575cf188d343b92117e4e78c43491b180254aae8df9015c4b6064967fd8b77f2 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Stardew.Va...8).exe

windows7-x64

8

Stardew.Va...8).exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

Stardew.Valley.v1.5.6.1988831614.zip
Size

586.9MB
Sample

230712-xs5v8sfd9w
MD5

fd0561934f2a3c6789e773dab40d2d4d
SHA1

a29d7d37fc8ad75d138ee72cd404c853bdcb18cb
SHA256

575cf188d343b92117e4e78c43491b180254aae8df9015c4b6064967fd8b77f2
SHA512

796a7a5708c902820c0a0b945eda10615e02f881e2fe095c1fe183e424a6f33ac55955c6688cd9c0a3ca954e83748252793864963f4fb79bf57a94c61469c129
SSDEEP

12582912:vRzf4YVH4f7QLbcMVd6DkGmbBmmwxsbTotJtm/1/uuJP9f8:vXVYf78QWBmi3qzm/1/ux

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

Stardew.Valley.v1.5.6.1988831614/setup_stardew_valley_1.5.6.1988831614_(53038).exe

Resource

win7-20230712-es

discovery persistence

windows7-x64

21 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Stardew.Valley.v1.5.6.1988831614/setup_stardew_valley_1.5.6.1988831614_(53038).exe

Resource

win10v2004-20230703-es

discovery persistence

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Stardew.Valley.v1.5.6.1988831614/setup_stardew_valley_1.5.6.1988831614_(53038).exe
- Size
  
  587.2MB
- MD5
  
  b99ea7ba69d6c36113ed9fcfa1ff6fd6
- SHA1
  
  eebbf65822f2bff52b921fa16e599e391a8bfb93
- SHA256
  
  50f5a8cf03415dd39d95ab261be6639f50ca511972f8d25a056a16249e18ebde
- SHA512
  
  1ea042a17c2fd9afe318ceb4d4b6f29a42a96a0a3cff4de2f61228df59b4d4c40a402faafa38d5875453d1506c8b9dc72b2219ea4193c39a5199c6711cef8d37
- SSDEEP
  
  12582912:ZrZro437kTCA73Kkso8EX9RtU8zXcHSwgkMLdscY/HUKw:ZD3oTZqItRtZ8dhMLdscL
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2025

Terms | Privacy