437c8032e578d678d10379c25af38953c41821103fb2d7d25f6a229fdd2bec10

Target

Minecraft 64 Bits.rar
Size

2.7MB
Sample

230213-3lhd9age41
MD5

c774c6824be0088a82cd33dfc1dfe603
SHA1

a052de1f4cabacf8de404e0c04af94c15061f536
SHA256

437c8032e578d678d10379c25af38953c41821103fb2d7d25f6a229fdd2bec10
SHA512

deb670f3bbe508add87f6485d8d2bf3944fd97dc40c5be704cbed61dc1770942091f87c917f415ab097f0130842e266b3f5cbb27ce7c65085b4ec701894e95ad
SSDEEP

49152:+i1hojgguX5w5QEP36lfrGMChjzpMerUFIFsko7VKZ25:+i17guAHP37dskaQw

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Borrador/EULA.rtf
- Size
  
  14KB
- MD5
  
  ac34393940ce72d93f01d0cd111c2177
- SHA1
  
  113b075e7d2a2efa5b44b79dfae2375ab96b07ab
- SHA256
  
  9ca16423805ea56466d1e639d179ca9ec8fa0acc582664315c2382df8f88b632
- SHA512
  
  1b251b6c9f638aa1a7dfc6f972d5ffad6b71dd43e35a5c43f66ec8711d62900964b7fd49b3d65e791be44c8a2b372fae0c9d74198dab34e3f1a2f8078ccf0855
- SSDEEP
  
  192:/Io3FU35/lDg6GypcfpBzfAIYZesDZb3ahlI3VhZ2Rs:/Io3FU35tUUIA9b2IFhQs
Score

4^/10
behavioral1 behavioral2
- Target
  
  Borrador/IObitUnlocker.dll
- Size
  
  71KB
- MD5
  
  6dc47f0038dd44de1c3a854949572774
- SHA1
  
  a5b74648a3944ac1781c89d3f549715e31eb5c85
- SHA256
  
  9e93fbb7955710e50a1ef4a222253a349927a543b105bfe26d4803ddc54060a9
- SHA512
  
  52caeb12ff1a57362e0c80f22221311df453eaeec6ba4e39b67942ad0ae6f8fc39b17bfe951f04c3d1d0a6b455bf91e9b1c2df5ad284bf6c2c8b0dd671c37d96
- SSDEEP
  
  1536:0gr2Lr071OUKFOk12oilFHyKyXMuJwIzD:0grviGoiiKycuew
Score

1^/10
behavioral3 behavioral4
- Target
  
  Borrador/IObitUnlocker.exe
- Size
  
  2.3MB
- MD5
  
  ca7d229c1a8087836d2365fd736a09ed
- SHA1
  
  7b502e68692c108854a033eca371defcb9a64328
- SHA256
  
  d2b8c197c1ff337cc692c3f11e3cf8e263612212b8dac9c104a220ae7ce0c325
- SHA512
  
  8dc81e51a50035740cc529f45844d80f2f998bd6e862c3d0192a7a7a591d9d8c26d6c9674a6e0e99c76dc57174a0791b57e32a0a2b9014a5ecb83b012679bc96
- SSDEEP
  
  24576:5S/WgTT/eC4PwRXrAREEkyuCmLMAefac2mhPiT8b2DeXYJAmzQDFQEkXAFxZSD1j:QTT/eC2wpBBseA/FsZDW8nTeCPGXOy+
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  Borrador/IObitUnlocker.sys
- Size
  
  35KB
- MD5
  
  d7b749051da5fb4604f4141f19c47660
- SHA1
  
  288daefd1ce65fb01011dc8a64491111207d3965
- SHA256
  
  2b33df9aff7cb99a782b252e8eb65ca49874a112986a1c49cd9971210597a8ae
- SHA512
  
  1d0ac1854eb6f2a5d2d90424bc5b9dd989ad61a2f3e87d6e9ca97a7f5f7c0d38b387cfd3e16b14992ea263b5d4194b0d38b8b8a6f5b1d0829a6932fde127c193
- SSDEEP
  
  768:eWspdre2ANTcdAbIheysJAzCbACWUKpS5eX3k5Jj:P2OICJJ/gS5eHkb
Score

1^/10
behavioral7 behavioral8
- Target
  
  Borrador/Language/Czech.lng
- Size
  
  6KB
- MD5
  
  542118a2cc938ac82a922abb171a6df5
- SHA1
  
  c3ef3b652555fbc79ba1d794125afe0ee190b8bd
- SHA256
  
  ef6b496609073be75cf44941126d4f79920711ec8c4ef2aded9d4b1dbf7c10a8
- SHA512
  
  31a9b6dd84e9053d4410678d74b9f2d0dff236eb2c207b6529e5e3a23bae8f8437579508545eb1469c3ef730cf03de8e3dce58e7e0513959334403bc372f1986
- SSDEEP
  
  96:rRYvG0PyjNDapRjmU5W0e8ofJpVxTyOp3z5hnZbc9qUpWX/7Oo+0VIK3Luu2Hfuw:dYvG06jNDaPPwFt7DPIhfoAx
Score

3^/10
behavioral10 behavioral9
- Target
  
  Borrador/Language/Danish.lng
- Size
  
  6KB
- MD5
  
  4c46432a05ce09bb563f48437a395f70
- SHA1
  
  ea7ff52387b973d29a9cd03d62593369fc96b765
- SHA256
  
  184f0c95f5d3433c0d5845099fc1da5d7e196ebaad993f2cd49d237cec34d292
- SHA512
  
  ca4e5f6e472b32a17a3345bfcadc5eed8861b7d216bcecb02a1d8f03ed62fc10fe0e0a311ff8c73ed7b58b1d5afe0d2175936e956d734a3d16e7af9f6a96eebf
- SSDEEP
  
  96:rROmT9mDV1g8r4iakjgiModJpkTyOIugAYdf2RqdDG37QX4xi+5+CnEStChGEwfD:dOBD3IiaD6wQ2wogCeE
Score

3^/10
behavioral11 behavioral12
- Target
  
  Borrador/Language/Dutch.lng
- Size
  
  7KB
- MD5
  
  74fcffdda39abbc429741816b919a841
- SHA1
  
  61a1d03f2512771ac0d8ccbf2ef60ced97bc0e47
- SHA256
  
  ab2752577faa9ff94e1af58c5819e1c9e95c3d77eb966082bda7b7651886ed3e
- SHA512
  
  06b53ad4f95b562fe6ea56e294dc2e9f04f227ac457f3cf71c7986e42a381ad1977c65f628a56a0e71e1eb208ac63165ea7880d70ae1a8a79ea5ff4320e2c014
- SSDEEP
  
  192:dxfvm+zCJaSdnQZxeGUzEjpD9JPmBe85w8PjFj:rvm+OUSdnQZxeGUoNDjPmBe85wCj
Score

3^/10
behavioral13 behavioral14
- Target
  
  Borrador/Language/English.lng
- Size
  
  6KB
- MD5
  
  083620520c4fb96da4eb5c102a3ea84e
- SHA1
  
  9df10ac766a2879b4c9f3c6f258caf48cda252d8
- SHA256
  
  905ff04266f76618e0a369332594b49422ecc23f707e424655a55ca279cb7c62
- SHA512
  
  51e294ef9a5a2b9861b0252cfd635b05b46336e9eb2b02477819f56cfbec7d5cc0176557a6389dc48dfcb9bc6f8440be5b8734410dc6d205c2d47f6ac27d128e
- SSDEEP
  
  96:rRaovg4Y5CA3aOTbdYAhpBuogZJpv5TyOnmuwn4zVG41qfuUvifzgC4lvG7Y8HCR:daovg4+C4aO+LD/H2U4liYbo93O6E
Score

3^/10
behavioral15 behavioral16
- Target
  
  Borrador/Language/Finnish.lng
- Size
  
  6KB
- MD5
  
  cde455a6ba3c8534a4a5acc8ea0de3a3
- SHA1
  
  3cf44c592cb4ce4be9954ef91a571b7a2355e35f
- SHA256
  
  0a9c0405f08aa930a2e82fbe2ae80a917423ed379a2b9eeb3b62109f5aca2443
- SHA512
  
  bb8d2b8612a351286ce27fd6a58023c9145991b9a34cb5f7e9a2be45a8624aec09dad25700abae973484865ec4316792627047485809ad621f5f533692363f8f
- SSDEEP
  
  192:dgI6o2mHmna4iZCCAaJBYHJve7NDMIKRc:K+mavfAz2
Score

3^/10
behavioral17 behavioral18
- Target
  
  Borrador/Language/German.lng
- Size
  
  7KB
- MD5
  
  2436b14b3712922f225427425009ba44
- SHA1
  
  8f896ffa283a77a6911a150303f12d067aad72eb
- SHA256
  
  bc7d3c4f581a3fd12be1e2d59686780bd94d5fc383c65518dd89fb6cad111c98
- SHA512
  
  94d346a3de795a4cace50efe46106448a69bc173534b4610e8ab831bbea158556218694bbeb6c93dd2a55e7932b0d49f02bd3410847ab048ac7e90e788f1d79e
- SSDEEP
  
  192:dN6S+utiwIaflyg+0Esch+qe/ZkZ2DgU86:PH+qiw1flyg+0nch+V/ZkZ2l86
Score

3^/10
behavioral19 behavioral20
- Target
  
  Borrador/Language/Hungarian.lng
- Size
  
  7KB
- MD5
  
  65f6e74b7c0ca1c64bd9c32bb8531fff
- SHA1
  
  6bc2c9205182fd4c5d25cbe2ef5ed7131356525f
- SHA256
  
  33ba3481f4dd39aaa847e41ea777e30395a5606373abc511106e67cc51d0617c
- SHA512
  
  04ae37bfc41f35b1974fb5f8bbb5e523a0b1e1a1f6ecefcd37238a374567f15c24cbcddb78aed649c7cf3687177ca038c1bc2daa819bf1b0d80c6f4e013b5d7a
- SSDEEP
  
