816844a1881c79313919a53edef212781bc99e755212bf26880fea16aff0be92 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ScriptHookV_1.0.2944.0.zip
Size

1.5MB
Sample

230903-v3eqpabb9t
MD5

5fef3979b440047c4925b8aba7219f6c
SHA1

c23c2d6eee76720da66a68383bf6f7ab2cc295cc
SHA256

816844a1881c79313919a53edef212781bc99e755212bf26880fea16aff0be92
SHA512

5c893d7c8480d9227adc5a1ecd241adbde7405dd8585905d50f0f70db6a9e198b7b902aa6805d224b915f55f510529c7ed0494f7073806902470d6f7becdf927
SSDEEP

24576:GD2023LR6vcdwMzTyYRWzAjGQya1LyKZLgr80k/iEq2tCxSsaH9JKcJcbqLMLzE5:GZwc4zT5ABawKqr80gi5XaH95JcxLzE5

Score

7^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  ScriptHookV_1.0.2944.0.zip
- Size
  
  1.5MB
- MD5
  
  5fef3979b440047c4925b8aba7219f6c
- SHA1
  
  c23c2d6eee76720da66a68383bf6f7ab2cc295cc
- SHA256
  
  816844a1881c79313919a53edef212781bc99e755212bf26880fea16aff0be92
- SHA512
  
  5c893d7c8480d9227adc5a1ecd241adbde7405dd8585905d50f0f70db6a9e198b7b902aa6805d224b915f55f510529c7ed0494f7073806902470d6f7becdf927
- SSDEEP
  
  24576:GD2023LR6vcdwMzTyYRWzAjGQya1LyKZLgr80k/iEq2tCxSsaH9JKcJcbqLMLzE5:GZwc4zT5ABawKqr80gi5XaH95JcxLzE5
Score

5^/10
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  bin/NativeTrainer.asi
- Size
  
  211KB
- MD5
  
  e107b94ae23ec9a56bfa1faaf7118e85
- SHA1
  
  191d9a3a09ee0cfc0754226988c0373a5f074068
- SHA256
  
  f2302573ced45cdaaf190f332deeafd3f32e179d7e9102d939608a9ab774b3cf
- SHA512
  
  86720525ebfa76628a4540a0344de29cf7135ed89dc0c38665fcc2d9ea83c0a2b9341f7d8945e54083317e2dbbb120c68afeb4a7cbbe182db5711c3638d04e90
- SSDEEP
  
  3072:UPjp1DjzsOn9DTtDs5hmmFlPV1GuV1YTrsof+/3YFoYr6SXvfVd5u:UbbD/PFTK3mydcuDa40iYr6SXTo
Score

3^/10
behavioral3 behavioral4
- Target
  
  bin/ScriptHookV.dll
- Size
  
  1.7MB
- MD5
  
  82abd0ae5870bebc1e10a4e442dedeed
- SHA1
  
  15d810c36edf88875730e082602cee5c17932bd6
- SHA256
  
  9af84132bc79df0212f8a498256257b39a6fb0f8379850b449f6e022410f7b38
- SHA512
  
  3d8fc62939d4b42190d5b1f56081436d77d01b4aaab0843c4b3075dfe739603cc7e0e75721b4668269ce47509fed26533e144ebfc3e68cd0e9ba5db5557071ca
- SSDEEP
  
  49152:t83+5psHf6q+LdoVnZUM4KfeMuIArxxuuuuuuuuuuuuuzVe:x2Hivden8dAArxJ
Score

3^/10
behavioral5 behavioral6
- Target
  
  bin/dinput8.dll
- Size
  
  128KB
- MD5
  
  c9b973183908a6631b31ca29f863b4d1
- SHA1
  
  6b32c09f1404be8f9eb21e6c1b8955f4bf00e51d
- SHA256
  
  9fd9e02353b7d39fe07b9667f7ea2697229a7f2d0e7d389eb79eb212b1bb181d
- SHA512
  
  aa63cfba16d5c134b7478fc27b32e4b1e588f5910205e050d94b59a15f95d886ecaa4c2d494c7c3496b2bb8f386e7a540ec999190714b6e048c6bc07d1a43755
- SSDEEP
  
  3072:OBK5kXMCQ9hTn7TYgESRbApwUEfo9c+SJwVvjPIB:8K5kXMl5TYgXR02UWPrJAjPI
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral7 behavioral8
- Target
  
  readme.txt
- Size
  
  6KB
- MD5
  
  8a98f8466d155eaa2bd7c2fb3c947509
- SHA1
  
  6df01a810531237c35b32a0d888169d848698358
- SHA256
  
  1971b44216420cf354663fe3f0c0d48b569f34956f8a5a7af52a651bc1df1671
- SHA512
  
  b2a3d4f2974f8b97430274e2a2ce437c79cc5c272026a6bf273bea179cf9060b3bf8453e32c88b62ae0bb36b0fdcd808b254df5e48f88ed21d38eb9b573eee57
- SSDEEP
  
  96:hIKIPMQH9jO1uWy9DzQ9Yt/RmAAChLij1Z1D1lNR43ZNKnKn:hIeQH9K1ty9DuYtJBCLRLRcfau
Score

1^/10
behavioral10 behavioral9
- Target
  
  www.dev-c.com.url
- Size
  
  42B
- MD5
  
  6d1062a38a2c835b32bb73df4af90fc0
- SHA1
  
  6283703aed023c2a67ca5caa524f352885d0f3f9
- SHA256
  
  8250e69c27be10f67c387b69208c4df4aa7823c487a58abffb18a47c02e5ac58
- SHA512
  
  ae3f4280cc87311f367a9ecfb355024d242de0ed1f4dd0733580d9b3e8d802888b2fa2e7ad867ba9ab398eaeab4bdb8e3bfcb245130470d5f80981c5e796460a
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12