22d8317c3cac8c136b2cdb342436eb015f26980d03ce0ae83c0f4e3d12931252 | Triage

Resubmissions

20/09/2023, 21:31

230920-1djw1aag5s 7

20/09/2023, 20:40

230920-zfw4nsae5z 9

20/09/2023, 20:34

230920-zcwzhaae5w 7

20/09/2023, 20:30

230920-zalqraae4v 7

Sharing

General

Target

SetupGame.exe
Size

70.5MB
Sample

230920-zcwzhaae5w
MD5

cdda753d4ee7389d4eb476c800e66627
SHA1

5d91a248f7b92b6bf4c487db1237cf1e9bc7d37c
SHA256

22d8317c3cac8c136b2cdb342436eb015f26980d03ce0ae83c0f4e3d12931252
SHA512

7d74061bb644a8cafd4e47890aee2fc7f672bab35dd46dc749419602d6bddf94f221a11f3d13eb98b7c8a6040ee3da48bb7e0316e0d44efa2efb0b2712727376
SSDEEP

1572864:c4/4rzOchPNs2bimZRHTdqqhjdjb9KYOprfnXQXTKeNivFCk00207:XkqcdNF2mZVkWBbUYOprPXQuZtCsR7

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  SetupGame.exe
- Size
  
  70.5MB
- MD5
  
  cdda753d4ee7389d4eb476c800e66627
- SHA1
  
  5d91a248f7b92b6bf4c487db1237cf1e9bc7d37c
- SHA256
  
  22d8317c3cac8c136b2cdb342436eb015f26980d03ce0ae83c0f4e3d12931252
- SHA512
  
  7d74061bb644a8cafd4e47890aee2fc7f672bab35dd46dc749419602d6bddf94f221a11f3d13eb98b7c8a6040ee3da48bb7e0316e0d44efa2efb0b2712727376
- SSDEEP
  
  1572864:c4/4rzOchPNs2bimZRHTdqqhjdjb9KYOprfnXQXTKeNivFCk00207:XkqcdNF2mZVkWBbUYOprPXQuZtCsR7
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencespywarestealer