f6e85a09d34fee8569e913af2a11addf2a6a640e22f2a92e691576bbc89de411

Sharing

Copy URL

Twitter E-mail

General

Target

Undertale.rar
Size

131.0MB
Sample

230318-aqjhwscf3t
MD5

a8521cacc9f5b2e6e23e11a46fb7f18f
SHA1

5d3c09c8092ca9e94366c18852632c9e642fe706
SHA256

f6e85a09d34fee8569e913af2a11addf2a6a640e22f2a92e691576bbc89de411
SHA512

b3618b5acc50555ff4bfa11a16eb03d30c379f3d9d127703f980d54827f2966a50a3f02a7a8db9c790f9f954167931c80448d53a6669583cf4f33f9c939d0ba2
SSDEEP

3145728:WxtT0riqRaYPR1nyv0O8dbsk1mq9md1MNuV5/YyRduk9XN8zcq:2T0riqVPok8Me1DV5/hik9XOh

Score

7^/10

Malware Config

Targets

- Target
  
  Undertale/D3DX9_43.dll
- Size
  
  1.9MB
- MD5
  
  86e39e9161c3d930d93822f1563c280d
- SHA1
  
  f5944df4142983714a6d9955e6e393d9876c1e11
- SHA256
  
  0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
- SHA512
  
  0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3
- SSDEEP
  
  24576:8UtU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBs:8566l2u45BiNYFrz31Cv3D29kd6kWa
Score

1^/10
behavioral1 behavioral2
- Target
  
  Undertale/MiscUtil.dll
- Size
  
  68KB
- MD5
  
  8d59151cb3a1b83d15f8f812cddc0c55
- SHA1
  
  133d398c5cf755b537d10c350ba16dd65c975438
- SHA256
  
  cdad1576c86c4b946fb88d5e4c28033d68c66f76621898f3b6e237a6d18b976c
- SHA512
  
  0e8c76ab061d0a68abb4f11696e5a25ce1eb4f536c3b60fb7df005969655e587924411c7fb617fce427b4f6330c36196fcdeb8f1cf40cc30f13f746e7b6f8f41
- SSDEEP
  
  1536:/v7Lho8as7eAK2EPnqI1BkDuPsTlX34AP2:n7Lh75wkDuPwlX34AP2
Score

1^/10
behavioral3 behavioral4
- Target
  
  Undertale/UNDERTALE.exe
- Size
  
  3.6MB
- MD5
  
  93d87952773a2bb59a8667d0bc06c2c0
- SHA1
  
  480c87f42e8ecbcde1104f4a61de5dee6a9cb3c5
- SHA256
  
  9ec41f5094544c938fc075f5506c089d0c1e11fb93afba79a196981bef81d19b
- SHA512
  
  d9fce47e5c037e4954437c95abea6959e39c91d0bcd596f1c3267e5c09e5a0defade4c63617609b5386879bcae06e3c60e909fcf2476e250bc960eea0c2d1c6d
- SSDEEP
  
  49152:LKmEDcfY7y7tinhmShHrfh/mX2KiKwmFT7MvTyA:y7K6HrfdmX2KiUFT7M2A
Score

6^/10
- Drops desktop.ini file(s)
behavioral5 behavioral6
- Target
  
  Undertale/UTES_v1.exe
- Size
  
  8.9MB
- MD5
  
  b42583feeb7a6b516e0ef812d31c58c4
- SHA1
  
  f62bd9c28da1b25e2ab9288262f21727f7c47742
- SHA256
  
  7b58472a5047d32efffabd53ac8a2353e4977fec9a5701904e179ed65dc73e88
- SHA512
  
  2c2ea550ec993332749ea97e8f9ad0fd17ebbe1a9b9f2d323e4b3540446bab555dd35e88c706bd68e5cb669cf6bcaccc32961d789a49840c1a00e8fa7c271ff9
- SSDEEP
  
  196608:oUgcIDYt5/Sac35dAlmnJyu8Fk/qKMSPEeSTLy33Hb:onTDy5/S15dhn0wqK5PyLynH
Score

4^/10
behavioral7 behavioral8
- Target
  
  Undertale/lua5.1.dll
- Size
  
  322KB
- MD5
  
  c3f5f4a1fb69b5889f0bbb313cf6017f
- SHA1
  
  e4f592cfbd62a3c3caf27177ccea5a77afa649bb
- SHA256
  
  769416fa7edf38e91a55f4f7163914ee4aad9c8c890ed641c300b73157acac45
- SHA512
  
  e17d3be36fd2ba892d945f3737ebffdefe6d476224ef3459b567579971559a048a886941f57ae671b3df32844f99575a14c72ef8c49c2d4b1e8352204ccc05ab
- SSDEEP
  
  6144:+kn2LG5bwf92+0HiDhAqUS0aMkhwfDRAOj+JzOg7Fp:72x2cdUhZcIDR8xhp
Score

3^/10
behavioral10 behavioral9
- Target
  
  Undertale/mus_undynetruetheme.ogg
- Size
  
  935KB
- MD5
  
  a406b15d0e513ab4cfa25177dae99561
- SHA1
  
  b806ae43e0d3e1e94eb074217dc0c7d32fa4ab33
- SHA256
  
  795cafff0fd78abc5bc55ca5e556f8839d20daddf1a4023e3183f70c3329ff4f
- SHA512
  
  6e5039b053aa67b51e48f1ac026a815909f0942def7b22d7a1549a518f70fc40b317075e6a6ba8c096082542d4a0caf738bcd6514c7c59961713c2643c35ecad
- SSDEEP
  
  24576:jB1IsB8JDJ7NkfiuNY6iUTwSvzaKY5mUoWO4DKQhN:j0sBqN7Eq0MSWKY5mUoWOgKON
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  Undertale/mus_vsasgore.ogg
- Size
  
  1.7MB
- MD5
  
  f210e62ee36e85ad97c15efcc0401e9c
- SHA1
  
  65c728a3fc987e45e55a1a6b337376a814dff2b1
- SHA256
  
  9cf830d2b8b941e82b0822010461b17d9581dd3b98adc7abab8ae5cb5bfb105b
- SHA512
  
  50d46f23c743b1200ec7871107bc41d334b7091a3a75001a24b55064d13632564271690dfec4fea83304e9aabe7dff5729af460ef35741d293357a3f2fb1fb46
- SSDEEP
  
  24576:lSOZGfabqjuSnopI6DHWwhS8RB4hFb1AFwH4i29rPjRoxL+ec90BicG:XQfabqjumo2AWuRBWV49Jol+VgG
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  Undertale/mus_waterfall.ogg
- Size
  
  1.4MB
- MD5
  
  76da9c33fa66ec7fe8a1d13d1a43362a
- SHA1
  
  3a663ae11ca1a9b26495768f6bb2b6abda2c1fd4
- SHA256
  
  3739def3b6bad87ec2215407627ad0464568a46015945bbf6fe23a77dd78827f
- SHA512
  
  6c605af5c1f4e7d513340bc75806ddbfaee78e4f5aefa6d4c3b9640588e103d633857cbc3b4f19ecffbe25d872e67a310b19d4db36e8ce50da5ee14f6bf13db8
- SSDEEP
  
  24576:8XCxSrLb3GbRtfHksrYeuj7jprl1lh4gH2p+XZbxWSA2y+d8wrQhPi/Lzc:88mLzWTxrYfj7B3Bs+XZXBOwkJ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15 behavioral16
- Target
  
  Undertale/mus_waterquiet.ogg
- Size
  
  237KB
- MD5
  
  e62ba6eba4d5351d526c9b10ccc595dc
- SHA1
  
  a2b49fdf1ce15f75809a58e5514584e0a9c6aade
- SHA256
  
  38c9bcb1338b4bead4b60489e41d75ccb60f222f804ffc4218d7e12a53cb3c94
- SHA512
  
  71525e980dada0a29c041aa7a7c8e682a71b440fbd4d3e2efdf8ba8f6458c9262bb681a6ecc3ae91eac9f5e753f50e40c9b0b9d7d057100ad5a828701c441172
- SSDEEP
  
  6144:a+ndlkYEnGpqZdNzL6GoWRH0u5XVL4dI+/8lnzE0gXi0yK:a6B5u3mG1WKV8I+/8tPEig
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral17 behavioral18
- Target
  
  Undertale/mus_xpart_a.ogg
- Size
  
  691KB
- MD5
  
  41edfcd54486f4873191f24eb3046e78
- SHA1
  
  db56c6fd3c5bd054aca9ea1c6a0c57871119a756
- SHA256
  
  5322645e70772c950cdb3bd6978640cc116abfda863f8878d2c8b8f48b452431
- SHA512
  
  1c12e7d1c470734a29021988e4e23024dd6a2391daf880e7424367ea5987c13f739df97b80ef01dd666c5279e3580a43ffb87f440804858b3182efbb812a3cd4
- SSDEEP
  
  12288:ksW4unEss2lhpdmlQDdAjiCczRjLqios6lDmIfM7l4A0E4Gq2IwuoHLX8OhP/JC:EvjXTOlrczlLFospGAIGqQXLdhP/JC
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  Undertale/mus_xpart_b.ogg
- Size
  
