005f07797d5948b5d327bb60261fba73dba8ed19f5288dc570d8226ef97b463a

Sharing

Copy URL

Twitter E-mail

General

Target

Geometry Dash.rar
Size

188.2MB
Sample

231124-q2cgqabf33
MD5

0d68068682ab0b9d12895c902c7a6c8e
SHA1

968d27052cdcd16b2d1b32de814b28a5bcfb11fc
SHA256

005f07797d5948b5d327bb60261fba73dba8ed19f5288dc570d8226ef97b463a
SHA512

bfb414d09c43df5d8ccd039206f8ec591c87d5f8b5f80c70d62edccd489ce68dba203d4f443055bed99f28a80e4ffc30d85f2ca8c556c7bf4811b506cf2a8c6c
SSDEEP

3145728:I0oAy36KhBUPXjZM1m4GAZptzodWDBjjUC2Uqq8YwGKvatO8XMYcaK72baibw6vK:A3nnU/yGOlkChjUC2JJYn08XXca42Gn

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  Geometry Dash/GeometryDash.exe
- Size
  
  6.5MB
- MD5
  
  f7eaf3d6e142e5133ad74368e67c8450
- SHA1
  
  d93a40aacd63226f754f3a0898b82a28298d79f4
- SHA256
  
  57a27ed946f1d7cc08bf632f5df3dc877c748b1cc06515619cf4a713c628fa3c
- SHA512
  
  3c47b26e41d43646fb20b9b2b9b08aeb31497754f603cdf037db375ce6a6f5762d3a29f7022622dd7204ea37560bcdde6ede6add5e7f3b1f8bda236da9a7dac9
- SSDEEP
  
  98304:hTuDNeoQyVe2BVBdJlRtZ1h9QVxfS+VxfSgrw:oeWYLfLZw
Score

3^/10
behavioral1
- Target
  
  Geometry Dash/Resources/xStep.mp3
- Size
  
  1.3MB
- MD5
  
  57390e094c37599a790095af692cc039
- SHA1
  
  3d08f483e1a43f029164eb06d89693446f314f48
- SHA256
  
  9164bf3594a2b0d2ce80e80927bab95d8cbc2e80f5a0198112c178957b0a1621
- SHA512
  
  54ee65cb2965c89c54b85358e0769bd0d361f804a7c29183d11d89e6fffe2374016b68affcf7928f76e2c28c506103f6047f09883537607476c0b47062a07fd8
- SSDEEP
  
  24576:C/QH9dD0uc1tKjUvoCcHvtui+CWoIADt4BqgepaI+lUlAOhYfe4gyAKNOR7rFUGM:C/M5ueUvodHvtuYWDAmBFeP+lIhYfvgY
Score

1^/10
behavioral2
- Target
  
  Geometry Dash/_CommonRedist/vcredist/2010/vcredist_x64.exe
- Size
  
  9.8MB
- MD5
  
  c9d9eebccef20d637f193490cec05e79
- SHA1
  
  15d032d669078aa6f0f7fd1cbf4115a070bd034d
- SHA256
  
  cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223
- SHA512
  
  24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6
- SSDEEP
  
  196608:n9A3D5MBD0vwqMKgL29M2JWMWiKV/nPlnqIaAAVINqsAsbPnpCxmz7dU8:23D5MBwZMd0b4oSQ7VSrAs1gEdU8
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral3
- Target
  
  Geometry Dash/_CommonRedist/vcredist/2010/vcredist_x86.exe
- Size
  
  8.6MB
- MD5
  
  1801436936e64598bab5b87b37dc7f87
- SHA1
  
  28c54491be70c38c97849c3d8cfbfdd0d3c515cb
- SHA256
  
  67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d
- SHA512
  
  0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c
- SSDEEP
  
  196608:e9A3DAnfudQZKuNK0kMp2Wxw2tr3aA5Jegn9kaK6Hj0aaNz9ZBJ7C:t3DAnGKZKuNK0SvAn9kaK6gaaNRZbC
Score

7^/10
- Executes dropped EXE
behavioral4
- Target
  
  Geometry Dash/_CommonRedist/vcredist/2013/vcredist_x64.exe
- Size
  
  6.9MB
- MD5
  
  96b61b8e069832e6b809f24ea74567ba
- SHA1
  
  8bf41ba9eef02d30635a10433817dbb6886da5a2
- SHA256
  
  e554425243e3e8ca1cd5fe550db41e6fa58a007c74fad400274b128452f38fb8
- SHA512
  
  3a55dce14bbd455808bd939a5008b67c9c7111cab61b1339528308022e587726954f8c55a597c6974dc543964bdb6532fe433556fbeeaf9f8cb4d95f2bbffc12
- SSDEEP
  
