Overview
overview
10Static
static
10Method/Met...in.exe
windows7-x64
10Method/Met...in.exe
windows10-2004-x64
10Method/Met...in.exe
windows7-x64
10Method/Met...in.exe
windows10-2004-x64
10Method/Met....3.exe
windows7-x64
7Method/Met....3.exe
windows10-2004-x64
8Method/Met...UI.exe
windows7-x64
1Method/Met...UI.exe
windows10-2004-x64
6Method/Met...UI.exe
windows7-x64
10Method/Met...UI.exe
windows10-2004-x64
10Method/Met...te.exe
windows7-x64
10Method/Met...te.exe
windows10-2004-x64
10Method/Met...ain.py
windows7-x64
3Method/Met...ain.py
windows10-2004-x64
3Method/Met...rt.bat
windows7-x64
3Method/Met...rt.bat
windows10-2004-x64
3Method/Met...47.dll
windows7-x64
1Method/Met...47.dll
windows10-2004-x64
1Method/Met...on.dll
windows7-x64
1Method/Met...on.dll
windows10-2004-x64
1Method/Met...if.dll
windows7-x64
1Method/Met...if.dll
windows10-2004-x64
1Method/Met...ns.dll
windows7-x64
1Method/Met...ns.dll
windows10-2004-x64
1Method/Met...co.dll
windows7-x64
1Method/Met...co.dll
windows10-2004-x64
1Method/Met...eg.dll
windows7-x64
1Method/Met...eg.dll
windows10-2004-x64
1Method/Met...vg.dll
windows7-x64
1Method/Met...vg.dll
windows10-2004-x64
1Method/Met...ga.dll
windows7-x64
1Method/Met...ga.dll
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
01-12-2024 18:05
Behavioral task
behavioral1
Sample
Method/Method/2. Parameters/Tool/1. Parameter Hq/main.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
Method/Method/2. Parameters/Tool/1. Parameter Hq/main.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Method/Method/2. Parameters/Tool/2. Clean/main.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
Method/Method/2. Parameters/Tool/2. Clean/main.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Method/Method/MailDumper v1.2.3.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
Method/Method/MailDumper v1.2.3.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Method/Method/Tool/Mango/MangoKeywordsGUI.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
Method/Method/Tool/Mango/MangoKeywordsGUI.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Method/Method/Tool/Mango/MangoKeywordsTUI.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
Method/Method/Tool/Mango/MangoKeywordsTUI.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Method/Method/Tool/SAS/SwissArmySuite.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral12
Sample
Method/Method/Tool/SAS/SwissArmySuite.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Method/Method/Tool/Switcher/main.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
Method/Method/Tool/Switcher/main.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Method/Method/Tool/Switcher/start.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
Method/Method/Tool/Switcher/start.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Method/Method/Tool/Xdg/D3Dcompiler_47.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
Method/Method/Tool/Xdg/D3Dcompiler_47.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Method/Method/Tool/Xdg/iconengines/qsvgicon.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
Method/Method/Tool/Xdg/iconengines/qsvgicon.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Method/Method/Tool/Xdg/imageformats/qgif.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
Method/Method/Tool/Xdg/imageformats/qgif.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Method/Method/Tool/Xdg/imageformats/qicns.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
Method/Method/Tool/Xdg/imageformats/qicns.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Method/Method/Tool/Xdg/imageformats/qico.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral26
Sample
Method/Method/Tool/Xdg/imageformats/qico.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Method/Method/Tool/Xdg/imageformats/qjpeg.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
Method/Method/Tool/Xdg/imageformats/qjpeg.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Method/Method/Tool/Xdg/imageformats/qsvg.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
Method/Method/Tool/Xdg/imageformats/qsvg.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Method/Method/Tool/Xdg/imageformats/qtga.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
Method/Method/Tool/Xdg/imageformats/qtga.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
Method/Method/Tool/Mango/MangoKeywordsGUI.exe
-
Size
15.3MB
-
MD5
231fa08d0028c22d60bf518bf2e3615b
-
SHA1
7e0fd503bf320319b9c527c823fdcf5e5d2eef4d
-
SHA256
07391a3d0e3cd43bf1fce74cc5dc29d95f0774d294abbc63fd8dcd281cecf105
-
SHA512
593307fa18b04bcd3c673537ea862e9d123550710937b461b620642eb371b67fb0b43bac44930c16ba53b4daa79a0f2b3a07fbe9b22c2811a5934ac2aa502d1e
-
SSDEEP
98304:xjYwG3AAkPyKDgDVtwxjt8B203CFI19SswqTdVi72XMVQmppPF32aO3QdM3HwAec:xO3PksSUVMVGaOASw/rSka
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: MangoKeywordsGUI.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe 3552 MangoKeywordsGUI.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3552 MangoKeywordsGUI.exe