46844cde9676b0289d253d2c109911d4c7fc0f1e7878fae935129dd848ee0f11

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.zip
Size

55.2MB
Sample

230402-qyzg3shh5y
MD5

e993dce22ab7454fe5e98745737ef9db
SHA1

6e2e06c5707ce2b1f4e021075b46f37db969053f
SHA256

46844cde9676b0289d253d2c109911d4c7fc0f1e7878fae935129dd848ee0f11
SHA512

5ddb538b4e442a4550152af24d32d7518a7f5c63ee14528362b553940cadc9775d20d3f2db06a49de05356c4488105a66ece6824977ac44db347d035cca66a92
SSDEEP

1572864:F4mzJoeE6913cEE6T+KUTyltEsTjoKKWtEXdDWVPOrBpt4u/o:vzJpE8Rd7+2lSshKLDWg1ptY

Score

6^/10

Malware Config

Targets

- Target
  
  Desktop.zip
- Size
  
  55.2MB
- MD5
  
  e993dce22ab7454fe5e98745737ef9db
- SHA1
  
  6e2e06c5707ce2b1f4e021075b46f37db969053f
- SHA256
  
  46844cde9676b0289d253d2c109911d4c7fc0f1e7878fae935129dd848ee0f11
- SHA512
  
  5ddb538b4e442a4550152af24d32d7518a7f5c63ee14528362b553940cadc9775d20d3f2db06a49de05356c4488105a66ece6824977ac44db347d035cca66a92
- SSDEEP
  
  1572864:F4mzJoeE6913cEE6T+KUTyltEsTjoKKWtEXdDWVPOrBpt4u/o:vzJpE8Rd7+2lSshKLDWg1ptY
Score

1^/10
behavioral1 behavioral2
- Target
  
  GameAssembly.dll
- Size
  
  87.7MB
- MD5
  
  772ce493d9a2bad9f4fc12362516ccf0
- SHA1
  
  da9ce281891da92534a7a15d23648bfcfd629322
- SHA256
  
  d5f425127fd646ca056eebe4a8a48e0971e8b7ee7682a41eb94daf90d8157b43
- SHA512
  
  18db5708c416892d92c6d3be43b075c7697a451f25d4e52be6a8d0f59de0c0fd34961dbbc5e3a7065c680b68a5b1a9a2025b464189fe2408c568b385ea8cd962
- SSDEEP
  
  1572864:iRd5gqBc0M6OuPqPZEF98RrrmM9JaWmjxSR5yDnWaETl:+jBx+EET
Score

3^/10
behavioral3 behavioral4
- Target
  
  Launcher.exe
- Size
  
  6.6MB
- MD5
  
  3306c8ffe15fea29a0a59fac9805daf4
- SHA1
  
  980506195b477689a29f1e94a00ffb56808012dd
- SHA256
  
  2ad12bf130d62371e2eceb66955178e26d929899e8e49b84c18925068e867d7a
- SHA512
  
  41190e3c2e7d35b24f2dc799c5a10070672bd1e0ae8b369fd8a96bfae0ef9284372d28f94eea8c02dbdf96d2274f63ebd50591b387558a33548e9798c88ba4a7
- SSDEEP
  
  98304:0LElcq9Aj27JHAwZQw5PAmORpd+XAclmDi9C/lVGEhsz8E+Zx20hq850+5KHO:AElcq9z7Kw/Amm3DomDlfGkhZx20hsHO
Score

1^/10
behavioral5 behavioral6
- Target
  
  OnlineFix.ini
- Size
  
  678B
- MD5
  
  06a7b4bd043c6cca7a35a4287a619de0
- SHA1
  
  ec1b64a7212694253c159c254d134a60463ecd82
- SHA256
  
  adc3135049e3a5555c567a51114dda404e8d29baba5b4b9949d529c60a0da2a4
- SHA512
  
  2483c594bfafb5701ef7b3678dcaf004d63a15cb38881a0908edf294f00fd13c39bdd51b8143a76755714a03e3799329765d71ae07798275775af606d7937489
Score

