2eabd0638c8ecdfc5c19c1523c72536c4697916e54236f55c2fe8197a850bd62

Sharing

Copy URL

Twitter E-mail

General

Target

GuardiansOfThrone_Launcher.zip
Size

15.9MB
Sample

221201-wtsfvsab2t
MD5

c6468dd91c2fceeba8e0f2cd784739c3
SHA1

ae8bc17ab9e8cda46587621901d1d4d3ab938816
SHA256

2eabd0638c8ecdfc5c19c1523c72536c4697916e54236f55c2fe8197a850bd62
SHA512

0e4fb2ba7cd0729bb20d2abd5e1c3477b2dd1d45af3c2a496125fc37b968ca71ae684fdfb9626bd00da38ac7241702634a8001ea71cf2700b56a1c8a69ab7695
SSDEEP

196608:cwVnwhRoypFTBlfyVmMvKdtJ5ReQ0flauLI2GorFcqftN4w8xoFxr4og/c/Kevmr:fVnwLrDGKla5dLI+r7n8xC4oxzgy8

Score

7^/10

linux

Malware Config

Targets

- Target
  
  GuardiansOfThrone_Launcher/GuardiansOfThrone_Launcher.exe
- Size
  
  791.1MB
- MD5
  
  abc0ae82ae17bae74cee2b1d70c2ad9b
- SHA1
  
  6f0f8f5b48bcba37fb8e0d118134579e9ddbd2da
- SHA256
  
  d75bd016762760fc822510a42542f89b3b87782e05f6f4d4c7e0d4c2cbc0bb20
- SHA512
  
  8cc180283136232e49e92769f163535811f1965475db6b6d2ea4857e1704a28f3a51e20a2169fc88c73484f8f396a625f72cf182f0f21f4a8a50dcb173b53f74
- SSDEEP
  
  24576:b4d89kiMHUavvvTK+jrmW8qwb3ID8yVaQY25sdCQG4gFIu0RReV0JYM:a8tMH3HTK+jCM7Vaysdv2II0
Score

7^/10
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2
- Target
  
  GuardiansOfThrone_Launcher/git/protoc_plugins/json_values_converter.py
- Size
  
  8KB
- MD5
  
  df8cc07bc14b1247ab5ca0c8b2551c6b
- SHA1
  
  5f5218c3d42ae2a095c24b95684cec3cd32b3714
- SHA256
  
  a259501b38be04431e1b2d17a4949edf048e97002b581a488293bca44fcfd290
- SHA512
  
  cf147444414dbd0f0221f8aca9a865e27202ec70f4ab9eb3d18e07a79ef6a6399e9cf13653fe98eb40b113ab78b55499cbf52b8b70430f856432378f38bc374c
- SSDEEP
  
  96:sHmd1spCgH4oCNrXB1o7FvDKTD+a3WOSa+J/XOS5Wx/ElM8uFqs:sGbqH4hd1NWO7uXOSWxc68uFqs
Score

7^/10
- Write file to user bin folder
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral3 behavioral4 behavioral5 behavioral6
- Target
  
  GuardiansOfThrone_Launcher/git/protoc_plugins/json_values_converter_tests.py
- Size
  
  1KB
- MD5
  
  8d1ffa3c2dc4350fae6ffe11cb008dd2
- SHA1
  
  28258e8e1a6fabd10debc69a710d61439029e2bf
- SHA256
  
  55a309fa99a6e79cda869dfd95d0dc553ada48325e4e802c23b6b85a0c84ee34
- SHA512
  
  97882c6622b4741e2a56f8338935b0d9d76f145dce14105424e0d67b3a5261ca6b1d6348ebb33f27bedce574babc77d84eb4db56aba1ecfa05a726bff63f665a
Score

7^/10
- Write file to user bin folder
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral10 behavioral7 behavioral8 behavioral9
- Target
  
  GuardiansOfThrone_Launcher/git/protoc_plugins/util/plugin.py
- Size
  
  876B
- MD5
  
  fffa8fd0f1f0e38908b1dee9dee075e7
- SHA1
  
  2ab9bee3f53eea175a47bed4d87c86a3dc521178
- SHA256
  
  2748631902fd31a5e14acdd6da3a2a0115b4b4f03200aed1af2cd5811cc55de3
- SHA512
  
  c1693aa207effef81c0c06a185b8fedd00632c710940b27fee899c758257ff1d51ba6a0a53879c727aa300cced25598ba4247aee01383c51b87dc37a41f31a53
Score

3^/10
behavioral11 behavioral12
- Target
  
  GuardiansOfThrone_Launcher/git/protoc_plugins/util/plugin_protos.py
- Size
  
  8KB
- MD5
  
  6dfb3185af4020d1ba6585f3d7779366
- SHA1
  
  089e48453329a83ce5666816a56bf9c1494fe0e5
- SHA256
  
  6b9e43825617b2e105bec81e42aa06658188eb864ac7fbef458f33e892a6a3a7
- SHA512
  
  4aecd38e0b22f5c7017c2a896b7ce38b91e99c7c6fb5f189e528b495ce07064e00131ac38a82297605b19020eb9bfb16cbb7bf22f73ab12951abe4411fec6bd2
- SSDEEP
  
  192:880xPYrzUEH2qUpuxskUZzLC78DMlunCBh42pUhO4J85OIx67gnqurslTLfEsWsM:8HSrzUE4Axsq2g
Score

3^/10
behavioral13 behavioral14
- Target
  
  GuardiansOfThrone_Launcher/git/protoc_plugins/util/types.py
- Size
  
  5KB
- MD5
  
  150155f0a04aaa8e7ac44aa1c4fa8a54
- SHA1
  
  5bf1c34be0ccbb0832a5c6ba469ccb0dc2cee7da
- SHA256
  
  173d1bd10dbe1991077cb5ffcb622cbe2a632695541629e1006126dd6bdc015a
- SHA512
  
  1f3a7dd3426f07b3e82eafd268f1440eb34f23e92c796b72114749598e04b306576aed789f2f269b212a0fdb5f4fc275040bfe8078fb89c7d5ef7bc558636939
- SSDEEP
  
  96:8n8yo2yfHKmHSQ8JwRVB95fdQbJYC8yLznyf3mnmBciROR5rsbBDHxFfOssj/8/h:88QNmy1w79dQbJIs3mBciRORpOBDHxFJ
Score

3^/10
behavioral15 behavioral16
- Target
  
  GuardiansOfThrone_Launcher/git/protoc_plugins/util/writer.py
- Size
  
  1KB
- MD5
  
  f02a8156f556375c84286b4894aa07e1
- SHA1
  
  14899d47652418f0941df49c879dae5af091b5bb
- SHA256
  
  d3c31da94a4ed8b6381a2520171cfcd7cb9b6b9bd76c133cf2c2b6275176ab38
- SHA512
  
  4548549497a53148868f926624288f85aa696068e3921fc48bfeda35cc3eae4a93365dcf6f9336262bb3032c9b8ebb9b49056506e72e100d84a26e80c43fd617
Score

3^/10
behavioral17 behavioral18
- Target
  
  GuardiansOfThrone_Launcher/git/third_party/gwt-2.7.0/COPYING.html
- Size
  
  15KB
- MD5
  
  372133271f6aa7c06fe6ae4019c84130
- SHA1
  
  10003873ed3c1002fccb4bcd8fab6c15eb6f50d6
- SHA256
  
  63169428c74f0abf08cc3143cf2d21e21c0257df22b788d6bda7086c6cd9f768
- SHA512
  
  1f867c4ce00ba9a8194c41d612b00d0d98693a0951ad7dba23d85444e3016020f07565e929989c7debe7969430d43523d128c3c27316dfa375a8f496d5ab9d34
- SSDEEP
  
  384:sUOukskvUKM1/S/Bv6ozpVxYxkmqjuxaqFf1TG:PkskA/S/BvrP2xkh
Score

1^/10
behavioral19 behavioral20
- Target
  
  GuardiansOfThrone_Launcher/git/third_party/gwt-2.7.0/about.html
- Size
  
  3KB
- MD5
  
  558e549d899898234b7564b21ced2c05
- SHA1
  
  35cf78021a89878b486693d1d98e829c29d7739b
- SHA256
  
  5113341637bfed7c6b977cf29e40dc6219876238a3350df997920776d130e3b7
- SHA512
  
  d1c3e682a59fcd81a4ed0d01a16a3f07751f02705703b629fac4be4714d2b8d998498a23cc456e8687db452051fff0b7ddf0a46d40182c88e370970175fd0c83
Score

1^/10
behavioral21 behavioral22
- Target
  
  GuardiansOfThrone_Launcher/git/third_party/gwt-2.7.0/gwt-api-checker.jar
- Size
  
  68KB
- MD5
  
  627a360665771767e35fe2af63c422c7
- SHA1
  
  94ea9907f4af04d30aeb660e036bdd11d2bd5dac
- SHA256
  
  694b9402d580a1ea892c5ee892d5c12e071fb73f566a99bdb24249ed48cf4066
- SHA512
  
  96c2f08db4790d9514ee8a42d52f3fddbca707c7326f83e9e292f50b5d98e09e57e94400adbf7cf006c707d89a3f9c24336fd37cf75430cff6e3f49e766e387c
- SSDEEP
  
