a8b1e3aefd734d0991d03b02d0b0d1082e8915187d25fe757ff08f1408da3681

Sharing

Copy URL

Twitter E-mail

General

Target

Soundpad.zip
Size

10.4MB
Sample

230114-swqs9sdg5z
MD5

d6fbb718a85de3f9899c610b1e66d766
SHA1

317338565e743196712cfb9cbbd10309942889d4
SHA256

a8b1e3aefd734d0991d03b02d0b0d1082e8915187d25fe757ff08f1408da3681
SHA512

891352ed679d1b140ffa664efedddc83378a0239f7deabfd2fb6d0ef17d9d68ef62d3fe76c0cf99fe567b7d783c2526ec039c7df2c02f9c2d7f6601915043cde
SSDEEP

196608:3HKNEONBRpCHkBvCjbgbWrSLqPiKgNq605N3gap+n8cZDqxTEe0Yfz:3qdNhwU1LqPiKuq605uk+9hqxwe0az

Score

8^/10

persistence upx

Malware Config

Targets

- Target
  
  Soundpad/Profile/CRACKED BY Ray_Black/SteamUserID.cfg
- Size
  
  61B
- MD5
  
  60e6d94a8d6fbbbcdbde901377e1453e
- SHA1
  
  966d037bb4acbf02f04eb0439758fb5ef2b775e7
- SHA256
  
  24ce1c13a8e365a6158b6d8c03629c9cf2541fec1812e98426fe55767117ad93
- SHA512
  
  86e48d019408527b50177b75e648aac38dcf504a5cedc28abe202202895b33aaa403e8bfc4d3e046fe2fa7d52f4f341006f1689cbbffe2661657c9961d9fb49d
Score

8^/10
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Soundpad/Soundpad.exe
- Size
  
  10.9MB
- MD5
  
  0ae4f60d72e0d1c159505500b8a08ebb
- SHA1
  
  bb352dafd3c3ebebb4414b799010fe5ebddbef44
- SHA256
  
  ed3371229647ef876b45cb5940e48b461df58d4e68ad4932f5877eba90c8d379
- SHA512
  
  88495911df544a04a4e09828ae10b57d3d945c41d6e28964c2d4d077afa43fec1c82a8ff6dcce57a3c7b9e5d02d1e47f800f557b022866f5f7be4a2db9b07536
- SSDEEP
  
  196608:fDRlger67uOemwy1LR/XU3gmsRM0wWM+wC89ooEvu:UerSwAVE3XsRMiJpsf
Score

8^/10

persistence upx
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral2
- Target
  
  Soundpad/SteamConfig.ini
- Size
  
  135B
- MD5
  
  8aaae6e65f734e7f90b2d11966c76a16
- SHA1
  
  f910a899891026e6d22305d176a73d2588b99715
- SHA256
  
  c2702d244e84cb0abc4f964062b9ecf51b1697712ad4c03b37d345f93d045bba
- SHA512
  
  96f0c7cd0b8e2ce8365f907a03c8229ed733fdcd07a826d82aa242c870f5994d04b1987263ba2a8e0a314ab281d5cf9905cc562177e09b499a99fe3e8d3cfb5e
Score

8^/10
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3
- Target
  
  Soundpad/UniteFxControl.dll
- Size
  
  1.1MB
- MD5
  
  6ac19cffc0c58ce35ae704c381c4f702
- SHA1
  
  c43900c5d56d62311a337b04c9489afc1c75c175
- SHA256
  
  afe6075ea7dd1bdcbc47b38385216d11cdd5ebc3f82eeedfa6d766e9249d6252
- SHA512
  
  61197228b9a1bb9810c68cc04928fd47e2bbe78d36f71c4a2ee498742fea8fd6c950cf43578fa20c6009f1ed6343bf8ca7bfb155512018aac88a4191fad4f939
- SSDEEP
  
  24576:XBLW5gqPvbSfiCRcXw0qU6RmWByuAy5a/owH/1:ZqPvbv/Zwm4yi5aQwHN
Score

8^/10
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral4
- Target
  
  Soundpad/UniteFxUpdate.dll
- Size
  
  442KB
- MD5
  
  0ee743073ee6b68f8222be2661d95315
- SHA1
  
  2e642772ec19edf73422fe25a8d45db1a006ff85
- SHA256
  
  562b17370c7283e92a3353b76ab2aefd301c2e78782fa60ec9ee35676ad44f96
- SHA512
  
  c3f2037bd37cef7978187f67f1d0633ee3067b4837e0ad9ae2a5c8efab8ec4ce6a14c1d88e200ffaa8677f74fd5995789297e6a7b5ac18d19dc9d53b4d9170ba
- SSDEEP
  
  6144:12UHPCFzuxTmVCp41NpA9+2pVbW+i6kdIkl7haKGrgEOHWeohg6yKJIGFEph:12NzSC1Na42ekuMs2eoqO+Dh
Score

8^/10
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5
- Target
  
  Soundpad/installscript.vdf
- Size
  
  631B
- MD5
  
  1a792aff29d6f07d1c3381634ba6baff
- SHA1
  
  f2c7bb49ccaf63ffcd38d06dd2d51095b08d4344
- SHA256
  
  270d2a3eef463b768ca4368e62444a7ccaff4e98c71f2ca05b721bfef2e03e05
- SHA512
  
  3971dee038f1cd1aacf9151196a53e2bfbf4bc9a665f60ae79309b5544d81a733e3f7b9db422e17c5a95ba2930248be408e6fbf877f8eb12235277f46af5a4f1
Score

8^/10
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral6
- Target
  
  Soundpad/languages/cs/translation.mo
- Size
  
  48KB
- MD5
  
  5e8a5fee87f5795b0c3c8d02a6a83eff
- SHA1
  
  6f86c686a7f29260d7d9b03180488fe668765c47
- SHA256
  
  ca876dcfb11522ee63977c07e176cd3fdddc8bde374fde53a6a7367680638214
- SHA512
  
  13fbd8912a361b59bd23b9ecb2ad4a80e0f6e32fc91fcf0befda5d31b182b1f492cd0ca6c095550383e2fb75258d6fc6230ac5f70e34d18e0a4c65e90262a5ec
- SSDEEP
  
  768:4ZPGJavWhcadx7PW2DH3PdVvW/h7jUUhllX+XVSlngTvDpzWAAePn:4AJaehc6xDFDH3PW/hse+XVSlWpzWA9
Score

3^/10
behavioral7
- Target
  
  Soundpad/sounds/notify/auto-keys-disabled.m4a
- Size
  
  30KB
- MD5
  
  af966e5fc83d3be803e48461fd00d7ef
- SHA1
  
  f91865dba0a08480376c9fa3e9805a73daf745be
- SHA256
  
  178fd068cbb51d2e09847623b306fe73e8488afac8fcd9c2b6d5bc845dc5b0c9
- SHA512
  
  a9d9e8ad56b6a361f9ebe637b307b3369a007f13d951bc228e0c16b5292994116f2741026ad0e0fc0591c19be65eecf2cf8901920742a7beffeb19b7547fdc5e
- SSDEEP
  
  384:tEf1LtwLflKESf8CAtRyH1cjC1wtr65ZkAguNLXaQXP5dxS8zLAtrnxuCg7xixn8:mf4rlKEgAY+K5Dtaa5i8zLguCE2Z98h
Score

1^/10
behavioral8
- Target
  
  Soundpad/steam_api64.dll
- Size
  
  3.4MB
- MD5
  
  fde6c8bf079648ef175bfe54a48c33bd
- SHA1
  
  86da9176866a1f03ca8ad7fd381c3f2cfc89c6e8
- SHA256
  
  0a1e5c53cbad6b21de61e11f023c0d3f11f698164c743bd272741a7ba59ca5d7
- SHA512
  
  d750550d1abe01f8b59623e58dd366d3baa6b0a03a48f0c95f381d30481ffd20549801979c3c9d19145521a0f3dd8dbd6397347ec4d3448ab1ef4ad8e781a1ab
- SSDEEP
  
  49152:sqg1gpl5AKwKsRtf1Mx5k1aGLCnAWWMWWAwK3TQz4Cq9NVF14ZlEk8gtCbC5qAmk:GUnZ/slM7k/2DaWNcCaEk8oMexLCFJ
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Looks up external IP address via web service

Executes dropped EXE

Registers COM server for autorun

UPX packed file

Checks computer location settings

Loads dropped DLL

Looks up external IP address via web service

Drops file in System32 directory

Executes dropped EXE

Looks up external IP address via web service

Executes dropped EXE

Looks up external IP address via web service

Executes dropped EXE

Looks up external IP address via web service

Executes dropped EXE

Looks up external IP address via web service

UPX packed file

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9