2f2389c4427f79cb94d8d4fb3650b1cf0a27c0fc8996cf9edd061aa8b74fb6c4

Sharing

Copy URL

Twitter E-mail

General

Target

Oneshot.rar
Size

256.7MB
Sample

230402-wex3ssba2t
MD5

203d0bba967097849bcf726bf6835815
SHA1

6c9fd6e4533b64d5827fd3881c741e50a6b4e6a1
SHA256

2f2389c4427f79cb94d8d4fb3650b1cf0a27c0fc8996cf9edd061aa8b74fb6c4
SHA512

857232eff2fc755a4b10bb868cdda1e7a5f1a153d15ac3292ade885089053d6e1880d75f89c4ba040476d99f6c796d0732d939337e86f6f25ee0d2f65486735f
SSDEEP

6291456:IElAenYj+cDqeNSRx+gYC1z0uExEy1QMOxIyu9+SWwHjJ:aYYLWe/dKRS1bOlu9+s9

Score

8^/10

Malware Config

Targets

- Target
  
  Oneshot/Data/Map078.rxdata
- Size
  
  15KB
- MD5
  
  0858e5f0e2d7ace0d9e5837cb73fc3d5
- SHA1
  
  c7b686082ddc052f421590655f09e7e2cce40e1d
- SHA256
  
  280cef324d1807caad4afd7e441930c377d3bdb95165782f7eca03f989cae631
- SHA512
  
  eb810d2af3a47a8153a5fe4dcf64fdf01ad8788ae0fdb1cf49b2b951933c21fa8ad0e4419f2704b29a73098669fc075dc61f4065bdcab2aa53005c83e63b14aa
- SSDEEP
  
  384:chezWfvjFDCLdqVsc6eqgBzUfa/TGqTbWacCTFU:cL/y
Score

3^/10
behavioral1
- Target
  
  Oneshot/LAUNCHER.exe
- Size
  
  227KB
- MD5
  
  d8a09db41481b0567601d2cab42db466
- SHA1
  
  ed0d1c96f7c81263643e2db9501d0c65477d7582
- SHA256
  
  3dad541c5fcdbc09b1c079e6c92837632c649d78084fdbab2bd2f1ce25ec2c5d
- SHA512
  
  f79daca8564f9cbcec59ceee458634fe223503b7eea6e2cf8f038fd3ef84044825a631f99872c732e3ae943531553510ff243c721478f3879ab818bf0b34b0c0
- SSDEEP
  
  3072:TGtleufyNONL4MdzCOY4jb1pQ2hHKPtOHO6VrVPoVJtCbhVPoVJtCbFyf:KtleuqKEYzYQyuHKPtOHRWehWeQ
Score

6^/10

bootkit persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral2
- Target
  
  Oneshot/OpenAL32.dll
- Size
  
  703KB
- MD5
  
  4f953cf95b76cb4aad0fd15561238c16
- SHA1
  
  b201faf83b5a7dc19a649a148224d0c7de458552
- SHA256
  
  da0160426f31e75f34ac42636649aeee4a7a6bc766dac268e7a3a81cc4f0f7f4
- SHA512
  
  15013363723306b8b89371d800e2597d65a845dbd75a83c44f392c7a925fd08ed69398e7f9ba4d121b724f3efe6dc3a58e2a40ba6df2010aee5b430f2be1db71
- SSDEEP
  
  12288:y2+rBMcmZ7G7c+94vvA3vLO5YEtWWnPCDUS9FGFY:y2AMWA+2vvA3vL6MGe
Score

1^/10
behavioral3
- Target
  
  Oneshot/SDL2.dll
- Size
  
  4.9MB
- MD5
  
  a9b9253385dfdcbfea6fe270ead88b70
- SHA1
  
  1d575885ac0ee03f57530fc79e47f438b62a9d25
- SHA256
  
  1b736dc1b78f2298f5f6b1debbc6fe5e95417cc8add6d6ae2e0806d94973ebd3
- SHA512
  
  efbfa9c2d2609eb57366e2631194dbaf41478a285058a86c40fc151aa36f11ae273f55cca2273930e5dc86ebd012b2dc5eecf26d8b75895b188817694b40b2c2
- SSDEEP
  
