8c8a1a0afaa57227b2aaeb8d58a458e091695eac98ff257e4b2a993db17375ae | Triage

Sharing

General

Target

RodeMixer_Setup_beta.rar
Size

61.5MB
Sample

230921-tt757shc5x
MD5

f522127ff81ea8f0986d23cd9646d953
SHA1

3f27e1d6a14602514e1bac02b46cc28e843c94a4
SHA256

8c8a1a0afaa57227b2aaeb8d58a458e091695eac98ff257e4b2a993db17375ae
SHA512

da73c835cfa563fee70fef1482ebf033abcbf7c373564b2bd6390a347999b3629ba95ac43313ae99c9817ff346a34295d0cd942b61138ac407ce5f92ba43483c
SSDEEP

1572864:yahafZRTWriZDTZ1eAKZORd3m8KVAgepM3tknt:1haf7TWepDXKZORw8aNepM9knt

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  RodeMixer_Setup_beta/MicStereo.dll
- Size
  
  17B
- MD5
  
  9dc472aa3442975a2a9fbaa62e2404ce
- SHA1
  
  a63f68bbfc34f283bc1ae7412c331ee0931f851a
- SHA256
  
  1ef20565c64d6abc3975b445e518d12154a816a92c4ab19572fc12aed44e13aa
- SHA512
  
  390270466cb3d977cdc9af42745c9d42bca899383d0fd3ef752b7e91522c37d390c57d96785f4c0fac16a3e594b840a2282432226b8388e1e0bd301750caad74
Score

1^/10
behavioral1 behavioral2
- Target
  
  RodeMixer_Setup_beta/RodeMixer_Setup_beta.exe
- Size
  
  61.5MB
- MD5
  
  eb07f7a0d188b8b22de39817e22d42fb
- SHA1
  
  82781f8a1f2603a80ecef574eb9f5e6163123f7c
- SHA256
  
  53eabcfcece8c9c613772f7d63b2f53e1369b3f2966b90353257582f82e1c51c
- SHA512
  
  2ab4474bb877ef23673dc4721d8561663347f8581c8123e137e35c79a94cd01ef6c80df106cc03dfca184fb2aa3079df1b9d3a242496c64f9132b02cdfbcafa4
- SSDEEP
  
  1572864:Km6boN7hHC5CDkYDO37J4JPnMOKwZ4ryOp0DWDcSza:Z6b4dHC5ilC3fwZiy3sa
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  RodeMixer_Setup_beta/audio_filter/libscaletempo_plugin.dll
- Size
  
  32KB
- MD5
  
  79a0de5930046e2c66e73f34a3515e7f
- SHA1
  
  de6065163343ee5821eba90879d8fd5e323e3a52
- SHA256
  
  118747bbfeed2f8ea214ea144b458bc086094023e6bbc1b6dc1a882716bdae2a
- SHA512
  
  1ee8e9a98f9cb6c636e3fc763bc155b8202235f9038e1f7f3032f8b1ff91435476341f13626b81db68895187933043b248173178e995002f8e4294e3cf4947d6
- SSDEEP
  
  384:q6xNE8brweJ7ohcuabYogxgmamlheh4bVhthKZsHLAQYMhKZsHLsKfhS/:NK8HVwcN+RDlhhP7Z/hO
Score

1^/10
behavioral5 behavioral6
- Target
  
  RodeMixer_Setup_beta/audio_mixer/libfloat_mixer_plugin.dll
- Size
  
  27KB
- MD5
  
  907c7b9662ed57cb17980c9bddc3ab11
- SHA1
  
  441627fd9edc27c72cc4a298f7846f40d3d3f90c
- SHA256
  
  34f59bc5d6c64721d6c4bb0b4bc53c414659c13b36cecf98ff90249d4d29cceb
- SHA512
  
  0abcc146c00904cf2ec11f2d3b7df2ca7e086b9fb2e4bd86505da9ab0225bbdb1905edb0ab851b734f28e14824e7c4bae5a8ac3a5040682e0d400774b40cf242
- SSDEEP
  
  384:oJeO0Xaz5LVCFpJoFmghthKZsHL0MhehKZsHLcj/hn2S:eeXKzJVC5tghPu8hn
Score

3^/10
behavioral7 behavioral8
- Target
  
  RodeMixer_Setup_beta/rodeOutput3.dll
- Size
  
  192KB
- MD5
  
  52c43baddd43be63fbfb398722f3b01d
- SHA1
  
  be1b1064fdda4dde4b72ef523b8e02c050ccd820
- SHA256
  
  8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
- SHA512
  
  04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28
- SSDEEP
  
  3072:5dv7LPsQZTaBdJAnX0x8YJqZ/2NTBf4+oGlM0W7Ubof:53VaBdmX0x8YJqZ/2NTBQ+Y
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10