f8a2c7bf6611cc965e76f1286fc460ec47f3d7e4353877716417cd8b553b2667

Sharing

Copy URL

Twitter E-mail

General

Target

QuietForestGame.rar
Size

59.7MB
Sample

240203-a89sssdbd6
MD5

dade874401dd5c4eb32685563a1c1549
SHA1

b4f063159b9ea1f497b49daeff07247f9c216404
SHA256

f8a2c7bf6611cc965e76f1286fc460ec47f3d7e4353877716417cd8b553b2667
SHA512

e9a05df9e76795251ce23468db2b232c48b41ef51a59c8c0e3f7bbbb85f49e883c01d40e644531882dd2d8b80646ea1ff5fc6c5bfbbf08e09ed56bd51fa62b1e
SSDEEP

1572864:UhIvB5WCx+p8HfwX8uAsbjM/wEF4yM6ezCD:UhIvSCx+ewFiwEVezS

Score

7^/10

Malware Config

Targets

- Target
  
  QuietForestGame.rar
- Size
  
  59.7MB
- MD5
  
  dade874401dd5c4eb32685563a1c1549
- SHA1
  
  b4f063159b9ea1f497b49daeff07247f9c216404
- SHA256
  
  f8a2c7bf6611cc965e76f1286fc460ec47f3d7e4353877716417cd8b553b2667
- SHA512
  
  e9a05df9e76795251ce23468db2b232c48b41ef51a59c8c0e3f7bbbb85f49e883c01d40e644531882dd2d8b80646ea1ff5fc6c5bfbbf08e09ed56bd51fa62b1e
- SSDEEP
  
  1572864:UhIvB5WCx+p8HfwX8uAsbjM/wEF4yM6ezCD:UhIvSCx+ewFiwEVezS
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  QuietForest.exe
- Size
  
  59.6MB
- MD5
  
  1609a462ed6ff66e49a6d9ad7c77cb8e
- SHA1
  
  82edd88e5f55d5f34f2e81d8ffe97a6a24e2bff6
- SHA256
  
  38487eea6b2e157b046c3eb697bb7acfffc60f3d5e03575b49b4ef08ca1834fa
- SHA512
  
  0ef3f831fbeb9082927937c4ed01dee76dc003a316a108a902cef4463d5cff953da800d06cfdcfffd289c2d58d3335f07b03b98615b4c7d6aa856e635d4a3067
- SSDEEP
  
  1572864:5m6q0wCVELnze/K/TZJIgd/nOxLHiSJrVIXRJ3vZy+yHTk:E6HwCVEe/A7TRoiHXRJ3k7HTk
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  59.2MB
- MD5
  
  e4f3b0f99a16b9bf129efe5ee537724a
- SHA1
  
  2e8b59b404e4424f29bc8bc4c480ce496dc204ce
- SHA256
  
  33c31be60948c181ed8b158a65fd5cdfe4a191affa16c40174fd4ee2ac2d141f
- SHA512
  
  7ee945fe5d5c4e3ca0b7e2ce0a14ee47545df081b3ac3bcb02f5f052879f5ba91bbfec1d273a33e68d4c071608469e926757838bdb5857efe1f3549bc7481833
- SSDEEP
  
  1572864:Qm6q0wCVELnze/K/TZJIgd/nOxLHiSJrVIXRJ3vZy+yHt:j6HwCVEe/A7TRoiHXRJ3k7Ht
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  locales/pt-PT.pak
- Size
  
  134KB
- MD5
  
  4609853e0e58f3b5a8d421ebb7d75246
- SHA1
  
  e6bc5d2a688a8bb1e6a3fc14a26be8343dad680e
- SHA256
  
  28e09b59a01763e3d4c4f37e4187185d1fc9abc045ed4dc49b5a8bc59b4c31de
- SHA512
  
  4ec1cf920b40f5b44f5d6094fbc302f53c7958391b2ab556f190216896a951ccee4d1dd8a222063c02612e48b2d065dcfc7de4eab69c9436846e09146917b8d7
- SSDEEP
  
  1536:N0/WE7JxoEqsQX3rdc0bvjIFQBAJXHdvxz2qKHwLXLLaH5619n:CWEMsQX3rKVFQBAJX/LnaH5619n
Score

3^/10
behavioral11 behavioral12
- Target
  
  locales/ro.pak
- Size
  
  137KB
- MD5
  
  cc458834bfa5b085f7482fa2ab6b9791
- SHA1
  
  80644bc45b83e06e12d619381276f7d5ffda0d0f
- SHA256
  
  26fbb88be9aa8c4f53b541f717a76da6f86083180fd8b4b62c33e595f3b95690
- SHA512
  
  56e1ee74d89e3c0011f782dff6d6f5035aa58591946b480a27705568fff6be0e522d5cdee7a953c58e0547be5dc53d624be32399dccc50b1417788f0491e7035
- SSDEEP
  
  3072:geBYRwVVpGya2NGpr2iAJ/bPnXh64uvfG5:LuRYOYNGpr2Zh64unG5
Score

3^/10
behavioral13 behavioral14
- Target
  
  locales/ru.pak
- Size
  
  214KB
- MD5
  
  a953b6e38d0e545575b842fd46292755
- SHA1
  
  17e15c48ef172375b6d7f26a16ad0332ecf85c84
- SHA256
  
  81d1befb25506720d1f336b18a586250ef1c4b389f58eb573784a0ab585f92d3
- SHA512
  
  b227f9ab64f0c22080708ffc4ffbba51cf022ee37a1ce9cd82dd06dd58ad12292d6a274badf8f1f27e5f42dcc5b9523e3fee254c02abd1d0844be61a3a713634
- SSDEEP
  
  6144:gEaX+/KuMHVOorn+T52wdOrsL489QgIv7RW9o3MfZyLv9YxTYDdVxPA:gEaX+/KuMHVOorn+T52wdOrsL489QgIa
Score

3^/10
behavioral15 behavioral16
- Target
  
  locales/sk.pak
- Size
  
  142KB
- MD5
  
  ba66aed3e696befd6c603087d87facf7
- SHA1
  
  dab2c2a8e3f0b0a2ee061d9910c09b5d54424e25
- SHA256
  
  7e0626ca0ca3d510d828f20ea8f7e63bd56db7a37300138b2a2d8e2c22eb9637
- SHA512
  
  23e24d29d0c8e64531fbdce558293244465e4239f5fe1618d038968fba6692bfeeee36b434f3d71252a9c767948db11a83b939edff0b82e5794a65501ed38022
- SSDEEP
  
  3072:WKo5tEskzpiyHHuaQRmAJ/4ckM+zBHCYeUrGw5Pa:WKos1ppHuaQRwGh
Score

3^/10
behavioral17 behavioral18
- Target
  
  locales/sl.pak
- Size
  
  135KB
- MD5
  
  5eba56efe389fc26bba76f674874d638
- SHA1
  
  81ad6b0a0c29bac657b81a89c34e13c780679af7
- SHA256
  
  75830c187e5145c1bccbb00a443cd209db7c3d06f13165568e26a32aad6b98f6
- SHA512
  
  acceefbf953172f42e1321db5d23dff38b5aecde242b85d40d22efe631454b6aa609c05628ef97e8f58412287aceda2b5fb045fd6c8b41bf0525570c324afdac
- SSDEEP
  
  3072:FY9W4n4qyRw1uW3NTDPAJ/hIqTCO5i/fzpzZQqu:mo4Gq3FgIsi/fzpNQqu
Score

3^/10
behavioral19 behavioral20
- Target
  
  locales/sr.pak
- Size
  
  203KB
- MD5
  
  fe305dfcac5d6126c94124f183842fe8
- SHA1
  
  e5362a293acb534ff293ad002bbbdff1300ed25a
- SHA256
  
  a8daa930b1ede6d93e774314a47d1301302a25e275f09f2cfe798315d66f702b
- SHA512
  
  90e5d3057e6cfdd4d92c1f4c8fa0953c4acc52789780b52e43a0f195950423e6d167c5022be0362fdc00ca663c9969d2ae41290f8ff76510fd902afe9a17ee31
- SSDEEP
  