  196608:19OaQ54oYY7jLwXjZ41OON2uk3bQWgtyccMEL:Gz5x7jLXkmkU4cFe
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral5
- Target
  
  Geometry Dash/_CommonRedist/vcredist/2013/vcredist_x86.exe
- Size
  
  6.2MB
- MD5
  
  0fc525b6b7b96a87523daa7a0013c69d
- SHA1
  
  df7f0a73bfa077e483e51bfb97f5e2eceedfb6a3
- SHA256
  
  a22895e55b26202eae166838edbe2ea6aad00d7ea600c11f8a31ede5cbce2048
- SHA512
  
  729251371ed208898430040fe48cabd286a5671bd7f472a30e9021b68f73b2d49d85a0879920232426b139520f7e21321ba92646985216bf2f733c64e014a71d
- SSDEEP
  
  98304:hQEKzHx15bWUuBrNatjJh2eNUrzKRL/RaIswn7aBOC5qZxVqFb2iExMc7FvxwGvf:WRDnuBotjJh2emr8L/YIsG7MOgqHG64
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral6
- Target
  
  Geometry Dash/fmod.dll
- Size
  
  1.4MB
- MD5
  
  9a9fc4fea3bdd3f3fa09b0aa43dfee07
- SHA1
  
  b2c3e267ac33a50c3c5b69208ca1fb76cb4fd658
- SHA256
  
  9cefee362589ed05b571ad3b61a2b37c8bf593be0a6a560638c2b79986776368
- SHA512
  
  53c56cc01e03f74d82b3acc4afb91044df10058643ba179d50a9b8b86f9f49770ff7eb8f804d42fb94096f7fa16a40ca7c3144103451cb1059a2156b3007a732
- SSDEEP
  
  24576:QUumAPpnkv2jg91qDQXIq6paXK2oGCV0y8KZFpVMS6Xcyjj:QUuHyT91qU+pmKZjwKLmLj
Score

1^/10
behavioral7
- Target
  
  Geometry Dash/glew32.dll
- Size
  
  324KB
- MD5
  
  7399bc6fcbcfe81b6437d37d45d27e00
- SHA1
  
  254ac4f5e56cd5ce14d31f824de7949b09597c78
- SHA256
  
  1ea8aedc46418e08aeabcb91c16fb4a0ab669924dd0a6071d143f13cd932a022
- SHA512
  
  bfffdd518b1a7a4890762e38861db465e187dc197aa6b02f2644ac798e0e03e6f6b2543e24e92e3a16a82ee3d9f795ff12845caf174b2d1b5f6800d7ae1941ea
- SSDEEP
  
  6144:GzLQ5Ht2YVVlGSAkApyg8YifaTzaOAz7Du:6Q5HkUVzH
Score

3^/10
behavioral8
- Target
  
  Geometry Dash/iconv.dll
- Size
  
  868KB
- MD5
  
  73af5773bf5627fe771bf6809ec839f9
- SHA1
  
  69d9597991dd0d1c6b478174aaa85b0e8175d0a7
- SHA256
  
  6cd69191469bf13f0cea70837bac9b1e7871c116f5f6f18bef5a6a9575c020c9
- SHA512
  
  64b631454d1d16709ae96cca95e8e3dd6049841c53ef6c4643b1a5b28a32fe6bfacb86337e93b5f9f2abf43d0233b094646b8065d3c1fafeaab7c3d6e371b864
- SSDEEP
  
  24576:Vf2VfWlcKu6Gavkg3NydIbbbI4IBAUZLY:ZuscKu6GaXUT4IBAUZLY
Score

3^/10
behavioral9
- Target
  
  Geometry Dash/libExtensions.dll
- Size
  
  280KB
- MD5
  
  8721e2bbc21422b7f57cacfca8dd8520
- SHA1
  
  617bad17977389a6571e13939b7bbb34d716bed7
- SHA256
  
  e74fcb658ca38bf123e64cbcf663edb257ab63d73f29164b706d33b68d511ae1
- SHA512
  
  8f08e8e42b73562596c83e9afe02b4f305ee35f46981897f44147811c4d91ecfb1795a5f69883a756ff8c6febedd7ae5efff5a11c7c503403cad5c5d1b36675a
- SSDEEP
  
  6144:DjjeDzyKCMijQaErrHr5CE7D7gcGRCYG6Ls5QQMe2:SDzyBjZMHr5CE7DPgLs
Score

3^/10
behavioral10
- Target
  
  Geometry Dash/libcocos2d.dll
- Size
  
  1.7MB
- MD5
  
  23bc4ba05ec439715c14689f9c75c5d6
- SHA1
  
  7292f5dc31218ce023dbd9bd7c2289ae96190c52
- SHA256
  
  ad6324886b2a16bfad2887539349213374051d85945e40934c9a54ec7962afe5
- SHA512
  
  cf6f9dd27293921c711e5e57927643e7e6e2ad5f35556db5f15d3802d2b02224a5190c8006b10d9d89895a1f4a971a6af54e383885288d3969394f52ca31871b
- SSDEEP
  
  24576:5TtLEJxHemGJY5l4ZazpD+gWfTe6AcAf9yw0UbSkSg+QYO+UZEvN:5Tt4oi1CW9yw4Bg+QYOP
Score

3^/10
behavioral11
- Target
  
  Geometry Dash/libcurl.dll
- Size
  
  1.1MB
- MD5
  
  a629bf05e48171a7152b15c479727da3
- SHA1
  
  b39c487c3a8ece83ef8bdecd2e37537c6617f9e6
- SHA256
  
  db4e84c77b41bd0e40e3b29db518faa44d4a40df802299befc21f87c16ec1124
- SHA512
  
  13596fc1f5be8de92177e7ee5e09a37e7f829ebc36678ff5233b627b7f798307270c69c9dec05407c1d758ff421484b66261a9e2c3abde7cf24fb0b5b15774b9
- SSDEEP
  
  24576:LX/2J+LaOzIx2uPOAr1faOn4fv7oonBUzPnAbcmTEp/y9qQ1II:KmaO8DOwfwf+PucmTEp/8f1II
Score

3^/10
behavioral12
- Target
  
  Geometry Dash/libtiff.dll
- Size
  
  513KB
- MD5
  
  c741db91cddb32c0ccd1fab980b1a5a4
- SHA1
  
  08f624cff407b25c6ecca087f763bd02e69231bb
- SHA256
  
  2d7b7f76089829aac2fa043d712e3a908563bf77f4e7da6e82d86bb0467a9feb
- SHA512
  
  7f92e7cdc0feb16ca42eb9f588a92a481b402ef00c0e02b8236f8925bd828507a4e6c1b576d9639184a15322107d0d3810817d1529ebf6f94ff18ea070c67e76
- SSDEEP
  
  6144:SymBVjFxF2nv2aY+NUXgJWnjUz2XyGK77f4NJrzNfQv3vCJYiY2IGEBg6CD:cBVp2Y+W1jUzWY7f4X7JYiZH
Score

1^/10
behavioral13
- Target
  
  Geometry Dash/msvcp100.dll
- Size
  
  411KB
- MD5
  
  e3c817f7fe44cc870ecdbcbc3ea36132
- SHA1
  
  2ada702a0c143a7ae39b7de16a4b5cc994d2548b
- SHA256
  
  d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
- SHA512
  
  4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
- SSDEEP
  
  12288:zNb8zxr1aWPaHX7dGP57rhUgiW6QR7t5qv3Ooc8UHkC2ejGH:zNb8Fpa6aHX7dGP5Kv3Ooc8UHkC2eKH
Score

3^/10
behavioral14
- Target
  
  Geometry Dash/msvcp120.dll
- Size
  
  444KB
- MD5
  
  fd5cabbe52272bd76007b68186ebaf00
- SHA1
  
  efd1e306c1092c17f6944cc6bf9a1bfad4d14613
- SHA256
  
  87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
- SHA512
  
  1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5
- SSDEEP
  
  12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
Score

3^/10
behavioral15
- Target
  
  Geometry Dash/msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10
behavioral16
- Target
  
  Geometry Dash/msvcr120.dll
- Size
  
  948KB
- MD5
  
  034ccadc1c073e4216e9466b720f9849
- SHA1
  
  f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
- SHA256
  
  86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
- SHA512
  
  5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
- SSDEEP
  
  12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
Score

3^/10
behavioral17
- Target
  
  Geometry Dash/pthreadVCE2.dll
- Size
  
  76KB
- MD5
  
  ae4ae0ef65becf8684db223ceecbfba7
- SHA1
  
  1826006ee9ca5090eacfdca63bcc370e2be701e6
- SHA256
  
  27a8bd5814bf5e67858856f5090952e558c6e03fbebcbd66f7d8eb8fda2b369c
- SHA512
  
  880b38c69a38c02923988ccafba630e8a5a12ec885d713fc863f69174b475e408427fb68acdf6a3415a3bbd6cb80a1eb81eb752b18ef03a4590cdb36c9f52e3e
- SSDEEP
  
  768:o6J0QrqcRpxKyCqr/vb4ssGE9lICiH3Yays/:zJZxbf3stiH3Yays/
Score

1^/10
behavioral18
- Target
  
  Geometry Dash/sdkencryptedappticket.dll
- Size
  
  558KB
- MD5
  
  e1b5265b323b0a92baaec24bfaedfcf7
- SHA1
  
  04e5b9dbc4697b215d7fdcdb742a5d208d175e53
- SHA256
  
  361001272651c6c262e5bc95c323adc398f4bbc4333c1a578a55d5c39a0e5302
- SHA512
  
  257fe355ed1ca0cdaa9583ce1760c660b32f3b17147142e1fa3a0ef5313958ff741043d2a3667f92d71160c09c51da8960f8a15475d6e0042790b584bbb61647
- SSDEEP
  
  12288:DZ6VT5dCFQvtWt2wxad6utBpKO9bdUWHbCzd2Nc1zwtnJI/0:16VFZtoO9GWHOxyc1zunm/0
Score

1^/10
behavioral19
- Target
  
  Geometry Dash/sqlite3.dll
- Size
  
  527KB
- MD5
  
  0ec32327447976d439358bc1db47cd31
- SHA1
  
  516e8df1b4cf92475b07131637b1f93cca27f077
- SHA256
  
  34057639b01413314a1b67c56c5d81e2aaa965f4eef1b9e11f2aa2261a628a0b
- SHA512
  
  448a81db8aebfd1907b039b14327948ae675683c704a86d8a9f38e2a2a91dcde7c99b6be04d97877bbc8d9405392b96e4e580d90a910243d9904943334a3ff6f
- SSDEEP
  
  12288:ZKyZVQn8QoxwgBFn32Q7bomYRJMdwm5HE8V:ZzcQHb2o4fB
Score

3^/10
behavioral20
- Target
  
  Geometry Dash/steam_api.dll
- Size
  
  251KB
- MD5
  
  23767288e6a003aaaa54355cbe108da8
- SHA1
  
  c7f21dc71491fe661c698f5c561405c0e3f423c1
- SHA256
  
  209135c082a8ef8323479384e97d769d9b2d98f727bbb34a7806ce150b750c89
- SHA512
  
  a870b2f99da48ad07f9b36d6730d74af5f285af12e21a24d61e6e3023d5917920bd343fe295b7374a2065bf9c09b6f1cbb03fbcf05206f4bd0544b5f0eb0e147
- SSDEEP
  
  6144:3arGRDMhiFh18vUThy7g0F6vrlOcHvlwupy4RFsKQ97XtDQies3R:fDMwhRThy7g0F6vr4Klpd1QpuOh
Score

1^/10
behavioral21
- Target
  
  Geometry Dash/websockets.dll
- Size
  
  75KB
- MD5
  
  e1db6e022098c0caec94c22cb81def3c
- SHA1
  
  ddfe57fe157446348706644b6908602bb02e401d
- SHA256
  
  528624dda7a00149c976268e1350cb884d825ed02afe52415299f55c65b7d346
- SHA512
  
  21dbcc0082eb1119804efe3162089ccdbce7a60ea6082046a08a8acc6a32e29030a3314ba35625d6ad7d20f6e79bf033b7271e3865731842714fa6dac6d0bce9
- SSDEEP
  
  1536:T8lzDqHQ7ZwUOfYZtZU5CYgEqRF09TQCIOBnToIfRAQhDx:T8lgqZwsPfKTQgpTBfRAQh
Score

3^/10
behavioral22
- Target
  
  Geometry Dash/zlib1.dll
- Size
  
  76KB
- MD5
  
  72e87ad407bb28f5b471c3396296b377
- SHA1
  
  15cd01170ff8d8531fb16f4f7a1c5fbe810a1057
- SHA256
  
  91ec6085e862e1eedc254bf88efecd4fa67f486216ab3b1473915d15462e71bb
- SHA512
  
  1569939514c0e30e2fbf7d81586ada53931ac36b11f306b95b5e0741c6b32c45d88d33271223c99cd4fbd585f0675d5188557e5dfe6901f9fbb2e3e8ec98a698
- SSDEEP
  
  768:bw6vENCUvhLcSCE/StC0KuFLRO5ZikoHBc1m7s4wixE+XwVY/nToIf18IOsIOIiy:bDvENBhA+WjPLAVY/nToIfCIOsIOIip
Score

3^/10
behavioral23

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23