6c7388b0cb8bf03cc0ed729178b2566c16cba8ba9936396f6cf9724cf01a0b3c | Triage

Sharing

General

Target

AofW4.FixOnly.rar
Size

9.3MB
Sample

230505-1t47waeg66
MD5

9d685b7c8d55ae80e3d42252fc161b60
SHA1

6d8122314b815a26b31f724c14c89f2a4c0bff9a
SHA256

6c7388b0cb8bf03cc0ed729178b2566c16cba8ba9936396f6cf9724cf01a0b3c
SHA512

b654d82496b816fa6f22a1e729c3a6ba90fa8716efc3e360f6d5d5963e6f956fddcaddfe0327f89ac8ba031f403254a36442ab4bc0722fa8136598103d7b01bb
SSDEEP

196608:zTO9312PWFvYr1cJZKjXMP8wtK8hlfVyhzROMjT:zqdiWNc1cJZYl8Vy/RjT

Score

6^/10

evasion trojan

Malware Config

Targets

- Target
  
  AofW4.FixOnly.rar
- Size
  
  9.3MB
- MD5
  
  9d685b7c8d55ae80e3d42252fc161b60
- SHA1
  
  6d8122314b815a26b31f724c14c89f2a4c0bff9a
- SHA256
  
  6c7388b0cb8bf03cc0ed729178b2566c16cba8ba9936396f6cf9724cf01a0b3c
- SHA512
  
  b654d82496b816fa6f22a1e729c3a6ba90fa8716efc3e360f6d5d5963e6f956fddcaddfe0327f89ac8ba031f403254a36442ab4bc0722fa8136598103d7b01bb
- SSDEEP
  
  196608:zTO9312PWFvYr1cJZKjXMP8wtK8hlfVyhzROMjT:zqdiWNc1cJZYl8Vy/RjT
Score

3^/10
behavioral1 behavioral2
- Target
  
  AofW4.FixOnly/DESCARGA JUEGOS GRATIS.url
- Size
  
  113B
- MD5
  
  438433a51e67896ebdb909226217830a
- SHA1
  
  867df7e8d986eadbab203b98b2c0dec77a833df1
- SHA256
  
  96a001f21ba2aa780ca1b0aad681724e5554d9275dc6888188c405ef70b382db
- SHA512
  
  d2cff74b3513ca9105af44c49c66dfaaa7793a8720c136a1bc7e595a3d1f17c70269c3d20ca139e899d4aa3af8c8c8b498a39a8cfa24eeb6b92130bfe47ab697
Score

1^/10
behavioral3 behavioral4
- Target
  
  AofW4.FixOnly/OnlineFix.ini
- Size
  
  1003B
- MD5
  
  027111a8ece4beac60157c595e43ccbe
- SHA1
  
  d1b19a1ceac116e3cf8ebfbb925280ad9b9ae155
- SHA256
  
  729d8d2cda4833e84ac0b3d4144a4b0b114845ba976d30a93035099a15fbe32d
- SHA512
  
  5abe4170b936a0e74647cf1515be3f83aa7040139fed85f10ce6f220922da0713f8cb85ef6e4c6e27516893ab8bdd4f92c1374c1599da1b85bd712f850814a6b
Score

1^/10
behavioral5 behavioral6
- Target
  
  AofW4.FixOnly/OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  AofW4.FixOnly/OnlineFix64.dll
- Size
  
  10.5MB
- MD5
  
  539956c25297134e28e82ef79dd06f5d
- SHA1
  
  d0c6833ab7a832cbf7582d2e80f654cc746d995b
- SHA256
  
  0faf4a397cbc7828a29313447684d2300794d48bdb9b21cf539e5f1320f43436
- SHA512
  
  fe4aa756abce70166fc53518da319eff8041271c3798b3acfed38aceb65c49900ec83f81e696ade10b5a18d62bb0413a9796c511039a1f01e061565bd33342a6
- SSDEEP
  
  196608:5QViBePwq4HldJYE9Acp9lhgUwYlBUWnHOBfMnvsQQFXvYrDAeNrRoJi6:5QoLb9BHhgVYFnQfMvgYPAexu9
Score

1^/10
behavioral10 behavioral9
- Target
  
  AofW4.FixOnly/StubDRM64.dll
- Size
  
  100KB
- MD5
  
  ad9685d34c7b94966f09ec215cd8683c
- SHA1
  
  8e92ec050350420cd2769504c0ff87cbf24bfe8f
- SHA256
  
  16be6cd83f346d136a6c5860a59c1179c9a9b175c0d37482bdb144bfd0c037e9
- SHA512
  
  7643f30aea8d2368df5dabf9fd56f7e601a32906cfc7c88ff5faec698c2258f419ceb96059f6e4d258228724002490872be19bb4550b66f919177f03315e0f47
- SSDEEP
  
  1536:GXfbB1BXln4UdZHRLB2MSfowELAvOqTJeIAsW1IEd09dlCvB87216sSQrqUfd:GDrJl4UbH9BDKoxLAvO+II4JMop87qH
Score

1^/10
behavioral11 behavioral12
- Target
  
  AofW4.FixOnly/launcher-settings.json
- Size
  
  1KB
- MD5
  
  4d97ca3f3c84ac6bd966297c1dc7dff7
- SHA1
  
  a4dc0580d097224916369e0d83cc575a16da3840
- SHA256
  
  8fce450a3f9a77c81773c0507ed6ea30469f2d02c815af0dbdd1f1f4659a17cc
- SHA512
  
  19f84d05c916dd0c8f67ed19c7de39764f41c84d261d214ee92735f0ba6e7d1b8491329b94eb916f40b158c90f3b673e50162063e1680e37dbee77ae4549703b
Score

3^/10
behavioral13 behavioral14
- Target
  
  AofW4.FixOnly/steam_api64.dll
- Size
  
  289KB
- MD5
  
  3326a2dcd3f4e9fd9677755d186650fc
- SHA1
  
  2625012d2dffa77c1bbf7789e8e4a841f043b957
- SHA256
  
  d2c355e106142362c8600e227b3f581e4d9534ed74c3fada1c2171bfac125f9f
- SHA512
  
  01953dcf6239829e43d20ab9d33cc14c8a946272975a1ae007f27dd3ca2a901b447b129298ef26d554c9f7a5b8976e4ec4a6b645f2eb38b0608275e4cf1525e4
- SSDEEP
  
  3072:UjTqkh2mB9mkVi635gRaeaZqk4YJDf32uB+rJFC9R+5z65lhTbCz+hnv91vFAyNK:cb9mZOB3Zx4YUuoaRRFAymC2CPu1
Score

1^/10
behavioral15 behavioral16
- Target
  
  AofW4.FixOnly/steam_api64.of
- Size
  
  288KB
- MD5
  
  500475b20083ccdc64f12d238cab687a
- SHA1
  
  b13f17561a9a0671befbebf0aae7b51bcc0072df
- SHA256
  
  4df999c0c8cb12589f0864d52be5d4c775577aeb27fee28b49b188f9ba083eea
- SHA512
  
  de926d38118c808cde4d3a8f6fde7b56b755ef7938b9adadf0efaac45c853f3d19f4cdd5906b02a7dcca7d2c38b8c01cbd401ce3a7f5e3f9221776f0ed49355b
- SSDEEP
  
  3072:ujTqkh2mB9mkVi635gRaeaZqk4YJDf32uB+rJFC9R+5z65lhTbCz+hnv91vFAyNp:Gb9mZOB3Zx4YUuoaRRFAymC2CPzbN
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18