1^/10
behavioral7 behavioral8
- Target
  
  OnlineFix.json
- Size
  
  55B
- MD5
  
  51bd3de7ee7e70c96fe914e35be2e0ed
- SHA1
  
  fc1b6359e5fa6c9b8652bb583d736d381cf6b77a
- SHA256
  
  c8b63a63cde606dbec66a7ca1d2f4b455907551bdd920f922eafed91a95a602c
- SHA512
  
  1892e6ea3ede9ec37622a17b1ce3e7945539d1f659317500e7344aac63ade2c997a50a64479818e80dd4fdab63357c460282fdd3764e4f17cc12897b50e31f4c
Score

3^/10
behavioral10 behavioral9
- Target
  
  OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral11 behavioral12
- Target
  
  OnlineFix64.dll
- Size
  
  4.3MB
- MD5
  
  aa6eed97f7877abb9f3396e0c4eec706
- SHA1
  
  abe788bb8c682d08264200275abeb0a26a905a5b
- SHA256
  
  04a9518cf09ad09c42647b2f2d3036f3fcfd59a36850a6ef56359fcc11ad1456
- SHA512
  
  4a5186414fe9a1e577d5724d1f72d0a1c3441d2172b02cbb0f20bd803a997af5a98ec30f87948f3eb426c5d63b96a75ad3c510529e0eb3ab7f34eefd1d7eb605
- SSDEEP
  
  98304:L96tOeWfnh8aT4Sl9NGgjIK3sY/RY6nCdaPsCw:wOtfhP4M9ND9fBnCAw
Score

1^/10
behavioral13 behavioral14
- Target
  
  Phasmophobia EULA (Ver 2).pdf
- Size
  
  187KB
- MD5
  
  67cac6961ba3e14ef67dae55efe57981
- SHA1
  
  90aa8cf8e18f77957208a7c248718e2c597f5518
- SHA256
  
  4615c0607b6eb01817d098188adc3c2d642dd1bc79cc631c88c41c2ff67054ed
- SHA512
  
  a009dc5bf696787e1af241a958561316477d59ca919968b2364e644ca1a65cd2cd88116d706bd7f6bfe33be5ad658234b8086e9c6f539e97378e82f299dd5dca
- SSDEEP
  
  3072:QDvcy4v+0RPXtVUwnZgVdOUZ6RkMrGNSUBUW3Xv8nCSZbZphTxfYVNQaX8i32Fgw:QDvfKxPvFUdR6LG85WHUnCCb1T4QM8Iw
Score

1^/10
behavioral15 behavioral16
- Target
  
  Phasmophobia.exe
- Size
  
  638KB
- MD5
  
  88120277a20a6da72bb2288da9a997bf
- SHA1
  
  30bd9786432d526564fc97dc1b5677efb4fcfd68
- SHA256
  
  29302cc844e82e3f106b366dbf6cd013aa3d8754acaaa8942a234b8c716e39d9
- SHA512
  
  aa0dc9f2aeb44403053e5272d53131e3223244bbd438f3e763e95bb111cc0e5f8f8c1ffea0a17354a47fb342e9f4fb77ba6439d5fd67d4b9aab42d6d8caaa8f0
- SSDEEP
  
  6144:REbaWnBUCG0wlaSKx73bhQ6by2TlBTR8OrWyS1onFAy4:RoCCbS4G8TbTezy+o/4
Score

3^/10
behavioral17 behavioral18
- Target
  
  PhotonBridge.dll
- Size
  
  3.4MB
- MD5
  
  d21d2ecc52adf29f6d124f74401a53ee
- SHA1
  
  b4afc0f37aa345fd2996402275d63941a1ea49fe
- SHA256
  
  022c577fbd8d8365553f7d9bb7cd2039bb9f36088c7176fbbf1c0950fc661cc0
- SHA512
  
  7df4e7ccc4c249c51cbf109b37b34439e1e853e1410c50ab1a0518e743720c5c7815ca70eb0e25154acd428777e512ed74edf8a18d6fe646d60bc926c25c069f
- SSDEEP
  
  49152:fnCqtLGhj+ihFI2+Gt9iTYArIcZ+J54JYXRUszY6wBXpiDIUePezTvZat7Z5AHl1:fntLcj+igtikTYwIcZ+cJAURpATQ3Q1
Score

