Overview
overview
9Static
static
BlackDeser...er.exe
windows7_x64
9BlackDeser...er.exe
windows10-2004_x64
9Libs/MahAp...ro.dll
windows7_x64
1Libs/MahAp...ro.dll
windows10-2004_x64
1Libs/Micro...op.dll
windows7_x64
1Libs/Micro...op.dll
windows10-2004_x64
1Libs/Micro...ns.dll
windows7_x64
1Libs/Micro...ns.dll
windows10-2004_x64
1Libs/Micro...ks.dll
windows7_x64
1Libs/Micro...ks.dll
windows10-2004_x64
1Libs/System.IO.dll
windows7_x64
1Libs/System.IO.dll
windows10-2004_x64
1Libs/Syste...me.dll
windows7_x64
1Libs/Syste...me.dll
windows10-2004_x64
1Libs/Syste...ks.dll
windows7_x64
1Libs/Syste...ks.dll
windows10-2004_x64
1Libs/Syste...ty.dll
windows7_x64
1Libs/Syste...ty.dll
windows10-2004_x64
1NativeDecompress.dll
windows7_x64
9NativeDecompress.dll
windows10-2004_x64
9General
-
Target
501c9cdf21d2e7d3816efb23747686aec989b9f987281113aa5416bef627dbaf
-
Size
3.3MB
-
Sample
220520-e53yasaag8
-
MD5
0ab333eb9f61e8df44f6acfffdfc98b2
-
SHA1
e9eb2e45d39223adb9c028db5fd1b56eb3c619fd
-
SHA256
501c9cdf21d2e7d3816efb23747686aec989b9f987281113aa5416bef627dbaf
-
SHA512
7ea0d62c5aa78a8e287603af09b896fb5c1042f80feabaeea6ed6639aee1ce5ab4cc47837fdb8aad906a3f6552be28cf2e899355188e5dbbcd0c6538134fc41a
Static task
static1
Behavioral task
behavioral1
Sample
BlackDesert Online PAZ Browser.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BlackDesert Online PAZ Browser.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Libs/MahApps.Metro.dll
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Libs/MahApps.Metro.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Libs/Microsoft.Threading.Tasks.Extensions.Desktop.dll
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Libs/Microsoft.Threading.Tasks.Extensions.Desktop.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Libs/Microsoft.Threading.Tasks.Extensions.dll
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Libs/Microsoft.Threading.Tasks.Extensions.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
Libs/Microsoft.Threading.Tasks.dll
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
Libs/Microsoft.Threading.Tasks.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
Libs/System.IO.dll
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
Libs/System.IO.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
Libs/System.Runtime.dll
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
Libs/System.Runtime.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
Libs/System.Threading.Tasks.dll
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
Libs/System.Threading.Tasks.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral17
Sample
Libs/System.Windows.Interactivity.dll
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
Libs/System.Windows.Interactivity.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral19
Sample
NativeDecompress.dll
Resource
win7-20220414-en
Behavioral task
behavioral20
Sample
NativeDecompress.dll
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
BlackDesert Online PAZ Browser.exe
-
Size
1.9MB
-
MD5
4a1c0fd0dea70de9898517ac5c37d766
-
SHA1
38bea50aa5e4f0693bbebac4c12bbcb469b045b0
-
SHA256
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
-
SHA512
a3632a5c15a0d5b84e28fc7e2f95a5b73e8f08037c1415682592eceaf9001aa971135cf534a4d039c9bd8854e0c08359ac300a27c429e592879367b7ae83c195
