General

  • Target

    39cdff6c5715ddf50fd2be798f948bf6a90e743a20c1d5fc0648269376af444b

  • Size

    119.7MB

  • Sample

    240110-blz6hsccc6

  • MD5

    084925f24b914b78566691b7b7c8e120

  • SHA1

    635270ed14fec9c7e673b3812c9ed7099bb055bf

  • SHA256

    39cdff6c5715ddf50fd2be798f948bf6a90e743a20c1d5fc0648269376af444b

  • SHA512

    c9a1c37511da4bd69a63db4c1668a3336061af9117c3891976d340fe5fbea82ef19527456eb36c8fe0ef6fbb1ea7582785e848087fc5ae136e318234af22b657

  • SSDEEP

    3145728:HCdOKsiaWD3f10AONxZ8Pcb8zlNsTNliZ8+M85+78qEau65s:HCdOhWDv1e80bKlNqeDdau6C

Score
7/10

Malware Config

Targets

    • Target

      ARES_Indicator.exe

    • Size

      1.4MB

    • MD5

      6b74c6a2ab338c0eed5e1bec03d2935e

    • SHA1

      bbb8830b9325f6bde22efd463cb9d926f251e1f8

    • SHA256

      e699ed13168255c67dbd49a3fe49e463572ab2d4169ad2a96323dfcba6178a9d

    • SHA512

      0301af332a2d2e695a5cc6a3b6b6d73bcebfbfb3468fbbe6ea7ccc6d3fe82b1d4a009801190dae948dafa59b01bcc0668eb441e362a1073aec57a11652575b19

    • SSDEEP

      24576:jOOTPoG1K+yLSyb6kEklvGg+TAaA6Y5MVZvbuhZUTdTk0FkH:aOTR4vC0vGg4AR6Yu1bLNm

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      ARES_Launcher.exe

    • Size

      5.1MB

    • MD5

      0cac3edaabf437d967b1d695bfa9d135

    • SHA1

      28a3b586c9e82711eacf391b524b063ded301257

    • SHA256

      28846b3e1432fa895ce34212401e0b930e7fd84c3983651274475bb5f80d7d8b

    • SHA512

      b21d8ebc82e18050fef906d14a2bc2a43feabc0a36e677262af41cec0c9e717897dc70a77a2ad8e3f6255cc22df715eb5dd4955de46d1c6b0d261083139b37e3

    • SSDEEP

      98304:aBleUUGJCa7yh74DeXiEHI9gdZmvu23DWLWerF:aBlt0a707ASiENdQvu23DWTF

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      ARES_Shadow.exe

    • Size

      1.6MB

    • MD5

      590cabb3a271db525d58b66cc98058cc

    • SHA1

      53c58f0d77833de770a0f752d70329bdb43ca0bd

    • SHA256

      9a0472078a34809717935745e1fb9f2304a1506d8225fc8df63771b7d7295485

    • SHA512

      f941b66985b2f4087a98d75a4e3e856f31d45a2e98cf7658791b4cecf5d6ce50a204c35e6a9dfb568456e9e534d40646b2e9351513a7907fa236e5b4f93c289b

    • SSDEEP

      24576:dsErKZr/G2EKoHJSbYttKbu0ZSKQxvDHtVVU6l1fPoGyO22J/jbuJYiDgGKyonq5:dGZzpoHJ9kQxbNVVPHywjiJYeCE

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      CefSharp.BrowserSubprocess.Core.dll

    • Size

      902KB

    • MD5

      157f580c127db1e80a4eca85d2b49153

    • SHA1

      34f44eb55c71c7282540d2161b121792c904ebac

    • SHA256

      85579516863977128a7ca1fcbf3dcde4b583ce14ce7b4dcb2965f6ff07f1e74a

    • SHA512

      892e0d9fc493e9869ac53cd9bfecb334e84e22991e627f503866fbb39214269079bfbfab6a12a3ac0287b8c17eec5f303385fbdb4254614604c96d797d2c5294

    • SSDEEP

      24576:GDJ7i2GjleANO/Pz8ELXILZ5S0veVRCl2ZiVBhEDssQjPc8DnXoSiW+Yf3x5XrQi:q4LZ5S0veVRCl2ZiVBhEDssQjPc8DnX9

    Score
    3/10
    • Target

      CefSharp.BrowserSubprocess.exe

    • Size

      7KB

    • MD5

      c8d79d910d259c7b56a9b8f2efa46ac5

    • SHA1

      7a8672840e2aa3c23ca06bc55dcc5420c026e43d

    • SHA256

      0c623c6b66eaa32c4e564712607cfc343e09c87ae8139f5c6567cad8fedb2f99

    • SHA512

      6fd97101385d0114a6b7949403cbf7e4a2a4fd2f7de2f37a65e1869a5bb2cf00dfc3a88e489d75bfeacf9803aa863f32c4e1f0e14f38da4c5d707fa3baef7c05

