914d9923c7fde7a120b5f74a9e701656b5807346de737bd2073d28c78d413ac0

Sharing

Copy URL

Twitter E-mail

General

Target

xmcl-0.34.0-win32-x64.zip
Size

104.3MB
Sample

230214-ync54afc41
MD5

6a4a532ab3a9cd3ba8f3432f6c83b1d5
SHA1

9158117efc96cc5d6cae1902ed8e79ea90681594
SHA256

914d9923c7fde7a120b5f74a9e701656b5807346de737bd2073d28c78d413ac0
SHA512

9377f0f9856d5372be807851dcbb1fccc92e405879b0d1dab9341d86204207d08667059b8e74a3c1e1421de174cc71d128594171b09e00656a02c5b9c110777a
SSDEEP

3145728:9UaEFhihqwIHeOvaakgp42jQahYp9h6Eg+:9UaanC592jqin+

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  LICENSES.chromium.html
- Size
  
  6.3MB
- MD5
  
  6e638956244aaded2c92b77f9d421a81
- SHA1
  
  f5269556b6fe04cfca5a1da21af718641708a666
- SHA256
  
  652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e
- SHA512
  
  f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1
- SSDEEP
  
  24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn
Score

1^/10
behavioral1
- Target
  
  X Minecraft Launcher.exe
- Size
  
  147.3MB
- MD5
  
  fdd496a77d058b34d5feced6b583a15f
- SHA1
  
  ec4d54e49d9704b87f2755edefcaf1fb04ea7f6f
- SHA256
  
  62372f42a5d26effd3e53aebf542b08bc52b487030b1850085196360d996416f
- SHA512
  
  a2f86770d4118ea5034855cc403cd873544995558eab05ebf381ffe282cca31d5ca0352257706fc2027bea87e8e99828ebb9be71010dc605ad932f38e8416a3a
- SSDEEP
  
  1572864:Z/38p53ic9tZ4K5MTYxdX00W3h/uORAbsIsdStuFpAB48vSFYcK4QkGux:hEG0MH1ikxx
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral2
- Target
  
  chrome_100_percent.pak
- Size
  
  126KB
- MD5
  
  44a69827d4aa75426f3c577af2f8618e
- SHA1
  
  7bdd115425b05414b64dcdb7d980b92ecd3f15b3
- SHA256
  
  bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
- SHA512
  
  5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049
- SSDEEP
  
  3072:DKzwqCT4w/qzOovg6/Csp7O2o418Gb0+VRLf0ld0GY3cQ39Vm2I:DKzwt44yrgKpyK18Gb0OV8ld0GecQ3f2
Score

3^/10
behavioral3
- Target
  
  chrome_200_percent.pak
- Size
  
  175KB
- MD5
  
  9c379fc04a7bf1a853b14834f58c9f4b
- SHA1
  
  c105120fd00001c9ebdf2b3b981ecccb02f8eefb
- SHA256
  
  b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
- SHA512
  
  f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13
- SSDEEP
  
  3072:oDQYaEQN6AJPgqzOovg6/Csp7rfR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNN:oDQYaNN68gyrgKpngx5GMRejnbdZnVEd
Score

3^/10
behavioral4
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  cb9807f6cf55ad799e920b7e0f97df99
- SHA1
  
  bb76012ded5acd103adad49436612d073d159b29
- SHA256
  
  5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
- SHA512
  
  f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62
- SSDEEP
  
  49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI
Score

1^/10
behavioral5
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  24be50bd18cc04508c2c28ea1671182c
- SHA1
  
  3503d8c1193abdd0627e4636d1a1b6f59b149446
- SHA256
  
  3dfd6eb78f6c6c3534ed6080a45fac6641255ddceab51be51da85607140995e4
- SHA512
  
  55bb9e6cee9b5132287324f51348e930f81ae61eeee40a410a86532fa80846a384bffcf713b6b8358d506d3f79fa6cc07df80545d7851d38b72485a161d30354
- SSDEEP
  
  49152:pYuqVaqc35GHXVNtcZ44yODvSEbO/1o/GRRpYN4MJ8eIknusyUUjkU+jLtyTzQVD:pYLVl54yODvH/ySJUiLtyTzQVkU5qkJx
Score