  98304:lxp9esz5j9uDFtwyQB7/Qo584O7ip1QP9Pnty9nudYp+:lxp9Zj9kiponty9nudT
Score

1^/10
behavioral4
- Target
  
  Oneshot/SDL2_image.dll
- Size
  
  444KB
- MD5
  
  8607b573c3290ce9082841cd8a121767
- SHA1
  
  f6cd77d5930cec451d6979094190f53a90febd03
- SHA256
  
  9e3f740573500f88bfe4b4f317a9e7d0d674a5a24a6356d28da8c936feb4d334
- SHA512
  
  aa9393895916ac77aa2d4dc19cf487c28c0178ba649281b0d9d9cd868cbc816c522709f1301eebfd141e494aed4f0f7a314b12075085d197bac47095e2757370
- SSDEEP
  
  6144:c47zMtBByitjKiy2KsifmgsOysSXiEG6RbBptJDN8s72itxiXqtexRNCem7bAxQO:rMnDj6mgsKkG6JBptJD7GRNCe3Qwj
Score

1^/10
behavioral5
- Target
  
  Oneshot/SDL2_ttf.dll
- Size
  
  169KB
- MD5
  
  9e64a15cf488ddd2f4177bd84b4b5dc6
- SHA1
  
  e7389e5e0569ef75f3e7523a82af793504e66d32
- SHA256
  
  663138ceec1cb121057830917fb76f6a5abfc177640699f8338cc883bb449b17
- SHA512
  
  ccb5888550c02b94d3e7e90e754f5f2d1bf7109a82fcf72365f741b304c3c8b00b62511ceb17fae575dc5bd49d8b119fa15e2fbe4199ec473e0df7a6940ea01d
- SSDEEP
  
  3072:CxJpLHMXX9/yQ3JmkCymOVEUnDBVNpLTevl7z:2pLHMXAnymO2e1p2vl/
Score

1^/10
behavioral6
- Target
  
  Oneshot/SmartSteamEmu.dll
- Size
  
  4.8MB
- MD5
  
  04c104b053033de230ca0cf2fb7551db
- SHA1
  
  c5e29ff1038912269a6dfa47ef24777b2aa10ad3
- SHA256
  
  037aedda71cb651a4e4862ef4707c1852e6e49dd5a1f754dae776b404778e7ba
- SHA512
  
  657d6dc27b49160c9bedff793603ea00fbb0ec89400ab8ea68757b9f96bc2fd48cd5398d66790646e718ca9ccc63d9d90ad5820bde4beeae5cc33e37372692c7
- SSDEEP
  
  98304:+rsrKeZ4lpSnj8kz8T+o9ut3anTJ3gkhY:UpSw+oaan6
Score

1^/10
behavioral7
- Target
  
  Oneshot/SmartSteamEmu64.dll
- Size
  
  6.1MB
- MD5
  
  5dc6236319a29bd23ac65f6bf958f60c
- SHA1
  
  c7768f878d21b647ef9e3d30ac28cd4cfa0071d3
- SHA256
  
  31814363fd8fb818bf7a7626723171891c5ae6fd4c0518ea9583efc4d6cecaf0
- SHA512
  
  c3326a4ba62647579be395cdcca5ac2e6ae03d58327ac06893681af5f007c2f40eb8d13a666baef0577cab6fddd5fec570fd7de8dfaf95214ec494885971964f
- SSDEEP
  
  49152:avUiYowIrXeoFNDElZtQWsbwafzprwHiny0uKoKBjizdpaPDiwvMrgRMbc3+85u9:aTA6wMaL0+KdiU1RM7SsOsv
Score

1^/10
behavioral8
- Target
  
  Oneshot/_Redist/dotNetFx40_Full_setup.exe
- Size
  
  868KB
- MD5
  
  53406e9988306cbd4537677c5336aba4
- SHA1
  
  06becadb92a5fcca2529c0b93687c2a0c6d0d610
- SHA256
  
  fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
- SHA512
  
  4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99
- SSDEEP
  
  24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral9
- Target
  
  Oneshot/_Redist/dxwebsetup.exe
- Size
  
  281KB
- MD5
  
  fd6057b33e15a553ddc5d9873723ce8f
- SHA1
  
  f90efb623b5abea70af63c470daa8674444fb1df
- SHA256
  
  111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288
- SHA512
  
  d894630c9a4bdb767e9f16d1b701acbdf011e721768ba0dc7a24e6d82a4d062a7ca253b1b334edba38c06187104351203a92c017838bdd9f13905cde30f7d94d
- SSDEEP
  
  6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral10
- Target
  
  Oneshot/_Redist/oalinst.exe
- Size
  
  790KB
- MD5
  
  694f54bd227916b89fc3eb1db53f0685
- SHA1
  
  21fdc367291bbef14dac27925cae698d3928eead
- SHA256
  
  b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd
- SHA512
  
  55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5
- SSDEEP
  
  12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral11
- Target
  
  Oneshot/_Redist/vcredist_x86.exe
- Size
  
  4.8MB
- MD5
  
  b88228d5fef4b6dc019d69d4471f23ec
- SHA1
  
  372d9c1670343d3fb252209ba210d4dc4d67d358
- SHA256
  
  8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8
- SHA512
  
  cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8
- SSDEEP
  
  98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral12
- Target
  
  Oneshot/_Redist/xnafx40_redist.msi
- Size
  
  6.7MB
- MD5
  
  97c2eebb30c5a88c68c8f24f37183f1d
- SHA1
  
  49efdc29f65fc8263c196338552c7009fc96c5de
- SHA256
  
  e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7
- SHA512
  
  c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da
- SSDEEP
  
  98304:wynfL329J1XswfXO6wiBB+4RZg6aENaCZAU5PMO0MntfERyJGH2YPq/:wYD3C1XXfzH+4cLHU5PM/Mnt+YGlq
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13
- Target
  
  Oneshot/_______.exe
- Size
  
  9.9MB
- MD5
  
  7c81788c7f084b5f4daedd791029697b
- SHA1
  
  b88905dc4e939a9a9b5554a3cc95e3c374992c63
- SHA256
  
  abd6a012cebf97269dffe3c3a3a06571515257f762eef705374a21dd0112d1be
- SHA512
  
  1c690f80690febcbcf1fd182d970ea2ace064ace03d7927476f67d5768dbaa9f55e624d9f0cb9d8c110d5f4ab5f10b50b58d1db1918018ba8e2da49a65decaf3
- SSDEEP
  
  98304:Hviz0tqUWCxkb51VVRG12cmOAfKhNeGUy0rqIMtG2TG4HRJaJGAgnT7yoAtFsLCm:Hvbt01VVVC7eGRIMYQxSg6/YIo1
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral14
- Target
  
  Oneshot/libboost_program_options-mt.dll
- Size
  
  787KB
- MD5
  
  810221238b6ded4a033de5dbb1fb399c
- SHA1
  
  45aa75e0e1fb9055e288ebb0dee847bbe7888bdb
- SHA256
  
  90a5ee4e4deb34ed999e7930332bbf9570b3c2f1edc01efb0805b292cb9b6dc1
- SHA512
  
  5b8a2750c46838eb8cc75d5bb8426f425535d659564dfa4fe558ae6fc0af31c7d6e874ada11b2425a903c4af7be7ab57cd29fa22e345230c0c2282b7215c96b8
- SSDEEP
  
