967085c6e5df28bb3d9a1a6e2680423d38b8940b00a65b5407859f5d6aacfc7f

Sharing

Copy URL

Twitter E-mail

General

Target

FrostyModManager.zip
Size

76.1MB
Sample

230225-rjmemsdd77
MD5

a36305d746daab20c3608cebd0565d79
SHA1

fea45fa7c2ab6787e2fbf0228a94fe69e12bac63
SHA256

967085c6e5df28bb3d9a1a6e2680423d38b8940b00a65b5407859f5d6aacfc7f
SHA512

de498aa29408f49f10f5b98e2ab8b7e41c46835c2d971be14eac30b1d8e86188f8196206ff64abc1644c10c8ad3a5324d6b079ee34cc4873f310e97c36dae896
SSDEEP

1572864:3JKlPN+TmZpG0ftxn8EKR74cChlKkGb7vipRyjj8nKzwPoJV2:3axW0L8jR74Bh4b7vuYEKzwCY

Score

9^/10

coreentity discovery

Malware Config

Targets

- Target
  
  FrostyControls.dll
- Size
  
  93KB
- MD5
  
  fbec245b3805be2acde0bd19eaa2de86
- SHA1
  
  50556648687b560d175b0e55711db9ec983865f5
- SHA256
  
  ca226f9d15d6667175d0ff8a96d04043098dcfaadec72b55288bfe0d84d6271f
- SHA512
  
  8bd49f74c5b17460183ca8d8a94d9c4c7cbb598fb2e7422a35d90ce739a6306ebad7448dfb7a5a459ef93a2b5e8f4ddb798fdae6537e25d75412ac112025c20a
- SSDEEP
  
  1536:9oNHmpEhOu2AnR1JhBAw58dqoMUoMIxA6pcyW:9Oo0foWh6M+
Score

1^/10
behavioral1 behavioral2
- Target
  
  FrostyCore.dll
- Size
  
  5.9MB
- MD5
  
  c1388cb1c85760756c474a89b7a95770
- SHA1
  
  73bec0ff632b54a7137ab568f5089675ed084649
- SHA256
  
  6f42940c684b810b0e818f3e03a750446be163c7fa8a6e4f02462555420eb4d1
- SHA512
  
  a213329485017fbf70a602acfe7a10fe64af19280e63c1b81a70d6b3d9b8a564c600930aa7c89a5d1ceb7a4bb1060dae7cff2c142e5efe3ee9513313469baca7
- SSDEEP
  
  49152:S2k8DL77N4j6rQ5Tw5IFSH3Yd5Tso2VBZzbrDHg4D9hkV/7NQzBbaQ3Jd5QqXF:SH8
Score

1^/10
behavioral3 behavioral4
- Target
  
  FrostyHash.dll
- Size
  
  112KB
- MD5
  
  40cbe0c1dd81f6d6b4353623d4eb0200
- SHA1
  
  21c4f7af6a0b7f8dffbaca79ceb015e6113a08df
- SHA256
  
  8a2f9074bdf2e97cc4934c92c995a1adc431332a86d820251c8c2a9190aed7ea
- SHA512
  
  351266b00856bf504b5b5c3bd9c80b9eec69f1c060e61f99af9b15e8d8b6970f911d94f559e170260922592ae27d7fda4f6e06cd25cd6a3f4e7b4fce21a0d5be
- SSDEEP
  
  1536:B0snDClNp4ESiqZH6FFin0ndx9DDadTl:BOnlJqJwndx9D0Tl
Score

1^/10
behavioral5 behavioral6
- Target
  
  FrostyModManager.exe
- Size
  
  506KB
- MD5
  
  ce2e89ab7ba7e003af3feb74ec0d1a20
- SHA1
  
  6861071664db9fd994d6c4bbddb5e2be192a9e98
- SHA256
  
  8fcdb7659bc77b23f374e6eb89427c8dda7727a25c8a8bca3bdf494fd1c801db
- SHA512
  
  9044e40e37c37d1ffac9890d7bf1a7093c8043231fd49945d38beee849b26cdccd2c20e3d7af6d2bd096e125776b1b8a28dad385eb468bf49d0edb6d7c74710c
- SSDEEP
  
  3072:8+Uv+M/88jAku6tIUpoHopGg1DSnACXdS2YUFsviH8zQq/fgSR0pm/fOiC5c2r:VUvpBOE1OnHXYUsaH8zf/ISR0pm/Gy2
Score

1^/10
behavioral7 behavioral8
- Target
  
  FrostyModSupport.dll
- Size
  
  106KB
- MD5
  
  6ff3d7de02271f78155e7dc71be0cccf
- SHA1
  
  864b3e6794adaaf723472d52bfcbfdaf267730a5
- SHA256
  
  07dfcf0c55fcab14d4bb80324ab9af65f67e1049d444af75ac1781e1b6885606
- SHA512
  
  9d8352be50ba972cce4b49159e7c053071e9b3e87bdd4e97c4f7d5d99b8e3cf38b6b85c0df7c7373f4d282411cbc4481d97063af2df59b49fed568bcfbc8de5f
- SSDEEP
  
