Overview

overview

8

Static

static

7

Oneshot/Da...78.ps1

windows10-1703-x64

3

Oneshot/LAUNCHER.exe

windows10-1703-x64

6

Oneshot/OpenAL32.dll

windows10-1703-x64

1

Oneshot/SDL2.dll

windows10-1703-x64

1

Oneshot/SD...ge.dll

windows10-1703-x64

1

Oneshot/SDL2_ttf.dll

windows10-1703-x64

1

Oneshot/Sm...mu.dll

windows10-1703-x64

1

Oneshot/Sm...64.dll

windows10-1703-x64

1

Oneshot/_R...up.exe

windows10-1703-x64

7

Oneshot/_R...up.exe

windows10-1703-x64

7

Oneshot/_R...st.exe

windows10-1703-x64

6

Oneshot/_R...86.exe

windows10-1703-x64

7

Oneshot/_R...st.msi

windows10-1703-x64

8

Oneshot/_______.exe

windows10-1703-x64

7

Oneshot/li...mt.dll

windows10-1703-x64

3

Oneshot/libbz2.dll

windows10-1703-x64

3

Oneshot/li...-6.dll

windows10-1703-x64

3

Oneshot/li...-1.dll

windows10-1703-x64

3

Oneshot/li...-0.dll

windows10-1703-x64

3

Oneshot/libgmp-10.dll

windows10-1703-x64

3

Oneshot/li...-0.dll

windows10-1703-x64

1

Oneshot/li...-2.dll

windows10-1703-x64

3

Oneshot/libintl-8.dll

windows10-1703-x64

3

Oneshot/libjpeg-9.dll

windows10-1703-x64

3

Oneshot/liblzma-5.dll

windows10-1703-x64

3

Oneshot/libogg-0.dll

windows10-1703-x64

3

Oneshot/libpcre-1.dll

windows10-1703-x64

3

Oneshot/libphysfs.dll

windows10-1703-x64

3

Oneshot/li...-0.dll

windows10-1703-x64

1

Oneshot/li...16.dll

windows10-1703-x64

1

Oneshot/li...-0.dll

windows10-1703-x64

3

Oneshot/li...-6.dll

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Oneshot.rar

  • Size

    256.7MB

  • Sample

    230402-wex3ssba2t

  • MD5

    203d0bba967097849bcf726bf6835815

  • SHA1

    6c9fd6e4533b64d5827fd3881c741e50a6b4e6a1

  • SHA256

    2f2389c4427f79cb94d8d4fb3650b1cf0a27c0fc8996cf9edd061aa8b74fb6c4

  • SHA512

    857232eff2fc755a4b10bb868cdda1e7a5f1a153d15ac3292ade885089053d6e1880d75f89c4ba040476d99f6c796d0732d939337e86f6f25ee0d2f65486735f

  • SSDEEP

    6291456:IElAenYj+cDqeNSRx+gYC1z0uExEy1QMOxIyu9+SWwHjJ:aYYLWe/dKRS1bOlu9+s9

Score
8/10
bootkitdiscoverypersistenceupx

Malware Config

Targets

    • Target

      Oneshot/Data/Map078.rxdata

    • Size

      15KB

    • MD5

      0858e5f0e2d7ace0d9e5837cb73fc3d5

    • SHA1

      c7b686082ddc052f421590655f09e7e2cce40e1d

    • SHA256

      280cef324d1807caad4afd7e441930c377d3bdb95165782f7eca03f989cae631

    • SHA512

      eb810d2af3a47a8153a5fe4dcf64fdf01ad8788ae0fdb1cf49b2b951933c21fa8ad0e4419f2704b29a73098669fc075dc61f4065bdcab2aa53005c83e63b14aa

    • SSDEEP

      384:chezWfvjFDCLdqVsc6eqgBzUfa/TGqTbWacCTFU:cL/y

    Score
    3/10
    behavioral1

    • Target

      Oneshot/LAUNCHER.exe

    • Size

      227KB

    • MD5

      d8a09db41481b0567601d2cab42db466

    • SHA1

      ed0d1c96f7c81263643e2db9501d0c65477d7582

    • SHA256

      3dad541c5fcdbc09b1c079e6c92837632c649d78084fdbab2bd2f1ce25ec2c5d

    • SHA512

      f79daca8564f9cbcec59ceee458634fe223503b7eea6e2cf8f038fd3ef84044825a631f99872c732e3ae943531553510ff243c721478f3879ab818bf0b34b0c0

    • SSDEEP

      3072:TGtleufyNONL4MdzCOY4jb1pQ2hHKPtOHO6VrVPoVJtCbhVPoVJtCbFyf:KtleuqKEYzYQyuHKPtOHRWehWeQ

    Score
    6/10
    bootkitpersistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral2

    • Target

      Oneshot/OpenAL32.dll

    • Size

      703KB

    • MD5

      4f953cf95b76cb4aad0fd15561238c16

    • SHA1

      b201faf83b5a7dc19a649a148224d0c7de458552

    • SHA256

      da0160426f31e75f34ac42636649aeee4a7a6bc766dac268e7a3a81cc4f0f7f4

    • SHA512

      15013363723306b8b89371d800e2597d65a845dbd75a83c44f392c7a925fd08ed69398e7f9ba4d121b724f3efe6dc3a58e2a40ba6df2010aee5b430f2be1db71

    • SSDEEP

      12288:y2+rBMcmZ7G7c+94vvA3vLO5YEtWWnPCDUS9FGFY:y2AMWA+2vvA3vL6MGe

    Score
    1/10
    behavioral3

    • Target

      Oneshot/SDL2.dll

    • Size

      4.9MB

    • MD5

      a9b9253385dfdcbfea6fe270ead88b70

    • SHA1

      1d575885ac0ee03f57530fc79e47f438b62a9d25

    • SHA256

      1b736dc1b78f2298f5f6b1debbc6fe5e95417cc8add6d6ae2e0806d94973ebd3

    • SHA512

      efbfa9c2d2609eb57366e2631194dbaf41478a285058a86c40fc151aa36f11ae273f55cca2273930e5dc86ebd012b2dc5eecf26d8b75895b188817694b40b2c2

    • SSDEEP

      98304:lxp9esz5j9uDFtwyQB7/Qo584O7ip1QP9Pnty9nudYp+:lxp9Zj9kiponty9nudT

    Score
    1/10
    behavioral4

    • Target

      Oneshot/SDL2_image.dll

    • Size

      444KB

    • MD5

      8607b573c3290ce9082841cd8a121767

    • SHA1

      f6cd77d5930cec451d6979094190f53a90febd03

    • SHA256

      9e3f740573500f88bfe4b4f317a9e7d0d674a5a24a6356d28da8c936feb4d334

    • SHA512

      aa9393895916ac77aa2d4dc19cf487c28c0178ba649281b0d9d9cd868cbc816c522709f1301eebfd141e494aed4f0f7a314b12075085d197bac47095e2757370

    • SSDEEP

      6144:c47zMtBByitjKiy2KsifmgsOysSXiEG6RbBptJDN8s72itxiXqtexRNCem7bAxQO:rMnDj6mgsKkG6JBptJD7GRNCe3Qwj

    Score
    1/10
    behavioral5

    • Target

      Oneshot/SDL2_ttf.dll

    • Size

      169KB

    • MD5

      9e64a15cf488ddd2f4177bd84b4b5dc6

    • SHA1

      e7389e5e0569ef75f3e7523a82af793504e66d32

    • SHA256

      663138ceec1cb121057830917fb76f6a5abfc177640699f8338cc883bb449b17

    • SHA512

      ccb5888550c02b94d3e7e90e754f5f2d1bf7109a82fcf72365f741b304c3c8b00b62511ceb17fae575dc5bd49d8b119fa15e2fbe4199ec473e0df7a6940ea01d

    • SSDEEP

      3072:CxJpLHMXX9/yQ3JmkCymOVEUnDBVNpLTevl7z:2pLHMXAnymO2e1p2vl/

    Score
    1/10
    behavioral6

    • Target

      Oneshot/SmartSteamEmu.dll

    • Size

      4.8MB

    • MD5

      04c104b053033de230ca0cf2fb7551db

    • SHA1

      c5e29ff1038912269a6dfa47ef24777b2aa10ad3

    • SHA256

      037aedda71cb651a4e4862ef4707c1852e6e49dd5a1f754dae776b404778e7ba

    • SHA512

      657d6dc27b49160c9bedff793603ea00fbb0ec89400ab8ea68757b9f96bc2fd48cd5398d66790646e718ca9ccc63d9d90ad5820bde4beeae5cc33e37372692c7

    • SSDEEP

      98304:+rsrKeZ4lpSnj8kz8T+o9ut3anTJ3gkhY:UpSw+oaan6

    Score
    1/10
    behavioral7

    • Target

      Oneshot/SmartSteamEmu64.dll

    • Size

      6.1MB

    • MD5

      5dc6236319a29bd23ac65f6bf958f60c

    • SHA1

      c7768f878d21b647ef9e3d30ac28cd4cfa0071d3

    • SHA256

      31814363fd8fb818bf7a7626723171891c5ae6fd4c0518ea9583efc4d6cecaf0

    • SHA512

      c3326a4ba62647579be395cdcca5ac2e6ae03d58327ac06893681af5f007c2f40eb8d13a666baef0577cab6fddd5fec570fd7de8dfaf95214ec494885971964f

    • SSDEEP

      49152:avUiYowIrXeoFNDElZtQWsbwafzprwHiny0uKoKBjizdpaPDiwvMrgRMbc3+85u9:aTA6wMaL0+KdiU1RM7SsOsv

    Score
    1/10
    behavioral8

    • Target

      Oneshot/_Redist/dotNetFx40_Full_setup.exe

    • Size

      868KB

    • MD5

      53406e9988306cbd4537677c5336aba4

    • SHA1

      06becadb92a5fcca2529c0b93687c2a0c6d0d610

    • SHA256

      fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425

    • SHA512

      4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99

    • SSDEEP

      24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral9

    • Target

      Oneshot/_Redist/dxwebsetup.exe

    • Size

      281KB

    • MD5

      fd6057b33e15a553ddc5d9873723ce8f

    • SHA1

      f90efb623b5abea70af63c470daa8674444fb1df

    • SHA256

      111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288

    • SHA512

      d894630c9a4bdb767e9f16d1b701acbdf011e721768ba0dc7a24e6d82a4d062a7ca253b1b334edba38c06187104351203a92c017838bdd9f13905cde30f7d94d

    • SSDEEP

      6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral10

    • Target

      Oneshot/_Redist/oalinst.exe

    • Size

      790KB

    • MD5

      694f54bd227916b89fc3eb1db53f0685

    • SHA1

      21fdc367291bbef14dac27925cae698d3928eead

    • SHA256

      b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd

    • SHA512

      55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5

    • SSDEEP

      12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV

    Score
    6/10
    discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral11

    • Target

      Oneshot/_Redist/vcredist_x86.exe

    • Size

      4.8MB

    • MD5

      b88228d5fef4b6dc019d69d4471f23ec

    • SHA1

      372d9c1670343d3fb252209ba210d4dc4d67d358

    • SHA256

      8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

    • SHA512

      cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

    • SSDEEP

      98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral12

    • Target

      Oneshot/_Redist/xnafx40_redist.msi

    • Size

      6.7MB

    • MD5

      97c2eebb30c5a88c68c8f24f37183f1d

    • SHA1

      49efdc29f65fc8263c196338552c7009fc96c5de

    • SHA256

      e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7

    • SHA512

      c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da

    • SSDEEP

      98304:wynfL329J1XswfXO6wiBB+4RZg6aENaCZAU5PMO0MntfERyJGH2YPq/:wYD3C1XXfzH+4cLHU5PM/Mnt+YGlq

    Score
    8/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral13

    • Target

      Oneshot/_______.exe

    • Size

      9.9MB

    • MD5

      7c81788c7f084b5f4daedd791029697b

    • SHA1

      b88905dc4e939a9a9b5554a3cc95e3c374992c63

    • SHA256

      abd6a012cebf97269dffe3c3a3a06571515257f762eef705374a21dd0112d1be

    • SHA512

      1c690f80690febcbcf1fd182d970ea2ace064ace03d7927476f67d5768dbaa9f55e624d9f0cb9d8c110d5f4ab5f10b50b58d1db1918018ba8e2da49a65decaf3

