Overview

overview

10

Static

static

Nuevo Arch...AR.rar

windows7-x64

3

Baba Is Yo...ou.exe

windows7-x64

10

Baba Is Yo...ata.js

windows7-x64

1

Baba Is Yo...cts.js

windows7-x64

1

Baba Is Yo..._7.dll

windows7-x64

1

Baba Is Yo...pi.dll

windows7-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nuevo Archivo WinRAR.rar

  • Size

    103.4MB

  • Sample

    230130-qka8bsae52

  • MD5

    e94cbf510da76da65b05d5aa1c98090a

  • SHA1

    34abda774364cf3e5a901ef2791587b52ede3804

  • SHA256

    d9295df9fa4d59d8fe6615fca040897d1196c0adfa9b044c46256308045fc6ab

  • SHA512

    ca568306d2ac064137aee37cde9f15cdddbc60643b2cbb0be7bd3264cbe904089ffcbcaed411a880c90e3ec8fb69f0bf11d8bde3231fe42e32b0688e8c6ad08b

  • SSDEEP

    1572864:HaJSAFYxiqgDdOQ6RfopltDjlFJ9fG4Nkb4gU567edG4Q4TQesfU+THDi0ysBT3:HarFYxiqQo0/XNOb4g+pd/BReHDi0R3

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Targets

    • Target

      Nuevo Archivo WinRAR.rar

    • Size

      103.4MB

    • MD5

      e94cbf510da76da65b05d5aa1c98090a

    • SHA1

      34abda774364cf3e5a901ef2791587b52ede3804

    • SHA256

      d9295df9fa4d59d8fe6615fca040897d1196c0adfa9b044c46256308045fc6ab

    • SHA512

      ca568306d2ac064137aee37cde9f15cdddbc60643b2cbb0be7bd3264cbe904089ffcbcaed411a880c90e3ec8fb69f0bf11d8bde3231fe42e32b0688e8c6ad08b

    • SSDEEP

      1572864:HaJSAFYxiqgDdOQ6RfopltDjlFJ9fG4Nkb4gU567edG4Q4TQesfU+THDi0ysBT3:HarFYxiqQo0/XNOb4g+pd/BReHDi0R3

    Score
    3/10
    behavioral1

    • Target

      Baba Is You/Baba Is You.exe

    • Size

      3.6MB

    • MD5

      8e73de6cb147898699fab1620610fdb8

    • SHA1

      7c7a5c5c7a2ec364b96654ed596e3f1507e0e680

    • SHA256

      3e54d68197136712ee88af2074af5f2fa706d823b865b3f1bf43ae9a1a5942ec

    • SHA512

      a359b78d6e000f0d9b14d5ae7bfa5fa35c3cb378cf5497d52e3766892a57c4ba5f80447bf3ba3a1003e3d0b4cfb3f1303bf6d1ee464ac04f035645483a25bb44

    • SSDEEP

      49152:v4aRy7VKDzKBSHmYIxUndOyBw1s4w/h9BKN43Xq0EThKQ:who0SGwdJwFIh9BKNUXiThK

    Score
    10/10
    ramnitbankerspywarestealertrojanupxworm

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral2

    • Target

      Baba Is You/Data/Editor/editor_menudata.lua

    • Size

      51KB

    • MD5

      5b2100ff771bb9a6e1e8eb983396c4c6

    • SHA1

      e434ae1b4f3d56cb06599408d0cb87fd26d92f27

    • SHA256

      c31a66a8d7c7621149819a3655c36b16bc6d40e1a345963975ba609afaac31a9

    • SHA512

      74d7714eb1da34891b6082bf7a0b9ae96102bb42a9f0aaee50baa20649ccdff4d895fec384fb80ca861f8c94906dcbb7b0a54de71b11ea095ab1538c04d4db1b

    • SSDEEP

      384:RyMhOhY3XN/11AfmOtkxgC98n0KzkSMf1XJXUirJ9t8qvCI6bc2UX2Hm02L2Hm0o:cMhOe2u4zSJXUuJ9eqMbc2Ud25Q

    Score
    1/10
    behavioral3

    • Target

      Baba Is You/Data/effects.lua

    • Size

      14KB

    • MD5

      cba6124eb1f25bc68819e5a33726049b

    • SHA1

      c3833d855d0d91c60cc208dc27597e67ac130169

    • SHA256

      852a926b6ceae6ddbd97ff1ce7d2f86b53e420e17186a1b831e4f717be83260e

    • SHA512

      f29e30fae393763aeaa5a22cbfb675a58dfa97236c37745a817c51bd1400ac8e569f5ca30435f00fdff4b774c812f1b880e316721c6c3326f83329864cbd81c9

    • SSDEEP

      192:Wv2zdLJFv1NXZk2ie4rXZ9wbbngregiVglRlgJ8ghV/CgEd6gpzLgdqlnorbcd82:vLJF9NJkHe4rJ9wbzGiV/lKKcWKfMjRK

    Score
    1/10
    behavioral4

    • Target

      Baba Is You/XAudio2_7.dll

    • Size

      514KB

    • MD5

      81dfddfb401d663ba7e6ad1c80364216

    • SHA1

      c32d682767df128cd8e819cb5571ed89ab734961

    • SHA256

      d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69

    • SHA512

      7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

    • SSDEEP

      12288:Tcn8HWZeKA6SKE8bZiCENnOgQs/WIOPtm:T98+hIBENODs/WNtm

    Score
    1/10
    behavioral5

    • Target

      Baba Is You/steam_api.dll

    • Size

      214KB

    • MD5

      7b857c897bc69313e4936dc3dcce5193

    • SHA1

      4ee43374520904fa6d80c12c273d67eb7b5c984e

    • SHA256

      5b6ef90f822209180ed5cafecb90af849ee84bcf6281eeb21be2f89b3b5c89b6

    • SHA512

      be6406cc367815cc7b813adef24e5ddad6c8244d4964bd37ed0656aaae404496f4f9e38968e9acba91bff1db171127126d8219ebea8757142ebac0c82a233573

    • SSDEEP

      3072:b1FYvn1HLSVcDywesfpTjEWIrnhaIB1ScHEq+XpBqmylcICNCxPJwa8Eo/8:BqvnFYFzsfECqSpBpybCNuhGR/8

    Score
    3/10
    behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks