065308e696cf3e97073c9875fd54344aca6ea9dd9d9af39587319c6f71f62beb

Sharing

Copy URL

Twitter E-mail

General

Target

ARK Survival Evolved.rar
Size

2.6MB
Sample

230608-czqpnsba36
MD5

86a80b73bb7e795e987b33bf22d2cef3
SHA1

29d4089d992a90a073afe39d2ec1dd08cd5d0984
SHA256

065308e696cf3e97073c9875fd54344aca6ea9dd9d9af39587319c6f71f62beb
SHA512

63c0179b41ec055e9ef04e456e666d72267c0f4e75bbfa8eea2083424f8d8c60af5e56ff9074308a74554b032e5fac681d84d3136c3305f555c6908d3d950891
SSDEEP

49152:0nKOpVJAIoyGhQH9iASXQMxidiQ31zt5hYQ5xgK5pMlOeW6Iw25uIAQA/:8cyOfVQMxk1zt5yQHz5pMlOerIblnK

Score

9^/10

ransomware

Malware Config

Targets

- Target
  
  ARK Survival Evolved/ARKLauncher.exe
- Size
  
  935KB
- MD5
  
  28a2ae7c57b8e4f39cac1b2cb2b48828
- SHA1
  
  25c6d8c9ca62d23da7a24525cd9ff4bc27c77220
- SHA256
  
  debe8711641feee438f20df18bed8b16a0fbf2369e8f800dbc097ec3d52bddbb
- SHA512
  
  efde7e3797aba346902a3c582a0f55cf8600081157dbb9e87909349f3dd2847b9dcd1c7ceedb8aec4cd5e8b15269b9ba602948ade7b46f88c46ca04caad859ac
- SSDEEP
  
  24576:/eahPOwxy8PwdLJB5GNAUFbOljVVDbWB:jh2wxDwdLJBXUA
Score

1^/10
behavioral1 behavioral2
- Target
  
  ARK Survival Evolved/AppID_Patch.exe
- Size
  
  14KB
- MD5
  
  5cfd8a7fee197af23e5992ba302b8c40
- SHA1
  
  564c20bba961922a2885c074388485b32d5bef19
- SHA256
  
  6ef1e029dab17e852cf2fcf23aa94336db23efa6b6c96a5e2d04fb7bc3824ca7
- SHA512
  
  0dac7471801727321941ee94a8f509272a3e0048dc4872a1a283d22e9483a91bf854c89b5003e2fc9bd04f848ea05c6f02c7b8df2d4730de9b019c52cd05bc1d
- SSDEEP
  
  384:+io46opoKaZGK+2i9DNKhFRRNXrBToC7e4/QAX93N6bHU:+ih62gZGKqDNAFfBFoC7e4/ht9E
Score

1^/10
behavioral3 behavioral4
- Target
  
  ARK Survival Evolved/ArkDownloader.bat
- Size
  
  760B
- MD5
  
  1be16aa4ff86085769da648371ced408
- SHA1
  
  490222e3768e9add2e6aee07e2b2d33c0417d591
- SHA256
  
  db2b72fbe6d51e7294861fcd7a0dec9589a068989a4a50546e76c010f3acc938
- SHA512
  
  718bdc4f067de7fa4e3a2ba098bbed0f3e9a65bf76e993cd92bb0f1549017d3e975b099b54620b5fa8996639c8c1a2f70433bb6ce2c9652010c531a539a5977e
Score

9^/10

ransomware
- Renames multiple (157) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  ARK Survival Evolved/InnoCallback.dll
- Size
  
  63KB
- MD5
  
  1c55ae5ef9980e3b1028447da6105c75
- SHA1
  
  f85218e10e6aa23b2f5a3ed512895b437e41b45c
- SHA256
  
  6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f
- SHA512
  
  1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b
- SSDEEP
  
  1536:+VqUE7JhgAzj/ZuhnOwKWSAXvze/V2C0mswp91:gWgAnB3XDAqt/p91
Score

1^/10
behavioral7 behavioral8
- Target
  
  ARK Survival Evolved/ShooterGame/Binaries/Win64/LumaGameLauncher_x64.dll
- Size
  
  350KB
- MD5
  
  06e432f3e3f93e3e7138730bb4e6dfc2
- SHA1
  
  f9dda86936291cd59ae86730f61307843ebd009e
- SHA256
  
  41daa3519b6b008ce2e1f09ef9283689a388dc071a985e2a3ad5fe3252a4b89b
- SHA512
  
  8c2f97a9623835c2c9115d9651c621f798b93c7b33a5ce5c22fdbfd540126a3db8350fbeada057f604847d35d1e1c3382082a40ad06fa00ac723b0076c43e500
- SSDEEP
  
