855c267049199087e181fe614656ae4aa2326be0dc43183a97428630bc680a9f

General

Target

rgrg.zip
Size

3.6MB
Sample

230622-h89rssda88
MD5

965eec7a8ac7512548d0475883c08ca0
SHA1

bb6170508af53a9be704ffeeb805ce8d05e17858
SHA256

855c267049199087e181fe614656ae4aa2326be0dc43183a97428630bc680a9f
SHA512

adc1ee62c230a119553939abf42d98e9061343813e5db0e6a37cf38e1964a68da7d7c92c77090cf4f49a8cf158d3dc9f662c2c9c2969a3fd78952182b4542908
SSDEEP

98304:l5o48R7getr4oNSutdpznHUaldLdb5BN0EEB8g0D37U:7o/l1xbPdrFdVQBj0jg

Score

9^/10

Malware Config

Targets

- Target
  
  CheatEngine75 (3).exe
- Size
  
  3.1MB
- MD5
  
  609fea742d34dc1d53f0eeb4873b1a0a
- SHA1
  
  3232c52da3cb8f47a870162a35cdd75fcae60aea
- SHA256
  
  e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e
- SHA512
  
  27da89901268d153fd7158162fc8f2f3b99ec9a4aa24c281f93b500466552af776b00f0a33182386a62934c3e553561cbc23d3f5ebb0ea0366c04e046e1bcc90
- SSDEEP
  
  98304:wSiW4opH4opH4op4U9tNz9RGa/xlbLP/h4:ZDBDBD1t3Hbb+
Score

9^/10

coreentity discovery evasion persistence spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1
- Target
  
  MCXAuth_5_YT (1).jar
- Size
  
  1.1MB
- MD5
  
  e889cace707fc62a9334cf5183a12811
- SHA1
  
  8dc0c96f4f0a4d25a79a421830ce09a384688ec5
- SHA256
  
  9aa46e7487e97ba018896ce08b14f46bbfd0953526dd1695ffd7da6c8f6c2339
- SHA512
  
  83546fc736acf67c93b430a880b59bd6c7af156f1e0245623f22ca4ec6304d2e0813de48356be8ec2610b6a2407d9c5de78678ae834f3dd298e961560e562f5f
- SSDEEP
  
  24576:K7YKA5vis0LlaPd2B/pNRdXi1qs1n+daBIeEiRMxRCwjZZ:K03hrYwF2B/3Rd2Jh0aBEi+xRJZZ
Score

1^/10
behavioral2