63830c580968c7446bb9f94dd7919625ddd82e85e3314d5a33d28bd54d0c8076 | Triage

Sharing

General

Target

5963632f2a78689da8e7726692722c3b
Size

1.6MB
Sample

240113-zn52jsdhfq
MD5

5963632f2a78689da8e7726692722c3b
SHA1

413dbe46ce1a3b30b48df0cac8e2a2e66fcf47e2
SHA256

63830c580968c7446bb9f94dd7919625ddd82e85e3314d5a33d28bd54d0c8076
SHA512

2d9e1bc637840982c5dc1557cd43df1a45baadd4a3c42cb07d6ad7ef361c81efa231cd00d564d1e0a51c286f05059c6fabd65426916b702125369e6b04f000ca
SSDEEP

49152:SrsBobHMKlWzG5VdKwAOSoY50NeISZ9uMcWbo6mi:ihbHMKIzG5VdKFOSD0ErQko6mi

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Combat arms Nx hack 2012/Combat Arms NX Hack Install.exe
- Size
  
  37KB
- MD5
  
  2c3b716252538188a68fafbed56700b2
- SHA1
  
  32515c322d92c7387e5b441220e086355eee3bcc
- SHA256
  
  19f69ee21431125495658109c70c539583e0cc14ad6c0f54650b2dc8fd58b165
- SHA512
  
  14de627e03fa902f22e27b1a2f527d1d0f16b132b5d9b1873ee73145391ba44b53f61e1abd5a45aa013bc64f563d4d9ef07f42d5ffac24f9650b348109ebdee9
- SSDEEP
  
  768:ydrRf/mmNm3xqFhtQzSOIVD5ZxYbJ7KP4s4p50VWFndiFJzuT6rwq:Y1/mmNm3YztQG9Fz6qAp5iWFndiF66rz
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Combat arms Nx hack 2012/Combat arms Eu Hack NX 2012.exe
- Size
  
  371KB
- MD5
  
  548d60295acd2da0376970cdd1711f05
- SHA1
  
  08b15e56d13e4878a1a801e477b6a03c47836152
- SHA256
  
  41f3d6b522b4f55cca4503cbb21e9f1b32d9c8ea769460f32f017d705ce1e4d3
- SHA512
  
  bf9b2cac934cc5fc8a4df54623ac06d3ac504bf85100694e8f4b4c05a431a1afcec244907691c4838e9f93778e204863cbbc0fff622a028d572417c8f9af5bf1
- SSDEEP
  
  6144:B7kB801fL1aLaozVJ4RP18akCgmvzvM6+//v6btEsIl:gfhXC+V1yCg4zx+XWIl
Score

1^/10
behavioral3 behavioral4
- Target
  
  Combat arms Nx hack 2012/MMVCR70.dll
- Size
  
  332KB
- MD5
  
  80ef6653710a2a53e8183981badd582f
- SHA1
  
  8f5432beb1f43b391ad37191005ffc4356cc99bd
- SHA256
  
  f44be783985b914c4e500fb8e52a152bbfb9857bc250d0e3c7789f7cafbcfd8b
- SHA512
  
  e824453df0a2c9dda912656bc19102526b4b46f577e80c94a22658f85f418ff3c9f1e330f9f11e0dda16b51251f6f78fab031b4e50bf6ba3ebd1150c65553b1e
- SSDEEP
  
  6144:jid608AwZZrrdPwoc3Rz09u2ZjRCAOASeJFMniFANrboYgxUc:jid6ok3Pwochz0NbCOS3O7
Score

3^/10
behavioral5 behavioral6
- Target
  
  Combat arms Nx hack 2012/MSVCP60D.DLL
- Size
  
  504KB
- MD5
  
  52a5636fd97d83d6ee60c5db70a7aadf
- SHA1
  
  6de04508e27dd7022a4d4826b0f15d702fdd9f8a
- SHA256
  
  68deb8cad3c055beebd3748aaed06e8ad4a365c18ac198ac6bc7c3ac7cd3496f
- SHA512
  
  48125ac52e7795919847b7c58b1c730b3b8d843734f6d469a0b18168c77b71ee8f1f841f0775e71c67b4aed5e19eb7d12a8c11f87a6d9a8ca77de34c1bca62fd
- SSDEEP
  
  12288:JygHEPY6hY5jIXVcOm+kqEzcM+X9jktiuq3OoxHkC9w:gVcOm/1+X9jktXq3OoxHkC9w
Score

1^/10
behavioral7 behavioral8
- Target
  
  Combat arms Nx hack 2012/MSVCP71.DLL
- Size
  
  488KB
- MD5
  
  561fa2abb31dfa8fab762145f81667c2
- SHA1
  
  c8ccb04eedac821a13fae314a2435192860c72b8
- SHA256
  
  df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b
- SHA512
  
  7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43
- SSDEEP
  
  12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
Score

1^/10
behavioral10 behavioral9
- Target
  
  Combat arms Nx hack 2012/msvcm80d.dll
- Size
  
  992KB
- MD5
  
  b2eba937704318bcb90322ecd2209d79
- SHA1
  
  d5f2c8e83d53347e87c1cd43feda08ba19ff47ee
- SHA256
  
  35556075841b009bc5da28ab8e63aff16009e0d18a938bf9624b4b2451f692e3
- SHA512
  
  fd0a5f4557e319c823a5d5ef39f9eeae1f5e20562e06061b6609997d2b07c3b3ae8b79017ea534d0b125edd2ae397133e8ffdf588cd28541d3864d6328a0da7a
- SSDEEP
  
  24576:vG1W2l0q6ZVVnxJUTS183sBGQUD/IFMJE838neq:O1W2l/TFh8
Score

1^/10
behavioral11 behavioral12
- Target
  
  Combat arms Nx hack 2012/msvcp71d.dll
- Size
  
  748KB
- MD5
  
  d752342f33ba6090d12cbc2c8139bd39
- SHA1
  
  be218e1af26d33eac26316bcc9494a1487b8d3e3
- SHA256
  
  c19c69ead56b16a8bbc81cb8067e1cbe43c3c2c44c7f1fe8438bd9357fa90918
- SHA512
  
  2882315b907689ce9b85620ba7051d0b8a86faaae204520586a4868b2f4e3a90f47081c3e0ebc0250f8b68f0b19bc37d50ca26bccf3ba3f67a27d35b45e268f9
- SSDEEP
  
  12288:dgbaEPYdEPY2ST947OcOk9Oc/LjOc1+DD0osAE48QUI00F0osAE48QUIh110osAy:QSdWvPFypjoM3Ooc8iHkC2e
Score

1^/10
behavioral13 behavioral14
- Target
  
  Combat arms Nx hack 2012/msvcr100d.dll
- Size
  
  1.4MB
- MD5
  
  d57e2eda325bac8081fd054209d736ae
- SHA1
  
  851852394c198131e49886421470ff2526123dc3
- SHA256
  
  5e47c4cf08450ea73d10e705fdce727ace66f8bcf4984028b1b17c91b8f630a6
- SHA512
  
  5261e89f80f2514fbcd45f657f7fad84aaa8c1ecdc41db669f8cbd2e4ed21868caae6c09e281cd957787f6311ea870fe668e611cc4fc5dd8d490c3cf79caa120
- SSDEEP
  
  24576:mnmwQbLmeBO0Gon8Tu8spx45/FYO3OxUh7Bv8MFZT2zmLy4mW2W:mGGon+dsp4YUOxMr5
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16