  12288:IRWEoeOSDM44RVfrbfxQw3E3Lhz11noxt+RfB:IRWEoeOSDM4WVnfxQw3E3LhTnoxtSfB
Score

3^/10
behavioral15
- Target
  
  Oneshot/libbz2.dll
- Size
  
  247KB
- MD5
  
  1d72f15b2d1ec29749fb08d185509b0d
- SHA1
  
  e4d48359b5c0aa249889e0f09b6a02ff0c7f7cd1
- SHA256
  
  eefb014081d8491510af93745d2991b959f6e5e5b421cd5bfc1dfd9f0e1eb856
- SHA512
  
  5376d1e98d05195bb60e74db80f02d84abf25ff75700107fa48447d01b35129049e2401a25ec0b50938d80635acf3ae0b384e1585942eacb1d28454d60ddd202
- SSDEEP
  
  3072:mz6SOHugv0+LwH2E8qdvHMIy9uLm0qimKa1yU1GpW2RHuaVQSout:tSOHB8+LwWXGMIy9uaDyHpW4Hu0
Score

3^/10
behavioral16
- Target
  
  Oneshot/libfreetype-6.dll
- Size
  
  2.6MB
- MD5
  
  1ea3d7ba73ca7d599ea12f35e4bc992b
- SHA1
  
  5898b48f33dd638a624ac704326ac32fe259761b
- SHA256
  
  1a4c5d51f06ce4279b3e7afcf2554461bf6b9a98277d3baa7d9b7561d0219fbc
- SHA512
  
  7661fb532115e1b969bd87e6fe0b460804921f27cc8f4df31a8248ca9568485fcf4bc22a218375d0e37e7375b4a48884d2b8876e952c85de336115060cd57ea8
- SSDEEP
  
  49152:U1IPjJMa9G6TOSiRUoFHGYPXiGAOa/QEiIOh3c/t76KNmheKkvMvDdZRxQ5B06oe:U10Ma98SiRUoFHGYPXiGAOa/QEiIOh30
Score

3^/10
behavioral17
- Target
  
  Oneshot/libgcc_s_sjlj-1.dll
- Size
  
  529KB
- MD5
  
  9d67f52faca138be698cffaeea161fc5
- SHA1
  
  205d94040be6f3b8683e3e8babeeaa538e5bf63e
- SHA256
  
  2b2926f0c27cca16335621ad3d9ce2f589b61dae41fb7651c6ba98596ec30f25
- SHA512
  
  8378ce8f95395f1d2abd272c8410d1d24d05c9e45e5f1e071dde3a7c324426cc54333da4302d6690460df37db504e2296c940d7982e6764241c7517ceb8da43e
- SSDEEP
  
  3072:yzd+UZzONIX26oS9AK0bCBEBNPvZgo4r8j7O6P5i6iv9jvUXksm4sLRSKJP8PWY7:CRVuK02eZp7O6hOOLQIKJk+/XGan3KN
Score

3^/10
behavioral18
- Target
  
  Oneshot/libglib-2.0-0.dll
- Size
  
  3.4MB
- MD5
  
  ad20c80c07d3189b3af021d5dfbb9fb3
- SHA1
  
  f58ca0a1631ca0f70b4dd3aeed00fbbe0628a092
- SHA256
  
  210b651df87718744826baefd403390b54b1b65b71dda7134e0c99acd9b11a97
- SHA512
  
  e60133f0da5a3072f6ed71f114cebcaeeac1656e96e88a6a1947a24d06ab02ca2dcf7f4fced8db893eca162a167f8803fbf319b47ced98dc787f85905d1768bc
- SSDEEP
  
