warmcookie | 7b789067fc92947c089c7bd54324742156f04d7a2d670de4e5170c87abf72f3d | Triage

Sharing

General

Target

manuskript-0.16.1-windows.zip
Size

85.6MB
Sample

241213-3lgsqatjck
MD5

9a63d0ac0c26bd16901818ba8c31ceaa
SHA1

2e159aab2b182c260378d4ce5d08123366767e65
SHA256

7b789067fc92947c089c7bd54324742156f04d7a2d670de4e5170c87abf72f3d
SHA512

a05245e6e967968b929f4372b0715ab6fa823996f350aa505f2a51de4390c56b67dbba3442defe3f7c7890267b84ef38b21e7db41af30cd2c90d294e0602e7d2
SSDEEP

1572864:rYdZ6BJVzh0/wUGyA0graeYOj5adEbeKnGc9pY1c4o:rYuLu/hGTjs4eKGcrV

Score

10^/10

warmcookie backdoor discovery execution linux pyinstaller

Malware Config

Extracted

Family

warmcookie

Targets

- Target
  
  _internal/enchant/data/mingw64/lib/enchant-2/enchant_hunspell.dll
- Size
  
  617KB
- MD5
  
  c3d4923746d3894a3ef09e6e89f451a7
- SHA1
  
  f2c87e0c0b56496db4ba59554b0f9e075fba4b76
- SHA256
  
  a969501ba1eb79cadd7015eea4263194c86f6d8023e69fe36a88f8e0b40da11a
- SHA512
  
  cf623c100f15d2ad8ad27a2860bb8682d162cded42e70e705267d230d4d2d47085c8981535050155c3646598b5cc24892cb73d9f01516bef633024deaced9303
- SSDEEP
  
  12288:PvJqsbUrbpa0D07xs+D66b8RJK3MHE42FK2J68VdYw8GHGq5:J3Urbpa0Al5ec8DK3MHE42FK2Jb5
Score

1^/10
behavioral1 behavioral2
- Target
  
  _internal/i18n/search_files.sh
- Size
  
  84B
- MD5
  
  aedeefef2e6623a467137a9f0b58a7d5
- SHA1
  
  e226df2a7ae35d20fd1e8f29c8f31f4ad66d6111
- SHA256
  
  73062905687f5929fc078e8512981efd6a410a0b7bcc716917d09a293f39cb03
- SHA512
  
  d40c793da09ae048aab2531e09f1352ca7e38b3804f2baf3f4052418134adcea7a3152952b0cbabc06c797a4e9905100a094fccf4c9d3e2c6259f4a942981d47
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  _internal/icons/cleanIcons.py
- Size
  
  1KB
- MD5
  
  fcfb364271dc4a97be48ddd33e4c8af9
- SHA1
  
  cc8c63cde2c9153990638a8f8708d049af06360f
- SHA256
  
  c813b7f4a96b9f5c1368b317e2f3231c6949626f984a67ac9775b2980b5269c0
- SHA512
  
  d706b50d1e3fd0e2967cf96e8559730379c106c4fbf6abbd7c7491a76d2f103d8543b0996be9a54f93dd50e3d54119a139cfee04da50793eaa7dceb6f1722cda
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  _internal/icons/copyicon.sh
- Size
  
  1KB
- MD5
  
  275b130dbcae33f143a949054e1c29bc
- SHA1
  
  1586f3fbfe47a77818353512866b02d781311b34
- SHA256
  
  0a103649347597ace69528c885c3179aad7176b3a53d9627b415c5d1c082a8b4
- SHA512
  
  2c1cfd9eb946f73cef3158ab268a1a8700f9a176af07f0f15104bbcb3ee3fc90b659098a8392b634ded61e7c24c6f5c61b1eb6fc670a1d3f74c6837fb9658a0a
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  _internal/libcrypto-1_1.dll
- Size
  
  3.3MB
- MD5
  
  ab01c808bed8164133e5279595437d3d
- SHA1
  
  0f512756a8db22576ec2e20cf0cafec7786fb12b
- SHA256
  
  9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55
- SHA512
  
  4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2
- SSDEEP
  
  98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
Score

1^/10
behavioral13 behavioral14
- Target
  
  _internal/libcrypto-3-x64.dll
- Size
  
  5.0MB
- MD5
  
  556e9258a0d213cdb05bb7bc620b2ccb
- SHA1
  
  f2c37d5b9a00bb0bed8bf3b8de98527afde0c7d9
- SHA256
  
  40390022d23aeee4f4f8a6df8ae75aabd0fc2bc57131c9499b276eab3828ca04
- SHA512
  
  deeb4bc781c604ebab23dd6da3c7b415e2616263d01e1d19d1fa6d73a6a00c73a206c8e04203738a1b69982efd80bda66bfbe5f0ccf0fc51325f6626519f2ff2
- SSDEEP
  
  98304:g7v+K7TVoJnCMykTP7v61CPwDvt3uFlDCWkV:Uh7TVoJnCMykTzv61CPwDvt3uFlDCWkV
Score

1^/10
behavioral15 behavioral16
- Target
  
  _internal/libffi-7.dll
- Size
  
  32KB
- MD5
  
  eef7981412be8ea459064d3090f4b3aa
- SHA1
  
  c60da4830ce27afc234b3c3014c583f7f0a5a925
- SHA256
  
  f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
- SHA512
  
  dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
- SSDEEP
  
  384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
Score

1^/10
behavioral17 behavioral18
- Target
  
  _internal/libs/gh-release-stats.py
- Size
  
  2KB
- MD5
  
  6b1412dc57b18914a03fd8a57da44a43
- SHA1
  
  d231875aad1897ced3ed78d55bf35bd9afef92b3
- SHA256
  
  3723cf8649a0dd5d2ed6e8bd8819d41b7bea085a26ab69ae1cf58f24b5895210
- SHA512
  
  6e16716464e1c14d9c534ec5969c0add737c3076364cb06d47892a8ea5c9aeef8289b5194f9085d3e11219452b5b4d798c3469f05e57b30b0846b7884ce615dc
Score

1^/10
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  _internal/libs/pdf.js/build/pdf.js
- Size
  
  356KB
- MD5
  
  201abbb5934fcfc4ea7e742f9389a2a9
- SHA1
  
  802e7967f176eaa562bf24df019a1b9049697dec
- SHA256
  
  29a5fe67116ff08d4a065a2b2190407fb644577728423bd5c713110075a2a391
- SHA512
  
  c27046b6901080d5eec83e64ecf1c8f2b2baee83b90d80e3484c5a696bb3d773e7f2a845a5729673759a641e69c26c069eb4fd191a7905255f02b9457766a45d
- SSDEEP
  
  6144:KpCPx/t2+vIBGI8+MIpikBhYSjTsK+WtX27++C9W4YQialZvfMV7Pg/gaJYP5aeU:Kpggdi7Pg/gaFGNxvmTOvQQG
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  _internal/libs/pdf.js/build/pdf.worker.js
- Size
  
  1.4MB
- MD5
  
  253b13236448a424a778fe3f05ade1f4
- SHA1
  
  c437128241a8be9a569aa856406a44e6e04c3348
- SHA256
  
  21a5530d8089a23e48cf82a5a93ab74119030d6aae0bfa5f0e636c0cc9cc97e6
- SHA512
  
  66c7261f59c13499ce5b25ed791772e0a246e0fd38f2c856795f8e92ef6ad75a55522db55ee62e262928965c6dd8ad54e29ff4da0228652e7d7542734f602c9e
- SSDEEP
  
  12288:Kingg5FiS3jaw8tMZHrrrErBrLyVBKA0JTBJ0gZSaK2nDLFp8:rngg5FiS3mCHH4ttBJ0gZhK2nDP8
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  _internal/libs/pdf.js/web/compatibility.js
- Size
  
  18KB
- MD5
  
  ddb85c8495edcc6c4336a06906d9d9f9
- SHA1
  
  3712f273b49798aeb47655736fd8abe0ac17f99b
- SHA256
  
  aa3088f6e78c428da1114d1c5c28d0a98bbd536fabf6b7b6e456f71c1bfc857d
- SHA512
  
  bf5a944787d4e57bba331c665cb9c7bde7e05f2feeca8b41ac342eab9a1b6fb1b69ee3f6925019c6a83d7cae7bdeb675cefcc1d33c7e0bb5e39de76532076bcf
- SSDEEP
  
  384:Kbvz8C1XCXQ2ykVgrory+x8nlbTl+4zY9ToLWxsi9B5:K89X6bFnL+4zY9UA9B5
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  _internal/libs/pdf.js/web/debugger.js
- Size
  
  19KB
- MD5
  
  4f9d48a5e2539e3004298bacbbab00f5
- SHA1
  
  3a5cc18858e727595b352ec98dc29127976ebd40
- SHA256
  
  2d317f0479554a2719bd1e047b5064f05debb62749cad77193f99a7787e1f651
- SHA512
  
  f799d7717bbb23d1b6181234ce593b0bbdb554333bd0bb5a6434579ee56d12869be0be56e07c731444bd15d32fe4c55916dc61a05ad54a8f24ebe4f796e4eba9
- SSDEEP
  
  192:Kl5PHbNXPlk+WdkH4vQqrvh5TCnMy11NEc86TYokJd9fIdwFEbftDZsuajacprHp:KbzNJW4wmnMy11N5fFqnObhHZX6
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  _internal/libs/pdf.js/web/l10n.js
- Size
  
  29KB
- MD5
  
  5e14dcad61ced75792a4cf9cf161bb28
- SHA1
  
  a2463cceb831f283ead455cfd72cb03d6005efe4
- SHA256
  
  f324501a3dafb3db6a4a593009866d5c1a80b17532a1bc021fcad5af48c4d6ac
- SHA512
  
  f4bf1f07e4f48a094aa3dd8f885ca5ae0bf8c61b9db27e46c58098afd3bce9cd5175f60c4d13f9e1e90e8051a65df85b5d6607eeafe1e42a77b54459979cc191
- SSDEEP
  
  768:VhxsEiMAG3z7cgAmTSXl3wf3lJOTJrQpbgOl:VhVV7lRTSVolQJrabll
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoorpyinstallerwarmcookie

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32