1^/10
behavioral6
- Target
  
  icudtl.dat
- Size
  
  10.0MB
- MD5
  
  cf9421b601645bda331c7136a0a9c3f8
- SHA1
  
  9950d66df9022f1caa941ab0e9647636f7b7a286
- SHA256
  
  8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
- SHA512
  
  bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb
- SSDEEP
  
  196608:j5zwSv9AAyse6liXUxCGZHa93Whlw6ZCnG0:jyKlysTliXUxCGZHa93Whlw6ZCnr
Score

3^/10
behavioral7
- Target
  
  libEGL.dll
- Size
  
  464KB
- MD5
  
  34a1260ba0c565f219a22fb4a9508f93
- SHA1
  
  8b1bfd3a289854eff524bece3131255e74f5c4b7
- SHA256
  
  ea5e9fa35aeb02e2037a3eb26e291350cd4d6f030de03a0319e0eedfc056f8f8
- SHA512
  
  470e956ab6b483c8061e3dfc6d884badeaf32948277fac7ad49bf3d2e2555b81ff917180838e9fb2217dc9875bb564bc8e0a799940cb39a08bb944b91a7704b7
- SSDEEP
  
  6144:t3rGS+e87yDqHfFetvM/jvtGgJ53B6Zj8s1al2zl0ovk1Sr7e:FGS+e87A6eZM/jvtGgJZB6ZirS
Score

1^/10
behavioral8
- Target
  
  libGLESv2.dll
- Size
  
  7.0MB
- MD5
  
  72ce0a2c8c0f6eb6ba9388b6d4d903f3
- SHA1
  
  0d8fb30f9b3cefa1c06153abcdeddaacadea94b8
- SHA256
  
  1a4bec3e1edff49fa27c0f6b3ec2359466fa6e2fe81c1ec94d7d674b89a890d8
- SHA512
  
  54f3c50524141dceda3ff33d63b7ab0286ba8c078ec81fe368bd8483c33f2062bdd2f80145893fa9352a41fd60a6600fca5426a1266c2d62bdccb28bc1e8c498
- SSDEEP
  
  49152:JcRs1/VOY14IRwMqs5Jbkqd0bRh7yWXSnYUIV2Wi5zi1lJf3Lnn6cB7/h2Hmbs2u:mG2Ipp9eR+UDGRSoGetN42n1
Score

3^/10
behavioral9
- Target
  
  libcrypto-1_1-x64.dll
- Size
  
  2.7MB
- MD5
  
  f6009ff644fc4651e47462b4057d91bb
- SHA1
  
  400d610e51c3cf7aa878f498a686483ee50f6d25
- SHA256
  
  dbc14745674e827820da03e0d6503676d8299542248d3e99f08c8324cecdb591
- SHA512
  
  60354b9063de14b38c139eb5aae3954cdef5c14b1a7d16a06b3593ea48c3b0d9a2ec1ab853d8087345a47cc4fbc704783a999e513855bb65a6b7fd93b48d6a9d
- SSDEEP
  
  49152:JVwAsOmnOsag4PC8gj3HjNF7J6LljIU6iCYFzqZw7amJ0jGtlq2xOboYgIiKyCaN:mOOHjNF7O2+CYqK7UUxObrpCXiPiNc2T
Score

3^/10
behavioral10
- Target
  
  libssl-1_1-x64.dll
- Size
  
  549KB
- MD5
  
  64be88a4fd2231c6db19ccbc683ffeaf
- SHA1
  
  171cd6f253b4a8f3d850ba39dc96e0c305788ce7
- SHA256
  
  cc3339518098d018c70e3b07e5c0adad65e3d014fcaa45773f5362594c442e1c
- SHA512
  
  0c7cebf69b6d4017bbda65aa5e969f13be4c8c3ceb516529f5303aa99308b3856479204e1ef2b762c90a8de71587204535f5c65c574b7ae46b767f3602198cd9
- SSDEEP
  
  12288:D1IxLjyJQVMOq78Vw5efzQDOXdsl2f17hahZNhOJW4TXTyFk71x5:DWxLjyKVMOw8Vw5efzQDOXdsl2f17hoe
Score

1^/10
behavioral11
- Target
  
  locales/es-419.pak
- Size
  
  366KB
- MD5
  
  13c6d0a268545541f325375d431b41ae
- SHA1
  
  5f5c41348f00c5e5539d261c2b76ae6e3ec7af83
- SHA256
  
  943fa8774ade38d57349a5d27869097a782bc06bd34c40864a85ba829457d127
- SHA512
  
  09cbb2b21304ca8afa8b760b738adb5422e83550085f1aed8e8590eeef04a2b0e131e1ead6723c3e85383630c483d7720e55f71305ff4821d7822fe6d7aa4252
- SSDEEP
  
  3072:rt+uPUzEx0HrKJBjQMU0dmdv5jrqMCOyu0sdzPh7buhwwJ3Os57lLfGLFg3WSszj:rt+o+I0H6nUxv5rYQQJH5sLFg3WSsTG6
Score

