1ac0b67dac59ddb5fd032ff40c979ba4fbd9a8040ca6922bda5c05f5dcb49b42

Sharing

Copy URL

Twitter E-mail

General

Target

Thunderstore Mod Manager - Installer.exe
Size

2.0MB
Sample

240119-amkxjsbcc3
MD5

25afa9bfeb6e54ee3b0a0deeff3a0c68
SHA1

d6609d46b86baa0a09af423fae555300d77f59da
SHA256

1ac0b67dac59ddb5fd032ff40c979ba4fbd9a8040ca6922bda5c05f5dcb49b42
SHA512

067dcb3434f593f49d2323f390d3e625ace888978e1b5dcfa260c3748d0a1593422a7866e0f583b587c87e7c7f3173e051920e1822cac282bfa457b29e10ccec
SSDEEP

49152:9SlBxE87vxpsrFpIvxqMsaMwgs3W/0s9YdBA0c:9SRPN+TIvxqMshwv3W/0NDA0

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  Thunderstore Mod Manager - Installer.exe
- Size
  
  2.0MB
- MD5
  
  25afa9bfeb6e54ee3b0a0deeff3a0c68
- SHA1
  
  d6609d46b86baa0a09af423fae555300d77f59da
- SHA256
  
  1ac0b67dac59ddb5fd032ff40c979ba4fbd9a8040ca6922bda5c05f5dcb49b42
- SHA512
  
  067dcb3434f593f49d2323f390d3e625ace888978e1b5dcfa260c3748d0a1593422a7866e0f583b587c87e7c7f3173e051920e1822cac282bfa457b29e10ccec
- SSDEEP
  
  49152:9SlBxE87vxpsrFpIvxqMsaMwgs3W/0s9YdBA0c:9SRPN+TIvxqMshwv3W/0NDA0
Score

5^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/app/cmp.html
- Size
  
  4KB
- MD5
  
  d410da4cf0f95a0f4515af423c8e0c4e
- SHA1
  
  649022d1df15d7b7a1840ab25f90822a44c32cde
- SHA256
  
  26331f18a2f2c63367b1f1d6b5a5b14d4fb13ad52fb04a5a095c260007e931d7
- SHA512
  
  f2ece74425aa3cac3f9202c5a9216215ed8d1325360eb6aac0216aed5331426e6b3a34d3d54bfae962f44c493c6d7a09745a195f88314872a1b5ddf9f0d18785
- SSDEEP
  
  48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8ALcaILNt7ByBZXGz+a1K:4VLjHa2NGiivmmpWLBAtFwAk5vSG
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/app/index.html
- Size
  
  20KB
- MD5
  
  5ebdcd8146ce647c888d99d5605a53a5
- SHA1
  
  47bbfc84aa4f18b8c80ca0f9c10de8a5df457e04
- SHA256
  
  6e29883597f9584bb05d9bbbfc89dececf2bc20602fede452d0c2c98e81a0181
- SHA512
  
  e71d5e6b644b7fcb112c07b66b6b95eaaad8e76a1902488dc13ccddce4a7655fd7ad8588abcfdb39a82b909980a6e236aaf25f96b38938a45f4ba1f8a5b9ffca
- SSDEEP
  
  192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5wC93mJ8G:+WNaM8UnGjPkZ9+mppH3
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/app/js/app.js
- Size
  
  22KB
- MD5
  
  715d53e963a034a3721aee76d1c4e8f6
- SHA1
  
  4643837ab7d2249fbda6ed23d025ef738cfa6317
- SHA256
  
  5b8ab6d562e131159c89eebfc2f665a4a496c8621ef34efcabf7b0a9e1e85b1c
- SHA512
  
  15018563724d17dd22c38daa51c8208286f81e8eea6784ff70f46d81cb3385635b688ccd775734f0e4bfd086189c5db721f2bb76daee4e6d6aad02075e44dee7
- SSDEEP
  
  384:4X+acDQFcljKdZGb9plmt902wjI3A4vnzwF52xxYRifG6wXR3FGHWdMxj8T:0+acDQ+lOdEbdmXH3A4vnzIAnGifG1X9
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/app/js/block_inputs.js
- Size
  
  789B
- MD5
  
  b5b52c92b90f4283a761cb8a40860c75
- SHA1
  
  7212e7e566795017e179e7b9c9bf223b0cdb9ec2
- SHA256
  
  f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
- SHA512
  
  16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app/js/libs/cmp.bundle.js
- Size
  
  315KB
- MD5
  
  8c333e3c64d273fd5874a11907511850
- SHA1
  
  b6fe83cbf589e1a3c69d7a64e1ec8044abfb8bd9
- SHA256
  
  e75eed625035a09df3e1f1145ea44818176eaf66e357f86e44d9c8c7152eb8be
- SHA512
  
  7c1b1cfc29a2c5538f0f887671c80e7927d6f52a93c711c60a5e678be4e31ce50a7886877a45def4503b60699c0d328379c476caa88c298164073120f9ec4c5a
- SSDEEP
  
  3072:wWepAxfC0SRUg6MiDkN1YOLSPRASEjGth70g:NfC0SRKMSkN4ASESx
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
- Size
  
