Overview

overview

10

Static

static

Fall Guys ...or.msi

windows7_x64

8

Fall Guys ...or.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fall Guys Ultimate Knockout Generator.msi

  • Size

    1.1MB

  • Sample

    201030-psyh5ptfxs

  • MD5

    c6bda3eb7bed85863b0c8a2ffed22751

  • SHA1

    0c3ed7891da82fd8170b11cb77787de474700b4b

  • SHA256

    bbb95f2e2fff202e4c53e2d21b3bb3953d0694c91d87ca5f5a4d54114085f354

  • SHA512

    331fd5099f74969792dc857c61a3886e8e0dd39f4adcd304a670e30a0c2d97f5804ef506bc190efe0f54c645a5d35cf4a4da078956a96a86d56d7d4f237cd9fc

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      Fall Guys Ultimate Knockout Generator.msi

    • Size

      1.1MB

    • MD5

      c6bda3eb7bed85863b0c8a2ffed22751

    • SHA1

      0c3ed7891da82fd8170b11cb77787de474700b4b

    • SHA256

      bbb95f2e2fff202e4c53e2d21b3bb3953d0694c91d87ca5f5a4d54114085f354

    • SHA512

      331fd5099f74969792dc857c61a3886e8e0dd39f4adcd304a670e30a0c2d97f5804ef506bc190efe0f54c645a5d35cf4a4da078956a96a86d56d7d4f237cd9fc

    Score
    10/10
    discoverypersistence

    • Registers COM server for autorun

      persistence

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks