General
-
Target
5ccaf1.msi
-
Size
188.9MB
-
Sample
221125-pkckqagb82
-
MD5
d370c807da44914b07440bb5c5eb554b
-
SHA1
a1106253372c94baaa343f6d3a0b63628a5a0a6c
-
SHA256
eb8484e9698f21d049c90750bdc1eec37c3f899c0ddd6e73ccf42e17edab0107
-
SHA512
9b252ff1e945b2cfa44e462a4ed73e17b6809733202cad5c321dcd09ee32301f1a8a5be0362fd795b40d36380de663b855847bc65cc220220e5360d3cf2c531d
-
SSDEEP
3145728:B8eWmtYoa0bEut/C6LOJCIx7p0pQMyAC5kndaZcee3iaASySuiNfX1XlL:BlTtYBcEs3KCIx7qWMjTeEOSyJiv
Static task
static1
Behavioral task
behavioral1
Sample
5ccaf1.msi
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
5ccaf1.msi
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\Program Files\Wizards of the Coast\MTGA\MTGA_Data\Plugins\ThirdPartyNotices.txt
https://www.chromium.org/Home
https://bitbucket.org/chromiumembedded/cef
https://github.com/ValveSoftware/openvr/blob/master/headers/openvr_api.cs
https://github.com/facebook-csharp-sdk/simple-json
http://www.opensource.org/licenses/mit-license.php
https://github.com/Real-Serious-Games/C-Sharp-Promise
https://www.x.org/wiki/
https://bitbucket.org/chromiumembedded/cef/
https://github.com/bazelbuild/bazel
https://github.com/dequelabs/axe-core/
https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js
https://aomedia.googlesource.com/aom/
http://code.google.com/p/angleproject/
http://lcamtuf.coredump.cx/afl/
http://source.android.com/
https://chromium.googlesource.com/chromium/src.git/+/master/third_party/android_crazy_linker/
https://developer.android.com/reference/android/util/FloatProperty.html
http://www.apache.org/licenses/LICENSE-2.0
https://android.googlesource.com/platform/frameworks/support
https://android.googlesource.com/platform/packages/apps/Settings/
https://developer.android.com/reference/android/support/design/widget/BottomNavigationView.html
http://developer.apple.com/
https://chromium.googlesource.com/android_tools.git/+/master/sdk/sources/android-23/android/os/AsyncTask.java
http://www.daemonology.net/bsdiff/
http://software.blackmagicdesign.com/DeckLink/v10.7/Blackmagic_DeckLink_SDK_10.7.zip
https://github.com/liblouis/liblouis
https://chromium.googlesource.com/breakpad/breakpad
http://www.opensource.apple.com/apsl/
https://github.com/google/brotli
https://github.com/google/crc32c
https://chromium.googlesource.com/external/github.com/GoogleChrome/custom-tabs-client
http://www.apache.org/licenses/
http://code.google.com/p/google-axs-chrome/
http://github.com/google/closure-compiler
http://caminobrowser.org/
http://www.mozilla.org/MPL/
https://github.com/google/compact_enc_det
https://github.com/google/cld3
https://crashpad.chromium.org/
http://www.opensource.apple.com/
http://www.apple.com/legal/guidelinesfor3rdparties.html
http://www.netlib.org/fp/
http://sourceforge.net/projects/expat/
https://github.com/google/flatbuffers
http://www.flotcharts.org/
http://www.freetype.org/
http://www.freetype.org
http://android-gifview.googlecode.com/svn/!svn/bc/8/trunk/
https://chromium.googlesource.com/chromium/src/+/master/third_party/cacheinvalidation/README.chromium
https://github.com/googlei18n/google-input-tools.git
https://github.com/google/google-toolbox-for-mac
https://github.com/googlevr/gvr-android-sdk
http://www.mozilla.org/MPL/2.0/
http://www.mozilla.org/MPL/2.0/FAQ.html
http://freetype.sourceforge.net/license.html
http://source.icu-project.org/repos/icu/icu/trunk/license.html
http://icu-project.org/userguide/icufaq.html
http://www.unicode.org/copyright.html
http://www.unicode.org/Public/
http://www.unicode.org/reports/
http://www.unicode.org/cldr/data/
http://jquery.com/
https://github.com/jquery/jquery/blob/master/MIT-LICENSE.txt
https://github.com/jquery/sizzle/blob/master/LICENSE
http://ctrio.sourceforge.net/
https://cla.developers.google.com/clas
http://www.openssl.org/)"
http://www.cisl.ucar.edu/css/software/fftpack5/ftpk.html
https://github.com/google/glslang
https://www.khronos.org/registry/
https://github.com/square/haha
http://www.linuxfoundation.org/collaborate/workgroups/accessibility/iaccessible2
http://www.opensource.org/licenses/bsd-license.php
http://site.icu-project.org/
http://developer.mozilla.org/en-US/docs/Accessibility/AT-APIs
https://github.com/googlei18n/libphonenumber/
http://www.khronos.org/registry
http://oss.sgi.com/projects/FreeB/
http://www.7-zip.org/sdk.html
https://github.com/square/leakcanary
https://github.com/google/leveldb.git
https://github.com/material-components/material-components-ios
https://github.com/google/material-design-icons
https://github.com/material-foundation/material-font-disk-loader-ios
https://github.com/material-foundation/material-internationalization-ios
https://github.com/material-foundation/material-roboto-font-loader-ios
https://github.com/material-foundation/material-sprited-animation-view-ios
https://github.com/material-foundation/material-text-accessibility-ios
https://android.googlesource.com/platform/development/+/b356564/samples/Support4Demos/src/com/example/android/supportv4/media/MediaController.java
https://github.com/material-motion/motion-interchange-objc
https://dxr.mozilla.org/mozilla-central/source/security/manager/
http://www.seanpatrickobrien.com/journal/posts/3
http://cgit.freedesktop.org/~aplattner/nvidia-settings/
http://www.mozilla.org/projects/nspr/
http://www.mozilla.org/projects/security/pki/nss/
http://mozilla.org/MPL/2.0/
https://github.com/khaledhosny/ots.git
http://www.openh264.org/
https://silver.arm.com/download/Software/Graphics/OX000-BU-00010-r1p0-00bet0/OX000-BU-00010-r1p0-00bet0.tgz
https://github.com/ValveSoftware/openvr
http://code.google.com/p/pdfium/
http://www.dabeaz.com/ply/ply-3.4.tar.gz
http://www.azillionmonkeys.com/qed/hash.html
https://android.googlesource.com/platform/external/perfetto/
http://www.polymer-project.org/
https://github.com/google/protobuf
https://github.com/jrmuizel/qcms/tree/v4
http://code.google.com/p/smhasher/
https://github.com/KhronosGroup/SPIRV-Tools.git
https://github.com/google/shaderc
https://skia.org/
http://google.github.io/snappy/
https://creativecommons.org/licenses/by/3.0/
https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
http://www.ploscompbiol.org/static/license
http://www.gutenberg.org/ebooks/53
http://devel.freebsoft.org/speechd
http://www.strongtalk.org/
http://www.suitable.com/tools/smslib.html
http://www.suitable.com
https://swiftshader.googlesource.com/SwiftShader
http://www.chromium.org/
http://www.linux-usb.org/usb-ids.html
https://github.com/googlei18n/libaddressinput
http://code.google.com/p/v8
https://github.com/LunarG/VulkanTools/tree/master/include/vulkan
https://github.com/web-animations/web-animations-js
http://webkit.org/
http://www.webmproject.org/code/
http://developers.google.com/speed/webp
http://www.webrtc.org/
http://wtl.sourceforge.net/
http://tukaani.org/xz/
http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
https://github.com/virustotal/yara
http://www.chromium.org/blink
http://www.torchmobile.com/
https://boringssl.googlesource.com/boringssl
https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS
http://lxr.mozilla.org/mozilla/source/toolkit/mozapps/update/src/updater/
https://github.com/mbostock/d3
https://github.com/y-256/libdivsufsort