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Libs/MahApps.Metro.dll
-
Size
780KB
-
MD5
2871fa8aeabf5fd88de5e6d03eaa60fa
-
SHA1
1e40c0ae40a583f7ecfc7f2a4607c61475952309
-
SHA256
977e2267b546ec825a4610a7e8fc4c09dce4e97888621cefd306bbd562f29066
-
SHA512
afdefca73b08e86663b311e5fba24a37f22195ec2a5ce09867e6a543bdb6667b58e1168b1ff981e7ff7ececa413f4791eff725fc350d351cbb646aae8ad9a5f1
Score1/10 -
-
-
Target
Libs/Microsoft.Threading.Tasks.Extensions.Desktop.dll
-
Size
46KB
-
MD5
e548a93d16964e52868c47cef1c98f2e
-
SHA1
4b96b0aa48f6ac050a764c7d65f4129a9bb8cf21
-
SHA256
f71621c47c610e0886846cf53d955fd0e7448951f99ecc22facd47493ef97a87
-
SHA512
fd1377b5d2d792eccf2ab9a01529838f178126fd6748da8e27cbc908ea83813fb4de021aa88989186459fef1c11be76aaf8b29b2291203d5f34f98361acf77ab
Score1/10 -
-
-
Target
Libs/Microsoft.Threading.Tasks.Extensions.dll
-
Size
30KB
-
MD5
6aa2393ff1fde1a61d0cf51730428f74
-
SHA1
3c847a95a6547aa49919789d7a0cb6ed76122849
-
SHA256
92f1d0d6ccfb0d030789f3c5c636fcdd08f6d0541a5a54f185e8ecd85592e3f9
-
SHA512
1af984ec56885cdea9a0e379d659b65196713571377e2db267259dbc1f8748f1a610b0183a8fea3730f0049c3468f632240475730563c6413cbc88cc76032d91
Score1/10 -
-
-
Target
Libs/Microsoft.Threading.Tasks.dll
-
Size
36KB
-
MD5
d01819bfe03222dfa9e35a36555b6b6c
-
SHA1
25f8069590b14724f28e6a04b8a42e4ef4a8562d
-
SHA256
5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94
-
SHA512
e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477
Score1/10 -
-
-
Target
Libs/System.IO.dll
-
Size
20KB
-
MD5
05aa69dfc063cd17312348bcb08a1f4f
-
SHA1
9ac9b30c8a15ff8ca4357df532a3cf9fcf252f6a
-
SHA256
66400c153c76b965c9156c31aa34453caef250056c5dd0888dac011d7a3f7f4a
-
SHA512
1f43ee7a1fb085270b6cdb0aef28984b8e53532b8b2347fce8ea1910818b8b6104461670d3a86ca796fe0fa1a16c953aca7d29aa92fb1cd4a9c98712fb5d8000
Score1/10 -
-
-
Target
Libs/System.Runtime.dll
-
Size
21KB
-
MD5
7b864dd560373e17f38338dfdc299182
-
SHA1
0ca4686635ac12ecbed9050e98117242b69fc004
-
SHA256
0f1f595042419911eef073fcc6a7f3d1ff7cb360dde964db0ca0fa136264aeae
-
SHA512
dadbe37d03021865c709ede5ffd247c1f9f34cf912e578d3f75e829be9e30735c334b48507e0324b33dd619cdae1d07b74fd81f4c19d271983f7f1e90a340fb3
Score1/10 -
-
-
Target
Libs/System.Threading.Tasks.dll
-
Size
33KB
-
MD5
1183ca0085c8b22276342c342a4f2e02
-
SHA1
c6271bf1da0c0b2f729246856616a577dc84ca5a
-
SHA256
718db47e2fa88d0dad322c6255a22fa2cb1b635a6c5be06c672572f1b0a6642f
-
SHA512
2d8a6646d80d1343b1de11f54113b233d7c9fed13f70a7d515abafb31b1108801dfb32d418471f0772b42a9ed567c5cd80a32371142f3c5048861dceb42db3ac
Score1/10 -
-
-
Target
Libs/System.Windows.Interactivity.dll
-
Size
39KB
-
MD5
3ab57a33a6e3a1476695d5a6e856c06a
-
SHA1
dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
-
SHA256
4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
-
SHA512
58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
Score1/10 -
-
-
Target
NativeDecompress.dll
-
Size
1.2MB
-
MD5
84b679ddb4975de2d2fc0e1a37042ac5
-
SHA1
5e80e5df5514ce5603578c738a63210ef4c2f55e
-
SHA256
64284f7cddd51086946191dbaaf1d23869b99ef47892f250682c2d568aa874f5
-
SHA512
3c574ed06b7d798c1f92dad6019ee510b660fcb2267f91528cfcc94c96a003f55504d534aaea694baa87a21665c8c180e4e1ad5735041a779336f2996062ec2a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-