    • SSDEEP

      98304:Hviz0tqUWCxkb51VVRG12cmOAfKhNeGUy0rqIMtG2TG4HRJaJGAgnT7yoAtFsLCm:Hvbt01VVVC7eGRIMYQxSg6/YIo1

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral14

    • Target

      Oneshot/libboost_program_options-mt.dll

    • Size

      787KB

    • MD5

      810221238b6ded4a033de5dbb1fb399c

    • SHA1

      45aa75e0e1fb9055e288ebb0dee847bbe7888bdb

    • SHA256

      90a5ee4e4deb34ed999e7930332bbf9570b3c2f1edc01efb0805b292cb9b6dc1

    • SHA512

      5b8a2750c46838eb8cc75d5bb8426f425535d659564dfa4fe558ae6fc0af31c7d6e874ada11b2425a903c4af7be7ab57cd29fa22e345230c0c2282b7215c96b8

    • SSDEEP

      12288:IRWEoeOSDM44RVfrbfxQw3E3Lhz11noxt+RfB:IRWEoeOSDM4WVnfxQw3E3LhTnoxtSfB

    Score
    3/10
    behavioral15

    • Target

      Oneshot/libbz2.dll

    • Size

      247KB

    • MD5

      1d72f15b2d1ec29749fb08d185509b0d

    • SHA1

      e4d48359b5c0aa249889e0f09b6a02ff0c7f7cd1

    • SHA256

      eefb014081d8491510af93745d2991b959f6e5e5b421cd5bfc1dfd9f0e1eb856

    • SHA512

      5376d1e98d05195bb60e74db80f02d84abf25ff75700107fa48447d01b35129049e2401a25ec0b50938d80635acf3ae0b384e1585942eacb1d28454d60ddd202

    • SSDEEP

      3072:mz6SOHugv0+LwH2E8qdvHMIy9uLm0qimKa1yU1GpW2RHuaVQSout:tSOHB8+LwWXGMIy9uaDyHpW4Hu0

    Score
    3/10
    behavioral16

    • Target

      Oneshot/libfreetype-6.dll

    • Size

      2.6MB

    • MD5

      1ea3d7ba73ca7d599ea12f35e4bc992b

    • SHA1

      5898b48f33dd638a624ac704326ac32fe259761b

    • SHA256

      1a4c5d51f06ce4279b3e7afcf2554461bf6b9a98277d3baa7d9b7561d0219fbc

    • SHA512

      7661fb532115e1b969bd87e6fe0b460804921f27cc8f4df31a8248ca9568485fcf4bc22a218375d0e37e7375b4a48884d2b8876e952c85de336115060cd57ea8

    • SSDEEP

      49152:U1IPjJMa9G6TOSiRUoFHGYPXiGAOa/QEiIOh3c/t76KNmheKkvMvDdZRxQ5B06oe:U10Ma98SiRUoFHGYPXiGAOa/QEiIOh30

    Score
    3/10
    behavioral17

    • Target

      Oneshot/libgcc_s_sjlj-1.dll

    • Size

      529KB

    • MD5

      9d67f52faca138be698cffaeea161fc5

    • SHA1

      205d94040be6f3b8683e3e8babeeaa538e5bf63e

    • SHA256

      2b2926f0c27cca16335621ad3d9ce2f589b61dae41fb7651c6ba98596ec30f25

    • SHA512

      8378ce8f95395f1d2abd272c8410d1d24d05c9e45e5f1e071dde3a7c324426cc54333da4302d6690460df37db504e2296c940d7982e6764241c7517ceb8da43e

    • SSDEEP

      3072:yzd+UZzONIX26oS9AK0bCBEBNPvZgo4r8j7O6P5i6iv9jvUXksm4sLRSKJP8PWY7:CRVuK02eZp7O6hOOLQIKJk+/XGan3KN