  1536:z4Qb1Sko0K1UuezBVEdYhs/0btkW2VZQ5yqfvG7c97b37vo4CWLSF25s:z4QbXQd10bt53ro4C3Fos
Score

1^/10
behavioral10 behavioral9
- Target
  
  FrostySdk.dll
- Size
  
  2.5MB
- MD5
  
  052cd5f758f85e11bae5c3a25dfed411
- SHA1
  
  3560189c62627150436e0c5c21fc05f4bae98802
- SHA256
  
  57ec3d4ce33bf7b98e7d30df2a431221fa61b3ab4d6456dfd7a0129c30b7cb6e
- SHA512
  
  464fe31e70b39e6b5832b39295fa231e5964f59c625fd8dcaa7cf0ca4c24d81b4dd9d7dbfdbf41f0e68e8d7a73572a188ef61ea11a8417bb5cf1aeb5c680011c
- SSDEEP
  
  49152:A3og1smwkxQ1fqDs/n31tP1Ah4jw8fOAXUR0EoEB8/mZKlyscUiKbOoBZyXmv:A6ZJ1fqDmXoV4IeEBCtlykpbhZP
Score

1^/10
behavioral11 behavioral12
- Target
  
  Plugins/FsLocalizationPlugin.dll
- Size
  
  35KB
- MD5
  
  2969abacbd070a74b9ec4c4ed3463014
- SHA1
  
  a61b32108cfd73a985ac303f0dd09c83c8b1b619
- SHA256
  
  bf06a24ffb2daa643d43d272e3c922345a49afa0dfc6c7cdd6effb6d8faa083c
- SHA512
  
  42f1fab1e20c4666695bde39e81b555033e070a80bfe28285c322d7b7db33f50353170d58d74e38e84f29c9a17a8030ec76bca20ac427016ccccc31cbd5c9a03
- SSDEEP
  
  768:iVROUsQZb8lA1XKg6p/yzS70qnQ3cz1lrcWMm+:i3zwuKY3ivS
Score

1^/10
behavioral13 behavioral14
- Target
  
  Plugins/LaunchPlatformPlugin.dll
- Size
  
  13KB
- MD5
  
  f9cb0e33a42f0cca043550ff7975b9e2
- SHA1
  
  ce158ddd9419cbfa6482dbf97bc35d0fd20c956e
- SHA256
  
  c62474a2b722a7b31b9a62743db33d3aed9746e8dce30dc9e3aa83fcad44c9a4
- SHA512
  
  99e7820a7bc5c0c3697cf7401461bfe107f65335da0d7e1f32ed7cf1debabf9f79632d7067e2ff275f1a4f7b6b4e1fa7c18948fab77482b67644cad2e7c6f2a1
- SSDEEP
  
  192:KyBVhQFFYM/arAHIB16Cr9VyBXpCSeYE75jJMN+4Kf6IHggU:KeVrSCr94BleYIc8xf6IHg/
Score

1^/10
behavioral15 behavioral16
- Target
  
  Plugins/MeshSetPlugin.dll
- Size
  
  247KB
- MD5
  
  5c98b5ac654ad9c01619864b5ac61568
- SHA1
  
  054ef8e97b2505f5d2fe0c44f6fb94babf49db06
- SHA256
  
  fd58e29faba8c9d0c61f874973a17ba24c3e6a68dbe40cd324e04af9a7f2b95a
- SHA512
  
  bd3329f0a0ff1a1b83009b143645593b7623020a7e27bc99ae9a78662223aef28d951f8f27a737edba1368dd33ed30b02f42774eb87140050fa0975ffdb01f92
- SSDEEP
  
  6144:qk+v9QxZ0aEAI1pG6MRfpsbvgP7OrxqPQw:IVmpcMrsbvgPNPQ
Score

1^/10
behavioral17 behavioral18
- Target
  
  Plugins/Swbf2MergerPlugin.dll
- Size
  
  82KB
- MD5
  
  0a21868b1f61d4832f007b1a7cfbc20e
- SHA1
  
  7ad569aaee11b6aa1d06cfa83c753204967d050b
- SHA256
  
  a935dc3b99576c0a70c69eefd8888065440982513dd09e439ca53fc14bd0b078
- SHA512
  
  bcc7d11ed9f4d704f08574eff797722b2a76846db7c643a65131975c845ae0292e4c1d6ee8ac271ecbd43ead0d25294d57d4effae1a0cc012f97340dd22a9d7a
- SSDEEP
  
