Overview
overview
9Static
static
7CefSharp.exe
windows7-x64
1CefSharp.exe
windows10-2004-x64
1Mono.Security.dll
windows7-x64
1Mono.Security.dll
windows10-2004-x64
1MySql.Data.dll
windows7-x64
1MySql.Data.dll
windows10-2004-x64
1Npgsql.dll
windows7-x64
1Npgsql.dll
windows10-2004-x64
1Npgsql.resources.dll
windows7-x64
1Npgsql.resources.dll
windows10-2004-x64
1core.exe
windows7-x64
1core.exe
windows10-2004-x64
1libcef.exe
windows7-x64
9libcef.exe
windows10-2004-x64
9sqlscanner.exe
windows7-x64
7sqlscanner.exe
windows10-2004-x64
7cstealer.pyc
windows7-x64
3cstealer.pyc
windows10-2004-x64
3General
-
Target
sqlscanner.rar
-
Size
16.2MB
-
Sample
240630-kfas4svgkc
-
MD5
73cc24c74a501277c7f48b77bbf526b4
-
SHA1
b58a7a09f69276aa17efac30979097b379c2499b
-
SHA256
9d8b9ba55cd5dfa3b2b678539d3e25926d415cd96a7ef8169525baaa06838ff9
-
SHA512
0c5b3957a8a09e189c02a4d7787387ed2c6d873c3de93174ea52ce1768325201ccd543e068b4e9bf50bb5e1376f4afa14afb5e714fa25dce9b0cd87cea1012b1
-
SSDEEP
393216:NYDzqwYj+WJ7uRt8TUUZvAxO/i9Hazje9qE8OYDIK8u+A74uuh:aXqwo+WURt8TUV4iQzvE8xh+ANs
Behavioral task
behavioral1
Sample
CefSharp.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
CefSharp.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Mono.Security.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Mono.Security.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
MySql.Data.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
MySql.Data.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Npgsql.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Npgsql.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Npgsql.resources.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
Npgsql.resources.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
core.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
core.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
libcef.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
libcef.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
sqlscanner.exe
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
sqlscanner.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
cstealer.pyc
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
cstealer.pyc
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
CefSharp.bin
-
Size
1.6MB
-
MD5
939712a4d4341fb67c0214621a78fca7
-
SHA1
53225cb2d07e8131c9fdb086a70a81cd41f588ea
-
SHA256
f594ff49ea0a51dc4a76609291b7c3e44fcc92789378f899349609407ac55b61
-
SHA512
f9cd9997394dae980b99018902e347a48b4eab44041e88bad6fc3d10c173b31cea44b0202e7233b1dc934c102c27f1ce5662a01e53b1b0f80197c9c73bb24144
-
SSDEEP
24576:1UUovXhGzCgXSbnI8pPdzUd+z3ljPO2WDmHj53NOxOHf1:1UU9TSbnJiK1jPO2WDmHj53NOxO
Score1/10 -
-
-
Target
Mono.Security.dll
-
Size
276KB
-
MD5
522d9f0dcebcb6c178e8d5604d9eeb15
-
SHA1
202d8b56767d433c85ded807032cb8eaef28acce
-
SHA256
bfc33647d6d32680b5344f56cb6dd71b7357412746031056a9b5afa02799c977
-
SHA512
e379370adbd3690694a917f9cfab4d9302d0f5f1f8a666f1fd902bc091810ad3c354b459893c80269ce0dbf9f63176430e5ce5fce09788d4fd04f3524a069b4e
-
SSDEEP
3072:Jj6kxhg4ruavYO/rx4DzuFE7TgjpUf7hja93DzL95rYrfcz6Q9VmbsiGH3msZvm4:Vxhg4ruavj4fuNDvTrqS6Q91XgbLgdQ
Score1/10 -
-
-
Target
MySql.Data.dll
-
Size
272KB
-
MD5
cbe25039adca6013ee06fcd70db1ba00
-
SHA1
e33db66a191edb487043a7d2c032f7d104b8feef
-
SHA256
aaabf1fc6180e8e41a414683e7054fcc172107fa13f687a426adb2e39be98f90
-
SHA512
27e6cdced64ccd60491f82ae02eba87360293b8f681279b7cf8129412ea828eee0f81f6ae1048771f6e10c02d2439f9898124612026abdf62be6fe6b0790430c
-
SSDEEP
3072:C4KOFiM66I4qF2aT1xsehrUj3OqbTyZd4vflRd6v5WI/UJ73WmA3gYo:CHOkBj6a8+65bTyZulH6vs
Score1/10 -
-
-
Target
Npgsql.dll
-
Size
405KB
-
MD5
7f7fcec95072ffcbfff1ee8e563197b3
-
SHA1
6b5bba61c4e0af4083370a04b664834712f71aab
-
SHA256
41dddf803d700f62024e4aeac9540bb6c3fcb78d3708b14c3dbd1e0090b9edec
-
SHA512
6722d0554bd1ff333528578bd57b8d9c824cf03a0db65b0a6441bd742986c1cb60b9ac8f9dd05c25e3f3bb72ccf200dc800ad8835cc55b34b20df8c78d40a651
-
SSDEEP
6144:IzITdL4Wm0u0biWMxF/0nRn1NP/L5Pt7hdRYBv/5KWYsV0gc64MfS:xR4WmxkiWSyX6/fhJS
Score1/10 -
-
-
Target
Npgsql.resources.dll
-
Size
16KB
-
MD5
1d0fec45c292e419f2924c834dc10ba5
-
SHA1
7bf14c3655b75e945bd1c8d3209b81fad2efc1f9
-
SHA256
449eed18738b7394ee0d0a55aa340ed46afd9dedcc8462fe0ca29360a65eeb8d
-
SHA512
44076a9869d2623741846e15af634c0f1cf9b3890bcfb88106539114ed6c8a9848ac2ac7ed92dd13d4a6f00d6ff70dbe193d33d034918c8ed2d4b4d7cf12271f
-
SSDEEP
192:5Y+ImQLOXI3s3+kSvf1IdE1n+00tDvicifgzgz4LJzIJDwin0seCbE/4IB5zPEer:xIj4IPkq1nj0tTic9ccJIVHMZB5bzt
Score1/10 -
-
-
Target
core.cfg
-
Size
618KB
-
MD5
5f0bed2e03e65b67592dd76ff0eeed1f
-
SHA1
e9ef5d5e3f07a550e9350a15f5544ee1ef242cf4
-
SHA256
2bd204e41629ab41f499a5d71796f390f94be0133f9d1d4e9809f4d0b473136d
-
SHA512
0edaa56d4b689bd7f787f0f81c45742d0677f5cca34dd640f36a2da6a6dc38059c96ee1262cc05d75f13097a5e9470efc010e0a0a5a5e8f61ab7357f8de9d685
-
SSDEEP
12288:qymeXQAKnfJYR0FZ1qGtcbtp6cqKwSKCz1:qneReZ1qKcbtZZwBy
Score1/10 -
-
-
Target
libcef.lib
-
Size
3.0MB
-
MD5
a553208ea4a57f1334669fe1e80113b7
-
SHA1
509aebd8384adb5f0d5f37dd3dd2b799ca7ddae6
-
SHA256
c868a800bef638fd579202534fa763a584cf78a01447afc89908ed1bae308ace
-
SHA512
08765ce1ed9d095527b469495b2138e6446c9034916f4030e7c02c43ea7b39708c1d3cd4f35c9df156633e77cdcb702258f7d627c028c902ac3f450dd0643eef
-
SSDEEP
49152:k81zxrw6PRLfCprOOR0yXNnMFraaDbXkQe/9p:k81zxrwkCNlxNgrfn0n
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
sqlscanner.exe
-
Size
13.5MB
-
MD5
a9420a585475d7c4f54b934cc9343908
-
SHA1
603422c8f842c73c97b793d510ef2c311be83337
-
SHA256
65fd9a6135a40b72400561e11383a4a32b7e239f4f46006324977f8a2a6c5fb2
-
SHA512
6a3887e509e6e36a8ca99c897a51a45271d2db200e44a9e299ce1a314d5609353dc5f87ab4bb23af5360c40221d41a9a471ede1b6b591f18e85d0a7c82553c39
-
SSDEEP
196608:3YZl4XkYUOAcewuLIoBA1HeT39IigwE1ncKOVVtd97wWhkiLtQGN+j0WHivexy4n:W0XUOAc1Iq1+TtIiFg0VBxwdS6bj9iU
Score7/10-
Loads dropped DLL
-
-
-
Target
cstealer.pyc
-
Size
67KB
-
MD5
f0b888fbf9b2c319ba828cb623992abf
-
SHA1
a8bc0389d054fc398b4fc40b2b6ee02fe65b240f
-
SHA256
e3606d7dfe5666db81b9ae1e8d48a5303719f950c7505cb7d3f1e849e2391471
-
SHA512
6a2decec3631e277518807d484d58816b6619d44b1dc7404b01788188dec41039a87d4020fcb1b58310d5b487107a7cf315e5f4691330bf9c4e72fbe4c8d13e6
-
SSDEEP
1536:l0xqOgoxpqBJlMstbo88jLQQFX3qS0Vr+LRheG:lqv/+bo88PDXh0r+LRP
Score3/10 -