  6144:E/GJX060oDT9M6ea+sS1r37sTn59bwfJ/k/ZN:cAXB029T+sSN37u5WJ/k/P
Score

3^/10
behavioral21 behavioral22
- Target
  
  locales/sv.pak
- Size
  
  125KB
- MD5
  
  5910a1db798d96122e25e109fabd46ea
- SHA1
  
  3af5207b731bb32b8b267693e658cf4f42b05050
- SHA256
  
  efb573a199353ac899928e896771c867d0d5047a90abe8efd03cc53a275a08d9
- SHA512
  
  b2b06e69c5f38923770cf3f71e632090282bb85c434e49b091742de49082e910e9146b2b1bf019e73f178795f4e736a4fd9764629ab7dc3dd2903985da2dae78
- SSDEEP
  
  3072:l7bG9He9z89KPmp1vWZtgKqrAuxHcShbWe2wAJ/0b1+rwk8x:tGVf9vpPbf
Score

3^/10
behavioral23 behavioral24
- Target
  
  locales/sw.pak
- Size
  
  129KB
- MD5
  
  1e4d039a17b2ec681fb139196cbcc40e
- SHA1
  
  19e3a3d8915e4e46fe3e816f891bd4fde46d8a13
- SHA256
  
  5fe75c17a678a1c131ac6aa5d676e5f5f6dd55e73f25640a219229a299ed86e4
- SHA512
  
  7a1c298994b7f346612f4ada2034b3c858d2761e92a284f0ff9431be536a4e481bbf17ed93c007213630d25bac7dea09ee6fb186433bffa773e5daa52253468b
- SSDEEP
  
  3072:12gmUYLIYC9tUDiGypkjnfNPXIAJ/AtVPGuLeH+hTfHw2L:12gm+tUDiGLfSwH+hTfHw2L
Score

3^/10
behavioral25 behavioral26
- Target
  
  locales/ta.pak
- Size
  
  315KB
- MD5
  
  5a63a23068b3e5258f691bdc23795474
- SHA1
  
  475631325ad4a22d7e25460f0682f3befe17df62
- SHA256
  
  8e7eccc9cbfd3985f3721aa8911b4edb9142d0fe49eb9114febfded112115b92
- SHA512
  
  9fd02c6c29c82bf33aef045d2ae717a0006b436d75b379e6af6e58a938a669a2892452759e7d74423ae19dd53194ed419befa82f19eaa5191bff0f6e9d062cba
- SSDEEP
  
  1536:eT9ArWcgmpbofoEiKV2QwQw+z0vBRiE2k4ca6QVW640akLJse1oQXR2qtR+lAJ/R:I9c/tnG0vCtRSAJ/R
Score

3^/10
behavioral27 behavioral28
- Target
  
  locales/te.pak
- Size
  
  294KB
- MD5
  
  8e751cef31655c77feead2fdf3186cc0
- SHA1
  
  760dc42013105a282d0fd960849852c031128b63
- SHA256
  
  e90c0e5f1727238898b77017bdd46c89d1d504dc2e0ad0a9d8e73a48e6d2fdc6
- SHA512
  
  dc49008af0200159371a3550613b8d7b90391169add9f6fb69005eb4bfd2363a82585507075034d835bdb65fb9f750a009a18dab589209f34b1f8e1374d8d01b
- SSDEEP
  
  6144:h6MbAfAYbTaJAuJLtobDpOr/gTipfJiUvqdWASw6Q7wdis5eRNwV6L8M:h6MaAYbTaJAuJLtobDpOr/gTipfJiUv6
Score

3^/10
behavioral29 behavioral30
- Target
  
  locales/th.pak
- Size
  
  248KB
- MD5
  
  349fadf44982eac1e125653267f0b4c1
- SHA1
  
  661ee5255bcffa375d07c20cfa76fe91dd88a636
- SHA256
  
  d2608a61e3012fc164550c2b8ded70d91a00ed8103beaae8a90ab73d49ebb161
- SHA512
  
  00de83a3a695d055c5170b16b2e1934c6af703db3918281d7c31a06d55811a75e0d5f9429709ddfef316a31dfc555cf4be62796f42541cbed790af6c9d10f344
- SSDEEP
  
  6144:VTnCJFkcSCkIO+CSGHIqXqWmh+OqeZK8QyYo2w1p7GZuRM5aQxFvM4Obhi8ltOcG:FnsFkcSCkIO+CSGHIqXqWmh+OqeZK8QB
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32