Overview

overview

7

Static

static

3

PH2FI.rar

windows7-x64

3

PH2FI.rar

windows10-2004-x64

7

PH2FI/Desc...og.url

windows7-x64

PH2FI/Desc...og.url

windows10-2004-x64

1

PH2FI/Perf...og.url

windows7-x64

1

PH2FI/Perf...og.url

windows10-2004-x64

1

PH2FI/Perf...lp.dll

windows7-x64

1

PH2FI/Perf...lp.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...in.dll

windows7-x64

1

PH2FI/Perf...in.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...pi.dll

windows7-x64

1

PH2FI/Perf...pi.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

PH2FI/Perf...64.dll

windows7-x64

1

PH2FI/Perf...64.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PH2FI.rar

  • Size

    742.6MB

  • Sample

    231224-zzy3dadgbn

  • MD5

    0ae13c0171946a48d9eeb32a06355920

  • SHA1

    14e414bdf436298974bc8d105111b1a34f624e44

  • SHA256

    db00da559606d4ece28dc52e7b38de74ad02ebb36b055ab6ddad293d298c00e6

  • SHA512

    54d6bceec54a175c2e434b3b320d0d850b34355c41c3f0439cdeafc4ef21766a11d64ea57fbb7cb6f2209a18a08edc3e6db84a3d8658b99e17bd4a316beb3fc8

  • SSDEEP

    12582912:UW+/ZEGZXOyggBL2z3sq6OrhInXn1E2gvKD07wNktlyd4z15MyHkhwCX8dcH+s2C:C7RCHCE2gvK4UGis5vIwCX6zTBxS

Score
7/10

Malware Config

Targets

    • Target

      PH2FI.rar

    • Size

      742.6MB

    • MD5

      0ae13c0171946a48d9eeb32a06355920

    • SHA1

      14e414bdf436298974bc8d105111b1a34f624e44

    • SHA256

      db00da559606d4ece28dc52e7b38de74ad02ebb36b055ab6ddad293d298c00e6

    • SHA512

      54d6bceec54a175c2e434b3b320d0d850b34355c41c3f0439cdeafc4ef21766a11d64ea57fbb7cb6f2209a18a08edc3e6db84a3d8658b99e17bd4a316beb3fc8

    • SSDEEP

      12582912:UW+/ZEGZXOyggBL2z3sq6OrhInXn1E2gvKD07wNktlyd4z15MyHkhwCX8dcH+s2C:C7RCHCE2gvK4UGis5vIwCX6zTBxS

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      PH2FI/Descarga JUEGOS GRATIS - PiviGames.blog.url

    • Size

      113B

    • MD5

      438433a51e67896ebdb909226217830a

    • SHA1

      867df7e8d986eadbab203b98b2c0dec77a833df1

    • SHA256

      96a001f21ba2aa780ca1b0aad681724e5554d9275dc6888188c405ef70b382db

    • SHA512

      d2cff74b3513ca9105af44c49c66dfaaa7793a8720c136a1bc7e595a3d1f17c70269c3d20ca139e899d4aa3af8c8c8b498a39a8cfa24eeb6b92130bfe47ab697

    Score
    1/10
    behavioral3behavioral4

    • Target

      PH2FI/Perfect Heist 2/Descarga JUEGOS GRATIS - PiviGames.blog.url

    • Size

      113B

    • MD5

      438433a51e67896ebdb909226217830a

    • SHA1

      867df7e8d986eadbab203b98b2c0dec77a833df1

    • SHA256

      96a001f21ba2aa780ca1b0aad681724e5554d9275dc6888188c405ef70b382db

    • SHA512

      d2cff74b3513ca9105af44c49c66dfaaa7793a8720c136a1bc7e595a3d1f17c70269c3d20ca139e899d4aa3af8c8c8b498a39a8cfa24eeb6b92130bfe47ab697

    Score
    1/10
    behavioral5behavioral6

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/DbgHelp/dbghelp.dll

    • Size

      1.3MB

    • MD5

      15ee5c7404fa5b6de0eb0c042474d3bf

    • SHA1

      ec3a7fd5861447d615968c51e507cd376a48bd6b

    • SHA256

      159b30d9f1bbe69ae03e0d19669d4fcb565246d81672b7034a69cef9f466dcbe

    • SHA512

      eaa2004d5c243597705baf53140b3944fa9d79f719bdef09e5226f44f740180e2cd41a55a6745b16931c84a8b96b81da85eb372cf39acd34cecb9e373d422aa6

    • SSDEEP

      24576:/HwbKof5HWhFJt0fTGHf01BWgXkqy5xFxmLM6dh7GQlfKd:vRu2hFJteiFdqqVAS

    Score
    1/10
    behavioral7behavioral8

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/NVIDIA/NVaftermath/Win64/GFSDK_Aftermath_Lib.x64.dll

    • Size

      115KB

    • MD5

      efd88ddde0324de8d9a2d0460b4e731e

    • SHA1

      26fc0fa7d47ac99c99465a7a5176b3de49bb14d9

    • SHA256

      41e6d6e6b691b8aca94aa35bf04e7a204f02ec843e192cc4d28f421ec517934a

    • SHA512

      83e7e817d122e90daa24db80aa0e6179a661f215c71ef71fd7c1b9e378b6b68e957b74cdf71471ac8a8491002bba762fef3fcd09873bdff4b917339638b12002