https://github.com/chromium/dom-distiller
https://source.android.com/devices/graphics/testing.html
http://code.google.com/p/data-race-test/wiki/DynamicAnnotations
https://source.android.com/
http://www.netlib.org/fdlibm/
http://ffmpeg.org/
http://developer.intel.com/vtune/cbts/strmsimd/922down.htm
http://skal.planet-d.net/coding/dct.html
http://developer.intel.com/vtune/cbts/strmsimd/appnotes.htm
http://www.elecard.com/peter/idct.html
http://www.linuxvideo.org/mpeg2dec/
http://www.adel.nursat.kz/apg/
http://downloads.xiph.org/releases/flac/flac-1.3.1.tar.xz
https://chromium.googlesource.com/chromiumos/platform/gestures
https://github.com/google/glog
http://code.google.com/p/google-jstemplate/
http://harfbuzz.org/
http://hunspell.sourceforge.net/
http://bgoffice.sourceforge.net/
http://www.ijg.org/
http://opensource.org/licenses/bsd-license.php
https://sourceforge.net/project/?group_id=1519
http://chasen.aist-nara.ac.jp/chasen/distribution.html
http://casper.beckman.uiuc.edu/~c-tsai4
http://code.google.com/p/lao-dictionary/
http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
https://chromium.googlesource.com/deps/inspector_protocol/
https://github.com/open-source-parsers/jsoncpp
http://llvm.org/docs/LibFuzzer.html
http://llvm.org
http://libcxx.llvm.org/
http://libcxxabi.llvm.org/
https://chromium.googlesource.com/chromiumos/platform/libevdev
http://libevent.org/
https://chromium.googlesource.com/external/webrtc
https://github.com/libjpeg-turbo/libjpeg-turbo/
http://libpng.org/
https://github.com/google/libprotobuf-mutator
https://git.gnome.org/browse/libsecret/
https://github.com/cisco/libsrtp
http://www.freedesktop.org/wiki/Software/systemd/
https://llvm.org/svn/llvm-project/libunwind/trunk/
http://libusb.org/
http://www.webmproject.org/
http://xmlsoft.org/
http://xmlsoft.org/XSLT
http://code.google.com/p/libyuv/
https://github.com/rentzsch/mach_override
http://rentzsch.com
http://opensource.org/licenses/mit
http://www.mesa3d.org/
https://chromium.googlesource.com/chromiumos/platform/minigbm
https://github.com/client9/stringencoders
http://modp.com/release/base64
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html
http://code.google.com/p/nativeclient
http://sourceware.org/newlib/docs.html
http://sourceware.org/ml/newlib/
https://git.xiph.org/?p=opus.git;a=snapshot;h=3fe744ea04fdcc418fb85c2c133d13372ebb019b;sf=tgz
https://datatracker.ietf.org/ipr/1524/
https://datatracker.ietf.org/ipr/1914/
https://datatracker.ietf.org/ipr/1526/
https://github.com/google/re2
https://github.com/googlei18n/sfntly
https://github.com/simplejson/simplejson
https://sqlite.org/
http://gperftools.googlecode.com/
http://trevp.net/tlslite/
http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
http://github.com/sctplab/usrsctp
https://code.google.com/p/sctp-refimpl/source/browse/trunk/COPYRIGHT
http://git.linuxtv.org/v4l-utils.git
http://valgrind.org/
https://github.com/google/woff2
http://freedesktop.org/
http://www.freedesktop.org/wiki/Software/xdg-user-dirs
http://www.tortall.net/projects/yasm/
http://zlib.net/
Targets
-
-
Target
5ccaf1.msi
-
Size
188.9MB
-
MD5
d370c807da44914b07440bb5c5eb554b
-
SHA1
a1106253372c94baaa343f6d3a0b63628a5a0a6c
-
SHA256
eb8484e9698f21d049c90750bdc1eec37c3f899c0ddd6e73ccf42e17edab0107
-
SHA512
9b252ff1e945b2cfa44e462a4ed73e17b6809733202cad5c321dcd09ee32301f1a8a5be0362fd795b40d36380de663b855847bc65cc220220e5360d3cf2c531d
-
SSDEEP
3145728:B8eWmtYoa0bEut/C6LOJCIx7p0pQMyAC5kndaZcee3iaASySuiNfX1XlL:BlTtYBcEs3KCIx7qWMjTeEOSyJiv
Score10/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-