1b68dcf143618796106ac9f4788b62ce433f5c3844720eaffbd35917af2ea33b

Sharing

Copy URL

Twitter E-mail

General

Target

Atlantis.zip
Size

25.3MB
Sample

241129-1xagnssrcr
MD5

db969bfa0281b53fce37509c890b416e
SHA1

5f5e64c26b8be20a595a038120fafbb96671eed2
SHA256

1b68dcf143618796106ac9f4788b62ce433f5c3844720eaffbd35917af2ea33b
SHA512

2152029c415deebfca735a6ce222c701c09afe00bb6d6d15e2babb45fefa75fdc1d98202eeb0e48d7c7197a3102ed5efbc85bade44d0d977d1a9aa3537a6bc74
SSDEEP

786432:SUSVRlPVRUOOVkcfEg2aesP6f7SQPqYhUBVko:SUSvRULVkcfEggsiWQPpwVT

Score

8^/10

Malware Config

Targets

- Target
  
  Atlantis.exe
- Size
  
  11.3MB
- MD5
  
  29e2f5289bff690abd5bb1b81f2630e5
- SHA1
  
  76c1f2367b744b31867841cd4c02c498ca893cce
- SHA256
  
  6bf31ea1c96b5fcf173ca859ee94a854511bf10e1d1efc6f3283338d24e929e8
- SHA512
  
  adf7552f6b67a8f740240693edfcfa6190815c082412cb73014e43eff34df5483cd0a89810bb54663dc418dc1645e8e734289370ada967389485362ff022318d
- SSDEEP
  
  98304:WaDTGUBeqiZv3ubvSxOS9CCKLBscvPuxuXTpRpN0pEV5ctEVdX5xLeTydFjFs7gP:WGTNev3uUcrzvpXK7gFO2b
Score

8^/10

discovery
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  Atlantis.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral3 behavioral4
- Target
  
  Atlantis.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.57/adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Atlantis.exe.WebView2/EBWebView/component_crx_cache/alpjnmnfbgfkmmpcfpejmmoebdndedno_1.4AF7EE72E9C8E11DAB4124EB233B3B5771D0EE966ECE3055FB251667528D3D0D
- Size
  
  221KB
- MD5
  
  fa1683845a7bd378d0361963b222299d
- SHA1
  
  f564f5e8752b0c2b8f40701116949c4d662dad11
- SHA256
  
  4af7ee72e9c8e11dab4124eb233b3b5771d0ee966ece3055fb251667528d3d0d
- SHA512
  
  9e249c3ad13dba739b4de279231f4a46be0234a0425997cba418a5ee5633dfc9f51d263ce8d5c92ec1bb8db43f139f7a7be24f0ec7d88794e647caffbfc27c2f
- SSDEEP
  
  6144:wBxj2S7Dx01gqo+kCnTm+dKSiz8HX7LeSv9+xrIqUViyTraumoJ:Oxj2Soo8083Dv4xrHUrWTK
Score

1^/10
behavioral7 behavioral8
- Target
  
  Atlantis.exe.WebView2/EBWebView/component_crx_cache/fppmbhmldokgmleojlplaaodlkibgikh_1.A81D1959892AE4180554347DF1B97834ABBA2E1A5E6B9AEBA000ECEA26EABECC
- Size
  
  952KB
- MD5
  
  1a9c030cf025d340ff394cd9e5b664f3
- SHA1
  
  c1e8490662903d90de97760cb3102426f2784bd9
- SHA256
  
  a81d1959892ae4180554347df1b97834abba2e1a5e6b9aeba000ecea26eabecc
- SHA512
  
  7a9584c96849b1c8c623119bea4255a628e0f36d3a5f670e9c6a20f84d250fee859751a521322864b1577d7ca3ecdd7ee805c0f35bd7d74ddf43afc9f2abf8cb
- SSDEEP
  
  24576:LwrAaUx3buUhBVQYflCitQKjQKR6kizJqpAGQ7xj8pUvQCg2:LCAH3ZsYflCiuKjgkc7B8mvQC9
Score

1^/10
behavioral10 behavioral9
- Target
  
  Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral11 behavioral12
- Target
  
  Atlantis.exe.WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.00AF3F07B5ABB71F6D30337E1EEF62FA280F06EF19485C0CF6B72171F92CCC0A
- Size
  
  1.0MB
- MD5
  
  14ef2d35ee97e8be10d6046b2e1942de
- SHA1
  
  8ad139e47d4d58df369e40c025923be0d82a5f9b
- SHA256
  
  00af3f07b5abb71f6d30337e1eef62fa280f06ef19485c0cf6b72171f92ccc0a
- SHA512
  
  f6e646031caa27f972b222a94aee3b2b610db686009e1dee6fbf0c4ac7ba6edb632eafd9ed81e15bb011e2c31ed4dda82b16dac560ed68596159ec29064ecda3
- SSDEEP
  