3^/10
behavioral12
- Target
  
  locales/es.pak
- Size
  
  367KB
- MD5
  
  c8086dc25cf0a3c978b2c3b37edf8d67
- SHA1
  
  7b6d2ce8b3cc5a33ab2bcd23114fe65ccc568e7a
- SHA256
  
  11ef2c0229c1fe1c10be08e3d5f36c973bc3c272f37b40e05c534a118757461b
- SHA512
  
  230e6999a6fea1df3b2708eb331a2c25ca53677b3453745ff9cc7fbbc013b69148af5609166720255a2db7e63b25e2d0c599fb07057a6b47bf61f63ea9db9e01
- SSDEEP
  
  6144:OYkS2J1Bc2UoWCfgfr56ZLb5R7q5zrB7bUlo4AN6PZmz:OYl2XWn5r0pFRm5zreloXnz
Score

3^/10
behavioral13
- Target
  
  resources.pak
- Size
  
  5.2MB
- MD5
  
  0c7ed30428afd6d0f736363f47b57fb0
- SHA1
  
  8dd22c94fa3da83b10e045b002a4ecffdf593481
- SHA256
  
  6ec80226a8b4c1a87745bbf799225569df7f53d1905474d811867921c04a0f96
- SHA512
  
  7b87b7d2b29202764c7552c8263ec1acdbdeb0b65bd29cd366cac5c7212483386d4d3409f9c03ff90066499bc91fdd8d535d53b3e46031134ccc9081940361d0
- SSDEEP
  
  98304:MLFl3bm18oDS6qdKVFzh1syU7sHCMvrwrfinPF1GZW+extMVUAkWZkm:ML/bm18ov5h1U7sH3krfAPfGZMkHkm
Score

3^/10
behavioral14
- Target
  
  resources/app.asar
- Size
  
  24.3MB
- MD5
  
  e8c8041c84c3e88696dfaf9033b136f0
- SHA1
  
  5e630dbc52a3c37c6958d1d428d905dc3b45e83a
- SHA256
  
  26f7650b36176a325e2981558ad0931faed40aebc2f6aa502d95a6c7a684bf8c
- SHA512
  
  2ce346d0978d74a067b1d75cefe05d074ddeca986d9341854b1b9b875eefa4b1b1ec232427e50d3c406b2630ea9c815863ec970a8acfc39b766be91837ccb04d
- SSDEEP
  
  393216:8SB1DkCXWsGNZjMJSDhmfg2Yf8oxhOBr7pcmgbzG:kNU+kxc1XG
Score

1^/10
behavioral15
- Target
  
  resources/app.asar.unpacked/dist/encodingWorkerEntry.worker.js
- Size
  
  905KB
- MD5
  
  bac8b7b502b24c46df818def21537fc2
- SHA1
  
  2fec191fd0a2362a76ce6a76e15907949f6df670
- SHA256
  
  075bcdc1937a146ec63be3e70bf1db21c1f01fbb24b4927539b7c68257eab04f
- SHA512
  
  74dde26841fd983457df3565ee1615bbef9df5eb4115ff1c142de8d8cbed061d5262721c579e9cf17e64e96e5c1987b9a3710042960535013d65379fc30c9899
- SSDEEP
  
  12288:94QmgkIgUpEOBeO/UjPpMrsYDzatJI2fKb:1q5OSuZmI2fKb
Score

1^/10
behavioral16
- Target
  
  resources/app.asar.unpacked/dist/resourceWorkerEntry.worker.js
- Size
  
  1.0MB
- MD5
  
  df2ca0bf19d122105243e8812e06b87a
- SHA1
  
  7374b5098eac3e379f7318fc78a4a7b0dd8066fe
- SHA256
  
  54a6f41d0043f7014e6f581e4c5589a79dc8eedba03e13b60cf1a11f10a40c96
- SHA512
  
  af647b80ff202b26b52ed9077e5ef1367f36dcbfc483f567c6340847ecad2a8a4b91d7ebcdcbea9ccde46a205c5e7597b1b63e750b4e8fe58319f46b86707a93
- SSDEEP
  
  12288:ZeerLtOVWMACPCJ/Vt1a4jrobkYnLsTiT4kibyqRtINVoQQzpi6k2Be4jR9vmI6Q:ZVyLsTiTdfat6oEfJ0HHr
Score