  96:rRk32hDqRwD/Sa9VaVY+0ne63oMJpmTyOrhq5Zf6J9U/bM7BdGy6LmpcFjFtGNFz:dU8qRwD/SaHdiiYU/bwSJFjFENPs28JA
Score

3^/10
behavioral21 behavioral22
- Target
  
  Borrador/Language/Italian.lng
- Size
  
  7KB
- MD5
  
  71fe34913ae027c56ab88dc718c2eed5
- SHA1
  
  2e6023633d311a1ffb151712639b48d59797dee5
- SHA256
  
  d57caecfee173e3fd679e4fecdafb8d736f9c009a881bade375486928ca2ca48
- SHA512
  
  ea073db529b990be990f87cf1055c00c8ceeb41725c4a32266c9be3e468a27274b3fc0feb94492e6a9db20fbbe8ef059af173415b1eb9c7a0368a4d9d30a1c09
- SSDEEP
  
  96:rRDgSk02YuxlaHPDKPDo/XgxvDBwTxMo4DJpIF5TyOjOixf/GqVXceJ7VDzE8/Uo:dDgF02RlavDSDwQ5DsX7XZXtt8rLmr
Score

3^/10
behavioral23 behavioral24
- Target
  
  Borrador/Language/Japanese.lng
- Size
  
  5KB
- MD5
  
  7ec91418117a44939dc92d65e3359d03
- SHA1
  
  81e57bebe8b7d37617e2dddda97575a083776887
- SHA256
  
  651f189e637587821dbbfe7ddbef7f2869448ad9fbb1cbe0ec4afc2c81c4672d
- SHA512
  
  5ff00ce99dce870ece27120c5470112c6d319f33630217496fb1b48ee425a4165242185341648e5b49059d4b0ea2ad6b851d5411551fde74f3b2d5fb59057d41
- SSDEEP
  
  96:rR4ygW2CFPaK7Tv8uKR/tbSo8RJpzvTdleGHfCVe6E8+fE7wJUYia6kgEv4Izw:d1gW2C5aKH9K5Rul778+fI/aDHE
Score

3^/10
behavioral25 behavioral26
- Target
  
  Borrador/Language/Polish.lng
- Size
  
  6KB
- MD5
  
  05e11996cd6c94dbd0ab0f7f1d2876b0
- SHA1
  
  f5da0cc5c96049030e3e2e553c6f6123a1e6bd66
- SHA256
  
  d24f9b863e8d0d11b6bfa679b92526f9bd509bfaa96364ea9388fb1ea5123133
- SHA512
  
  c69dfe534c8fdefb9dbd4b8d3ab13c9ade884f3c4e6a18f32b8f5dd746214c4c47288c93b0a4baed0c53c5841f9a32b45b1696215978b33e8cbc3e50fdc052ca
- SSDEEP
  
  96:rRKvUtxVSr8N+aaVmAMFnoEJpneTyOvgsnBGqC//LZl77BxXDLT9tQdW+p9P6Gyi:dKvkxVSrEraPzq9lnDLhtQ82PTfqWD
Score

3^/10
behavioral27 behavioral28
- Target
  
  Borrador/Language/Russian.lng
- Size
  
  7KB
- MD5
  
  f3601cd1c2fecc1b7190cbd724ced684
- SHA1
  
  8cf1e731050aee6afcbba0f32c81ed7578f0f41e
- SHA256
  
  84bfadabf7893eec7123b5f1ca41394d3a69d237b5f355f3f2ce29f1854888d8
- SHA512
  
  06e7c202036d5403e9da27884d04d216bd6b1b92b8d8b0a1caf105722d4668c2727be91fa5c8cacdf91aa838ec7408d5c0354476945e2736ce3437a360b7dd0e
- SSDEEP
  
  96:rRuK6ylCauTV1LM9tgAT/4TT7wTJMTAoY4Jp5Ty9w6g0hTqBTrDozW7DMXSUB9yN:duJywauTV1w9XTyTUTmT4CQkTtD2Hy73
Score

3^/10
behavioral29 behavioral30
- Target
  
  Borrador/Language/Spanish.lng
- Size
  
  7KB
- MD5
  
  c353d15b926e335dda7b58d6d31959f6
- SHA1
  
  d378fd4b8155592e50fbd04bc64206b1a032718e
- SHA256
  
  4c595cf20cb72696f429567f60a3da0ac81e6957b1e056918678da89d7d7d7e5
- SHA512
  
  5698b017e29d0fa775e36870b6ae80456978703d280475ebace9738cdaaefb737540a3ea950f85b59cdef3e7e7b4ba95c9be3b084d9e0a4cce23a53d9cd9646c
- SSDEEP
  
  96:rRAHPG8Dr2HuTXl1RHa+i7DTu7FQr4b8FKq7VDJ6oI78JpK5TyBPoUGdsLigqcEx:dAbDrlxa+TFZbfbGBs50E
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Sets file execution options in registry

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32