  1536:64sqPeIV4fIdjMUDQJ/JMimXPYycfUo1sr/KRcf:64sqm7fIdjMRrDf71sw8
Score

1^/10
behavioral19 behavioral20
- Target
  
  Prereqs/NET Framework 4.7.2.exe
- Size
  
  1.4MB
- MD5
  
  c84209349f18afe5a41ce04e9ae8f487
- SHA1
  
  cedbbf404b166a5e72d035760bcb0fa508e4f4cb
- SHA256
  
  4e49c56e4cf9df2e837a8a3010f5a8b4deb096429d56e7fd9ff70ab394663678
- SHA512
  
  37006954e3afe07fb02d24894cc34794618b78c27a1b514818985b6cc1fa3e896ed99ba2e4aac3f6469d263819bd94ee70e7113946c51ba83c93b74826fc8fa8
- SSDEEP
  
  24576:NGHL3siy9hlzSmtLvUDSRbm4Jah1rVxXmBz5px02ZJX7KnIOXL6LKoAoY4U0GXFy:yL3s7PmeTUDBzrVxofxTZJXOIO76LK/y
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  Prereqs/Visual C++ Redistributable for Visual Studio 2015.exe
- Size
  
  13.9MB
- MD5
  
  27b141aacc2777a82bb3fa9f6e5e5c1c
- SHA1
  
  3155cb0f146b927fcc30647c1a904cd162548c8c
- SHA256
  
  5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
- SHA512
  
  7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011
- SSDEEP
  
  393216:xTPq5dCsKSR65cX7Eyd/qnejOX3L8T8KYfU3j:VP5iw56oyleejcL8T8fc3
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral23 behavioral24
- Target
  
  Prereqs/Visual C++ Redistributable for Visual Studio 2017.exe
- Size
  
  14.6MB
- MD5
  
  0af5748a2e790472af28e64105760eb7
- SHA1
  
  7ecf5797bc24eded2454aae6f3ca95c4f6eab807
- SHA256
  
  b192e143d55257a0a2f76be42e44ff8ee14014f3b1b196c6e59829b6b3ec453c
- SHA512
  
  9c3f6195477f836cdc948cfdb52f8e14b9b7ff9b59d036f6fe281d01d1cfcff53a7bed1c861f8e142a0060c5b8ee14d6df647f3de2181ac309da2863a21b92ce
- SSDEEP
  
  393216:lLlptVYmfr7yBG/4VgXR7hg7omRRjMW8Y6PJUA+bTqfQ89:lxpttD7yBG/zRKoOjvSUA+vqY89
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral25 behavioral26
- Target
  
  Profiles/AnthemSDK.dll
- Size
  
  11.6MB
- MD5
  
  9c009ff799df68e027ad91e02ed0b3da
- SHA1
  
  c6e1ba7f1c60b5e79671245b50275d941179f21f
- SHA256
  
  69655c34d8112b6e5951bf7f108a42b84ec4dd39d3889435fe3ade7a38ebdf9c
- SHA512
  
  4be1af14d9e24b5c086662a0a85813020e607f5ea476aec6572dbc4df6277d438e2f3bd73123cc2c2f88896b355972586b9420b31ef878293ce6350a6d7e3047
- SSDEEP
  
  98304:MW6Awh/bYCKxVKC/NBcw0rSC/Ns2B7PxQpAbtBcrlC:K+KC/NBcw0/s48rl
Score

1^/10
behavioral27 behavioral28
- Target
  
  Profiles/BF1SDK.dll
- Size
  
  5.0MB
- MD5
  
  865199fd0f2341285d23e09d8add5c8d
- SHA1
  
  538328ab90487922d06be80ae12aa8f9844207b0
- SHA256
  
  e14254dd1a8e39aba9c4ae1022fd5a5ec817370daf57249daac5bb818f025f1a
- SHA512
  
  5bf67c34e7ef9d4930a65c68835d39ea4713be78a4fe7315069adc1cd9e13fd7fa08269314e2e43535099ec653d2a92d0acbbbe180b2cf6e30fcaac5f2d22273
- SSDEEP
  
  49152:dGk/IOeK5gBr5evQ8hbVJSr4SQzKlfFTB+Im0SLAYrTf1Bzail6kA5Pjh:QcPRvThbVJS0SQzE9TB+a
Score

1^/10
behavioral29 behavioral30
- Target
  
  Profiles/BF4SDK.dll
- Size
  
  3.4MB
- MD5
  
  250fa39af332975d5059fdcc84bce13e
- SHA1
  
  fbc42e8845130a3d7dd4fd93d27cf99a9158fe91
- SHA256
  
  14614487e8724c3d6cfc1aa97fc904a374eb23c5a8d282b532d1da0ad6916341
- SHA512
  
  b720d4561b7cc091312230b115395fe8ab0487fce1d8b70d443ef1d1116ba2bd593299c941306a9ec863855a83edd7c354a51e566e09f90f5a0d0c7cf4a9aa5e
- SSDEEP
  
  49152:Y6fkXBAWtNdTOX7wuoCvoplGHxsArlj+2RRv1An4CaW+j:8tKpv
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

Checks installed software on the system

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32