  49152:UtIMeIhQxqXw4QlYpK3jCtv0acWaFCd3fcocuM8tlQ60:UVVhQxqXPQlYANpmK60
Score

3^/10
behavioral19
- Target
  
  Oneshot/libgmp-10.dll
- Size
  
  594KB
- MD5
  
  f0f28656ed370b0643e825de2458506d
- SHA1
  
  d304239a0f384fbe6fcc66a7122f62f3b97adf54
- SHA256
  
  a8a99b2b37cc9afd7be06b04faee08698ff4649ec7c3d7dcff21f765e2ee21ec
- SHA512
  
  d08326efd216d0c8ad7781644cf265e3679fabe5d3ab155fca9c3339f03af137eea470101f4dc8faf9ad942125a5cd265c062308432cee4f9ec0bce2c6729848
- SSDEEP
  
  6144:whYzGB8V57cBNaBWGx/XRUje4Hesx9zTLgq/Tw34XGw1LXjEcZy:IYzG8V57cW1Ee4+sx9zTLgq/Tw3rw53M
Score

3^/10
behavioral20
- Target
  
  Oneshot/libharfbuzz-0.dll
- Size
  
  3.6MB
- MD5
  
  526a6ba24cb4106ee6da8978ed6c829b
- SHA1
  
  6c134e115c53e4ca82f0d8ca1c0d9df3ba3d5d32
- SHA256
  
  70acb0a29344c85e031f811c4391fa70b1a88c97e01a2b5b02bbe665b24e9450
- SHA512
  
  621aae21d4f02773e47803d7ab1ff729b9856cfdb09dc92423a11f8059d43d1d0c23002dfd1ad36a5436789905834e73ad1570d5c9e93cddb82bd70dee9e0888
- SSDEEP
  
  24576:k//SLO1N7g6I3Hyt2tvH3/Fure8S1gjB/tRX/MMT4p+pX9iJhXYNM87g+XU7uiJr:i/SLAg6I9/FoeI/4spXYXYm08
Score

1^/10
behavioral21
- Target
  
  Oneshot/libiconv-2.dll
- Size
  
  1.3MB
- MD5
  
  ecc64e185a02e657dea973aba46ac1e7
- SHA1
  
  7e00be2ff7a997555e7ca2a559e7f70c1f105022
- SHA256
  
  caeccdb63a14e2fb388aac015b0a13e350dd7774ed2c5a47f64790cafc7e10cf
- SHA512
  
  dadc07b4dd47665c715be18f87f8e459422ee246e952646bfbc346ca606661ec51b8a3e2ef43fd8665f493699729ac08e18c8ae280ff0a71b9fe43f812fec22d
- SSDEEP
  
  24576:M4JBAUZLYbBlbbTmpGavkg3NyeuQ6l9fHuf46bS127nOtYbaQ3OW:jBAUZLYbBcpGaXBuQQ9O46m2zeW
Score

3^/10
behavioral22
- Target
  
  Oneshot/libintl-8.dll
- Size
  
  545KB
- MD5
  
  0e58cfddd719f305e5b28f4c0ac88e50
- SHA1
  
  1cb9698adc4538907a0c4497ac2b26f3ee5ee4ac
- SHA256
  
  58e5cfbb1c546027d3aa5aea913a751c8b79da2b17ce08bda02e3871fd1d2b00
- SHA512
  
  9ba1d168edc72a107a29e2529d1e8ddfd33782d0a2a8123ca3f6a84d55da2eafc999d678f6c499b1b43002bbc928fdd288378cfa1d5440d9ffa7560309050f79
- SSDEEP
  
  6144:BU23KIeYHVGI3k9dBddphT8F/5EWgEyIXdTJtkgOn+9i1hKU+ZF73X/u4:Bvekkek9do/5EWAqtkgfi1hKFvu4
Score

3^/10
behavioral23
- Target
  
  Oneshot/libjpeg-9.dll
- Size
  
  1.1MB
- MD5
  
  5f9af6a09cdbbeca6f9d8aace67e0bca
- SHA1
  
  abb9b6edf731e1c4185e3f615026da746022eaf3
- SHA256
  
  7be167f47c9e53907384f130fd656884947cf76a45633aa083c87e1c0d266619
- SHA512
  
  04aae19d7445ca90415927954f6a35337da7b7f888827b0ce2b153a28fba2037b9104bab3bd823de4b4783cc8fb3d32c747468f81d32b66baecbb3dc84e57c9a
- SSDEEP
  
  12288:XOjapT/JQx2AfOx+i/lzhIQG9DQ7gl5SWUqLQy1n5BrLj3GyA82kiu8lmYnwkjTY:XOjapl1AfOsf9AA3zA82Rulgwkul
Score

3^/10
behavioral24
- Target
  
  Oneshot/liblzma-5.dll
- Size
  
  735KB
- MD5
  
  ee00dfbbef101d60a0e20b36980f231e
- SHA1
  
  2c81b3eb3ac3626614d6a52c5e168c61deec1fe1
- SHA256
  
  7c50d2af7f7c634fb504543113fc69e2ce43764683bbf03f6a164be4fa589603
- SHA512
  
  649786dee43a823a8023fbc0067a0e65e19432bb76859374316bf559d8290e1bb41f11904e428762cad4c27220cc03cd30388ac5fb6c0e1cf1ae2ea3af276b3f
- SSDEEP
  
  12288:8Kqc70Jl+It+iM5KxHs1cU6/6QHHNe3+CnqA66RJw4oocSeOVljOGNK3Q4108p7K:8Kqc70JlHFBsG/SJ2ocSeOVBZNKNp79w
Score

3^/10
behavioral25
- Target
  
  Oneshot/libogg-0.dll
- Size
  
  127KB
- MD5
  
  caab8fe865b5fdc225fca39da7ba0ee3
- SHA1
  
  5a15117740458ce486de0c824be133482c4d95d4
- SHA256
  
  005a8e03f84b5c3a79a891634b8b338c10d5fae8a77741a0731eb64de124ed5f
- SHA512
  
  04e280ae52ffdac57a58c7bf127d3c7bca4eb60cf23f48812e1ff79d6d5cdb7de59c3991dae1f4386e84a1d523bbd5b8e1f36bb4be05ba78fda0c482c0579c64
- SSDEEP
  
  1536:jMQ0zKe5x8nl8B7mtX2Va6cYOBYtwjDyI7bLjkNJXk009WygN0X:jMQ+n8lAitX2bk00DgmX
Score

3^/10
behavioral26
- Target
  
  Oneshot/libpcre-1.dll
- Size
  
  700KB
- MD5
  
  daa41ee49c6c932ffb2854941cebae45
- SHA1
  
  e64f10f19065c2e5f03e2b9a63c0276e4d9f5714
- SHA256
  
  44135d68b7321ef04ac3f901d7c8b8496bf2aff2041b3d4c213e26f231da7c86
- SHA512
  
  ad9ce14e8d5774d3c8b75a256cadfd10e7f0f6efacda7798593f4aa3657edbeafa06b62cd93f3829ce0df096ede216606ba63e241e02d428c96aa472fff2554a
- SSDEEP
  
  12288:8TnPDhqFadvE+BAAVlHeJzso5WQ+u9IThO+YH:8rPD8FIETAV5u4hO+YH
Score

3^/10
behavioral27
- Target
  
  Oneshot/libphysfs.dll
- Size
  
  804KB
- MD5
  
  cce953c744b58c8f352157035276fc80
- SHA1
  
  0af4e01a11ecb9fe59f648729a0da9415ce38cb6
- SHA256
  
  8d88c0c9f237c419e79e06b385d8188b2941a28d96431589b1a7b422d1d1cdd6
- SHA512
  
  576e575f0901e5c974bac6ded79578eb4a1804216e33042cdb8056815a13fa87b474c7d422b650a0395ef6f3c40e5f2f8ab1a4d2c97f2d0d2f418c1be77dde25
- SSDEEP
  
