antidot | 23029fc1da174332dd7cd67cb0c4250297ccc9a79f62da52538d4307ca19fb9c

Sharing

Copy URL

Twitter E-mail

General

Target

Projectsigma1.zip
Size

56.5MB
Sample

250215-n3bkpszpdk
MD5

0d955a3b1bf75146624470fb2c564af2
SHA1

a273db4929d51ac446f8a6958f15df0bc318b408
SHA256

23029fc1da174332dd7cd67cb0c4250297ccc9a79f62da52538d4307ca19fb9c
SHA512

fd7ee1555fe4ab8806b1ef4ddb3fb409894df04057765e8efaecd4a84aa3021d3ffebdb17293d8e37b9a51a1d351d5e4987221f18159d637f1155b662a093f3b
SSDEEP

1572864:ajClt1hPzFqdS/5vwRigAmUxBdgi951/j+r4ZRAlwTne32Bc:ajKnhbFZwRfA7jd5YkAcI2Bc

Score

10^/10

Malware Config

Targets

- Target
  
  Projectsigma/ForlornApi.dll
- Size
  
  9KB
- MD5
  
  36f064c7b94d3b48b6fba998306d149f
- SHA1
  
  68811fa59a0bf4874e41bce03aa414102080e1cd
- SHA256
  
  446ad384be07cee89a742fe096fb20505de531501b394c40894be628d1168e9e
- SHA512
  
  fc9c048b866c59adebdc12f858679454cf3222f3b7a13e276ee1beaeb5bf419b9299216fc4aca208f37df7cc0926f837fe4161eefbdae1ecc0ba4b5baea706d0
- SSDEEP
  
  192:HnEEsBKgFEfHO3BvlA4RG5rhNwQpIVq4d9:HE9lvlnRGnNbSVB9
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2
- Target
  
  Projectsigma/ForlornInject.dll
- Size
  
  6.3MB
- MD5
  
  a40dcf9942879728c738a5161e9ea455
- SHA1
  
  3d35c866c70db1c34daba07197bc4a834bc794f3
- SHA256
  
  8e11bbf4a2f5ea522804219789db209f906ec7e23d5b273547e4eceee82b6c44
- SHA512
  
  ab41eddeee2c7edb9dda5d91843546f2d0e41e11ac125cd9750b9531a63c7f4abd2faee412d8fd309390d1040e5b787ea98dfd754b14830aecedc739e0a9fbde
- SSDEEP
  
  196608:VqHqqhOnCaiiyFUHH76pyS1Ii8eGAvKQ0pOwqz:VqH8iiyFUSydi8eePpOw+
Score

8^/10

discovery vmprotect
- Downloads MZ/PE file
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral3 behavioral4
- Target
  
  Projectsigma/Stigma Ultimate.exe
- Size
  
  3.4MB
- MD5
  
  87784365c0d576fe07b36f4909ab3fb4
- SHA1
  
  da511641b9650f8d5aa03a88ea37015b06770150
- SHA256
  
  d53379815e7a1bc021bfbfffef03be6aa372e8e844fd8f781561f646f89947d0
- SHA512
  
  a88490e1d5123545f8c2f959fabb8367a3f996ee9f0e7ac4366f8b9b792f177ccd6edba21016a30d5ab4265c5a24fc49d7f59b161109a0319202f6f717d333a1
- SSDEEP
  
  12288:N/mgF6tAqsGMcQtXmwHh1GdW/46MdO66MdO:NQAs666
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral5 behavioral6
- Target
  
  Projectsigma/bin/Xeno.dll
- Size
  
  1.3MB
- MD5
  
  6a635fa58e5455397180eda307fb64ba
- SHA1
  
  0e83defcbafec8c15707e2e71947e77d960a3648
- SHA256
  
  bd6843726688bd7253a42180bf95671ad5b0f9e787adb4f13250f484abd9eae4
- SHA512
  
  00a318b1fdb38efef39351e291fd8db9bd096307a1b6319191cfcbef6d5b7e0486cb19968291f64d3d2fe48e062bbfdec9c2e185010848b7df87bead4eac2fbb
- SSDEEP
  
  24576:8HVrqyQ8I2dBY8rekRCw7qb+sOZaDKSiEEemqzipKB:8HVrqbuYw75ZOVviE
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral7 behavioral8
- Target
  
  Projectsigma/bin/libcrypto-3-x64.dll
- Size
  
  5.0MB
- MD5
  
  54ca3e6afcb3c57c7914c0856d779f2a
- SHA1
  
  e37be8d92350aa1f9dd3212015de959faa58aa2f
- SHA256
  
  7aed0bc00d2f0ca0de95eaa6461327bd2e4543723a6ca443a7e899738b353b5a
- SHA512
  
  e8079e9d4bfa253677a669913f8198882c2eaaf9251f11cfa64eed5597c34ab7c267bed3826ad9f0a83675177a7575af54081852a5a633d999bd13cf873a79e8
- SSDEEP
  
  98304:UlAXTY8BwEVQ1qb0Oev71CPwDvt3uFRnCLF:UlAXTY8BFVQ1qAOi1CPwDvt3uFRnCLF
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral10 behavioral9
- Target
  
  Projectsigma/bin/libssl-3-x64.dll
- Size
  
  1.3MB
- MD5
  
  d66acb55a9f095a24865c9d883f96fd1
- SHA1
  
  cc8cb0a1d460fc0ef5a941bc5cd45e29ca7ef527
- SHA256
  
  7ae563b23164ec5994dbc24bce536b33df80c40de5ca97d64fe84a5dac34788e
- SHA512
  
  35c04c6f5f66d4585bba8fe48f2b470af7d6e366e9b9cb3ce0712818c5b1504c9e492a4d148164adf28793cc55b2ac58d3df28fb00f94033ddcb6e18ecce0227
- SSDEEP
  
  12288:9jq84j6NgABFeE4KFq/aXn0ENEoPxV6yatOUH3eKyG8xqU+TMruSoE7y:9m8hCuTrYKpYOK7phTMruSoE7y
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral11 behavioral12
- Target
  
  Projectsigma/bin/xxhash.dll
- Size
  
  46KB
- MD5
  
  0e9fecea29b2b3d5ef064e112436e9d1
- SHA1
  
  69423218652f7837766ce03fe9edeaf751266cc5
- SHA256
  
  73c84884a2ccde1d10bec0820a6661920e70e4b53fa99ad510acf5ed1b36af97
- SHA512
  
  bd57bc9b8298faffc091b928537794a50c81d985d60edba7863e2976846cb08fd469c6054ff7ec574df6f0a2aea1fb72ed9cff44fa219e834129876293cd2e93
- SSDEEP
  
  768:SAziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3Qi9fCCFmj6I2:SAziR74kgDn2rDRuIrN5mAvgbTgihCCp
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral13 behavioral14
- Target
  
  Projectsigma/bin/zstd.dll
- Size
  
  638KB
- MD5
  
  567198a0119e3e2ec94208f1cda7aa28
- SHA1
  
  350224b13d1cc2f944a4a2bdd951e9ef80be5784
- SHA256
  
  6c63d08182dede465c95e48a235894e598a61cc24e0ba4556637cc9c1a1e0951
- SHA512
  
  ed01636af37932dca7aa7709389dba184e16f93aa3be4fe622850df0f791c85111367a10434edf0c986079069a3574e0acdbbac4d9cae9c58fc01f9f034f40ec
- SSDEEP
  
  6144:IbauYl+rrR8uT4uB5uWYfO16oMynnjDHM8YHb96pddEybNFZeW8aLx492bDKIbbW:IbauYGT5BYMxjDHM809sddEyb9eWo2W
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral15 behavioral16
- Target
  
  TWRP-ROOT-ODIN_a20e/TWRP-ROOT-ODIN_a20e/Odin3 v3.13.1 3B Patch/Odin3 v3.13.1_3B_PatcheD.exe
- Size
  
  3.0MB
- MD5
  
  ab557b538296f527de68aa820afd8f4a
- SHA1
  
  65ed8922dc8dd479c152fe07a14dce4cb6fdcaff
- SHA256
  
  1e0f688d073bc087315da70c4a8b61f9e7b25ba26fb5fdcbd3dc17166cf10540
- SHA512
  
  97479032ba20c4970f927a71e64ba06cbcb3a06ad113cea7513b48778e596619616a153e2742031cdf800209f4ef9fea54a388565ffeb80d28b6dc46739aa353
- SSDEEP
  
  49152:8HAzHewUdUjqnZp0iV8W6LixkJPtakXP9QtjmBtaBASMt73t/IdeT+2nWZveH:fzHnj5iV8FSGIkXP9QtSBtwrMt73tg
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral17 behavioral18
- Target
  
  TWRP-ROOT-ODIN_a20e/TWRP-ROOT-ODIN_a20e/ROOT/Magisk-v26.1.apk
- Size
  
  10.9MB
- MD5
  
  6794a570b8ebfbaa5f596eda3639ef56
- SHA1
  
  1b9dce6fea786302a3289e20e258bedbc61a0a7b
- SHA256
  
  ae1a02b1ab608a51d5bc9b323e0588d06d30d9987ac8da01f4710d76f705dccb
- SHA512
  
  47936cc2aa27ad518f0431e55f5aede701bb8c9a879081c7da7bc1a723b823f14ea3e1d0354d7b9afdecd09f039aeb0c73ba14c8f30c76f03dcb6db00630e9a6
- SSDEEP
  
  196608:HLZkpLU5mzN0NU4Esu+BWRgm2HrAy9hcJSlWhA4qdwQiy/i+gih8:HdkpQ5mzN0NU4Ez+PmYnxGy/dgi6
Score

1^/10
behavioral19 behavioral20
- Target
  
  stub.apk
- Size
  
  28KB
- MD5
  
  4664604353983e907493d394c1d4ad95
- SHA1
  
  c5c69470879a62b049086bdcea57d01d17234d62
- SHA256
  
  914f49c2e2f0ed6b4b0b9a336eb3e2fbcd01db0083eea77b15d8df086c4cce86
- SHA512
  
  d95e1377037c3dac6a7a77677f967ce6cc89e43d6fe735669a959bc4c0d7b0619123eb51e459b5b22b007ea5b5c3b9e02fa6a3949d1bcfd8dafbb2dad93bf560
- SSDEEP
  
  384:YdMwf5mlM2ODF9Jh8LNlj05t25YdOfu7rEwRvTqw/p4CzXjZ2CeWNOR3Pmtk/3ld:WBYl/ODpy/jI17FvTqwO4j0stk/XjC6
Score

6^/10

discovery
- Queries information about active data network
  discovery
behavioral21 behavioral22 behavioral23
- Target
  
  TWRP-ROOT-ODIN_a20e/TWRP-ROOT-ODIN_a20e/ROOT/Magisk-v26.1.zip
- Size
  
  10.9MB
- MD5
  
  6794a570b8ebfbaa5f596eda3639ef56
- SHA1
  
  1b9dce6fea786302a3289e20e258bedbc61a0a7b
- SHA256
  
  ae1a02b1ab608a51d5bc9b323e0588d06d30d9987ac8da01f4710d76f705dccb
- SHA512
  
  47936cc2aa27ad518f0431e55f5aede701bb8c9a879081c7da7bc1a723b823f14ea3e1d0354d7b9afdecd09f039aeb0c73ba14c8f30c76f03dcb6db00630e9a6
- SSDEEP
  
  196608:HLZkpLU5mzN0NU4Esu+BWRgm2HrAy9hcJSlWhA4qdwQiy/i+gih8:HdkpQ5mzN0NU4Ez+PmYnxGy/dgi6
Score

1^/10
behavioral24 behavioral25
- Target
  
  stub.apk
- Size
  
  28KB
- MD5
  
  4664604353983e907493d394c1d4ad95
- SHA1
  
  c5c69470879a62b049086bdcea57d01d17234d62
- SHA256
  
  914f49c2e2f0ed6b4b0b9a336eb3e2fbcd01db0083eea77b15d8df086c4cce86
- SHA512
  
  d95e1377037c3dac6a7a77677f967ce6cc89e43d6fe735669a959bc4c0d7b0619123eb51e459b5b22b007ea5b5c3b9e02fa6a3949d1bcfd8dafbb2dad93bf560
- SSDEEP
  
  384:YdMwf5mlM2ODF9Jh8LNlj05t25YdOfu7rEwRvTqw/p4CzXjZ2CeWNOR3Pmtk/3ld:WBYl/ODpy/jI17FvTqwO4j0stk/XjC6
Score

6^/10

discovery
- Queries information about active data network
  discovery
behavioral26 behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Downloads MZ/PE file

VMProtect packed file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Queries information about active data network

Queries information about active data network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28