APT Calypso RAT, Flying Dutchman Samples



Reference


 Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.




Download

             Other malware




Hashes




MD5 SHA256 SHA1 Filename File Tyee Stage
aa1cf5791a60d56f7ae6da9bb1e7f01e d5afa3bfd423ba060207ad025467feaa56ac53d13616ac8782a7f63c9fc0fdb4 bdd8b9115d1ae536d0ea1e62052485e5ad10761f MPSSVC.dll pe dll Calypso RAT Payload
1e765fed294a7ad082169819c95d2c85 f6a09372156a8aef96576627a1ed9e57f194b008bb77e32ca29ac89505f933f0 60dda7ccd9ae00701046923b619a1b9c33c8e2ac Wscntfy.exe pe exe Calypso RAT Dropper
17e05041730dcd0732e5b296db16d757 b6c21c26aef75ad709f6c9cfa84bfa15b7ee709588382ce4bc3544a04bceb661 f3301405d8ad5b160747241d6b2a8d88bf6292e8 pe exe Calypso RAT Dropper
1ed72c14c4aab3b66e830e16ef90b37b eebff21def49af4e85c26523af2ad659125a07a09db50ac06bd3746483c89f9d dc0d0a34f107d140d9e47582e17a7fec945403ea coal.exe pe exe Calypso RAT Dropper
e24a62d9826869bc4817366800a8805c c407c3dde18c9b56ed24492ca257d77a570616074356b8c7854a080823f7ee17 53791c9e7c41931a6becb999fee4eb7daf9b1a11 data01.bin pe dll Calypso RAT Dropper
c9c39045fa14e94618dd631044053824 ab39301d45045172ad41c9a89210fdc6f0d3f9dccb567fd733b0dbffbfcfbcc3 1cda28bc307c09508dbb1f3495a967bbcc29326e pe exe Calypso RAT Dropper
69322703b8ef9d490a20033684c28493 e6a3b43acdaa824f3280095b10798ea341839f7d43f0460df8989f13c98fa6e0 f203680d97705d99f92fe9797691be6177f5fd41 RasCon.dll pe dll Calypso RAT Dropper
85ce60b365edf4beebbdd85cc971e84d 5dfdee5dd680948d19ab4d16df534cf10aca5fa0b157c59659d6517fe897c62f d9c14f7b6de8e26ae33e41a72ae8e35bb1af4434 pe exe Calypso RAT Dropper
6347e42f49a86aff2dea7c8bf455a52a 281583aca23f8fd8745dd88a600cbfc578d819859a13957ec022b86c3c1c99f4 8b2a81af85590e0e36efc1c05aa4f0600ea21545 HIDMgr.dll pe dll Calypso RAT Dropper
cb914fc73c67b325f948dd1bf97f5733 0031c7b63c1e1cd36d55f585d97e2b21a13a19858d5a1aa5455e5cc64b41e6e9 37ce4d0a3168e3b2f80b3fae38082e68a454aee0 pe exe Calypso RAT Dropper
c84df4b2cd0d3e7729210f15112da7ac 4e8351ddaff18f7df6fcc27a3c75598e0c56d3b406818d45effb4e78616092c2 41a0c5a1aad36f405c8755613c732591e3300f97 mscorsvw.dll pe dll Calypso RAT Dropper
5199ef9d086c97732d97eddef56591ec 511683c8ee62478c2b45be1f782ce678bbe03c4349a1778651414803010b3ee9 d19a786adc09dff84642f2c2e0386193fa2a914b dnscache.dll pe dll FlyingDutchman
06c1d7bf234ce99bb14639c194b3b318 a9a82099aa812d0c4025bee2b34f3b34c1d102773e36f1d50648815913dbe03d 464ab9e11d371bf24de46c98c295d4afe7e957c1 fromResource.exe pedll FlyingDutchman
617d588eccd942f243ffa8cb13679d9c 0664b09a86ec2df7dfe01a93e184a1fa23df66ea82cab39000944e418ec1f7b2 1b043fdcb582ed13cbf7dabcef6527762b5be93c pe dll Hussar
2807236c2d905a0675878e530ed8b1f8 314e438198f8cc2ee393c75f8e9f2ebd2b5133fd6f2b7deb1178f82782fc6330 2f6fe857632a67e87f4f3631bfa93713ccdf168a AeLookupMgr.dll pe dll Calypso RAT Payload
cce8c8ee42feaed68e9623185c3f7fe4 38cc404437b936660066b71cc87a28af1995248d6d4c471706eb1dd347129b4b 9d2235c911b86bb6ad55d953a2f56ea78c5478e5 AppCert.dll.crt Calypso RAT Payload
e1a578a069b1910a25c95e2d9450c710 413622ded5d344a5a78de4fea22cfdabdeb4cdccf69e9a1f58f668096c324738 36087a5b0809dc3f9dc5a77355a88e99af491a88 RasCfgMan.dll.crt Calypso RAT Payload
0d532484193b8b098d7eb14319cefcd3 f8043d6bfc3e63d8561f7f74e65cb7ff1731577ecf6c7559795d9de21298f0fc 31f4c6dc6ce78b4e0439b30c830dfd5d9a3fc4fe RasCfgMan.dll pe dll Calypso RAT Payload
974298eb7e2adfa019cae4d1a927ab07 0461710e681fd6dc9f1c83b57f94a88cd6df9e6432174cbfdd70dfd24577a0f8 41bc37679ce3caeecc176d10b4f8259918e25807 VirtualUMP.dll.crt Calypso RAT Payload
05f472a9d926f4c8a0a372e1a7193998 8017923cd8169bf951106f053408b425f1eb310a9421685638ead55bb3823db3 8d909bd3450ebe0cffd0cb17b91bc28d23ef5083 EFSProvider.dll.crt Calypso RAT Payload
d1a1166bec950c75b65fdc7361dcdc63 f3f38c097b0cc5337b7d2dbec098bf6d0a3bb4a3e0336e7b1c8af75268a0a49d 5731350f68a74fb4762c4ea878ecff635588a825 RasCon.dll pe dll 64bits assembly Calypso RAT Payload
e3e61f30f8a39cd7aa25149d0f8af5ef c4dc7519bccc24c53794bf9178e4a4d0823875c34479d01cedbb3e9b10f5c730 1b75ea494c3ac171c5177bdcc263b89a3f24f207 MPSSVC.dll pe dll Calypso RAT Payload

Article Link: http://contagiodump.blogspot.com/2019/12/apt-calypso-rat-flying-dutchman-samples.html