d9191a4bbef1483389a357e64ba442fbef2f285002984b73f83c3f80c17a70b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

onlinefix.rar
Size

6.5MB
Sample

230801-knmsmsfg4x
MD5

684851d25a8b9fa3e286aabed20b0ffc
SHA1

80d24f7ce3a081adc4b86fe26a6c66700df792fb
SHA256

d9191a4bbef1483389a357e64ba442fbef2f285002984b73f83c3f80c17a70b7
SHA512

61e69a130e70050888c1cd4beba35f5d3b38fb5dd10b897351adddeff662ed51b7e36d665d7e7472b4cee9e42eada543c20590b1939e2d5d12eab3f339109cbb
SSDEEP

196608:2JHaaDplEa45hg3Dw7qwKBmwt8r33jrvHuSytRL:naDbEj4zw7qnBq3vujtRL

Score

6^/10

Malware Config

Targets

- Target
  
  Engine/Binaries/ThirdParty/Steamworks/Steamv151/Win64/OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Engine/Binaries/ThirdParty/Steamworks/Steamv151/Win64/OnlineFix64.dll
- Size
  
  7.0MB
- MD5
  
  eddb8b18e993c39fa8c49aa4a707faf2
- SHA1
  
  ee88dbd3cb4bac69c71d5f28af1b25fbd91fa12f
- SHA256
  
  1a799640ab36616fbb8af9540ca24c16a9f3cdf1b1d6e7a119bd1b9ad6d31415
- SHA512
  
  43db2315327a0b55a678863cf42b79b7f675ce10830326789aed80c039631b8c5a9700ab0dcfda11793372871aa29fd8fceae675e97f2329903e57c42e9439fc
- SSDEEP
  
  196608:QRDytzGW6rn9INrVGH/DCFljDEKKrdx8CxeNKHl2:QOiJrn+NrVGbgD+rEC0NKM
Score

1^/10
behavioral3 behavioral4
- Target
  
  Engine/Binaries/ThirdParty/Steamworks/Steamv151/Win64/steam_api64.dll
- Size
  
  259KB
- MD5
  
  451139091038b93098bf2157d793f93c
- SHA1
  
  64ba3259d5fa23abafe0f1350d9b548934611e0b
- SHA256
  
  53b2c0758cfee6cd509a928a6595fed7e5a5005f1e6669d1bcf2dfaa745772bb
- SHA512
  
  16c74bd44ed100d3be2fd3def4e4bcbd61ceb2aff40f942c421e70d5e708e5d63115a000520e47a832e2b2e629ef7712976cfce5208b45322cbdc72299d76e00
- SSDEEP
  
  3072:WZz7iKHWadsCKUB6/KuBHlvdXGFcKLF65lhTbCNTnJvxfyN+ve2UhMBCcJx5gDst:+7i6ddsCKg6/KuBFFXyDyEBCchb
Score

1^/10
behavioral5 behavioral6
- Target
  
  Engine/Binaries/ThirdParty/Steamworks/Steamv151/Win64/steam_api64.of
- Size
  
  259KB
- MD5
  
  cbc8b390e065c29572494901b151989e
- SHA1
  
  238243867b2f2daf54ac0dd5f3b68f9d99f8abaf
- SHA256
  
  ca1fa9a7609ab10b7926400559cf073e5888423cc156af72c6027d72a89eea73
- SHA512
  
  e8deb190d9b00d9931f480754cd46b0fa16c4080bf12c25d024ee2c14e75e27a7ed9f9b357a456037c9123537910d5186b7361f359d44a25b175f55bfb9affa7
- SSDEEP
  
  3072:WZz7iKHWadsCKUB6/KuBHlvdXGFcKLF65lhTbCNTnJvxfyN+ve2UhMBCcJo5gDst:+7i6ddsCKg6/KuBFFXyDyEBCcUb
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8