8ae976c8b28baa222b4fd527cccbad2d1102ed21c68f9082c53835fde94c2397 | Triage

Sharing

General

Target

Hot Tub-2.1.2(19).ipa
Size

27.9MB
Sample

250328-qywq7ayl13
MD5

5670e6e1be3e1ce16216b1395e6a8a78
SHA1

b31c1ee45f3df10203b53da72bb7d12ee9388f30
SHA256

8ae976c8b28baa222b4fd527cccbad2d1102ed21c68f9082c53835fde94c2397
SHA512

15aa7eb819b1c0c7bd3c218189e4829be9c122d1b61125a9410001402bab969b8a368cb5ba7146fcc2115b60e817071f67b6a028151fa9d013689ab9394a338b
SSDEEP

786432:ZVWS5k6D+4mcxQXBYnhS2SKMSc9fgKnbcEFxLJTJR:XF5a4VQif7enHF91

Score

3^/10

discovery linux macos

Malware Config

Targets

- Target
  
  Payload/Hot Tub.app/Hot Tub
- Size
  
  50.4MB
- MD5
  
  2255238bfe1a3c524113bc641222e2fc
- SHA1
  
  7b13c4063f13af052e995e93e5162890c908d3dc
- SHA256
  
  d53ce22dd137b92661a07cbd1cdc7846ae1caf67389c8e34cad7f4d6fe1c474f
- SHA512
  
  ecdc4ed34d42f604d798e68c17ff3c6c8428d700dfaf42526aee3ed40cadca4642e51c825a530bf4891ae9c6872b05052347a9d73e71af718d84a988c1dbeb1f
- SSDEEP
  
  786432:DXr1q0MIcZtkTu9HhqPQfZbTuwFGm9dqDzEg:/40+e
Score

1^/10
behavioral1
- Target
  
  Payload/Hot Tub.app/Python-iOS_PythonSupport.bundle/lib/python3.10/config-3.10-darwin/python-config.py
- Size
  
  2KB
- MD5
  
  e7773e95a07c376357d8cd91e3b6f8ee
- SHA1
  
  5073a4b28534643e0ed4aea4c729e2694278db35
- SHA256
  
  7cb19e6df451e90ad4afa2a4e04a0f140388330352c01114308d346af1141227
- SHA512
  
  86b96b5cb431de5a201c6aea8710d1c869819fad8d43b66ca49f921505e6c9684c2044577a66ecae432c1faa92da8c1ded5d052d5b7a0b6bed05bdbfb9a57594
Score

1^/10
behavioral2 behavioral3 behavioral4 behavioral5
- Target
  
  email/mime/nonmultipart.py
- Size
  
  691B
- MD5
  
  bc00402b3af80bc8c0d05e216860a7b7
- SHA1
  
  f7ff660e55f0af6d03a9f111db4f77c2fa728e11
- SHA256
  
  1f6fdedb5ba3e0a698bf33d77e329fc4cf2ab4305474b6ae23c1bc0f99daaf7a
- SHA512
  
  217431caa558f82cb9d926369774f22bcac62e3675c0dedd331bed6e96028dcbde53e55df78e86303664a4c74c25f0ee6920e257d9fcde328564062ae58d7eb5
Score

3^/10

discovery
behavioral6 behavioral7
- Target
  
  email/mime/text.py
- Size
  
  1KB
- MD5
  
  f06fa84520d40c313ea6368932c0c3dc
- SHA1
  
  2239e83db6d3919eaa0c1316bfd92b232d7cf9e6
- SHA256
  
  aa903b8248020e9211e88f2c3a5e3a05f6969b6aab2b6f01ea1ddff776b870de
- SHA512
  
  4bd477355fc527cd508d7aca6f9729a34bce43f9ce9adaf8200fbd4c2ff0ecb8ffc8e9b232102e673e8fb13ff34dbc6340642ca5fa8615ff250d0e35b8b3eb8e
Score

3^/10

discovery
behavioral8 behavioral9
- Target
  
  email/parser.py
- Size
  
  4KB
- MD5
  
  ff1a4f5cea9c7894af8664004eb8bbb7
- SHA1
  
  5bf4e7b1a8e1979da4f38c6a3820d5957eed0625
- SHA256
  
  eab481ca55902fae679fa2f794c8a81f913723d5029a79d9eb806d4b0c6b6b49
- SHA512
  
  2b26dcb20543b0126411021293f65f7696fdd07c16c8c36951910e2d5f6f8d5ec94efd6cdbaafa74ee1206ca487b78e7592aa5b115bb4db3f4bbc028d2a35e6f
- SSDEEP
  
  48:2XZKIDK0JqQFUCnoKcQiGPerSYIsJi9BzuuTcKPQQFlhnoKdiy+erSJg5inBzunp:2Xw0JMtPQJerJ+TcCbeYl+eig52u4s
Score

3^/10

discovery
behavioral10 behavioral11
- Target
  
  email/policy.py
- Size
  
  10KB
- MD5
  
  bd1dd489c77ae052b01d8f00349cbd35
- SHA1
  
  b6ed2bb611541421a152b0181b3d8dce606aa449
- SHA256
  
  ca1b94f27db711094e9ba3ec4419313c3e660d1016f4bf01d467e5a174bb6302
- SHA512
  
  004ce439c3b9ff3511d9d3ac7a2a85531088da41b236066f2551945f3f6227d53fdce02a6b7332b9b91460c10b2bfc8aedee7f82a7c2e3dd63a80d664885796e
- SSDEEP
  
  192:9FsShSVVbT6AGKJU/LYSKISo/BgTbtt3cQ+evaaLyfuSbT/C:96ShQZT6SJUUnoOTbtyevaBfFTK
Score

3^/10

discovery
behavioral12 behavioral13
- Target
  
  email/quoprimime.py
- Size
  
  9KB
- MD5
  
  b8e2fdb2a318cfe7ea83b61d42cb2af3
- SHA1
  
  d08bb02746ad809e4f039fc5771f1629486a6a9f
- SHA256
  
  3b892900fd55b57d3be22f7bc9696feb905545adb81d37f4b77166753473a4b4
- SHA512
  
  23bb3ac424685739302df2d2e1f3f59b429ea04fb0b2d93d0db7a17ce40cafe285691e0ff91e0e46a2ac35ee1f96a98f0ab5cbf6ea1aab04d0ae64c6e63c0865
- SSDEEP
  
  192:/fQWs89npCYIccd3nAwiAZeRaRmncl6PH0TKLbIfMb422efUNefsjp9TtwjeQ2Zq:/l9npjPqwwzZeSme6v0TOH6kf+XTtSV
Score

3^/10

discovery
behavioral14 behavioral15
- Target
  
  email/utils.py
- Size
  
  13KB
- MD5
  
  7e01a735cb41698f965b7e89f0c60c43
- SHA1
  
  b02352632156895861810cfdf0a58a851fd8a419
- SHA256
  
  151a5736d6be70f9e397f3578c8d59a95d92e6490482d21287f6a5506d332fe8
- SHA512
  
  867cd1e28ca33be4a2405ef6da392a92c9d39089d5e4442490173055ed15454bff16e836fa27adaa15214a7d16eb50f439fd307b6e270fabb0d1251aac5998d1
- SSDEEP
  
  192:+D9YqU1B8DKIPQ+hdc8PNMwGSBbRjEdnlJtbHo8lrzpNHs5U35Ro2wzaY8ZStw3N:+uqP5FSwpB1j+nXFowWnaY8ZGyGimi
Score

3^/10

discovery
behavioral16 behavioral17
- Target
  
  encodings/__init__.py
- Size
  
  5KB
- MD5
  
  a1821860e26d3b744c75747bb26fb102
- SHA1
  
  15895725121e6401040b4cf8f46136d94d50f7cc
- SHA256
  
  05f07fc2a0fbd9a9cc92aa7567df84f343ebbb17fc676432e108e127d81913df
- SHA512
  
  98c0248231a5e4e8d6ca8c0a6802e9c6a9d4762f1f35c25b8a17dc2d057d2a2b97bcfeba3edd61ff5bd1503a0e787aeecf4b5785b5e79529a02e156eecb4d7b8
- SSDEEP
  
  96:VHIYGspF3e06Q0YoKf9m/6kaTC+mWkJ4q3m0gByAroIEJYsbHIDB:+YLpFkYowTWn4q3gAAroIEesbHIDB
Score

3^/10

discovery
behavioral18 behavioral19
- Target
  
  encodings/aliases.py
- Size
  
  15KB
- MD5
  
  7961acc2151f5b444d3765837e4dc265
- SHA1
  
  65423de933b270a471a02373a0d77922a65b5851
- SHA256
  
  6fdcc49ba23a0203ae6cf28e608f8e6297d7c4d77d52e651db3cb49b9564c6d2
- SHA512
  
  b35feebcc53318befe243a65129b62a8ae33efb7944d536088dfc272181716c9c2b00d9002d555a53d4765f6c5bdf7c7361dc08a915998e46be660c46009a904
- SSDEEP
  
  384:W8qpsfOQcOOCYcWA38zGzVy8f0gVCLRqgdx924B8xCsiTWm:9qzRzGzHkshm
Score

3^/10

discovery
behavioral20 behavioral21
- Target
  
  encodings/ascii.py
- Size
  
  1KB
- MD5
  
  81293488266fc76f3c2f5e0bb0554040
- SHA1
  
  6b48ecc333fe87ef64cb8918f52fcd42ee45a241
- SHA256
  
  578aa1173f7cc60dad2895071287fe6182bd14787b3fbf47a6c7983dfe3675e3
- SHA512
  
  26febef3c5c7f732bf435a6a5aae8d25f8936874e89be178e8328450119fe21f7ee65cbec3d1d2c8f06be1fc82eaeaf066c09ecbf2056a4c8b3c0cef48a0d2a6
Score

3^/10

discovery
behavioral22 behavioral23
- Target
  
  encodings/base64_codec.py
- Size
  
  1KB
- MD5
  
  fc7b3609d9bfcb762563b548876984d2
- SHA1
  
  bfd452ccdc4571a5de605a8520daafa9997b907a
- SHA256
  
  cf9ac7a464f541492486241d1b4bf33e37b45c6499275cc4d69c5a8e564e5976
- SHA512
  
  ff48244ffdf6a2fb5bd15f2d6723c4268b0ca6dad3a59e03a5364fa9d48d42aae1cc001b12f45988853a99b520c8ee2bd69242fe0dd92b42493001fbd7e435d3
Score

3^/10

discovery
behavioral24 behavioral25
- Target
  
  encodings/big5.py
- Size
  
  1019B
- MD5
  
  d0911306b2bb0bee8d62ca4dc40b8957
- SHA1
  
  bc539c7e7e0ca9f23c6a9668b100e46869d9f527
- SHA256
  
  98fac6f86a20dd05da197e2058176ebfd47edee7074c3248f5f48fe0fb672d7c
- SHA512
  
  0639b0d4fc1a4c3a69e44a2ef049eae96e82bd24b240ffb489b56ef35be7c2739d13fe6d6649b7267b830e0a63571e304baa3f748812f87f684aead0d69eb8c7
Score

3^/10

discovery
behavioral26 behavioral27
- Target
  
  encodings/big5hkscs.py
- Size
  
  1KB
- MD5
  
  465ae23475b55a28c248a0355c429a90
- SHA1
  
  08826705a2a30790087251ee3d78299226f1c3a8
- SHA256
  
  21d051a00fb5c6a86ba187e0c50e811d659ce00991fd5f5b408f71ebb2ef0f16
- SHA512
  
  29e13a9b237a6b4c479999cabff4d134d29efba899a957cbb65bc1e09340077d1768728bbcfb935d8e06bd2006e2c4d218c73106f07dd2ece62fc36e4f9fe3e0
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  encodings/bz2_codec.py
- Size
  
  2KB
- MD5
  
  2005c838af7a6c6256dbdd05a89678a7
- SHA1
  
  765c14c82af034c096d9ce9f5937b09ea49f48bc
- SHA256
  
  1181a2a89102a2b1d2b2f1f4473236d5d1ececdd0be8fdaa498a3dbe21a185ab
- SHA512
  
  d074c3bf6a5997bc82f60440c81f5ae949f86ee02d08f669795f5daf071128359933813776cb49f216f6a95da4f6f8cc50a981b7f2be1ad951da40147d057546
Score

3^/10

discovery
behavioral30 behavioral31
- Target
  
  encodings/charmap.py
- Size
  
  2KB
- MD5
  
  4b97d8f696820ed83d3a1b96c242c824
- SHA1
  
  dc08bc88f94c47b43a0c64ba33bda79def11096b
- SHA256
  
  1b8b5fdb36ce3becc62a6115ed904a17083949ec8aaef5a80f7078cec232f43b
- SHA512
  
  bdf81c3c80471988203645cc6fe776b0fb44a248d10dc3425b53480c7cbeb5081ecb542930d64aa1f3a007b3b8554d3dad2e0e04e4f767b29335438158f3241a
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32