Overview

overview

10

Static

static

1

Undertale/...s!.url

windows7-x64

1

Undertale/...s!.url

windows10-2004-x64

1

Undertale/...up.exe

windows7-x64

7

Undertale/...up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Undertale [ElShuzen] [get.games.discord].rar

  • Size

    117.7MB

  • Sample

    230413-spdkcscc49

  • MD5

    a0c003bf0037bc7dd30d597cfdd8a0eb

  • SHA1

    0dc9763149a1cfc7a7573bab01e2130ace20540a

  • SHA256

    73db1eca7ae24d70cf90bd1b9543b2acf4f74c6a3f8315a427daaad0758aa90d

  • SHA512

    66bd8d625716de6b91bb5ce4102640224b6ae0e611523f6da88b105888ad99fd8efe7efbccda805ed3d3f78444e8ce8f2d289d67120083f2b3c1232f8f377697

  • SSDEEP

    3145728:RdbuLhfkuy+v6k8c5hP6oA2+tnS+FTi/5ZnWwY4Gf6YB5qZeHEJr:RELhfkNm6eUC+QYiBZnWb4GfJBKeW

Score
10/10
snakebotdiscoverysnakebot

Malware Config

Targets

    • Target

      Undertale/Descarga mas juegos!.url

    • Size

      137B

    • MD5

      b063ef45032722e975ae80b7a4f423ab

    • SHA1

      2b8c331ca4e9b6decc40c0abc7b92277eb9a71aa

    • SHA256

      f1312493565889c9e5c23dbaab4ff96be9738365abac7ebc48660da898a2b0b6

    • SHA512

      2314ad8f0e0f922a8619dcaf776ec4b0392a616f9be92a7b4f0f959e3dd604a45095c3a65143a96b5d3484788a1f34bf236d47791b8f0010913633ca02e38475

    Score
    1/10
    behavioral1behavioral2

    • Target

      Undertale/Undertale Setup.exe

    • Size

      117.7MB

    • MD5

      78d20884005dd7b4f01487270ca8414a

    • SHA1

      c61ccab304edb844257abf20bf4af01129402a32

    • SHA256

      be571d8d78f5a13bd804ea289be2a0224a29dd37893312668c62c5f347606e67

    • SHA512

      870308d9c893dbd5e18e0abee87b65b4b73f268e7108bf7914c54504d8220864b75485ad550487a8c13fb649b20b467d3c7f01b50f420c92cb8ddbc74ae2b2e3

    • SSDEEP

      3145728:/dbuLhfkuy+v6k8c5hP6oA2+tnS+FTi/5ZnWwY4Gf6YB5qZeHEJf:/ELhfkNm6eUC+QYiBZnWb4GfJBKeq

    Score
    10/10
    snakebotdiscoverysnakebot

    • SnakeBOT

      SnakeBOT is a heavily obfuscated .NET downloader.

      snakebot

    • Contains SnakeBOT related strings

      snakebot

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks