Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

Hash
AC9F2AE9DE5126691B9391C990F9D4F1C25AFA912FBFDA2D4ABFE9F9057BDD8C    NORMAL                          Normal executable abused for DLL side-loading
331F64D6D6BF7883ED8A3C29AB8CE3BF947AAECF49748A7A2B5113CED68607A4    NORMAL                          Normal executable abused for DLL side-loading
68DB6FB7DD692575467C2419A97D6E0A4761C46D9422B0EF176E2CCF6E4ACEA5    Trojan.Win64.COMMDCRY.A         DLL loader
C24E869233C9C294DF4EB7651F8B638BF3421BFFE9CB9CEE0C86CCB9B684F56A    Trojan.Win64.COMMDCRY.A         DLL loader
BFDA86893C8F5C140FB4D5984C14C78BAD54EB5E949EFFF6107B41561BF50D83    Trojan.Win64.COMMDCRY.A         DLL loader
4ABB02CBCE9C4726974CD6EE01E4C3AB86FA1339B5759E867E9CA2D3F9769D58    Trojan.Win32.COMMPLOAD.A.enc    Encrypted payload
2EB1F96C1A13CF802D3FE763F889F045DB4568717864BF8F04D7129F45B57857    Trojan.Win32.COMMPLOAD.A.enc    Encrypted payload
2791B6FC484953BE65747890D3B9124E2F861B3175BF00BB7C109EF84C38891A    Trojan.Win32.COMMPLOAD.A.enc    Encrypted payload
F6DE4DB3EDC8CC90FD2D5D107D289E749EEE12B843E4898EC9FCBA7E86ACF396    Trojan.Win64.COMMSENDR.A        1st stage payload (decrypted)
F8A54D1ECF4758DD09E9AB316A8350DA5AF79D01AA454651B736851344E9939E    Trojan.Win64.COMMSENDR.A        1st stage payload (decrypted)
B54E1391E6CAA39E15E0D9A0C72C72B8A878026DC9F2CEA060BCCEC3E6116E45    Trojan.Win64.COMMSENDR.A        1st stage payload (decrypted)
D704520D54A653AC1AD7E4E6677624A90BB8C521B2BB65EC44A2C04CCFF557D1    Trojan.Win64.COMMJECT.A         2nd stage payload (decrypted)
988FFFDB39F0DA32F012AF12DA427DF6389ADF8824E0F659520317357D5863DA    Trojan.Win64.COMMJECT.A         2nd stage payload (decrypted)
97BAFDC156464F7F704ABA00DEDF49E0B2F0D085F7CFFD1390AF03928D561645    Backdoor.Win64.COMMSOCK.A       Backdoor module
CFDF90760DEC5D1005E8B62A889CDDC8ADFAE646BC42DB1287C24DB8947F8AEF    Backdoor.Win64.COMMSOCK.A       Backdoor module
003DE28122FD5E974863E47D9705A6947AD2D2721E08FCC5D24AC01098F3C3CD    Trojan.Win64.COMMSOCK.A         SOCKS5 proxy module
027320CAE9546949E8C14A61C02035EB666FA4281A0DB362959F94EB25E4D54E    TrojanSpy.Win64.COMMSPY.A       Information stealing module
352D0FB9232A0DE36973800BD5E5D79E7239821FA5F226E843060760F8760840    TrojanSpy.Win64.COMMSPY.A       Screenshoting module
0A49FA530341CEA19DAD8670F3E26CAA49695948759B60E666CCF20CB306E833    TrojanSpy.Win64.COMMSPY.A       Skype and Telegram stealing module
3AB6FFF7ED87EA1DBB4E9926807AE26D888A644E00F3A7520F68D34B980D0B57    Backdoor.JS.COMMLOAD.A          JavaScript backdoor
B06710278497232800F5B157D2D6E622F2034035B2D68DEC7CCABED68AFE38E8    Backdoor.JS.COMMLOAD.A          JavaScript backdoor
C193E92D1286CF13F9E878402DABD9449BC652B1CF40D1D521AFB1E5F4E22B21    Backdoor.JS.COMMLOAD.A          JavaScript backdoor
F642BCB845AC9A63FD28DBF21F64E8CB4FEC46ACC07E02A2FA6D860B1C29E6DC    Backdoor.JS.COMMLOAD.A          JavaScript backdoor

C&C
analyaze.s3amazonbucket.com
services.livehelp100services.com
service.livehelpl00service.com
app.livehelpl00services.com
analysis.windowstearns.com
max.cornm100.io
8.219.76.37
s.livelyhellp.chat
files.amazonawsgarages.com