1^/10
behavioral19 behavioral20
- Target
  
  SDKVersion.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral21 behavioral22
- Target
  
  SteamOverlay64.dll
- Size
  
  96KB
- MD5
  
  549eb651023fa847d2212bebe29c6f9e
- SHA1
  
  f70fbe8f46cbd90c185eac2a2df843e2c3405a8f
- SHA256
  
  9edeba9df599d65fb378d4bcbe16e9ac2ea3b7850491e662e8ddaf6f1d74849e
- SHA512
  
  9e249b8d589c52857362b0611c265c21d1f715749e6b7a75e112d28aec89975655a8ef62ad1de812fadd39a48f0e01cc8eef9e33bbb5e30da827020c77247c68
- SSDEEP
  
  3072:YV/XjVTzI4OC9cFnlHB6innA2ezcqSn4ueM+GLSD:iTi4OUc7Kt
Score

1^/10
behavioral23 behavioral24
- Target
  
  UnityCrashHandler64.exe
- Size
  
  1.1MB
- MD5
  
  27f0e04fb25b0a421a9f0c9791968469
- SHA1
  
  7a420f9e3212fa4ff53115945dae55c303c18321
- SHA256
  
  4f515814d7bc201811ab75cae5ae3fd16f4e72e29348a37489f678004878ae61
- SHA512
  
  3ca22501d5dcc61d564e2a9d254b846f72664bf28306e171869289ae20a454749325d8e48e1440e6664abeec748a946eab93d0b3b16db43dfc9e79633e5b4372
- SSDEEP
  
  12288:eLWNlcYyeraLLuLiT2SSYHdSbM+Fh6wk2AdgolZVQfz2fzA13:LlcYK2WTBSYHdWFUbdghz+zAB
Score

1^/10
behavioral25 behavioral26
- Target
  
  UnityPlayer.dll
- Size
  
  27.9MB
- MD5
  
  0c97a7a9f0a9c9748fc23bd8ad55bd42
- SHA1
  
  80238769147c43303b9ab363c6bb9ccfc504a6e0
- SHA256
  
  4adc6da07c3f5f9b95f28b29553c184e8a3ad04b33ccf8da37ab4c89d705b775
- SHA512
  
  e83e8bb65bdd47c4abb0633e33b1cbedbfbf7287bca179ff5c9fe07e23abe62bf715841c069a5092356103beb4b4f79d96dee98ba1d9e1aed943ca753328cd96
- SSDEEP
  
  393216:Hjn/RRvGpQ7YRTYSz2RuP3dseOB5pd09LXNXUlrfWfoaGVUcxCObVfXP+zzghc5d:HAmlrfbn1fXXtKw6
Score

3^/10
behavioral27 behavioral28
- Target
  
  baselib.dll
- Size
  
  395KB
- MD5
  
  cd5f4dfaa645d0be46d08b39efc47195
- SHA1
  
  e890a0e4f78ec1cfb6b3cc55d9fc5f7e7e475c7f
- SHA256
  
  c9c3dd7473d3f3c94c1058ea627cd1b75e1bb482734658d6d085e1a7c3574edb
- SHA512
  
  9f207059ccdecda66055a530ac2abcf0a2f4dc55f016b558ed0a89e111649b613dc03a0306afc75a4b70ae180b643a59a668adcaefe82baca8c1eae476c5d268
- SSDEEP
  
  6144:mmLYuq1+dNhJ6d0BNxcHqT4PxAVsyyhcm7vv78sdTW4FYVXpy3XVvfBH3:9Yuamvq+GyYoGdb1d
Score

3^/10
behavioral29 behavioral30
- Target
  
  dlllist.txt
- Size
  
  53B
- MD5
  
  f1d3aa9d77f8bddba4088b16d3bb85b5
- SHA1
  
  283e541f4831ac0bae0027bd1bf13a1ba5d48237
- SHA256
  
  17edddef3831bd0556fcb546420b65f771ec483bb05db72e71567ca044642b91
- SHA512
  
  8f97c29e52ae611250d8685de025959267cb2110b035fe080412cae0582572dbbabcb5ac29d4025cc00414f2d099890f3e1b82c033158c69c9f714354a74383b
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32