  24576:OgtkaswlAtUVNexKSU7EmXzDRx2I1woiB/ArwoiBM8u:OgtkaFlMHQQ2zDRQII///u
Score

1^/10
behavioral13 behavioral14
- Target
  
  adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  581KB
- MD5
  
  3d9465d5161ac2ab5a83265935514349
- SHA1
  
  5d40047faf2a166e6c25f106c244b5826bd0aad9
- SHA256
  
  24d1f432632c971456e6db676f609772b98d0cf3d3a5450c78d3dbb75744399e
- SHA512
  
  8d84de25fcb88ad6786de9f077612d356eed8726a50e9b6c44a3dff456ca8a160e0707cd1902b52e4890f97f4a5a72466ac149e71d1e790267141a6710ecc70d
- SSDEEP
  
  12288:1J3gR2NlLVbkHw20OFrpQ322ty+uFKcDEuRFNEMWeu+imQ269pRFZNIEJdIEY0lm:Hw
Score

1^/10
behavioral17 behavioral18
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  4b8bb9cd761a04f558e9b4a1a76be0bf
- SHA1
  
  0337e8418f1b991995b7adec1665a19f63e557a1
- SHA256
  
  c5a652cb75bcd84575347467c0647e6f66c207de40164d98f95ee8e6d4db6d57
- SHA512
  
  00168f4bf5455ea177730142b63ec5a4a6413acbeb965b8dd386631367e0be5c56117c0125552ea64f54c10395564206be585b31c93e441d9a357bae8ec7d261
- SSDEEP
  
  768:JmgRNRbnIfWuJCRfXBkjQYZDgcEST3p4Jjrjh2jeFSUyauTv1JKia5/Zi/WG4Kga:UQR20BsQYZDgcEST3p4JjrjaeFSUyauR
Score

1^/10
behavioral19 behavioral20
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  81KB
- MD5
  
  820de4634735b6d2d9842189cfe71ebf
- SHA1
  
  39c1259d9b4cebaaa7a684c6da10d52ad017bd53
- SHA256
  
  42e4818adbbef44833dec2c2fcca7b456581f391ba800a834a72c9e5d2dd008a
- SHA512
  
  35954de8c6faf311b6118aaf4fa0af9da05de9549a0e5b143ce19586a3826c8daf5f63bc7526a6110700499a8aa0036d8ef7a463dfe3831748dfea4a6da822ce
- SSDEEP
  
  1536:OmJUzMJcumSzWIudfRb+OhAha87Y1DHfFWyEb30mpc4Jjr4YeUqRHhwU0fdwzvUn:NUzMJNzWIudR+Ohwa8+DHfFC30mpc4JV
Score

1^/10
behavioral21 behavioral22
- Target
  
  NetIntrinsics.dll
- Size
  
  11KB
- MD5
  
  47cda8ff63960e6e3eba171a21af8399
- SHA1
  
  9cb880b835da382035e53ab3c4cdc55c1c021786
- SHA256
  
  ea98a484b6a859f5862af1df61375224ea06afbae70a698be26a305e0b3cd076
- SHA512
  
  2e5d04ede78db5e2100930e8cf6bc243ea435d6d77d533ecc7e8bb205318bcd6b1564f908380f8b6685d55d4e926e421cf0982e52ae86354157c2b7417f03cbd
- SSDEEP
  
  192:PehGusKewJdu6ICZI3Mt17xR3kiI5Ra20KjZDX09MevFB:PDw7uVCZI3MtzR3kk2LZDeMcD
Score

1^/10
behavioral23 behavioral24
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral25 behavioral26
- Target
  
  bin/Monaco/Monaco.html
- Size
  
  33KB
- MD5
  
  cabdbe1c2d9d0a80e66d9ef6f854345d
- SHA1
  
  4ec0a6f45158d6818e5a128efa13d8bc10f67c54
- SHA256
  
  a2e39847c756841adf886199ee99ddcb4aad960b9b08fa40e104b3b1c7622102
- SHA512
  
  1c2a78d1e04338ead6fdbf7f965e8942467645b767bb2e2476f7667356d39eb43eac6a48d31c98a1b6eb4dcf2c04f3cd9f55f7f6df97d2bc298e66ffdcc2614c
- SSDEEP
  
  192:dE6BYGk9pgWJxqY5K+36IH9eiDm8pwqjd7e9QEtlFsw20VY9l400ElDcWlgdsKfC:88MEpy8I17OHkGcH
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  bin/Monaco/vs/Loader.js
- Size
  
  27KB
- MD5
  
  8a3086f6c6298f986bda09080dd003b1
- SHA1
  
  8c7d41c586bfa015fb5cc50a2fdc547711b57c3c
- SHA256
  
  0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
- SHA512
  
  9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017
- SSDEEP
  
  768:3J6C/c2x0cAu57XQxJRDRi+R/TvrCv3zM2GRl0VEj:Z6grH7qTXRvmDI
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  bin/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  5KB
- MD5
  
  8706d861294e09a1f2f7e63d19e5fcb7
- SHA1
  
  fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23
- SHA256
  
  fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42
- SHA512
  
  1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f
- SSDEEP
  
  96:SD3yDUfRD5dyVdO29SvE/TMCL8CvcOAtOfxSVkxMZlMfE:nD4Ldyn7Ss/TMmUtOfxhxjE
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32