  90KB
- MD5
  
  44e3f0db3e4ab6fedc5758c05cf27591
- SHA1
  
  2d408aa1d35661019c95adcc60b78c0727ed25b4
- SHA256
  
  bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144
- SHA512
  
  4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc
- SSDEEP
  
  1536:O4mCgi8DyCuXXFiJ+L0kJQsJVPEKuQRZdC/RAfDknv+p0WzH/Io9Z7qABZnu0JFV:OGsKYAI2p0WP9bDrJ7fak
Score

1^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/app/js/libs/mixpanel.js
- Size
  
  1KB
- MD5
  
  344e4265b3d4e1fecfd81c561293edab
- SHA1
  
  51dbcac23b839e64362d11763bbe64538ad80bb8
- SHA256
  
  88872b5b01a8d1dfee124333aba630ceb8535390130833dd2a312c461ac52217
- SHA512
  
  dcda17cb89861c4cd0be4b7cd93b58283cd1acc3c7a4a2176add3ea6403079c8567bcf88d878aa2e91e96c43b15a7ce668299c3d015c6dc4db5b15cddbe4ea7d
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/app/js/models/notifications.js
- Size
  
  5KB
- MD5
  
  85afdf9897bb1236eff3afa40d15ece6
- SHA1
  
  4362bdd139458eaf4a2dcb34294b43e2d53f4a26
- SHA256
  
  9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32
- SHA512
  
  4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c
- SSDEEP
  
  96:sOr8u1s9FvYYdfHsW/GZwzpJGf8mui+U8QrGjqTzoOxOYsdfHsW/GZwzpJGNjINU:sGu9yYl3rNQ8K+JQC+/5Lsl3rNOEYIo
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/app/js/utils/analytics.js
- Size
  
  4KB
- MD5
  
  f288498a7ad1ef51bcd3f3272a1809f7
- SHA1
  
  0a7bc52a557ae5cacb5ae7bddebefe0c1aec1ccf
- SHA256
  
  c76e5be6cf6513f988e69977a0fedea42fbc700a2e4ef7d136fdf72534ee8519
- SHA512
  
  7b2195ce7b6ff8f414ce43ee8cdbfc0660560b6802a2a6271b6a8eefd19d02810c200a51ea1e43269c18f70e5b749e7a515a6db7b8b8ffa7aeeca0a1cd32f057
- SSDEEP
  
  96:LlYkmHqqVHlnZ4JGvt+QP2EvVVko3sO2LCgOb4bgao:AHq1GV+kcRObdb
Score

1^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/app/js/utils/commands.js
- Size
  
  12KB
- MD5
  
  65015f2e2e490f6786abc0560e33e1d0
- SHA1
  
  47b5c2b3b1f9381e4d2b9d1f3d82ba62828ce28e
- SHA256
  
  e874c959c7b8e4351d730d263231df7176b5062580a7d3e0a2684001b510f5d7
- SHA512
  
  a4ad579acfa6000fd8074893a6b45df74558c57afd5b957217491784fa25df370c59d9f92ff245abbdf3d26b42114cc22359ef95c4baa322e326c7e210f43edf
- SSDEEP
  
  384:7/W5HB8c36uUvJQ006W8tusv5qEWTwdSW:rFOs5
Score

1^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/app/js/utils/cookies.js
- Size
  
  1KB
- MD5
  
  6c60e675f8c8c68c0174b644d3a63a2a
- SHA1
  
  3635a3fe07ccc4a6f33a986ddb690522d0611abb
- SHA256
  
  9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287
- SHA512
  
  1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452
Score

1^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/app/js/utils/modal-events-delegate.js
- Size
  
  1KB
- MD5
  
  117e4fdbdb0ecf211c8bd909efd337d1
- SHA1
  
  9f8684d856b7c95bdffb139217dfd89f41373187
- SHA256
  
  267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857
- SHA512
  
  f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1
Score

1^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/app/js/utils/strings-loader.js
- Size
  
  5KB
- MD5
  
  9c94eb933d8a43dd3825e67a7e30c980
- SHA1
  
  7ec7b16af6f399219209ba5967d377040486a11b
- SHA256
  
  96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf
- SHA512
  
  a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5
- SSDEEP
  
  96:FXS/WSBWlbBtDhWFTnTeWsNkEj1I/6WfwkUlx416moPdXDKP8j8yZrME6:FXSuQwBBh0nTevNkEj1O6Wme0muXDK0W
Score

1^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/app/js/utils/utils.js
- Size
  
  118B
- MD5
  
  a0952ebeab701c05c75710c33d725e7e
- SHA1
  
  1da8a2e889f1213d481ae3cd5571670c01e64adc
- SHA256
  
  b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246
- SHA512
  
  5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389
Score

1^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/app/js/windows/cri/cri-controller.js
- Size
  
  5KB
- MD5
  
  d222c95a2ef0b75ad6c96a3abe20fdc5
- SHA1
  
  641c39f92a169f0ca435ed12d2a4d276eb415642
- SHA256
  
  aafb56625ec30b24035baafff7bc20215e8ec7e4be4ea58a90aa5b46bdd14a6e
- SHA512
  
  e9e66abf6d95fc15a6ffe46cf85c3c9d3b80f3884ca4c8cbb5d2b024fa1dcc46a5e2f39041a4a120a8b8b881d07b3d70b18b552332180aa08c4a67577ea6242b
- SSDEEP
  
  96:u6VQTr5TeTGTvf/aaYWCtheobwIbZZuAk5a9k+:u6VQBaiLf/aHWC2oUU7uAW+
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32

We care about your privacy.