3c328e9f25a277e022237b0d45d18479fa5db72c4031cc0135cb33f57e3121b2 | Triage

Sharing

General

Target

CrazySploit.zip
Size

8.2MB
Sample

241120-x3fdbs1ere
MD5

6851b0717dfdac6d04d5fd2acc026092
SHA1

88da1a3ae244d261959aa239de99ee39c4c96482
SHA256

3c328e9f25a277e022237b0d45d18479fa5db72c4031cc0135cb33f57e3121b2
SHA512

69f604f87080eb2407d7b6b628191005ed0ad17fd4dd769367ebb9170dd4bf1e3da5f1b8ced31919df628e10f66e2056fd57404f9926dfd0d822c7e2d630802d
SSDEEP

196608:DqSM6An/yKmxkGXMcmzlf1DplqChiHbdkdVt:DqZhayGX4fdC5kt

Score

7^/10

discovery execution vmprotect

Malware Config

Targets

- Target
  
  CrazySploit.zip
- Size
  
  8.2MB
- MD5
  
  6851b0717dfdac6d04d5fd2acc026092
- SHA1
  
  88da1a3ae244d261959aa239de99ee39c4c96482
- SHA256
  
  3c328e9f25a277e022237b0d45d18479fa5db72c4031cc0135cb33f57e3121b2
- SHA512
  
  69f604f87080eb2407d7b6b628191005ed0ad17fd4dd769367ebb9170dd4bf1e3da5f1b8ced31919df628e10f66e2056fd57404f9926dfd0d822c7e2d630802d
- SSDEEP
  
  196608:DqSM6An/yKmxkGXMcmzlf1DplqChiHbdkdVt:DqZhayGX4fdC5kt
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  CrazySploit/CrazySploit.exe
- Size
  
  111KB
- MD5
  
  fac0416670ee810931a717d98e1fbba1
- SHA1
  
  610329b747fed064e226a09f853a4d98d2fc3b7a
- SHA256
  
  1c00136793f09fd4b75b5ae077bcf4e220873cbbc1a650cf4eb88f9f2da0f2f8
- SHA512
  
  2110468425f9488fd276aab48960dd7746c95b0b8ee47db29ec6c975f1b9cfdde5c19e80dd69c6d9f8039bae1f1eaeb1794e69600d9ddbd43b8fb934dab0e364
- SSDEEP
  
  1536:7sIgzeCPCWkZHFakIFMovojOhyyu8xYls5phk1/ua7Cl8mfgMhUk1yhFUYBUQP8k:7sIgzVPCXIJvG/mfgtkwwYt5Z3
Score

1^/10
behavioral3 behavioral4
- Target
  
  CrazySploit/FastColoredTextBox.dll
- Size
  
  325KB
- MD5
  
  adac0cee5cc4de7d4046ae1243e41bf0
- SHA1
  
  c8d6d92f0dbee64d0f4c0930f0d2699a8253e891
- SHA256
  
  68d0e444c0b27552d2cb86501dcb7db3fd64b82d966e9708db0408ec1ba38c79
- SHA512
  
  1d7af604540532a4121850760b1e401bb6356e59503c26f3d1fa358a105b7d88362c92f78aa4394095b165f06c484b8c2d2ed640380e85ef9b3eb087d3e7c869
- SSDEEP
  
  6144:CbgkJe4jG4m3oCCClXA34Wm5pVg/IWTKZCQOsqJLDd5eNqwDl1HD5:CbgEGv3oCCQAohVgSLmeNfD
Score

1^/10
behavioral5 behavioral6
- Target
  
  CrazySploit/ForlornApi.dll
- Size
  
  13KB
- MD5
  
  058ef6e6dd8e5f17e364f7d5f9dab315
- SHA1
  
  6d64a4e120231086a439553a38bd5273f4304609
- SHA256
  
  9a20b5ea85f727a3456dc78484faab523be7b1cecb934721ec5ff5a11da24a54
- SHA512
  
  ab9927365111aea26ffd172e8a449b0c3c2b6fdcf69bfd19d1fb36b0e27644ed7fd58d3c1586c1bec1c52f000548c4b36c0279c1d12728b5b0e2688c8dab9dc8
- SSDEEP
  
  192:2T8pAUmIXruvxa8LhYWoii0PxKo1uELE3aEf++eNJL+2ianWJQvtVq+j9:08xlXeph7oVOD1uEHNNZJtVj9
Score

1^/10
behavioral7 behavioral8
- Target
  
  CrazySploit/ForlornInject.dll
- Size
  
  6.3MB
- MD5
  
  6d9c8971c2b99866e32cfe2438269490
- SHA1
  
  ddfb0023f230f2aa247cad3ada03e863739bd5ca
- SHA256
  
  bad099e3a1dd5bcb48606d3b0a7d7399f5c2b4af9f9b0dfa3dba6b7451da14ed
- SHA512
  
  f1c79b02a980c0c989b950ec2bcaae15c0f476d5675bcc58b8266a555f4bb46688d84d90b5e87bc4abf9e212d7c88406066994317bca4998b901ae4382d4b1b2
- SSDEEP
  
  98304:pSO6zBrjT8/GMwg8I222UYbRNqylblygjSR5GDN09aBq/NkTxbCypypUsAkrbc:pSO6pA/GMw3IyfPHN5TN5yy1qc
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral10 behavioral9
- Target
  
  CrazySploit/Microsoft.Web.WebView2.Core.dll
- Size
  
  575KB
- MD5
  
  a312715b3b3e7c28be91c9ca11a2e8c8
- SHA1
  
  efb22e1496de7d5da74c740be51f92c8625efdff
- SHA256
  
  a5878dec68ba65280d0bb450b1029dad9bb380b9f24cdac4503ee6a919581e56
- SHA512
  
  eb6308060b151ab3f7272ad9f99ae494627ddfa4be86eee5d615131cf8e228b31d76d9b4f1897564b5c94f76444c28ecf5305525784e38a2510f27f322085271
- SSDEEP
  
  12288:OmV+hdrrpQ322vy+uFKcDguRFNEMFeu+imQ269pRFZNIEJdIEY0lxEIPrEIgcvLB:TBI
Score

1^/10
behavioral11 behavioral12
- Target
  
  CrazySploit/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  59a4fc4719f6c780770c212b02ccb244
- SHA1
  
  db74d714ba822a372aeb9e45342c31e16a69cbbb
- SHA256
  
  234c53621521aa7f45849e5980bfa5ffffb7dc1cb08b054dd634c2c82f679bd7
- SHA512
  
  4bf5460c799150d4e33a3ea9ac435ba21a9061aa22ca07437e712df92c5a5c8f9c375e254fe7a52658c6b1dbd27f801dcfaf05d52a9d89f65528309cd1bb9376
- SSDEEP
  
  768:2RNRyqzSr149igHsSWtYZDgcEST3p4Jjrjh2jJFSUyauTv1JKia5/Zi/WG4K4u6m:iRyIigFWtYZDgcEST3p4JjrjaJFSUyao
Score

1^/10
behavioral13 behavioral14
- Target
  
  CrazySploit/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  80KB
- MD5
  
  80ffc92e3f11c3f4afb11c618b77c31c
- SHA1
  
  cfbd6285a741c24e6af5db59cd130644a652e49b
- SHA256
  
  bdf97ef62b93a0599973ce28aa300b74d0407c51c9f9067a97723366ea0c81d4
- SHA512
  
  3df9eccf553ee4ecca5c696019935fa2ca72cfb09983366b6806ca5e8407fe6f993bf85919219d35c949d2ef279d3243a5b92bd49c7016bbd3b79fbd73271636
- SSDEEP
  
  1536:zS+MapLxrD2uxpLAhZ8fY1DHf9WyEb30mpc4Jjr4YeUqGGhwU0odwQvUudkWUaqN:f9xr/TwZ8iDHf9C30mpc4Jjr4YeUqGGe
Score

1^/10
behavioral15 behavioral16
- Target
  
  CrazySploit/Monaco/index.html
- Size
  
  1KB
- MD5
  
  0cd44a670a701e9ea04eb9ca360c0e3d
- SHA1
  
  5f3c3384ae5d527d9c5d43aeafe29bdecf5dc8ba
- SHA256
  
  9dbf3a94d75fda9db06d77588f91104584a4d99456da11439151e0c9a5c599e9
- SHA512
  
  97e709953de3617cb18f33bc403357dc26c71d8a92fac0171dad026e71012c57407603381d6edab30affb4725882881b0271642a7ddeee73b3c32a3c9611c5c8
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  CrazySploit/Monaco/vs/base/worker/workerMain.js
- Size
  
  149KB
- MD5
  
  27ead90c7702154755785e0e53398755
- SHA1
  
  86b59485fe6f6ccb1805183fa75062a2ac1c859e
- SHA256
  
  bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
- SHA512
  
  6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82
- SSDEEP
  
  1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  CrazySploit/Monaco/vs/basic-languages/bat/bat.js
- Size
  