    Score
    3/10
    behavioral18

    • Target

      Oneshot/libglib-2.0-0.dll

    • Size

      3.4MB

    • MD5

      ad20c80c07d3189b3af021d5dfbb9fb3

    • SHA1

      f58ca0a1631ca0f70b4dd3aeed00fbbe0628a092

    • SHA256

      210b651df87718744826baefd403390b54b1b65b71dda7134e0c99acd9b11a97

    • SHA512

      e60133f0da5a3072f6ed71f114cebcaeeac1656e96e88a6a1947a24d06ab02ca2dcf7f4fced8db893eca162a167f8803fbf319b47ced98dc787f85905d1768bc

    • SSDEEP

      49152:UtIMeIhQxqXw4QlYpK3jCtv0acWaFCd3fcocuM8tlQ60:UVVhQxqXPQlYANpmK60

    Score
    3/10
    behavioral19

    • Target

      Oneshot/libgmp-10.dll

    • Size

      594KB

    • MD5

      f0f28656ed370b0643e825de2458506d

    • SHA1

      d304239a0f384fbe6fcc66a7122f62f3b97adf54

    • SHA256

      a8a99b2b37cc9afd7be06b04faee08698ff4649ec7c3d7dcff21f765e2ee21ec

    • SHA512

      d08326efd216d0c8ad7781644cf265e3679fabe5d3ab155fca9c3339f03af137eea470101f4dc8faf9ad942125a5cd265c062308432cee4f9ec0bce2c6729848

    • SSDEEP

      6144:whYzGB8V57cBNaBWGx/XRUje4Hesx9zTLgq/Tw34XGw1LXjEcZy:IYzG8V57cW1Ee4+sx9zTLgq/Tw3rw53M

    Score
    3/10
    behavioral20

    • Target

      Oneshot/libharfbuzz-0.dll

    • Size

      3.6MB

    • MD5

      526a6ba24cb4106ee6da8978ed6c829b

    • SHA1

      6c134e115c53e4ca82f0d8ca1c0d9df3ba3d5d32

    • SHA256

      70acb0a29344c85e031f811c4391fa70b1a88c97e01a2b5b02bbe665b24e9450

    • SHA512

      621aae21d4f02773e47803d7ab1ff729b9856cfdb09dc92423a11f8059d43d1d0c23002dfd1ad36a5436789905834e73ad1570d5c9e93cddb82bd70dee9e0888

    • SSDEEP

      24576:k//SLO1N7g6I3Hyt2tvH3/Fure8S1gjB/tRX/MMT4p+pX9iJhXYNM87g+XU7uiJr:i/SLAg6I9/FoeI/4spXYXYm08

    Score
    1/10
    behavioral21

    • Target

      Oneshot/libiconv-2.dll

    • Size

      1.3MB

    • MD5

      ecc64e185a02e657dea973aba46ac1e7

    • SHA1

      7e00be2ff7a997555e7ca2a559e7f70c1f105022

    • SHA256

      caeccdb63a14e2fb388aac015b0a13e350dd7774ed2c5a47f64790cafc7e10cf

    • SHA512

      dadc07b4dd47665c715be18f87f8e459422ee246e952646bfbc346ca606661ec51b8a3e2ef43fd8665f493699729ac08e18c8ae280ff0a71b9fe43f812fec22d

    • SSDEEP

      24576:M4JBAUZLYbBlbbTmpGavkg3NyeuQ6l9fHuf46bS127nOtYbaQ3OW:jBAUZLYbBcpGaXBuQQ9O46m2zeW

    Score
    3/10
    behavioral22

    • Target

      Oneshot/libintl-8.dll

    • Size

      545KB

    • MD5

      0e58cfddd719f305e5b28f4c0ac88e50

    • SHA1

      1cb9698adc4538907a0c4497ac2b26f3ee5ee4ac

    • SHA256

      58e5cfbb1c546027d3aa5aea913a751c8b79da2b17ce08bda02e3871fd1d2b00

    • SHA512

      9ba1d168edc72a107a29e2529d1e8ddfd33782d0a2a8123ca3f6a84d55da2eafc999d678f6c499b1b43002bbc928fdd288378cfa1d5440d9ffa7560309050f79

    • SSDEEP

      6144:BU23KIeYHVGI3k9dBddphT8F/5EWgEyIXdTJtkgOn+9i1hKU+ZF73X/u4:Bvekkek9do/5EWAqtkgfi1hKFvu4

    Score
    3/10
    behavioral23

    • Target

      Oneshot/libjpeg-9.dll

    • Size

      1.1MB

    • MD5

      5f9af6a09cdbbeca6f9d8aace67e0bca

    • SHA1

      abb9b6edf731e1c4185e3f615026da746022eaf3

    • SHA256

      7be167f47c9e53907384f130fd656884947cf76a45633aa083c87e1c0d266619

    • SHA512

      04aae19d7445ca90415927954f6a35337da7b7f888827b0ce2b153a28fba2037b9104bab3bd823de4b4783cc8fb3d32c747468f81d32b66baecbb3dc84e57c9a

    • SSDEEP

      12288:XOjapT/JQx2AfOx+i/lzhIQG9DQ7gl5SWUqLQy1n5BrLj3GyA82kiu8lmYnwkjTY:XOjapl1AfOsf9AA3zA82Rulgwkul

    Score
    3/10
    behavioral24

    • Target

      Oneshot/liblzma-5.dll

    • Size

      735KB

    • MD5

      ee00dfbbef101d60a0e20b36980f231e

    • SHA1

      2c81b3eb3ac3626614d6a52c5e168c61deec1fe1

    • SHA256

      7c50d2af7f7c634fb504543113fc69e2ce43764683bbf03f6a164be4fa589603

    • SHA512

      649786dee43a823a8023fbc0067a0e65e19432bb76859374316bf559d8290e1bb41f11904e428762cad4c27220cc03cd30388ac5fb6c0e1cf1ae2ea3af276b3f

    • SSDEEP

      12288:8Kqc70Jl+It+iM5KxHs1cU6/6QHHNe3+CnqA66RJw4oocSeOVljOGNK3Q4108p7K:8Kqc70JlHFBsG/SJ2ocSeOVBZNKNp79w

    Score
    3/10
    behavioral25

    • Target

      Oneshot/libogg-0.dll

    • Size

      127KB

    • MD5

      caab8fe865b5fdc225fca39da7ba0ee3

    • SHA1

      5a15117740458ce486de0c824be133482c4d95d4

    • SHA256

      005a8e03f84b5c3a79a891634b8b338c10d5fae8a77741a0731eb64de124ed5f

    • SHA512

      04e280ae52ffdac57a58c7bf127d3c7bca4eb60cf23f48812e1ff79d6d5cdb7de59c3991dae1f4386e84a1d523bbd5b8e1f36bb4be05ba78fda0c482c0579c64

    • SSDEEP

      1536:jMQ0zKe5x8nl8B7mtX2Va6cYOBYtwjDyI7bLjkNJXk009WygN0X:jMQ+n8lAitX2bk00DgmX

    Score
    3/10
    behavioral26

    • Target

      Oneshot/libpcre-1.dll

    • Size

      700KB

    • MD5

      daa41ee49c6c932ffb2854941cebae45

    • SHA1

      e64f10f19065c2e5f03e2b9a63c0276e4d9f5714

    • SHA256

      44135d68b7321ef04ac3f901d7c8b8496bf2aff2041b3d4c213e26f231da7c86

    • SHA512

      ad9ce14e8d5774d3c8b75a256cadfd10e7f0f6efacda7798593f4aa3657edbeafa06b62cd93f3829ce0df096ede216606ba63e241e02d428c96aa472fff2554a

    • SSDEEP

      12288:8TnPDhqFadvE+BAAVlHeJzso5WQ+u9IThO+YH:8rPD8FIETAV5u4hO+YH

    Score
    3/10
    behavioral27

    • Target

      Oneshot/libphysfs.dll

    • Size

      804KB

    • MD5

      cce953c744b58c8f352157035276fc80

    • SHA1

      0af4e01a11ecb9fe59f648729a0da9415ce38cb6

    • SHA256

      8d88c0c9f237c419e79e06b385d8188b2941a28d96431589b1a7b422d1d1cdd6

    • SHA512

      576e575f0901e5c974bac6ded79578eb4a1804216e33042cdb8056815a13fa87b474c7d422b650a0395ef6f3c40e5f2f8ab1a4d2c97f2d0d2f418c1be77dde25

    • SSDEEP

      12288:4mBnf9iWdh/5VmIEUkcn+2aILhtUDdbiKzBUm792EP/a+:Jf9iWdIjM+2p4R7p93

    Score
    3/10
    behavioral28

    • Target

      Oneshot/libpixman-1-0.dll

    • Size

      4.6MB

    • MD5

      37059af38aee7c52ac085b81dc4d2b86

    • SHA1

      ba72f6f99c71288cb80b7aa8a31d0211589dd234

    • SHA256

      17f8ae98aa67a3b5d5f05665132ad6bd17a418e76e6c69ce28ef89a6c8b6a5e9

    • SHA512

      3263e87e440d8b49f345f2f8db11cb8cfa68adfd0992261ed6b2fcbb5fc028207eca177ebb67584756a2c617485ff360d3006a13ef83833473624cf583e7d6a5

    • SSDEEP

      49152:fAibSl4iFvMXrMYlDvAW8J38UEcSRzyU6BurNyn2MLn:fFBiFkXrJzf0CWL7

    Score
    1/10
    behavioral29

    • Target

      Oneshot/libpng16-16.dll

    • Size

      907KB

    • MD5

      e890d2aef08530e587ef9413a8793f7d

    • SHA1

      bba1ecd662b051b50bec3170ee0d61a246186069

    • SHA256

      851fba1d94ed8dbfd19101930958fdb514fb31d9f949d3254333c7929109798f

    • SHA512

      527de55f6b25c991d76333ec7b9366fb2da7be65558c4a2ddde3c46e7c8b468ea437ae74487551ef2a63837b8c2c44c61a079e6648bdbff4b476101ad8e8b254

    • SSDEEP

      24576:0i0xd/62K4Hug7Q75BDzRvUq4Phv9FI+CBlqxe:9KuEJv7I++

    Score
    1/10
    behavioral30

    • Target

      Oneshot/libsigc-2.0-0.dll

    • Size

      227KB

    • MD5

      4ee446b09c490796662c13a01d5fcd1c

    • SHA1

      969c11adffc32f5836cc5ceba21c4aa22bb71047

    • SHA256

      35d3d4b55d14c2efd8340bda4650110f0774116e5d8879551c0ff78323829bf5

    • SHA512

      9a9b6b57c8ca11ed47522616dbd25f54a3226a2c8335bde821d0c341bf7273bf2537515813bdb47762e37a5204f4c8199267336c20ae77826bf1059f91c579fe

    • SSDEEP

      3072:RvIGRYNdyhWKvEMqEax4GdHW+rmV6jUJmG7swMfUjcdPpoonTmOGPsRg1v6tAyuj:mLmV6jUJmoSVAyG

    Score
    3/10
    behavioral31

    • Target

      Oneshot/libstdc++-6.dll

    • Size

      6.5MB

    • MD5

      bd2bf78da814697f6da9270081bfe965

    • SHA1

      9c91d7efc847518a883f330a1b7ebbb398a0b43e

    • SHA256

      0558a94515c1bc51c3bc5e40b0db6edc0b5f62f7099c3aa3f956e6a199bbbbea

    • SHA512

      1c31fc1ba07326597f431de5a0628ef5ef3a4c7b117bc601a1bffcc138151869687d3a4fca9b7efb1becea4f941519f748a64730acc41c5dd74268df8e44b1ac

    • SSDEEP

      49152:m+R3e+q6a47EQ3Fz/xwtK2h4a161Jo3/OXiQrVyA+sDucrHEaC2bJ8DPcSgdvJOq:mSq6abQA9aNLScrHEal8kvJXNU+

    Score
    3/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upx
Score
7/10

behavioral1

Score
3/10

behavioral2

bootkitpersistence
Score
6/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
7/10

behavioral10

persistence
Score
7/10

behavioral11

discovery
Score
6/10

behavioral12

Score
7/10

behavioral13

Score
8/10

behavioral14

upx
Score
7/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
3/10

behavioral32

Score
3/10