4b8766194b1bd178d67178826cce15ee734ace9a32e7535b694d4e72fd172cde

Resubmissions

17/11/2024, 20:54

241117-zp1hfsycjm 7

Sharing

Copy URL

Twitter E-mail

General

Target

Felk.zip
Size

5.0MB
Sample

241117-zp1hfsycjm
MD5

8a98ac989da8cf30be68958523a71d16
SHA1

eaf18134e26ca756addf75bb6900476d1107cc68
SHA256

4b8766194b1bd178d67178826cce15ee734ace9a32e7535b694d4e72fd172cde
SHA512

23c263bb346efafa7f46fc8f4e45bff898737d17359d077f9073de99dd8e4da1ec96274241c645a73ff07c625717861a7c204f0ddfe8eabecd4245272dc9e5cf
SSDEEP

98304:aMYs/j/LXCmug2JALK2ELJgAEUnZvpVWRf/KCdXj248iraUidgb7i3WVk:Rj/LIg2JZTJg5UZvpVwf/KKf8iraUu+o

Score

7^/10

Malware Config

Targets

- Target
  
  Felk.zip
- Size
  
  5.0MB
- MD5
  
  8a98ac989da8cf30be68958523a71d16
- SHA1
  
  eaf18134e26ca756addf75bb6900476d1107cc68
- SHA256
  
  4b8766194b1bd178d67178826cce15ee734ace9a32e7535b694d4e72fd172cde
- SHA512
  
  23c263bb346efafa7f46fc8f4e45bff898737d17359d077f9073de99dd8e4da1ec96274241c645a73ff07c625717861a7c204f0ddfe8eabecd4245272dc9e5cf
- SSDEEP
  
  98304:aMYs/j/LXCmug2JALK2ELJgAEUnZvpVWRf/KCdXj248iraUidgb7i3WVk:Rj/LIg2JZTJg5UZvpVwf/KKf8iraUu+o
Score

4^/10

discovery
behavioral1
- Target
  
  Felk/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral2
- Target
  
  Felk/Felk.exe
- Size
  
  1.4MB
- MD5
  
  6048db38aa4a61979ee56fdfa2ac4632
- SHA1
  
  9258a870a19c48feedb09d653b05f2417fd39cef
- SHA256
  
  45b11b72851723dc55ad244d58563d8024dbcb67dc61734776545043a6786492
- SHA512
  
  903f98b4cc4ab9290b1c8527713d50524abc424198822ec1737c9fa6ce4766d9a96f182ea24005c76ec53e12a0bee75aa137532dc02d2389df6a6358aa144b40
- SSDEEP
  
  12288:2CsmKysMAMhMTMVxu2LCMVxuiMVxuiMVxuhg+lE3MmM:2fMAMhM4xKKggqE3MmM
Score

7^/10

agilenet
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral3
- Target
  
  Felk/ForlornApi.dll
- Size
  
  12KB
- MD5
  
  1a3bc4f75809b4078f9818fc1c6613e9
- SHA1
  
  86487f44e26f8101e43536e9ce5d85227a42244f
- SHA256
  
  409e75f373f4bf6294f4cab120d297c9460c54d6a3d843e38c8c0f717d80282d
- SHA512
  
  44a529eaed1e1d941ca30fa443ce8297e2cf67441504487f1c84911f1b98f8879d0a7a211d2d558f7f06f5609a5e0fdb1dc40f856fd5a78aea9c6d54ce7326c2
- SSDEEP
  
  192:+YK6kYuXYVqkYHfqkrsP3MKK8Azh/9ditMqKN7Im1Y6V9:FuoVQSkrG8K09di7Kmm1YA9
Score

1^/10
behavioral4
- Target
  
  Felk/Guna.UI2.dll
- Size
  
  2.3MB
- MD5
  
  b7cf1039d089511ff4594d0796dc966b
- SHA1
  
  e41d50c48f5381da01ed43967d1024fdaaeedd81
- SHA256
  
  9143707613cfa106fc4d7177e6e9f8a544738989b6167cd6578101f1bdb0927a
- SHA512
  
  6627a7a810c78a94ff1d52b14d071f8aabd71a2e6b521d2fcea7d865d94f5bcb1dd890f1b93b292035b20127507e32c11c215268e00510e5bf28c6132a4ce2a4
- SSDEEP
  