  12288:4mBnf9iWdh/5VmIEUkcn+2aILhtUDdbiKzBUm792EP/a+:Jf9iWdIjM+2p4R7p93
Score

3^/10
behavioral28
- Target
  
  Oneshot/libpixman-1-0.dll
- Size
  
  4.6MB
- MD5
  
  37059af38aee7c52ac085b81dc4d2b86
- SHA1
  
  ba72f6f99c71288cb80b7aa8a31d0211589dd234
- SHA256
  
  17f8ae98aa67a3b5d5f05665132ad6bd17a418e76e6c69ce28ef89a6c8b6a5e9
- SHA512
  
  3263e87e440d8b49f345f2f8db11cb8cfa68adfd0992261ed6b2fcbb5fc028207eca177ebb67584756a2c617485ff360d3006a13ef83833473624cf583e7d6a5
- SSDEEP
  
  49152:fAibSl4iFvMXrMYlDvAW8J38UEcSRzyU6BurNyn2MLn:fFBiFkXrJzf0CWL7
Score

1^/10
behavioral29
- Target
  
  Oneshot/libpng16-16.dll
- Size
  
  907KB
- MD5
  
  e890d2aef08530e587ef9413a8793f7d
- SHA1
  
  bba1ecd662b051b50bec3170ee0d61a246186069
- SHA256
  
  851fba1d94ed8dbfd19101930958fdb514fb31d9f949d3254333c7929109798f
- SHA512
  
  527de55f6b25c991d76333ec7b9366fb2da7be65558c4a2ddde3c46e7c8b468ea437ae74487551ef2a63837b8c2c44c61a079e6648bdbff4b476101ad8e8b254
- SSDEEP
  
  24576:0i0xd/62K4Hug7Q75BDzRvUq4Phv9FI+CBlqxe:9KuEJv7I++
Score

1^/10
behavioral30
- Target
  
  Oneshot/libsigc-2.0-0.dll
- Size
  
  227KB
- MD5
  
  4ee446b09c490796662c13a01d5fcd1c
- SHA1
  
  969c11adffc32f5836cc5ceba21c4aa22bb71047
- SHA256
  
  35d3d4b55d14c2efd8340bda4650110f0774116e5d8879551c0ff78323829bf5
- SHA512
  
  9a9b6b57c8ca11ed47522616dbd25f54a3226a2c8335bde821d0c341bf7273bf2537515813bdb47762e37a5204f4c8199267336c20ae77826bf1059f91c579fe
- SSDEEP
  
  3072:RvIGRYNdyhWKvEMqEax4GdHW+rmV6jUJmG7swMfUjcdPpoonTmOGPsRg1v6tAyuj:mLmV6jUJmoSVAyG
Score

3^/10
behavioral31
- Target
  
  Oneshot/libstdc++-6.dll
- Size
  
  6.5MB
- MD5
  
  bd2bf78da814697f6da9270081bfe965
- SHA1
  
  9c91d7efc847518a883f330a1b7ebbb398a0b43e
- SHA256
  
  0558a94515c1bc51c3bc5e40b0db6edc0b5f62f7099c3aa3f956e6a199bbbbea
- SHA512
  
  1c31fc1ba07326597f431de5a0628ef5ef3a4c7b117bc601a1bffcc138151869687d3a4fca9b7efb1becea4f941519f748a64730acc41c5dd74268df8e44b1ac
- SSDEEP
  
  49152:m+R3e+q6a47EQ3Fz/xwtK2h4a161Jo3/OXiQrVyA+sDucrHEaC2bJ8DPcSgdvJOq:mSq6abQA9aNLScrHEal8kvJXNU+
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Looks up external IP address via web service

Writes to the Master Boot Record (MBR)

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Checks installed software on the system

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

UPX packed file

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32