    • SSDEEP

      96:ainwgwxJDVc/I7l2mQBDa046SpFZuetmASNt61OYcXei+U:a5puI8mQBt46SpFZesAYcXeU

    Score
    1/10
    • Target

      CefSharp.Core.Runtime.dll

    • Size

      1.3MB

    • MD5

      87426590611f9b09e5b6f3f280c08199

    • SHA1

      87d7117608620e6505265fd554c3bd422ecc15ac

    • SHA256

      de30bfaa3268edf6aa0f3bd3d558af1f8628cf3665c55d30c104866af25d0d44

    • SHA512

      61e68c99c5d883dc16f8a4440dbf1f6ae798bd1a4a291156063b315dd79b830628609f0fd70a6e7505d2bd713d1d251fd904ae2b5e918c86cce4771f3737a615

    • SSDEEP

      24576:YWh82808pb+yQwNfSF3rl8A2f948wvnK3xhJpaVSQ46TkM0Iqc4ChKZi5B9xh0u1:Z82808R+VBaQ46TkM0Iqc4ChKZi5B9x1

    Score
    3/10
    • Target

      CefSharp.Core.dll

    • Size

      37KB

    • MD5

      f7ecb20ba72c0aaba65e2325c4c3c553

    • SHA1

      2a1897017caf40975f7016765351c0a62a79522e

    • SHA256

      24fe0b4d02aef4be175903c7bee8fc5cde52d93ce9acc0744bff4dbb7d8584b6

    • SHA512

      99f7ee5e1cc2b0fda8c56634e2f62277ed13acf1e79f351a58c4dbb44b75be4642bc2e7fbf1d4adf23ab83ca1a54083c2cc6216e10a9ea4e2387dafa5bb2c1ad

    • SSDEEP

      768:kDFePWkSu3nwzdudXFhlF+CAhjOrGLMO6ClaZ1ussLmn9El9zLnNedW:kdVel+C71UlaZ1uTLm6TNoW

    Score
    1/10
    • Target

      CefSharp.Wpf.HwndHost.dll

    • Size

      67KB

    • MD5

      cbb5a399076e06f21026c9d1bac59103

    • SHA1

      1935c7411f8be50ed4c9bf9f4f02d189093c45e6

    • SHA256

      d2d7add127687198590f857ae1d3912817726b26280b8d8622763af44df9c6bb

    • SHA512

      c3e80e99465c07ef304512ee0fd28cc56fbe1c346071558f93ed8e4dcbf2b0d92d2bce1dd6ae86795c193ea9eb7d73790f9694b90ca938d8b17557e1e20b923f

    • SSDEEP

      1536:rdxvkgiVO0vtBwfUQ1yGZDXEfBWL/kjmS0:fktBK9XckS

    Score
    1/10
    • Target

      CefSharp.Wpf.dll

    • Size

      109KB

    • MD5

      6c269b087a40b41e1c04d05af4a1362e

    • SHA1

      b213ff19224b80f1ad29afee7c0c4e21d0b7a048

    • SHA256

      6dcf8d47800783c62cc0044c12d56e2bc465a62888f164bf34fd54e9d2ef2632

    • SHA512

      dbf46f8dccba147dc770f066b32cb5edee74686577b2f0cc16681cd9fa3dd6b1895ad3a2c747e784d2942983ba2eed3f3d19859a877db9025b97683c584c061a

    • SSDEEP

      3072:EUHbe43EzCkWOWQsEIRYnM506KxI4gGMwbOD5FgoH:EUH5EZvIdxJ4gGsn

    Score
    1/10
    • Target

      CefSharp.dll

    • Size

      1.0MB

    • MD5

      a251aa465bbea9498350333b0febe660

    • SHA1

      727df1d13a1df123df4b77adcf94722c1804b692

    • SHA256

      d1aac59fdac50033bb0069bc9667517fbadb7699b71d93100ec9c4a88ede8615

    • SHA512

      206e74fb531446ead5f066b49714bf8d1a103acc1395a381ed9dd9e13e18b780a735ee124a04ff2f1ed88253036381c89c1d0e7c206134f3a76d11446433e891

    • SSDEEP

      12288:O4fzlANHP18RfefBfIuwS+pldbjQBMDwJlp8yHNyNzV4+0J:3fcHPeRfefBlFMDilpHwx4+0J

    Score
    1/10
    • Target

      KakaoGame.dll

    • Size

      12.2MB

    • MD5

      44a45646c007a8cafb97f3712466895e

    • SHA1

      aa8aa267fd2c9beba5f2fee0da0c2dd7867f43f4

    • SHA256

      4ebbb1ca76e9f3461d4345efa15914a6030d3fa4b49183602f8e15f3b0b12463

    • SHA512

      c152c4e41df1907c9f073c096525415b4e96f7784dbb7a8b05b529d8c39077bbb699d677212dea8dd0957546623e5fe58fd5c101ef93f0871a60313e65b25da8

