Overview

overview

8

Static

static

1

Devious Ru...er.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Devious Runescape Client Installer.exe

  • Size

    38.4MB

  • Sample

    230207-yzgyeseg8x

  • MD5

    b15b50278eb816db581f610b200eb629

  • SHA1

    2160970eeb33780293494d9698586c1aa9961475

  • SHA256

    ae9da73b3095e25faf33c2c0d930810ddf2d361e4327ed9e8d938f8ab65a8a1e

  • SHA512

    1ae1fa77a9c562c4c85e96611ff14cf408ba0ccd127378c67c105f686129a01b77e085acd068d212504e3ec97d12dd94a7dd471bc12ef75e79769f3a44ce4b9a

  • SSDEEP

    786432:8K0Za2zqjLcAQpM03z6qiKnaPUfcMWGjyTSLLQjaH7I3yPKtbk:8tayqjRQhjQDtGjyozHhPKtY

Score
8/10

Malware Config

Targets

    • Target

      Devious Runescape Client Installer.exe

    • Size

      38.4MB

    • MD5

      b15b50278eb816db581f610b200eb629

    • SHA1

      2160970eeb33780293494d9698586c1aa9961475

    • SHA256

      ae9da73b3095e25faf33c2c0d930810ddf2d361e4327ed9e8d938f8ab65a8a1e

    • SHA512

      1ae1fa77a9c562c4c85e96611ff14cf408ba0ccd127378c67c105f686129a01b77e085acd068d212504e3ec97d12dd94a7dd471bc12ef75e79769f3a44ce4b9a

    • SSDEEP

      786432:8K0Za2zqjLcAQpM03z6qiKnaPUfcMWGjyTSLLQjaH7I3yPKtbk:8tayqjRQhjQDtGjyozHhPKtY

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks