR93oSQkNd:t6N9c2XRPC93oLkf
Score

7^/10

discovery
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  pkg/gems/snmp-1.0.2/setup.rb
- Size
  
  28KB
- MD5
  
  02e7ad166e7aa7e569c7b7194dab4d12
- SHA1
  
  7d47db555ad62d8b24dfb65149ef95d1c626b263
- SHA256
  
  5e8c86c364bacf6d1f6d55c53d21898cfa538de3b5547cc32ac8690407c45aa9
- SHA512
  
  bb0aafc60a48394d0ea25a09018bb8355cc177bd1d946e55b440eada54c7fc3d870362bfc92c944481baab2dd1f391d661b1c0cf80c909a267d765ed5b5c6e19
- SSDEEP
  
  768:ia6cNshyZfXF+VaKxq83AM5kTFghb/ZLTce9:z6cPF8xq83AKkTFghjl9
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  pkg/gems/soap4r-1.5.8/bin/wsdl2ruby.rb
- Size
  
  3KB
- MD5
  
  24b4534b1bb985f3b33719e45bcbff23
- SHA1
  
  02d7c31d4eff0ecc83c5022ebe08a8f7e7556cae
- SHA256
  
  8b127b926ad03e0e2a6e60add688cab08a82a44ae77848d858dc3f36eaf10b5b
- SHA512
  
  47ff37dd8878d67b9775e6d0275bd700990a9f8fb742fab633b854da98c4d1cbae6a6875ec960ce0683c5e0ae20ee6db50b0d87d225a3ce990b2d58954da856a
Score

1^/10
behavioral10 behavioral7 behavioral8 behavioral9
- Target
  
  pkg/gems/soap4r-1.5.8/bin/xsd2ruby.rb
- Size
  
  1KB
- MD5
  
  4fe66f87734d284df55a9c002837dade
- SHA1
  
  b54bb72c8bf7a0ccc46bb6700492d36907673cc1
- SHA256
  
  ecc948adc86346a91b5386175d4b519eecd226fc2edc6de3ced9ded504ceda83
- SHA512
  
  b3b25213013d62c9a98c3d932d828ec0570786cf6b1f682dfff52ab1ae28e243fdb87e1d83723d02d7a2864acfdb41dba37bf3d2a038c994825e96fc0165dec3
Score

1^/10
behavioral11 behavioral12 behavioral13 behavioral14
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/baseData.rb
- Size
  
  21KB
- MD5
  
  fa3144901cd25a0956787d2de5d29c74
- SHA1
  
  5ac83ad1aba47e7f45017b8a8c0ed6f86fc9bfd4
- SHA256
  
  f7fcbd753aabc583dbf35384e853a2f73416792307c5017924f70e35e8906b1d
- SHA512
  
  2286f551c2bc83e33f92c0a00c32ee95f73946f6654995ee6617d33fa527932ada85ac62f88ef385acf3ea37196e4a79f5b619d6be918b60add06603d82163ec
- SSDEEP
  
  192:OVhCk551nkALW2dHLiDqV94fLL7MK4QShj9zTFfMHynL0EhkFPt0z/0zi1P0Z1Gy:ehgWH87sQsj9zTZ4oH1UmFyFCsW5hpdw
Score

1^/10
behavioral15 behavioral16
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/element.rb
- Size
  
  6KB
- MD5
  
  781a38d374ddd85fefac934dc1ebe0ad
- SHA1
  
  baf6af6ebb2ac7bdf0e32a0bfd3202bc0c1ff694
- SHA256
  
  ff74af29062a3bfa014f4cb2d41da017df76a12eddbdff0a115b15e6b8f1c61b
- SHA512
  
  f8907ea47f2adcb24cb12e76883c242baa72c37b190aff9fb895ef1b46e723a6c6f06dfa35ed70499baf0d7d1a7326abc7bc515264180305e72b4f20a02719ae
- SSDEEP
  
  192:g5VUffOljLObsoiXk7y8gavSTxvc6vczvcMxB0OUv:gTUnORSA8ZgamaXQ22
Score

1^/10
behavioral17 behavioral18
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/generator.rb
- Size
  
  7KB
- MD5
  
  c45d4b15b048c805d872d0edfa7089a8
- SHA1
  
  1ab4a0adabca5b6938c97a872a560002bcd78aca
- SHA256
  
  699bda13163466014c86bf00126f7a9b94afeca950a5d731a4fa6d6689aae369
- SHA512
  
  2b28b5d7295882ec7c29944dc1fbef2ce84874a9876d6853ec94d699d7a561fa87816334a162d87661d294c9141b20e9f3cfc718fa80549625be230cef191c4d
- SSDEEP
  
  192:CVJ4w+oHprK3CbS8y5Ye5eXiDTUkvz3UAGnuMH3rShaaXS7YjhltwhmM:CJdMr8y5R5eXiDTUIz3UM6CM
Score

1^/10
behavioral19 behavioral20
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/mapping/encodedregistry.rb
- Size
  