    • SSDEEP

      393216:XKQfvYAido03SQ5V4eibLislvj5raodrE6ZVxSj:i9doBkDElZaodrEkVxSj

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      RINK_Agent.exe

    • Size

      1.5MB

    • MD5

      e4a25a48df3fb101e98abc92f802d0e9

    • SHA1

      631c8f1ab8a9e15d8c6b927ca378362ea45e95ab

    • SHA256

      3e1458d98e9e412eb2ec913a146044710fd9f5e773ae04fbb4a466d1d4d24616

    • SHA512

      198b7bc052c452c10c2c36e1a9a3e7689def52df1c93d0cb8e516b6814d161558a29358d7c198165e4fa4cd5c6ea9f725cf16eb606bedebf84a090d85252c777

    • SSDEEP

      24576:DJPo2WKXiRJeTJcAU5D+EdeHkGAb7fw+Jwz/S/64FTOI:pFWjRwJRUrEkGAbjw+W7SC4FTn

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      chrome_elf.dll

    • Size

      1.0MB

    • MD5

      51c38dff488e9bddd8ec65715e75abfc

    • SHA1

      b0b648ee414b3f3f4ed607aa86decd053585e7bd

    • SHA256

      cc12b0a4a0d50357df1dbe75c1725aff7d1a66e216170432f71f431ac7afeff9

    • SHA512

      a7f0799f5aa7dd25cc4c6f8902708e17e1fce0a605af0390fa3c35c8aeb6f1a157382a510af791614623e3a51bd5a1a3f0ea2a4a5c1cd5f46098814c8689b085

    • SSDEEP

      24576:nafNDI/rysUY+xP6Dz0a4UU/AofvZaQHb0CM+8e1:afZqgC0agvZalJe1

    Score
    1/10
    • Target

      d3dcompiler_47.dll

    • Size

      3.9MB

    • MD5

      e1677ec0e21e27405e65e31419980348

    • SHA1

      666de481c46e2c21b8f0decc7e9115fc61d28acd

    • SHA256

      c2c7ca6505ad10826e6b92319ce7aa355392b0cbd092a0fb8d4381c2d31268bf

    • SHA512

      31ea9e22a2de873ad71c56386b45f510cc89b63eff5526f75a9de7987c65e91bff9ae141cb47b49b986992a53d9a6e73fa3199a04f0bde665d4928112fd13070

    • SSDEEP

      98304:q4Xyn7IfxiYMzgom1mEU/AJC/vujMD9rw:809om1hU/Aavu4D9rw

    Score
    3/10
    • Target

      kg_browser.exe

    • Size

      414KB

    • MD5

      960225d94c67d3e215783eb5bac5a9ea

    • SHA1

      fc67673d3cedb3e5eb697a55f297afa63573a694

    • SHA256

      8d32b9e4ac7e467506e001101b3e3fc88ce9af4b4da56d390720a8df8e055997

    • SHA512

      5090fa2e417f60964442d894cafd0eaf530f076d46d879f93572dfb84855fbdd41a70668e9fdc6e5c53bb99d21c466db27d32a1fbd79725bb044b1b85998574c

    • SSDEEP

      12288:ktsN+YmL5jcp6ITvxQKZFOGDU9HiyS9KpHC/1o:ktsNcL5jcpTvxQKZF6Rifyi9o

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      358KB

    • MD5

      4de8b75062e3615e2ed9f6f355a7f1fb

    • SHA1

      395da0c5d5c8aa2493d733c4326c22f4c2e5b79a

    • SHA256

      c3c1b3acfe150d91210bb914d9c45d1eae3aea85a4701e4b956f7570fe6c7eac

    • SHA512

      fff54ce4aa86b25489c53455b5157025a201476f415605a6c3c2324253c9b3e55a3f31434551509d9d271af53103fa1755bdfd04c211362e0631455a3dfef4e7

    • SSDEEP

      6144:E9+a9/zhtHT4/7n6JRERpY5W5SaFqThIp4YkZHrDaIcIGxVJ:E9+krhg70oYmFqTzNrDaIEVJ

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotect
Score
7/10

behavioral1

vmprotect
Score
7/10

behavioral2

vmprotect
Score
7/10

behavioral3

vmprotect
Score
7/10

behavioral4

vmprotect
Score
7/10

behavioral5

vmprotect
Score
7/10

behavioral6

vmprotect
Score
7/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

vmprotect
Score
7/10

behavioral22

vmprotect
Score
7/10

behavioral23

vmprotect
Score
7/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10