  49152:DpR548WTt9kUHdvAmZL0Th+1n9fr2flQChRigKw1:54JErh0gz1
Score

1^/10
behavioral5
- Target
  
  Felk/MetroFramework.Design.dll
- Size
  
  16KB
- MD5
  
  ab4c3529694fc8d2427434825f71b2b8
- SHA1
  
  7be378e382e43eae84f1567b3570bca9a67e7697
- SHA256
  
  0a4a96082e25767e4697033649b16c76a652e120757a2cecab8092ad0d716b65
- SHA512
  
  02d7935f68c30457da79ad7b039b22caed11d8aedfec7c96619ac6da59ceb7c5e7a758dced64ec02d31c37a2befccdc8eb59be9e2dc849aa2bc22fabb5fa00a5
- SSDEEP
  
  384:HYAB8KPALBamLG3gckiBTVU6sgFf5L7WTOYKpKG4rw:HyLBamS3gckiBTVkgiVXr
Score

1^/10
behavioral6
- Target
  
  Felk/MetroFramework.Fonts.dll
- Size
  
  656KB
- MD5
  
  65ef4b23060128743cef937a43b82aa3
- SHA1
  
  cc72536b84384ec8479b9734b947dce885ef5d31
- SHA256
  
  c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26
- SHA512
  
  d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7
- SSDEEP
  
  12288:O+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:O+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw
Score

1^/10
behavioral7
- Target
  
  Felk/MetroFramework.dll
- Size
  
  345KB
- MD5
  
  34ea7f7d66563f724318e322ff08f4db
- SHA1
  
  d0aa8038a92eb43def2fffbbf4114b02636117c5
- SHA256
  
  c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49
- SHA512
  
  dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148
- SSDEEP
  
  6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj
Score

1^/10
behavioral8
- Target
  
  Felk/Scripts/InfiniteYield.txt
- Size
  
  519KB
- MD5
  
  614349a394eb800fafa85c27246ffb99
- SHA1
  
  272df100c9b32e2bea3e1634b60b7c55120bc4dc
- SHA256
  
  1448de6aa945cb3de40ee444985ca776c42bcd4b962fc534a9bc2c8889a316f3
- SHA512
  
  3b5c5dc63f71c128e8709792cf0039c2123a44a1916a5ab26db2419e7e295429ac8df5f589802a73f22b3522b13f30922661655c8d57f511c14d66555c81319d
- SSDEEP
  
  6144:YkrLwE7kwNFDAWihzW6ZoAmbireeCVyDLu0cQUGnYXq9PBTxDggQW1JxA8HJYhFa:YkrLwEYWy6WmP0cQLnYX3l2f
Score

3^/10

execution
behavioral9
- Target
  
  Felk/VisualStudioTabControl.dll
- Size
  
  12KB
- MD5
  
  365be8c17e1cce92c530abaf16d4c709
- SHA1
  
  a4c1f9cf40408c42a0865806b28c7552b0ba91f0
- SHA256
  
  af6815d815f4dfa21bd7ea9c0386b18359363478adc277870cf99577d9f5bba0
- SHA512
  
  532f246fc72d9f65936eaf8dc0e77d91b3d0f5070de1f5971d889232b1905a56f1dbccf896a9ebdafe268b9b9d34a91ea78904c92fdcca440e19d77134327c5c
- SSDEEP
  
  192:ap9gZJpVFf27JZE/3FaXIDbZHs3eJ/PCYOaPlgORNQEFKfyfPatuBsboFSOIP:S9gD8IDbptJ/7Oa7RNQTfCatumboIFP
Score

1^/10
behavioral10
- Target
  
  Felk/bin/ForlornInject.dll
- Size
  
  1.2MB
- MD5
  
  e97a7728ed78bde52df1bdda95cdbed5
- SHA1
  
  9822518a7110323b1b647d07ca65f4605b6e7743
- SHA256
  
  ef4caa777591d81a1744eed4d50df64a46ec740171b12e94527d2bd882277e41
- SHA512
  
  a2d47321baf2ddf4f1ed793488a2bdd14690df3fab446879ce7a0ecd7791a4a32154874cc07a0f37a531228abf566850ee3438dd3e20288a9917e97a762eeeab
- SSDEEP
  
  24576:Jd7ySdWPcWSVPIs6tBnAsZrchN0XjGfnO:n7rWP3SVPSnAsQ0
Score

1^/10
behavioral11
- Target
  
  Felk/bin/libcrypto-3-x64.dll
- Size
  
  4.5MB
- MD5
  
  be0f6d1d60e149cedaca33a04963e05f
- SHA1
  
  b686e1ed9ae47b8ae803a5d9e912b0e631bc4217
- SHA256
  
  81a5fe6cd0ef5b083e5c4bdb6a40a30bfb1b0de15a9dfad459de2d6a36d94f86
- SHA512
  
  7b39dd8c70286ec4fe61cb2c3c12062f2dcbdda607c2f14c4f983741026f6aa62b60f9e983204949395cc54b5ebf6426c0f8300e0e385c35c1f2f3847160d7ff
- SSDEEP
  
  98304:5l+f+Kv6t8y37re39P6k1CPwDvt3uFGCC:/Cyt8yLre39yk1CPwDvt3uFGCC
Score

1^/10
behavioral12
- Target
  
  Felk/bin/libssl-3-x64.dll
- Size
  
  802KB
- MD5
  
  733e3b58ee1760a442fec4712848c3ad
- SHA1
  
  529206caad19cce2424323bc29a9fb9a4bbd3e76
- SHA256
  
  159198cb8e740f9ad5918b51503121fd1b7e70460f6a4f6a6aa27576bbfa31c7
- SHA512
  
  10835ff09e35d8acb2739707219905b3ae2870af973d8f80040baeb732eb798fa93ef1bc599ad9898aff8e20ee21aa1f5e5e07340eda205aa938fc001cd83a88
- SSDEEP
  
  12288:uDYDcpeu9jFBOBJfbudc68KqLie1+jKMwmUxlcdEVB3ks:usM9jFr8OeW5wmNdEVB3k
Score

1^/10
behavioral13
- Target
  
  Felk/bin/xxhash.dll
- Size
  
  46KB
- MD5
  
  70c514826d9428f184d27f0c8f397404
- SHA1
  
  e6b0b1a396de9913004d9bcaa230972686416bb6
- SHA256
  
  aff59e91d222b75b3e3ac789baba9e24eff99796261ae5e887ef9e3c28bb3d64
- SHA512
  
  168c63cbb54865ca42a884fd974291bcadd9dd8cf8bc1980148214e84498af42a590cb3d3a394765ee0b7d2e337fab6e85ff4f85d9ced97b92b540152202a0a6
- SSDEEP
  
  768:tziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3Q18swN1WQ8hi6U:tziR74kgDn2rDRuIrN5mAvgbTg18DN1z
Score

1^/10
behavioral14
- Target
  
  Felk/bin/zstd.dll
- Size
  
  638KB
- MD5
  
  5b96fb0d4e6453680da278f5b7e51a29
- SHA1
  
  3c96a29248fa3644de2c653a5d97c1e21b13a769
- SHA256
  
  1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478
- SHA512
  
  27d06b7182aa48a81cce18f8f7b1bee054f3a862ccebd77d273a67c6a15e5d0ef5ba8fd7430976f445eb8bff51d290f2bb50061ac7ef448255ba8a18b8baf193
- SSDEEP
  
  6144:fbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4uQ16aSG:fbauYGT5BYMxjDHMk0petRCEyb9emHO
Score

1^/10
behavioral15
- Target
  
  Felk/excutornew.exe.config
- Size
  
  189B
- MD5
  
  9dbad5517b46f41dbb0d8780b20ab87e
- SHA1
  
  ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e
- SHA256
  
  47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf
- SHA512
  
  43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8
Score

3^/10
behavioral16
- Target
  
  Felk/excutornew.pdb
- Size
  
  97KB
- MD5
  
  f754799ec88a5df2280445e1fcda9e31
- SHA1
  
  7afc1bd72b866c13afc2d1c68b6f1ff8c4519740
- SHA256
  
  c1dc0c1d81049c38a031fd8262f32a78081980cea85d0c45b2217e9665ecd444
- SHA512
  
  b6ae51cf85e6cdc057a02d5a109be15901708652407bb8716eb9f48a26c2ff832b31d80b27456fe6c714f00b4a9e55ae91ea61014c0bc579eb6bd17b92442f52
- SSDEEP
  
  768:Qu5Q75QzSL8XH5VoO2+X2yPtgmg0bVouyaqLitETVHOGNIFTz04WNTFXSL8XH5Vm:3X2irgCVouyzHTVHOgyCRrXU
Score

3^/10
behavioral17
- Target
  
  Felk/workspace/IY_FE.iy
- Size
  
  539B
- MD5
  
  291d5636a434c4f1ceb0f3f776c2a51f
- SHA1
  
  ae287e08f71c522a72812f0dace94b8ffb569341
- SHA256
  
  73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452
- SHA512
  
  7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743
Score

3^/10
behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18