95acc4d1a274dd2edf1755278413d6d9e5e6485ade610a571c772e98c0fd30a1

Sharing

Copy URL

Twitter E-mail

General

Target

DISTRAINT.v06.12.16-PiviGames.blog.rar
Size

51.6MB
Sample

240112-l774csdhcr
MD5

3168c1e31b55d1b1f4969c208a0fe553
SHA1

c199410af5961088ec15c8b323dc94111085e8aa
SHA256

95acc4d1a274dd2edf1755278413d6d9e5e6485ade610a571c772e98c0fd30a1
SHA512

9e80f5f6c684ba59c9bc58be336995d7067c8fb8f486f0a9174a98065314248ddb50792d1ba1784fb9b61c8045c234376a05ddd2df73908c3576261f6a9a566b
SSDEEP

1572864:CmHBzYgPCxlxfkM62C5d/qHePM6P9fjsrz7x0j3IT:C+zJCxnfkMbQd/q+PM6PZS7+DIT

Score

7^/10

Malware Config

Targets

- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog.rar
- Size
  
  51.6MB
- MD5
  
  3168c1e31b55d1b1f4969c208a0fe553
- SHA1
  
  c199410af5961088ec15c8b323dc94111085e8aa
- SHA256
  
  95acc4d1a274dd2edf1755278413d6d9e5e6485ade610a571c772e98c0fd30a1
- SHA512
  
  9e80f5f6c684ba59c9bc58be336995d7067c8fb8f486f0a9174a98065314248ddb50792d1ba1784fb9b61c8045c234376a05ddd2df73908c3576261f6a9a566b
- SSDEEP
  
  1572864:CmHBzYgPCxlxfkM62C5d/qHePM6P9fjsrz7x0j3IT:C+zJCxnfkMbQd/q+PM6PZS7+DIT
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/ALI213.ini
- Size
  
  2KB
- MD5
  
  0d2e196a50fcf042142ac2bf99c535ce
- SHA1
  
  76308e29b5a64136286e32d7f01aa07c012c330c
- SHA256
  
  82b201cc15d3fd75b884bcab39e9a9701b6a1a809ca93dd96f14c0ff72e8971d
- SHA512
  
  3782edd31445c4d00060ab5b2aa21c56d67ec0d23657cb98fd6b9b7273be3594fad6af8781352b561256343412a2d764afad931ff5dd5205e8a3f0f6941ad31b
Score

1^/10
behavioral3 behavioral4
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/DESCARGA JUEGOS GRATIS - PiviGames.blog.url
- Size
  
  111B
- MD5
  
  881fb33652adbc20432b20a6bcd17017
- SHA1
  
  9cacf95d8cdf29074b80e9bed71c88580ffb85be
- SHA256
  
  dc976e643e89e92e186cc875113c027c16843836e2e000edefcd2bcc50146ea4
- SHA512
  
  09b643bde7892f2ffa7e12ef7380a78f982b22ee25ce091950ad6ac20a5c44383a93e825b8002b10f15056f5d0e181c814bbbea529fff7256aa3769e14a40931
Score

1^/10
behavioral5 behavioral6
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/REDIST/VCRedist 2010 x32.exe
- Size
  
  4.8MB
- MD5
  
  cede02d7af62449a2c38c49abecc0cd3
- SHA1
  
  b84b83a8a6741a17bfb5f3578b983c1de512589d
- SHA256
  
  66b797b3b4f99488f53c2b676610dfe9868984c779536891a8d8f73ee214bc4b
- SHA512
  
  d2d99e06d49a5990b449cf31d82a33104a6b45164e76fbeb34c43d10bcd25c3622af52e59a2d4b7f5f45f83c3ba4d23cf1a5fc0c03b3606f42426988e63a9770
- SSDEEP
  
  98304:TsPj6quMBYyuSFOMKykvYgS/ylTpHufHMpPbOZ39c7T3eeom2vJtPShg:wPjzayuSgMKykQgSaTkvMxEYT3OfPShg
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/REDIST/VCRedist 2010 x64.exe
- Size
  
  5.4MB
- MD5
  
  cbe0b05c11d5d523c2af997d737c137b
- SHA1
  
  027d0c2749ec5eb21b031f46aee14c905206f482
- SHA256
  
  c6cd2d3f0b11dc2a604ffdc4dd97861a83b77e21709ba71b962a47759c93f4c8
- SHA512
  
  75280d721550c2fa19b4f8d42b87d2fc6017f42709d84d2162c7330f7a0338bbd72cdc3f78626b10edcc602e2d22b174039254824334b3173d0ea48b3c06d1df
- SSDEEP
  
  98304:hsPj6quMcylIpk4nM6tmMUrfvEP0hcKju9Z/lTPU8UBHBKNpr1w36ZyY:+PjzDJ4M6tmXDsPKi1lTPmHipJwqL
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/dialogue_chinese.ini
- Size
  
  78KB
- MD5
  
  808888cb0da40165d9160c8adb1580c9
- SHA1
  
  3ea10c8923284432878c2e357adeb2215161165f
- SHA256
  
  e6fb88bad8d42512ae6be128b96668af0833b9fc7bb6252d69fc0ccd29d8e415
- SHA512
  
  7a722473c31e13be6205e2ff26dfaf9d3c573502d70506ee2924ea6d6d26e0213574cf69e4f1eca21f5478eca69bfd95b6cc38459646647e8750a8c089ba12d8
- SSDEEP
  
  1536:gVAhvle6IdXaB4NKio7vov5GfaAQk9GvIWoLYBu8dsLjl+RBMPqk3TR7Nh1Rypw4:gV+ILd2wv8iAl9GeIu8OuMPq+d1kpw4
Score

1^/10
behavioral11 behavioral12
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/dialogue_english.ini
- Size
  
  74KB
- MD5
  
  165a005d3057278a066916a550f97fc3
- SHA1
  
  fd77d892e909a7c9e0e18f7ebe639d7cbc894c1a
- SHA256
  
  6c40152e3817595b6250ed0f425fc484b13f8f293affc460a7f2a9a8690779eb
- SHA512
  
  4d8287441be46e85a7c934dfd6e77e52458728fc373ecc05386a4263a137f13dc2b163944e37214ef553822a3df28d12cea7fcec7c65baf461a082721c7454db
- SSDEEP
  
  1536:GYm2krq1wRbxlC04dgtiO7jfMSJ37NCpeZ:GYNhAfZDceAI37NyeZ
Score

1^/10
behavioral13 behavioral14
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/dialogue_french.ini
- Size
  
  84KB
- MD5
  
  9e5ccf72725048d050ea6d9e404fc44e
- SHA1
  
  eeb41b45a29daac70eaa29ab706ecbcd05b33fad
- SHA256
  
  26db63c7ef3cf1b84530fb3ded63d9c182655397e9c2c34f1633a2961fa0b801
- SHA512
  
  a78d469ff5a96872fa5772bd6e4ac65c8ff97a04545929fb2330f11f3897c025e98194690c03d4f9b4906d201fcaaf0c1879e60b904ce3e9aaef84357f1524fd
- SSDEEP
  
  1536:snzGwErqEKXTuN88eTUsQrAteHVFAbOlOj/f3:UCwErJKXTuN88eTB+OmVFAbOlOj/f3
Score

1^/10
behavioral15 behavioral16
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/dialogue_german.ini
- Size
  
  83KB
- MD5
  
  ec7ed2ab5c29c142fb967de98f807014
- SHA1
  
  f01fff2f7fed7071434118f9e2010613698d3a3d
- SHA256
  
  143e7cc36307163b9ec4145f4620d89161fa5251a0e5f1c33ce693d6c8e5d16b
- SHA512
  
  09e96dfbff19e35af05024e98fd099f594eb69ab24cabc439b8ec4104abc43fb6ef7ca37892f5d4b21a9ac46bfc3c89c20c00f0de603f8e6e2464426a5dfc3b2
- SSDEEP
  
  1536:MOwQLS7Ikg9VkkQAaQqN7GsN6EgouEdUoW4GWdTQySvPubdyMcBJ5dMhlI:M1sGDgwPT4bEdxlGiQPvQqF
Score

1^/10
behavioral17 behavioral18
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/dialogue_italian.ini
- Size
  
  78KB
- MD5
  
  036f25d54d867580c508b85842a8a907
- SHA1
  
  9439e721545532d1e7f6af88e2c0e4a5234b710b
- SHA256
  
  0e9037cb644b61e1bb1e5675d5d7688ed23755c8186047b3ac37c995c02a2dd7
- SHA512
  
  ca9a9a1ac2c444ab7e5836459fb20b8fc72f22f38c43863c52abedfe6b3fe48ef33a9c33a7d4f6be86b90c910a6500ebe8bd701ba586bd79992a47315a5bc705
- SSDEEP
  
  768:+hiia/+QXDcarFLtzIWNivikFW4bjE94M2RCOBrFXTS163P41U5zyZPseru6P7DG:sMTXTFLtzH554COBtSWb5zyjpP72lmDI
Score

1^/10
behavioral19 behavioral20
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/dialogue_portuguese_br.ini
- Size
  
  80KB
- MD5
  
  5885351fd3a064c865b02fc92d866817
- SHA1
  
  a67c33a27165dc30b0f6b031158e3740c928659e
- SHA256
  
  09f075502c184f02277e148a19cf5bb584205cb86b603f4b7bbda94990e17956
- SHA512
  
  5f315b33e8475b09a5ef0179619e77caefc5127b960ed209631bad88c059c46470f93b2e922382bdf6b2e10c215473c492d24700bf1a7b30e19a3d41348c2a3f
- SSDEEP
  
  1536:NYVaOySZOEQocGZ3lg/6exqZ1eSwoVehKe2xC0c:NYIqZ3+/6ESTUh4g0c
Score

1^/10
behavioral21 behavioral22
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/dialogue_russian.ini
- Size
  
  113KB
- MD5
  
  c096f660c00e392df98ed55db21b6312
- SHA1
  
  750be82af726881d6636d977d8c8d96bea1a2d89
- SHA256
  
  34a342a3b5e30f47f8a902d1c36fc85b9d9639396b44e6e2554bf21febc4032c
- SHA512
  
  847d40555a39a6d193d21c15f7eff8a4c5b390d66ed80c9938a36bd9dbee11923acf29f9a6dc85e9d46fb2ab2b521ee89d1db3a330f034e749e03874e471b42a
- SSDEEP
  
  3072:pbsPvC1+Mnkn3ZYwxHvFiwpoIRTplcsD7qf1FZnJ:pbUvC18+wxtiwVTLcsaf1FZnJ
Score

1^/10
behavioral23 behavioral24
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/dialogue_spanish.ini
- Size
  
  77KB
- MD5
  
  3207a2d80af7477f18781c95d1e58d1b
- SHA1
  
  a47560a51ddbbaef9f98cc2095e42a94f30028b6
- SHA256
  
  c8154e3ccfe96e7032ffe19e2eaa15b17dd27f6b7e577c7d75ab4d38b0bafa03
- SHA512
  
  ea9f769cb152ad2f060766d30697d12382a5130f5c2f9197ec47982b3a105d5dc71f62271741a7fafd1246ee6982756e2ed4c3ac8f55fd2b5a0d88e626a5f853
- SSDEEP
  
  1536:xP5Ah63XdY+PsnU+u1brIx/aguz9SMDUR4afP:xI63K+PwU+usVskMDUFfP
Score

1^/10
behavioral25 behavioral26
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/distraint.exe
- Size
  
  41.9MB
- MD5
  
  2459e86fffde857954f486ea57143300
- SHA1
  
  e957ca43fac6c62ec64d5c38cca599db8c0792db
- SHA256
  
  750685c3c82567fcfc2e73c9acc7905f437a24bb7a8a65ef4818ff59e1941e5e
- SHA512
  
  9761478ab5e99199c362231ef7a1645130408d826d7a4b3186b5102dc13f32c1d376d35fe87fb37131cb18ee7ed56b502a5171f4b7e85496088be03676e269f3
- SSDEEP
  
  786432:nF4DXwTvNy6yVSs8caIZpgTmFxhSlI5hD1+bPpdv2T/ck9ZEwOVrkL6rDH6QVlgg:7y6yVXFgGxH/JMPpRY/ck/EwOVrkyrxz
Score

7^/10
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  DISTRAINT.v06.12.16-PiviGames.blog/steam_api.dll
- Size
  
  803KB
- MD5
  
  2f4a9213780fd351865af0c447212185
- SHA1
  
  2b50503d8df91ab41e623bb680d99103854a717b
- SHA256
  
  2e799090865407f6b507453849be0ca62351f5b72a8664bc00cc5e6cb3de5f02
- SHA512
  
  9e82f9f595c14f3f1d229e3afc470f6db07c13edced0d68e7f2dbdf59b27e3ebb4f22372f4899c83e29e63c4cb4bef3717040a83133554e8102e3114b78278eb
- SSDEEP
  
  24576:RRPsQGTCqvllA9VYQndskfEQeE+EInMPbc:jaCqdlAdFEkIQ
Score

3^/10
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30