1^/10
behavioral17
- Target
  
  snapshot_blob.bin
- Size
  
  409KB
- MD5
  
  8002a6944aec744f9221dc274351d76d
- SHA1
  
  b826d401967c6bc8c10dd951b35d7bd7c6d27cd3
- SHA256
  
  bb7f7f750b1ec275a009a96651868c0cbbf7828d80809c5dca945b3ec665a912
- SHA512
  
  ce510135d0dcf2a95b524f6000795a3a5a29d396bc8a98e6f1fc9b8f0b92eb5585f6fda956e9380fd4f75e9a1644294f1b354a2bdcf26523cdc305460bb028f8
- SSDEEP
  
  1536:T+cnVF12dTCL/TNBCR/+7c1oEcD0Oc+68KcldU1zVbnyVC2hiCfwoWJiuqi+wcWb:i5IMyWFOlFnxW1OwE6Ut4QG72Pe
Score

3^/10
behavioral18
- Target
  
  v8_context_snapshot.bin
- Size
  
  710KB
- MD5
  
  e15880fb71f70bd29f9c31d002bfb883
- SHA1
  
  9eb1aff0e07ecd0e7624e0c1f8a626eabc7354d6
- SHA256
  
  2aa2fdf8da0b239d058ddf13827f4514af2c20ecc8f30fedf0bee8c54a4e7439
- SHA512
  
  4121b8d4fa065a1fc06f4a33210fc8a10af349e28906d1dc1c4907aa27fcd89771609319fc8b37bcd024b4fb682f45518cc2fbda5bde05ea9f32fad4fe78f1c2
- SSDEEP
  
  6144:jdxIaCPBHaXAqTOTNwTR5sLRgxFyHgm9ZMf8kfS7eTTIF5r1a5:jdxIdhaXAqAcnyAazkfdwF5r1I
Score

3^/10
behavioral19
- Target
  
  vk_swiftshader.dll
- Size
  
  4.8MB
- MD5
  
  63187dd91fd781fcdad57c4f558768bb
- SHA1
  
  df8cda107891943069f4089bc6d57a422e37ac9e
- SHA256
  
  2b183e8f7a162a1f7b5023fef24a58e479e32767194947a1c74e1a1e061173df
- SHA512
  
  754e95f622210f5f7dfa56cba479523fed54df3ef247c7918e8552dd5293f9c0b46438811226f62e71b800e515160bab71ddcc5f22d8869e127390120373fbe6
- SSDEEP
  
  49152:dveyoM/h2BPSjPJEvoSNxxJanAf9dX2kcngUkomWPG2pu6n9MT5F9AZCeqx7l1Z3:RQM/agZaHt7A4P/
Score

3^/10
behavioral20
- Target
  
  vk_swiftshader_icd.json
- Size
  
  106B
- MD5
  
  8642dd3a87e2de6e991fae08458e302b
- SHA1
  
  9c06735c31cec00600fd763a92f8112d085bd12a
- SHA256
  
  32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
- SHA512
  
  f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
Score

3^/10
behavioral21
- Target
  
  vulkan-1.dll
- Size
  
  858KB
- MD5
  
  7b3c6c621cc0577558e9ef44d94ec967
- SHA1
  
  bf121b35d5bf9e01b762bc9a5782c384084c2e38
- SHA256
  
  20638bd40d5909048211fff90433b50f511892045097b0c7dc1385a3893529a3
- SHA512
  
  99962986fa4341dca8a2d60f8b43e31d975ea8afb218736a43d76cf9e10c6f33dbb0c90d19665dabb7ff072d54a9d167f4839b18b410a009a9bdb4d933bf5b07
- SSDEEP
  
  12288:eefVW1lX8MvG9E0wsYox2Nmp6yWEaAT6bJUQzH3To+7AEir1iS:eOcTX8p20wsYHmXaATmXjWF
Score

3^/10
behavioral22
- Target
  
  zlib1.dll
- Size
  
  116KB
- MD5
  
  66cd727fb33126b1c03b174aa1e6735a
- SHA1
  
  bb742318c4fdaf6f3d8bf41c5936813e976e6e15
- SHA256
  
  a26b41bb482967b170453c93edf8f108052ab00f0c7d1134761f625c085f175e
- SHA512
  
  5e755926b48a04682a42261bba4d1721a1d9d2b86f4bacf058c5f2ffbf3c539507cd98f7ec5d7def1c7324c14ccdef8e06cde5df9736cffe14b83c6709109c65
- SSDEEP
  
  3072:rYDRFWocTjWRHcJSpPCh5IAAzh24DfQn2F36:k1AocH5KarIZ5DfQn2F36
Score

3^/10
behavioral23

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Creates a large amount of network flows

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23