  496KB
- MD5
  
  cad302511456bd2cca081ea96081001f
- SHA1
  
  66a4acc681ba61e42940d4f2e04371b80fd87dea
- SHA256
  
  17f58a8895bcb998f176f2cde5f70e1aea041e7ac895d1d29f9e5c21a170b1ff
- SHA512
  
  82bbef6d07d4aa485be746c55af14522ba61602f12591c5655fa29c1f424c79c65d9f87fc7865eb0cf8d531671acf09f55702b831ae5cc55a6a2217f7142e520
- SSDEEP
  
  12288:RigdaDrXCcfvxhufZeg4sVXA84v78IVqtS2jFOn09Vg+V:RigwwhDK8YnVqnJOmVg+V
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  Undertale/mus_xpart_back.ogg
- Size
  
  194KB
- MD5
  
  cf327bbd54e3e211e8e268f548bd3b26
- SHA1
  
  3731fe3f8ee640bb11f32849fcbfb04ba6657c13
- SHA256
  
  97024dc4c151d2e8558e00facb66d8e0ee180e168f1f4246d4f8164c56b0a878
- SHA512
  
  30385a2ae088a6205ea0a171fff4af32e0d739a1fbc71df6e1d2f6f892958e37c66f764747adceb9eb12d4344fd699a385451d410d9111675fe91047c90e5ea6
- SSDEEP
  
  3072:BEN0H9+ksNLk0UsYmLmFvYF9D2Z8qO/HljoGZsxdgzf9+qUDjrURke1ZDjLwIkw:BEN+MTLkjsvovWDA8d9jo1ylUReTjsIr
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  Undertale/mus_yourbestfriend_3.ogg
- Size
  
  385KB
- MD5
  
  4db7618e3368b5e09706c6761994870e
- SHA1
  
  4734a5de85eeda35aca2e40d6c01eb779c73450d
- SHA256
  
  e5f09f660805d7c24838d1166e269691169a89c8c439b45b8299ec8f60a93f21
- SHA512
  
  756b5a8dc2003c42936354c86153a14952007c4a1fc48b1827015f558475319020c7f522ad9d6477532d280e2c35b2a3b61ee2584656ef56388ee6c1fca0df1a
- SSDEEP
  
  6144:nzpCviezy81+84hpbN4gyJJCTnD1ndslLe94RdMGQt9EGdWztOSMk9nWMto28p04:NCvD2hsgQJMok9NzW5JMkhWMto28pEYN
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  Undertale/mus_z_ending.ogg
- Size
  
  2.0MB
- MD5
  
  509a522e503ac9d20558c0a9f49fafc3
- SHA1
  
  dcb08297bcfec79e2e2bec82a4cc1040c405a4d5
- SHA256
  
  499fde981d47e7e5db30e262bb1654c38afa0651a5abb9b8282994fd4ffeebeb
- SHA512
  
  3a7e57b95118d5035d4119324733a49620019813320d3eb84615f47220e0fd5d4c67bf92c602701e352974220bd9ade67137f38a1c5eacc493db5d5d59cc88af
- SSDEEP
  
  49152:tGdNRzHfxvFuLO9Kv3PBjoeVZLRkpGAEAw:kdTZvcLYK6a8T4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral27 behavioral28
- Target
  
  Undertale/mus_zz_megalovania.ogg
- Size
  
  1.8MB
- MD5
  
  2e1f0d621bc043cce9f9d95bda31010e
- SHA1
  
  577acf76854a9e7da25fc4665742c4013b6eb5f0
- SHA256
  
  8808cd10b7a7cdbf69494479e5f93a604918cd920f8a0a91aca1aff970ddbb79
- SHA512
  
  e2f7a756d1f3ba746e92983d931cc522ba0a9e02d07ec5c06c8cee4100b9d585d54e79c04604ac6e12c877c0006b85335c57648fcd889ce8d412eea5d6d9bc54
- SSDEEP
  
  49152:O695gHheOms+4GVHTV4Xpzy9jd0qz9UMCRuETDu6TktTT:t5gHxSVzyzE02Wktf
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  Undertale/mus_zzz_c.ogg
- Size
  
  92KB
- MD5
  
  ab4094359d1b7321185f38b0d187df1a
- SHA1
  
  837af465f053ae7cfefcb73e8d883fed31a10fbe
- SHA256
  
  897804d266b4c70c8e5e20a5b87a25ce76d1457b77c0f3769e188d0b47615c85
- SHA512
  
  ac89eca2045bafff6f93239ac0cad686f9e99e75a742f0e7da4bef7d369ccf80ce61d2dc954fb152568cd2301ae4328d47cb2f27a8000d58dd11f60dd48e9d8b
- SSDEEP
  
  1536:bZTXfTxroq0VosDcU/3epyOAP4SZQMcx5JKX1jOrXHYAFGuSaZt8ZUKmpCY9TCU5:xPTxZ8HDcU3epyHglxK1jO0SBSkt4VmD
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops desktop.ini file(s)

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32