  768:VoFPZXLh60WKHMiENmFtz3NcDtvbNj+iTqP3dTphtPxAJNNOh9pmx9MMDhacJ2W:qFnVWrytzuDtjNDUd3jAJyEvDUU
Score

1^/10
behavioral23 behavioral24
- Target
  
  GuardiansOfThrone_Launcher/git/third_party/gwt-2.7.0/gwt-codeserver.jar
- Size
  
  193KB
- MD5
  
  da93a6ba7bb3ce602e2b5c29e1f9e171
- SHA1
  
  5dbf7e06df66ee22047ce855943d0451d09985f9
- SHA256
  
  b1e50d670a1e229608c3fe487fabd8369aa0005445a60bb0431661b10233d9b0
- SHA512
  
  9dabe4bd5e48273be307b5d1d671d684eefa30568a600c71c38f15f8d01339630e56ac7b482223361bc9cbd57af71267aa183dd5cb869f8cd7f497128d93870e
- SSDEEP
  
  3072:VPTik+fYo0GAPLI0atFIFUNdCSFR8iyHn0KGGVwBFdmnjBG0st+ckd+tuwHA9GSe:ZR+T6agmeSL+0KEMn72+ckd+1HA498NY
Score

1^/10
behavioral25 behavioral26
- Target
  
  GuardiansOfThrone_Launcher/git/third_party/gwt-2.7.0/gwt-elemental.jar
- Size
  
  1.7MB
- MD5
  
  7b3365fd51d118a3852dbc6e96a033e9
- SHA1
  
  7101f7c7ef561eda65e4b01b1c67c7a68c16ebe4
- SHA256
  
  76c1b8c1224a53bef8d2a4d42ad5425bb52883e034d5f659972ab9045013beb8
- SHA512
  
  db11df51f18805649f910c2308ad479e09ba985597f31078c4efb034c7bf83a08ea88712e1aef31cb44ff2b5cca3b579e3a6d21cd22ef6e26943ad6867ade098
- SSDEEP
  
  49152:0mtpjdre/2Lcjw4TU7mJGcsJv6ygt6fCagYzt:jdPLX4TUaRsVrg4fCalzt
Score

1^/10
behavioral27 behavioral28
- Target
  
  GuardiansOfThrone_Launcher/git/third_party/gwt-2.7.0/gwt-ll.dll
- Size
  
  12KB
- MD5
  
  f383cabc8bb9af60709c5e24d9628682
- SHA1
  
  a4072c44da3dec73512ce370e1c244c04af1a41b
- SHA256
  
  6709d96cde9996f9c3ca1cee5937aa89fe2f2c2918a3f95e3dfcdf65d9620c40
- SHA512
  
  586ec13f11247e8a26cc35bb5808956103b49fb9171f17b48914bb8ad968e12a1937f8db7a77d219efe9fcbb3fc89f9a52fc0ae825436d654ebf8be5e8885246
- SSDEEP
  
  192:X9GaF1CQN+FfwbyMsDVnLdG0zX2Gsu11zhVPNhjlTFoIc:Xrn2hvdG0zoY1zhXdbPc
Score

3^/10
behavioral29 behavioral30
- Target
  
  GuardiansOfThrone_Launcher/git/third_party/gwt-2.7.0/gwt-module.dtd
- Size
  
  6KB
- MD5
  
  ed47ac6597e23502659b0712094f567a
- SHA1
  
  948575d2f726d05b0ab610c1e7e7973c79f8a1ea
- SHA256
  
  2318e232f8a375264d88aa81c39bcb9435c4e97ad5577f2c046b38d8a72b7224
- SHA512
  
  c31133ccaae42b7e8d84761f7a3c8c3ce285480e03eeb3cb1b35ce4102a040f30eace9ce5c8679f014bd0a3a0e26390ea18fca1d012800ce003e4df075309fb2
- SSDEEP
  
  192:4oTHZKsnkXXIqBguJfrojNraxqD+ViVoynM9R:4oVKsnkXXIqFJfro5kqD+ViVoynM9R
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Unexpected DNS network traffic destination

Write file to user bin folder

Writes file to tmp directory

Write file to user bin folder

Writes file to tmp directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32