    • SSDEEP

      3072:vL1w8yONQj23ta735JRF/CV8m4q1aj8tPlUgQk2VhLxhwxMaYMp:qBj23AT/R1E

    Score
    1/10
    behavioral10behavioral9

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/Oculus/OVRPlugin/OVRPlugin/Win64/OVRPlugin.dll

    • Size

      2.4MB

    • MD5

      833f07a39ff702bb627b4eae5244302a

    • SHA1

      cdafbe449a188953369718d552892335185905c1

    • SHA256

      bae67fbb1c47c74d3142460cac28dead2f6ae619b4c512b5ee267a96b8b7f2d7

    • SHA512

      eac70821cf09d72db6942f2f254d9b3a9616b6c467ad1d71d33fcf12e8782a9cf6fcac7aa1664200dc2fdc9791c3e23105fa5f132b1e021bdcd80024027ef8c5

    • SSDEEP

      49152:cFRt8MUmwVxqfIqs4b4g5yRXBwEk4iwVTDB3zcUDF1tK9sn:ypAxGcq9sn

    Score
    1/10
    behavioral11behavioral12

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/Ogg/Win64/VS2015/libogg_64.dll

    • Size

      48KB

    • MD5

      cd1f16736ccc5dd8c8ce8525957f4cfb

    • SHA1

      654144e0ddedc26b0b3be8e6562784abad1b471f

    • SHA256

      284a6e70a6dce01f8a02d93e1bb78baf0efb6140459c587d8986d59fb6bd675b

    • SHA512

      357df96397e21662194a30ce7f5d53cc202fcc464e1c06312eb12031c5683305638b7e674e5b4b758e142facb00963a53c419c430ea2b419b62f97c14b4812af

    • SSDEEP

      384:GRKN7KRked7VWjLmPnUunFqphqaNQL2PnQftfKNRvrzAcojOYPu:dkSQyQUuFq19HAhjXu

    Score
    1/10
    behavioral13behavioral14

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/OpenVR/OpenVRv1_5_17/Win64/openvr_api.dll

    • Size

      583KB

    • MD5

      9834f26b57de754808ae3d78a649323d

    • SHA1

      339510ad8c488148681179607e99990c4a4633bb

    • SHA256

      6c5e18a3c12ddb9618c1edb36cd4834115735c1f3096bd4cb2022c3593af28b8

    • SHA512

      601a93497d8bca26653c74e208539063782fc0517f718c3721604577be2106fa9cbc24b5868bb8d6a32457c1014863f398d27a74dd48fb5a870f6caa617824fd

    • SSDEEP

      12288:Dd2NkqFa9Nr0Kyvf+VwBv+aiawlM1lonxPgW:Dbq09tFAfv5L3APgW

    Score
    1/10
    behavioral15behavioral16

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/PhysX3/Win64/VS2015/APEX_ClothingPROFILE_x64.dll

    • Size

      1.5MB

    • MD5

      7d2d6b47f3487173625cc12db29ae10d

    • SHA1

      337441dabf497245437e627717dabd7352c42077

    • SHA256

      6d0bf48f8e20b2876a0924fe23128fed4bfbe7c6263d0b98ede45bedd7486b41

    • SHA512

      7326487e562dcf3b87476a7d3ba22f3e84206e9c5424a673ddcec8f57e20ca516ad719daeab4a6d842a399b1d198e948cbce0d04692d35c53eec9ae062f5ddfe

    • SSDEEP

      12288:0gaLSU6eOeU2OgjfEUVtRo/hKlnkWXyBV4BjNcMFHKM8thwJyt8DbUm9CJTxArdd:iLSU6eiVstR61sy59pthwJfDbUmAm

    Score
    1/10
    behavioral17behavioral18

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/PhysX3/Win64/VS2015/APEX_Clothing_x64.dll

    • Size

      1.2MB

    • MD5

      0b61bd104d431055b1ea5d5a7b608ab9

    • SHA1

      4c5f8cea43222cee0ed49d26b7b213dba4fe52d8

    • SHA256

      12e2803bca4a46990b6a00d2cb0869931181d82942e3a7853afb4ff795def072

    • SHA512

      b395c8801bcb13962290364cb78c9e68509f71012775bc7f26fcb9e7204fe40daa93f664f188ad423be592337e8fedf4be19e4a2575c2e09fe9454b0923f8e8f

    • SSDEEP

      12288:YafheRojeXDHoZuwkGdcnKxXgWb18j1g+h8RjjQzH9FP/SwcIr7WxAvqj:YaJ8ojuIZuwkGGvuFRA79FP/UIr7wAv

    Score
    1/10
    behavioral19behavioral20

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/PhysX3/Win64/VS2015/APEX_DestructiblePROFILE_x64.dll

