ff2693010b02d796fd906a3a6a8da9a556fb7d97d2f4546afa1c908df463c1f4 | Triage

Sharing

General

Target

GuyletsExternalRidJoinerGui_[unknowncheats.me]_.rar
Size

333KB
Sample

220905-jqh2ssgag6
MD5

86155e560f5d255d1623265093632352
SHA1

471e5952bf4a9940274d7495225ef98f45264b86
SHA256

ff2693010b02d796fd906a3a6a8da9a556fb7d97d2f4546afa1c908df463c1f4
SHA512

528b75d4421c87a8ef963b0df814d7f26c9d8584c943b515649e187d221bb31917b99e190b3561efddeb02437b6fa1c145f745ea7fa87804a5d765f302150ec3
SSDEEP

6144:kcQpPZIQb9nLAR1uJU1MsHT3BkdT1yg2jLy5i/U3xwGYZboBwRMMgkhtV5FBVZMl:kcaxIQbNAqU137B4T1y/oi/y6GYFUwaj

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  GuyletsExternalRidJoinerGui/GuyletsExternalRidJoinerGui.dll
- Size
  
  37KB
- MD5
  
  749575af408a2ebe8dcff0489b8b4fb4
- SHA1
  
  9a097ecb721ee5342df021ae34bc0b976fb4d429
- SHA256
  
  4fb48f78ac4691694c1c95babc9c64f579c4022afed19844cc5678e834dcd9b2
- SHA512
  
  505269b0022eb717c919f4628c03704ed099329d76cc101e15b45ac858d7cc4f6b836e38743b8a2f61e1a1cd52f2a6883087d92ccc7e1a1db73275b04a9a891d
- SSDEEP
  
  768:SzrsmH/VkJa8VC80r8//wbAQIpC6Elv2XCON0HLg2P7N9UiB:Ssm/Vwa8HwbAQ8C7ljXHLjNB
Score

1^/10
behavioral1
- Target
  
  GuyletsExternalRidJoinerGui/GuyletsExternalRidJoinerGui.exe
- Size
  
  155KB
- MD5
  
  e255e84648505e8228380976ad2d685d
- SHA1
  
  4b721e76cde9c269fe1e0ad4e86d0b7c6ea13786
- SHA256
  
  e402c2f9178dfd465e2004f7e0aed91418c67119a816cc56620be17eae3b53b7
- SHA512
  
  481e8aecbc2f364008874385feb125d4df9959078aae44775004e200cc17dcf72643220357a9e49ab300921f08df90cf5f0a0cf60ce14dd076a49b60246d91c5
- SSDEEP
  
  3072:TIzgaYv9HoBifPBPk0AH1a0yIdi3IwoOGbAQ8eljXn3:TEBqjXsmPYlX
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral2
- Target
  
  GuyletsExternalRidJoinerGui/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral3
- Target
  
  GuyletsExternalRidJoinerGui/RID_DLL.dll
- Size
  
  16KB
- MD5
  
  20c2b7cf987323c6c6785c1869cf7688
- SHA1
  
  ae854f58414915d235d695d981aae7f3badf46d8
- SHA256
  
  5541bed9488c93006b7eee09c666bf816669159a44e88512cf4e9ee33494af2e
- SHA512
  
  176942cb0fb744f18d277ac7bb38fc1f5721aa7ee18d672b86d1eaa30f92f9f58e1813bad4105671c116aef886d3857b03e2fc6ece62dc34932f97ae06d9ad24
- SSDEEP
  
  192:bYB/LHgtYS0B0UZkvNuZ/lJh3rKRleg30assgAV20V1DLF5XKJ:bG/LHgtcle6vh3r0leKxF5I
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4