  2KB
- MD5
  
  4cb475399c4490eea41982dcd6d9653e
- SHA1
  
  fc97d57206ff7fa1c89ff0fc9f6e2f04a20ea185
- SHA256
  
  9bca42394fe8922fec24b768eeb8ce04692de6fad82f9052d5b7e70f5c6b0f40
- SHA512
  
  27eefe83cf38a7d784414d99b472f6fcd7e595691eb0f368254ba1f71aaf702840b62bf232c30c515a8fada234699fefeef496c0c24669cc158cb567227e4783
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  CrazySploit/Monaco/vs/basic-languages/coffee/coffee.js
- Size
  
  3KB
- MD5
  
  9d0c4ac1691eed0a480c3e9246490d29
- SHA1
  
  38258864fd070c35cec6b68715d58771df9fe3e1
- SHA256
  
  e706c9f8e5c5a0cb01b2f4e4879ec34a050d6eb2a8840284eb7badd9d78099f9
- SHA512
  
  437a703607a9f0cb96ffb56312d149b95f596290591d14098c36d978b2e1fdba3c3712c9099923bc0a709c5c0ebd7eea868f63dfbcc69cdf5a9325b8a67006b6
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  CrazySploit/Monaco/vs/basic-languages/cpp/cpp.js
- Size
  
  5KB
- MD5
  
  0a16509e6cd0155fb622e785cfe976c7
- SHA1
  
  7afa7f823191c43d7a4bdd7d91577495de62c21a
- SHA256
  
  a7c2bea7ca3d9e203a3a286735945fe010c8f4f8d46620386ee8befc6a78b32b
- SHA512
  
  2cbc48cb10c467561c6a84f59405e9c2f864640b3a21e6fe5cd14ad1a7ca5667b766b3c0511df26f28205dd17338a878bd1164a4f5875235a73214f3e4aeb49d
- SSDEEP
  
  96:hFDMgRs/rbV1+gqVV1+/LVb9ZRC2seM6jjz13MwVcEghhb6Yw76wGcmvRBNIs:hZGrTOcVv5M61h8hSeiYL
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  CrazySploit/Monaco/vs/basic-languages/csharp/csharp.js
- Size
  
  4KB
- MD5
  
  f8f841d13c9220e15dcd6bc386b37ba2
- SHA1
  
  2b8b7003820d19ed83afde98c845db5e3d5753f8
- SHA256
  
  6b3be9a86ee8e3202f51745d94d24cc1eefbcf7d9e6d94fbaf70146b084e835f
- SHA512
  
  0b167865b8d7847792c80144e83bdf33655db6ecc0934bb3290f8b5793fee8168aeaf9d74b3541a9424c4f180aad496c2d8710e3847a5bf9d4b2c960ddea4ae5
- SSDEEP
  
  96:hFDMgRsVx+rbV1+gqGV1+hmQuq1cBh8b7gj8/pLxb6J994wGcKU7dYIkI:hZi+rTtPsRXpw9SiKUJGI
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  CrazySploit/Monaco/vs/basic-languages/csp/csp.js
- Size
  
  1KB
- MD5
  
  22ada25d590811dcff4e5f5d698e583b
- SHA1
  
  c43d4846967d5037ef05b102e49d1fbc54e45fbc
- SHA256
  
  4b5a5d7d50986b86b00833447e097c0f01a4388ce1765b48e7e371d06e3a4789
- SHA512
  
  c8373ea0b78114f82e8bf027473f72ada0d8acd51623152a0072111d8b3b7d5ac310a1cc510c4e4cd2e97a7686db3c87b2da675fc910898bd11108e4b50ed189
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  CrazySploit/Monaco/vs/basic-languages/css/css.js
- Size
  
  4KB
- MD5
  
  49ad30f1151cfd7a74677fdc6dd13da9
- SHA1
  
  286d47f0a4cfa26da2e4d1f1317a8c87000bb5fc
- SHA256
  
  bd331fd3bd2c37b0c3150035325f163ac9266bf6d942310764815e676d856d91
- SHA512
  
  7337706bfd5bd54938da0fba35e97f8e5780491c04b58d43fc6d905bd2dca92897f1ed8d48e42665f166da7684cc6e29a63ae73f8d3779a9feb97c397a642f0d
- SSDEEP
  
  96:hFDMgRsozIq+q17qcq6V1+/aMj1cqTroIrqjKf8O3lzXY0Jc:hZzzv9VmjoOf8O39XbJc
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32