    • Size

      2.6MB

    • MD5

      8419c1501249a25c3aeb3716cca6beda

    • SHA1

      90e584f0f96b5b6c35925f5147f6dde58b33b3bf

    • SHA256

      14bb120a3238300b1ddbf420e298058cf2e95aaa4f657c7d61f4c415ed80720d

    • SHA512

      346a6d1502c0645decb17c73d16ad9902a4ac3b9b8919d00461266fc4de40cea1e9a37c1cb1b4a8792773c568f0885ee50203fa14abcb0948981ce0ed8d63195

    • SSDEEP

      24576:yLf+PvtbdVniOFDRTBPEsL84lih+U5pztpXITNsSKqOV5X/rI7LK4c4OC3h:e2PvtbiOD1B/ioU5pzD45QI7G8O

    Score
    1/10
    behavioral21behavioral22

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/PhysX3/Win64/VS2015/APEX_Destructible_x64.dll

    • Size

      1.9MB

    • MD5

      d84c18ddc627241e579d940d8cac8c8b

    • SHA1

      97d22c4e7bed5f5b9c9587c2edbd4a4ad2311cf5

    • SHA256

      82b315e6d6af95914c406285d197319d9243fb664e6f45dcb21a9f2f5e43192b

    • SHA512

      0d25476a7df0fe38e8ceab2d64bf521ec3f8d7293064c708dac38f9c94c9a0023cf69d2e9db15ae3b68ad9466784528df49eeb0f44810d7ce9d82257d85da7a6

    • SSDEEP

      49152:UWUzqtDbdK/m3OHdYW37iwW63pCAlptXXk:wffPB

    Score
    1/10
    behavioral23behavioral24

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/PhysX3/Win64/VS2015/APEX_LegacyPROFILE_x64.dll

    • Size

      4.0MB

    • MD5

      926a412e2cbf5fcee64ba9e118f96812

    • SHA1

      5ebb9e52cb67af81d9e8df9469a1fce001d0ebf1

    • SHA256

      9841fd409a788d0a8cb38c8e5ce06a5b7192d43a465ccbe0a6714fccdde67b79

    • SHA512

      24f48ddc08fedf55d0dcc3a1d2066b92688f152d02543d02a1743f4b650086f6a7eef44f6bb10d8d65a2ef50ca32964e7d3224bf021fbc4afe2d8a89ff40fb8b

    • SSDEEP

      49152:Z4kmjxLvaJcVcD/JmB+Z4QYogHqXZIe2ZV:alCyVSHJukIe2ZV

    Score
    1/10
    behavioral25behavioral26

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/PhysX3/Win64/VS2015/APEX_Legacy_x64.dll

    • Size

      3.2MB

    • MD5

      f958454319b2757aba7adc295fea89cd

    • SHA1

      9a0561d5c208847441b0e6e4199977fb70ac5f90

    • SHA256

      58ac9873ad9f1a4b6c7e607a86980fe00d992ec08138c16a5021b4890ef25b1c

    • SHA512

      ee86a9b65b911f3a4aa3b4b25b932ccac8f82474b2220217b0c5fb2a313dc7772e24d87f9abad94cb4ef65c972c6de69c28bec05686fdc7abadc3409c6ea1c93

    • SSDEEP

      24576:JqL1PPXyEo4xuhI/Nlubl6NASrXjaG0t1lgEZooyS9g0Rm:JqL1Pvi4s4Nop6NtrXjanlxZLy0g

    Score
    1/10
    behavioral27behavioral28

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/PhysX3/Win64/VS2015/ApexFrameworkPROFILE_x64.dll

    • Size

      1.3MB

    • MD5

      05850a0b6d50309a5a5c99f49dcf81ab

    • SHA1

      d9e9941f0358c6b7e483c45e61fcdf80211ba7ef

    • SHA256

      243e4b82d84f6abfc400aaa8c2cc4fc93f36e670c016bc673f18569eb04d47ec

    • SHA512

      197ccfd269fa1bc7c6a85f7d9e11ef7345d24001c13654fc020dd994a34336664ea0b0560f196e8b812c75b6ebea295ae1f68997e8d812e78ee12f9889707106

    • SSDEEP

      12288:BBrkSKdSToG/YCo44sxelj8qFOteqLjp+Hr7XUal:USKEzurQelj8Ltemjp+Hr7p

    Score
    1/10
    behavioral29behavioral30

    • Target

      PH2FI/Perfect Heist 2/Engine/Binaries/ThirdParty/PhysX3/Win64/VS2015/ApexFramework_x64.dll

    • Size

      1019KB

    • MD5

      ef0ba4ab9321242dc5713a264a8da0c4

    • SHA1

      6579caefec3c565f9003961d18db9a712910b329

    • SHA256

      cce437454486fd7fdeb7b24ae2afc3e3b5123a1b739c7de0061b313bfff88e3b

    • SHA512

      15a04f24bb34526e989215a5ac32a379f1fb358e0523d0459057daf8d325a9fa70e4ae1718485b9e403910a80a0023601062397d756b22dc32eb57692afc11b5

    • SSDEEP

      12288:lW9Of4W/7YTDOKQc+EHCr4ZpodxMeObK0E/sNl4TKNiZ:Y9X2JcrHCr4ZadlOO0WTKN

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks