General
-
Target
QuietForestGame.rar
-
Size
59.7MB
-
Sample
240203-a89sssdbd6
-
MD5
dade874401dd5c4eb32685563a1c1549
-
SHA1
b4f063159b9ea1f497b49daeff07247f9c216404
-
SHA256
f8a2c7bf6611cc965e76f1286fc460ec47f3d7e4353877716417cd8b553b2667
-
SHA512
e9a05df9e76795251ce23468db2b232c48b41ef51a59c8c0e3f7bbbb85f49e883c01d40e644531882dd2d8b80646ea1ff5fc6c5bfbbf08e09ed56bd51fa62b1e
-
SSDEEP
1572864:UhIvB5WCx+p8HfwX8uAsbjM/wEF4yM6ezCD:UhIvSCx+ewFiwEVezS
Malware Config
Targets
-
-
Target
QuietForestGame.rar
-
Size
59.7MB
-
MD5
dade874401dd5c4eb32685563a1c1549
-
SHA1
b4f063159b9ea1f497b49daeff07247f9c216404
-
SHA256
f8a2c7bf6611cc965e76f1286fc460ec47f3d7e4353877716417cd8b553b2667
-
SHA512
e9a05df9e76795251ce23468db2b232c48b41ef51a59c8c0e3f7bbbb85f49e883c01d40e644531882dd2d8b80646ea1ff5fc6c5bfbbf08e09ed56bd51fa62b1e
-
SSDEEP
1572864:UhIvB5WCx+p8HfwX8uAsbjM/wEF4yM6ezCD:UhIvSCx+ewFiwEVezS
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
QuietForest.exe
-
Size
59.6MB
-
MD5
1609a462ed6ff66e49a6d9ad7c77cb8e
-
SHA1
82edd88e5f55d5f34f2e81d8ffe97a6a24e2bff6
-
SHA256
38487eea6b2e157b046c3eb697bb7acfffc60f3d5e03575b49b4ef08ca1834fa
-
SHA512
0ef3f831fbeb9082927937c4ed01dee76dc003a316a108a902cef4463d5cff953da800d06cfdcfffd289c2d58d3335f07b03b98615b4c7d6aa856e635d4a3067
-
SSDEEP
1572864:5m6q0wCVELnze/K/TZJIgd/nOxLHiSJrVIXRJ3vZy+yHTk:E6HwCVEe/A7TRoiHXRJ3k7HTk
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/app-64.7z
-
Size
59.2MB
-
MD5
e4f3b0f99a16b9bf129efe5ee537724a
-
SHA1
2e8b59b404e4424f29bc8bc4c480ce496dc204ce
-
SHA256
33c31be60948c181ed8b158a65fd5cdfe4a191affa16c40174fd4ee2ac2d141f
-
SHA512
7ee945fe5d5c4e3ca0b7e2ce0a14ee47545df081b3ac3bcb02f5f052879f5ba91bbfec1d273a33e68d4c071608469e926757838bdb5857efe1f3549bc7481833
-
SSDEEP
1572864:Qm6q0wCVELnze/K/TZJIgd/nOxLHiSJrVIXRJ3vZy+yHt:j6HwCVEe/A7TRoiHXRJ3k7Ht
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
locales/pt-PT.pak
-
Size
134KB
-
MD5
4609853e0e58f3b5a8d421ebb7d75246
-
SHA1
e6bc5d2a688a8bb1e6a3fc14a26be8343dad680e
-
SHA256
28e09b59a01763e3d4c4f37e4187185d1fc9abc045ed4dc49b5a8bc59b4c31de
-
SHA512
4ec1cf920b40f5b44f5d6094fbc302f53c7958391b2ab556f190216896a951ccee4d1dd8a222063c02612e48b2d065dcfc7de4eab69c9436846e09146917b8d7
-
SSDEEP
1536:N0/WE7JxoEqsQX3rdc0bvjIFQBAJXHdvxz2qKHwLXLLaH5619n:CWEMsQX3rKVFQBAJX/LnaH5619n
Score3/10 -
-
-
Target
locales/ro.pak
-
Size
137KB
-
MD5
cc458834bfa5b085f7482fa2ab6b9791
-
SHA1
80644bc45b83e06e12d619381276f7d5ffda0d0f
-
SHA256
26fbb88be9aa8c4f53b541f717a76da6f86083180fd8b4b62c33e595f3b95690
-
SHA512
56e1ee74d89e3c0011f782dff6d6f5035aa58591946b480a27705568fff6be0e522d5cdee7a953c58e0547be5dc53d624be32399dccc50b1417788f0491e7035
-
SSDEEP
3072:geBYRwVVpGya2NGpr2iAJ/bPnXh64uvfG5:LuRYOYNGpr2Zh64unG5
Score3/10 -
-
-
Target
locales/ru.pak
-
Size
214KB
-
MD5
a953b6e38d0e545575b842fd46292755
-
SHA1
17e15c48ef172375b6d7f26a16ad0332ecf85c84
-
SHA256
81d1befb25506720d1f336b18a586250ef1c4b389f58eb573784a0ab585f92d3
-
SHA512
b227f9ab64f0c22080708ffc4ffbba51cf022ee37a1ce9cd82dd06dd58ad12292d6a274badf8f1f27e5f42dcc5b9523e3fee254c02abd1d0844be61a3a713634
-
SSDEEP
6144:gEaX+/KuMHVOorn+T52wdOrsL489QgIv7RW9o3MfZyLv9YxTYDdVxPA:gEaX+/KuMHVOorn+T52wdOrsL489QgIa
Score3/10 -
-
-
Target
locales/sk.pak
-
Size
142KB
-
MD5
ba66aed3e696befd6c603087d87facf7
-
SHA1
dab2c2a8e3f0b0a2ee061d9910c09b5d54424e25
-
SHA256
7e0626ca0ca3d510d828f20ea8f7e63bd56db7a37300138b2a2d8e2c22eb9637
-
SHA512
23e24d29d0c8e64531fbdce558293244465e4239f5fe1618d038968fba6692bfeeee36b434f3d71252a9c767948db11a83b939edff0b82e5794a65501ed38022
-
SSDEEP
3072:WKo5tEskzpiyHHuaQRmAJ/4ckM+zBHCYeUrGw5Pa:WKos1ppHuaQRwGh
Score3/10 -
-
-
Target
locales/sl.pak
-
Size
135KB
-
MD5
5eba56efe389fc26bba76f674874d638
-
SHA1
81ad6b0a0c29bac657b81a89c34e13c780679af7
-
SHA256
75830c187e5145c1bccbb00a443cd209db7c3d06f13165568e26a32aad6b98f6
-
SHA512
acceefbf953172f42e1321db5d23dff38b5aecde242b85d40d22efe631454b6aa609c05628ef97e8f58412287aceda2b5fb045fd6c8b41bf0525570c324afdac
-
SSDEEP
3072:FY9W4n4qyRw1uW3NTDPAJ/hIqTCO5i/fzpzZQqu:mo4Gq3FgIsi/fzpNQqu
Score3/10 -
-
-
Target
locales/sr.pak
-
Size
203KB
-
MD5
fe305dfcac5d6126c94124f183842fe8
-
SHA1
e5362a293acb534ff293ad002bbbdff1300ed25a
-
SHA256
a8daa930b1ede6d93e774314a47d1301302a25e275f09f2cfe798315d66f702b
-
SHA512
90e5d3057e6cfdd4d92c1f4c8fa0953c4acc52789780b52e43a0f195950423e6d167c5022be0362fdc00ca663c9969d2ae41290f8ff76510fd902afe9a17ee31
-
SSDEEP
6144:E/GJX060oDT9M6ea+sS1r37sTn59bwfJ/k/ZN:cAXB029T+sSN37u5WJ/k/P
Score3/10 -
-
-
Target
locales/sv.pak
-
Size
125KB
-
MD5
5910a1db798d96122e25e109fabd46ea
-
SHA1
3af5207b731bb32b8b267693e658cf4f42b05050
-
SHA256
efb573a199353ac899928e896771c867d0d5047a90abe8efd03cc53a275a08d9
-
SHA512
b2b06e69c5f38923770cf3f71e632090282bb85c434e49b091742de49082e910e9146b2b1bf019e73f178795f4e736a4fd9764629ab7dc3dd2903985da2dae78
-
SSDEEP
3072:l7bG9He9z89KPmp1vWZtgKqrAuxHcShbWe2wAJ/0b1+rwk8x:tGVf9vpPbf
Score3/10 -
-
-
Target
locales/sw.pak
-
Size
129KB
-
MD5
1e4d039a17b2ec681fb139196cbcc40e
-
SHA1
19e3a3d8915e4e46fe3e816f891bd4fde46d8a13
-
SHA256
5fe75c17a678a1c131ac6aa5d676e5f5f6dd55e73f25640a219229a299ed86e4
-
SHA512
7a1c298994b7f346612f4ada2034b3c858d2761e92a284f0ff9431be536a4e481bbf17ed93c007213630d25bac7dea09ee6fb186433bffa773e5daa52253468b
-
SSDEEP
3072:12gmUYLIYC9tUDiGypkjnfNPXIAJ/AtVPGuLeH+hTfHw2L:12gm+tUDiGLfSwH+hTfHw2L
Score3/10 -
-
-
Target
locales/ta.pak
-
Size
315KB
-
MD5
5a63a23068b3e5258f691bdc23795474
-
SHA1
475631325ad4a22d7e25460f0682f3befe17df62
-
SHA256
8e7eccc9cbfd3985f3721aa8911b4edb9142d0fe49eb9114febfded112115b92
-
SHA512
9fd02c6c29c82bf33aef045d2ae717a0006b436d75b379e6af6e58a938a669a2892452759e7d74423ae19dd53194ed419befa82f19eaa5191bff0f6e9d062cba
-
SSDEEP
1536:eT9ArWcgmpbofoEiKV2QwQw+z0vBRiE2k4ca6QVW640akLJse1oQXR2qtR+lAJ/R:I9c/tnG0vCtRSAJ/R
Score3/10 -
-
-
Target
locales/te.pak
-
Size
294KB
-
MD5
8e751cef31655c77feead2fdf3186cc0
-
SHA1
760dc42013105a282d0fd960849852c031128b63
-
SHA256
e90c0e5f1727238898b77017bdd46c89d1d504dc2e0ad0a9d8e73a48e6d2fdc6
-
SHA512
dc49008af0200159371a3550613b8d7b90391169add9f6fb69005eb4bfd2363a82585507075034d835bdb65fb9f750a009a18dab589209f34b1f8e1374d8d01b
-
SSDEEP
6144:h6MbAfAYbTaJAuJLtobDpOr/gTipfJiUvqdWASw6Q7wdis5eRNwV6L8M:h6MaAYbTaJAuJLtobDpOr/gTipfJiUv6
Score3/10 -
-
-
Target
locales/th.pak
-
Size
248KB
-
MD5
349fadf44982eac1e125653267f0b4c1
-
SHA1
661ee5255bcffa375d07c20cfa76fe91dd88a636
-
SHA256
d2608a61e3012fc164550c2b8ded70d91a00ed8103beaae8a90ab73d49ebb161
-
SHA512
00de83a3a695d055c5170b16b2e1934c6af703db3918281d7c31a06d55811a75e0d5f9429709ddfef316a31dfc555cf4be62796f42541cbed790af6c9d10f344
-
SSDEEP
6144:VTnCJFkcSCkIO+CSGHIqXqWmh+OqeZK8QyYo2w1p7GZuRM5aQxFvM4Obhi8ltOcG:FnsFkcSCkIO+CSGHIqXqWmh+OqeZK8QB
Score3/10 -