  17KB
- MD5
  
  ea89d17d122b082279cd9f6aad1c0877
- SHA1
  
  d87e087222486da277cf1d4ba705f2eea7aa06e3
- SHA256
  
  13bd6c808fb41b54ffa528d2ef0a1ca7670500f1bf074a6c3e8da1cabfe4fd0f
- SHA512
  
  0cc22b5574d30aa29624e654d9b09323d011a3ae68e70bc62f1124cc633b83eaf305239a5c319aa90e09cfc5e088ffb147eebca95f29818a4ae6898794ef88f3
- SSDEEP
  
  384:+j/isN+ihbXXhbWiJoK3QUL5A0DmfHRcB1gXNL6zCdS+RBF:+eO+4bhbAKDA/RcB1gXt62dl
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/mapping/factory.rb
- Size
  
  9KB
- MD5
  
  cbdbf84434c012aebd40de8b07ff0063
- SHA1
  
  a929c0bc66e7aa5cb58aa6ab9cd5c7116a4508d7
- SHA256
  
  2bf984b10deb51544835f2c31b6eb4354fd0de26ee01ea652eeae050769501d7
- SHA512
  
  c43494dbc1735da59ce2b28cf32a2dfe0488f590d3735cca0495c31cf1697d4e75dcf134cfd89abb383ae7d2b831d0682137e80173e901853d6cfadcfdb05e6e
- SSDEEP
  
  192:dVnMspeUR9Lt69vhzMJ9/1LfHR+lmATdLlAGE4w6qrL6HJ25HJiLuzU3FJ:3p/9Lt6A95aKrXdHgLv
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/mapping/literalregistry.rb
- Size
  
  10KB
- MD5
  
  933ab7855d66150a7f9c8be69ce39455
- SHA1
  
  b1e7a3a94bec5e25adfd01e02ea8613a9690c0df
- SHA256
  
  d3d94ecd9239010aae5a81451f05c6c3b6e6e4abe7550195086652794fd7b516
- SHA512
  
  8709b36298f20273c36399330c0f8203fbbe9e36661b7dc35e2d325267aaffafca05f9e0ae4d62ff2af5b83f9f0512323d4a9513393e3e9cdff80f6a5508dfe5
- SSDEEP
  
  192:xVnUA+dCuy7CH/bk8dLWWc1u7Sm0KtGu6E7Moz1hPNxLcycN2B5kc8wEYbSTZ7iY:bnkgsK1+30Ef67C1CfN2vN7S6/lc6Udl
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/mapping/mapping.rb
- Size
  
  16KB
- MD5
  
  d1a11d2c07f706063fcc4bd9d22ca0b4
- SHA1
  
  4dd46099900e97354343873e24cc677f412ef351
- SHA256
  
  150e56d2839e9401335af3e5d3eb2001c738a7d50aa0e35b1fae3705694e42a0
- SHA512
  
  1391b5577913df2cd971102bc58f99c4068e4b70896f140db602b2e93cfb845f69827eef6500d1a6784b70be1d0235b6419ae721241e1d9c1b7f08bc425eab0b
- SSDEEP
  
  384:57aetizt0N2qFvl1cUiXR/hbGBOnjiAGapl1nnpXIoe0qT0hKzFzFEbbjetWx:57acPHcUiXR/E8iAGa7qT8KzFzFy
Score

3^/10

discovery execution
behavioral27 behavioral28
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/mapping/wsdlencodedregistry.rb
- Size
  
  5KB
- MD5
  
  6f6bd8b864923b860b158e579a48cb70
- SHA1
  
  850a1a45b0569a7300b60229da4080e80c0bdfe3
- SHA256
  
  1aeabe8d02a3f9dfd5650658b442a19581d89f18348a5d7b3da389db267ef945
- SHA512
  
  434725ed78c4c6ed50c63014ec64f46d941d1ca76ad1062fb2d89762ddca24bd43013a2bc064a42676b6000008b7a5c52b7773df78c8fd7a1231102c0febfbfd
- SSDEEP
  
  96:UVeg1sEHHEnU5uvsXzCKFahNn7pouuMLGPcJm+E/Ej3gEucyx6y0plOjefK9ookd:UVeYsEHknU5u0Xequn7poyoM1OSfK9oB
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  pkg/gems/soap4r-1.5.8/lib/soap/mapping/wsdlliteralregistry.rb
- Size
  
  6KB
- MD5
  
  c600d941c2e1624189ff895b0ad38fce
- SHA1
  
  84f0aaac4c55cd53a92eb9d18ce504413d020694
- SHA256
  
  2cd7e851def281c913146bd80b260f95e5458c79e3bb123029e157ac9afb8961
- SHA512
  
  0326444b1d066dd8f7cc948c6905c307f512425771eb831efed54607d0cc775e94273023ff2d4e90a40c005b0416a5e8725df725ba4578f47935d4d9732bbe9f
- SSDEEP
  
  192:PVPKHknUI5ou59ZCuy7CHRi78wUDV7pEmoTf54MM9PrpUIOrb8FsRD8cr8:NPW7I5ouzkUxV2TRpuProrD4
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32