  3072:3RIXZ973lKB4hb1vD4Z5RXKob6T00zVhHUYmsnASIvU94gJs:3RIXZ974B4htDI5J56TLb0HWA9UB
Score

1^/10
behavioral10 behavioral9
- Target
  
  ARK Survival Evolved/ShooterGame/Binaries/Win64/LumaGameLauncher_x64.exe
- Size
  
  329KB
- MD5
  
  2dc4ece95b98195f63e7f142e79011a9
- SHA1
  
  39d905d1726de7fbc2052c4030de159bfd2c4cf4
- SHA256
  
  2b7faa6fa7bbdf4a55b02c879dc352669b60bd07a6f4e53d0c7bec006b1d8ffb
- SHA512
  
  6d2faf6edcc51bd9b2241f986114c08d8df5c9b5624b6a58f73ff219c62136ae2c3f1bcbe91cfd882af92bd2ab97bfcaefc57faf06357cc9a809e2401fdfdcb0
- SSDEEP
  
  6144:GeuuETigIvdT8vov9HaFBYOf5HM/f8lBw8ACrN51wDXkPwEGvw:GBa19DyBMclBw9YjuDXW9
Score

1^/10
behavioral11 behavioral12
- Target
  
  ARK Survival Evolved/ShooterGame/Binaries/Win64/steamclient64.dll
- Size
  
  928KB
- MD5
  
  fe567a0ac237324ee86a6714155f4f4a
- SHA1
  
  5d670d104f14327920126fd6f4d7bb5d9780e2b6
- SHA256
  
  a0f57b0d3d2a0e5b8ef707a9f8905a08869df9a0517c81ed285acab1bd624432
- SHA512
  
  4e2375a7d22bf41efa642afdfbe8c09e76e642136b404cbfa5efafa0c380714da37da95df4a17cc09db109e6ec53afcdf8a5b2b50d9f61a2ba5ab65d15dd0248
- SSDEEP
  
  12288:GXnhNhzgq0fPg/5xxl9BkF5tR0rp7J3/4:GXXhzgq8K/lnkF5Wd3A
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral13 behavioral14
- Target
  
  ARK Survival Evolved/Style.dll
- Size
  
  2.0MB
- MD5
  
  16d22d5492bda0e1ab73c78118a5b3fb
- SHA1
  
  2d01de9c448f50254e5ab6486c1678dbe625b092
- SHA256
  
  97469efd5dcf4caa0d32d4d96405277d730059102f36f22f3fdb59159570fb91
- SHA512
  
  ff62ce62509b49dbae39a1a6762f247e68bda6d8cf30015ebfbbb431a5c5122a9325331462f4b2d3df0119f44ff95eee586b2248d880f8e6a2e277f59bbbde1d
- SSDEEP
  
  49152:qCOIa+f8y5f8Bk3VTaStGYPtjDTUrfuagyE:qD2803oUtAr
Score

1^/10
behavioral15 behavioral16
- Target
  
  ARK Survival Evolved/botva2.dll
- Size
  
  34KB
- MD5
  
  0ebd19796c55ac47b40efde9c802d645
- SHA1
  
  5b8177b60c39795315478c1a83c0b1f42a35e518
- SHA256
  
  4f820fb51bd31c754a1de8018f6c5038cc43aa6df58e76eb6357953d96435198
- SHA512
  
  7b20b0e9641291d5f7d5039a4c1d37e68f49fcaaecb3c0fa40385bcb1c1f79f04bf5eb2578f3255822a01eaab0117b73c9c195e87bd714a6d8e6618824a022a2
- SSDEEP
  
  768:poi9qZO9Q4rAJaIRtyoJodxKwZVE1kwIT2sP:pv9qZMQVrLBb2DP
Score

1^/10
behavioral17 behavioral18
- Target
  
  ARK Survival Evolved/steamcmd.exe
- Size
  
  1.6MB
- MD5
  
  2629c77b1149eee9203e045e289e68ef
- SHA1
  
  e45974be43d33419ac8e5208e0b2b787cd592fc4
- SHA256
  
  fc103a323d70caaac475ae1cfcacfd8eec4c6b1e130005c4793f2013b4b019f8
- SHA512
  
  397c238f43c6208feea21fb929e6f6429b3ed035414dc779982350998030dda834431864026e22f2b6a2c99b8b2bcd6d5d2970dd8d71c39698f03d6043c6778d
- SSDEEP
  
  49152:r38U9PBcjnaqMbyrsmYjDVUf1yAF4/LPT4gsVdqJVuOji1Y:rn5cjnaqMbytYjRQy54g3
Score

9^/10

ransomware
- Renames multiple (157) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Renames multiple (157) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

Renames multiple (157) files with added filename extension

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20