48b3cc0799138804952d7804a326a9356b4713be099d09a03d315d6fa8a6df28 | Triage

Sharing

General

Target

fruit_warriors_script___gui_hack___autofarm___i___.zip
Size

6.9MB
Sample

230305-w62kashb24
MD5

6f4db608909e314fc76020e240a08d6d
SHA1

53b4eeaaefd63bc1aeae5c0e0859688ad5146b2b
SHA256

48b3cc0799138804952d7804a326a9356b4713be099d09a03d315d6fa8a6df28
SHA512

e9535e18fa225f586f9097aa218eecfff41eeb6894a4942e49291f81d21d2b13451d8737aebf3ee74f99f1c085717edb5880c5ac0bc7a84724b09b7f0280653a
SSDEEP

196608:5RNhCYH7FXmNPQK7VmXcTMR6M5pl1slFTXJUtI:XNhCSFX0J4XoMR6MlMTXJT

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  fruit_warriors_script___gui_hack___autofarm___i___.zip
- Size
  
  6.9MB
- MD5
  
  6f4db608909e314fc76020e240a08d6d
- SHA1
  
  53b4eeaaefd63bc1aeae5c0e0859688ad5146b2b
- SHA256
  
  48b3cc0799138804952d7804a326a9356b4713be099d09a03d315d6fa8a6df28
- SHA512
  
  e9535e18fa225f586f9097aa218eecfff41eeb6894a4942e49291f81d21d2b13451d8737aebf3ee74f99f1c085717edb5880c5ac0bc7a84724b09b7f0280653a
- SSDEEP
  
  196608:5RNhCYH7FXmNPQK7VmXcTMR6M5pl1slFTXJUtI:XNhCSFX0J4XoMR6MlMTXJT
Score

1^/10
behavioral1 behavioral2
- Target
  
  UpdateAgent.dll
- Size
  
  2.5MB
- MD5
  
  e8f0b0c0dec2cd4b1f0e56856ef8ade1
- SHA1
  
  a1169d8c23c19dcd76e21c2af13284ac3500452f
- SHA256
  
  0809b91149b9831542b09994226f4ef9e891d6c11ec36e8b2be8341d19dd9d84
- SHA512
  
  105015f5960768c7180b1ad14983864211baef12afa427d34108bdebc93ec23beeced98b23c097679ae2c02d3f6794e24f2bcb5d33f35d54afa8fd7f0a6b72fb
- SSDEEP
  
  49152:a8q2gU095CwTl/pa06hejtYH+kQne+qSPilMvTWwO/nXFVZ757gGIM3Ehd7wjxGc:akgIFUBxMKk
Score

1^/10
behavioral3 behavioral4
- Target
  
  setup.exe
- Size
  
  445.4MB
- MD5
  
  3c8b5a353e44aaba17ce59a4924a2181
- SHA1
  
  4a37a03782dd4aa9b39cee134d92038e917120cf
- SHA256
  
  43f8acfcc15d7f48701769a324cb99b12c541e80185a7caa0b6be63fad025490
- SHA512
  
  1b2bb3467257c43f63787d88bd2dd5072bff3c888a12da53ce9812ed0de0af41492a846f30e9174fb9f231b98a213bc5ff02097a68cc1d65e78c040ce0cb5f8c
- SSDEEP
  
  98304:dkLr9c9WJPSHRzilwSzrgGzPgffmfmpS8J656RA:ur9c9eqH9ilweImfySF56RA
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  vssapi.dll
- Size
  
  1.6MB
- MD5
  
  505d349264b832496448d1333f9ce21b
- SHA1
  
  f4ceba7d72b39ba8644eb2fd6d3eae2997d7b63d
- SHA256
  
  9a1e8566bfc084e2090ae3bf012b88c721d718c1366f37d534702b28e0d54983
- SHA512
  
  588f43b25d9b1e165c2d29dfb6c9376037323e042036b25ec6ee8a08129ac9badbb20c8b89142f681987e6f5fdab82f9fe8c82d1f5e48673b3867f6de94590e8
- SSDEEP
  
  24576:vO323Skspcp/AygZQ3SeQq6fLgLhYsKZ1btOOA9DMIDY:i2FsU/AW3gTkh2Z1bFA9DR0
Score

1^/10
behavioral7 behavioral8
- Target
  
  w32time.dll
- Size
  
  506KB
- MD5
  
  eb00241b230ba9db117300f7d387472c
- SHA1
  
  536ff9c3b171cabbb364483cd667a0af10ae10c8
- SHA256
  
  92a7c73e59789c5337ca4799924c8f84e5edb2e76b15abf927201553e4d9a19a
- SHA512
  
  9d48c68e6a207341457f83e1dca326c54e15e8c3333ba9e9978a2949fa30272fa6f6bf2705608c5074176d26c906bff50afa6d3d8f5de5a082d4d12f60f12a52
- SSDEEP
  
  6144:26iNJ0DU3xOrRijnKl9a8dNbCNv8krA2q7yuL8Ktf6EBOsLmTcZtxLntw2pYbq8a:26izwrinKDaONmHsx7yTkntAbq2waA
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10