Overview
overview
9Static
static
9Awesomium.dll
windows11-21h2-x64
3AwesomiumProcess.exe
windows11-21h2-x64
1Core.dll
windows11-21h2-x64
1D3DDrv.dll
windows11-21h2-x64
1D3DX9_40.dll
windows11-21h2-x64
3DSETUP.dll
windows11-21h2-x64
7Engine.dll
windows11-21h2-x64
1Fire.dll
windows11-21h2-x64
1L2.exe
windows11-21h2-x64
7clmods.dll
windows11-21h2-x64
5en-US.dll
windows11-21h2-x64
1l2.exe
windows11-21h2-x64
7General
-
Target
clmods.zip
-
Size
74.0MB
-
Sample
240206-ae2v4abbc8
-
MD5
99d656ef19a49451e9c5bf51cc7062d5
-
SHA1
d95f6ed4410f6e109d3402e83626169d11461fc4
-
SHA256
941c55c178d109c1af6ca548fbc8d5cf2abe6a7ae9c9517348f499e015ce14fc
-
SHA512
b3552a706a0578e1fe0970752400cab7d25d38c20eec802e0c0b51210b070ac45b61374647da6cf7dcb73187ed2dd736c0336faade4a76ed521808aa9793ba54
-
SSDEEP
1572864:hiXYlkT70XUDNMiOBLblUmHwOh05RzQKaiaA8wAXKWv5:MYU0XUDfOBLamQO8I9J
Behavioral task
behavioral1
Sample
Awesomium.dll
Resource
win11-20231222-en
Behavioral task
behavioral2
Sample
AwesomiumProcess.exe
Resource
win11-20231222-en
Behavioral task
behavioral3
Sample
Core.dll
Resource
win11-20231215-en
Behavioral task
behavioral4
Sample
D3DDrv.dll
Resource
win11-20231222-en
Behavioral task
behavioral5
Sample
D3DX9_40.dll
Resource
win11-20231215-en
Behavioral task
behavioral6
Sample
DSETUP.dll
Resource
win11-20231222-en
Behavioral task
behavioral7
Sample
Engine.dll
Resource
win11-20231222-en
Behavioral task
behavioral8
Sample
Fire.dll
Resource
win11-20231215-en
Behavioral task
behavioral9
Sample
L2.exe
Resource
win11-20231215-en
Behavioral task
behavioral10
Sample
clmods.dll
Resource
win11-20231215-en
Behavioral task
behavioral11
Sample
en-US.dll
Resource
win11-20231222-en
Behavioral task
behavioral12
Sample
l2.exe
Resource
win11-20231222-en
Malware Config
Targets
-
-
Target
Awesomium.dll
-
Size
20.4MB
-
MD5
b86a78256b8632cde4993321b31011aa
-
SHA1
aaa03e1a11d13e2d3e66398ed171bf9f67a08cbb
-
SHA256
ffc70911b66bf551e9c72163d45313ead78ff4b2ff2f31fc2bd63377f3a111d2
-
SHA512
7552a2e276b55e19b1ea8b9363f8071ce6dfa2f557be8fec5d0ccd079d4d6463eeeb6ff49ed53a885f4c7cb6624f5391ffaaf271057e4210447508c320a6d34e
-
SSDEEP
196608:k1WOChW71u6FkIX7c+TdVRY/JOO9RK40fCDLrZqdUszxjeVWvHi5rQJI:k1mk1l7c+TL+G2/ZKzsVWvWcI
Score3/10 -
-
-
Target
AwesomiumProcess.exe
-
Size
444KB
-
MD5
d802cc2c3c11d0716788572e7ba3b401
-
SHA1
87e8dd06b76728a5895e4e31351dcced8d444ca0
-
SHA256
95c72c6a11bfa139cc4f7f5cc3d1cd8dec8191bf7281e5605fc274301cb109f1
-
SHA512
85ba037ebf4ed5eb5efdbe76ab4aad1fcd14c0929616d39fdd6de47dd35470ab16ad46c73014ba90e85a60f93657da4f86f3466114c8e719190738245475ed8e
-
SSDEEP
6144:sMqNi6sCem2ESACFMdmb+29+5Ts/5oeKctXNVCBVlm12VRsF8ep:sMqNKm2T92sb+2MTE55NVQXJVRsPp
Score1/10 -
-
-
Target
Core.dll
-
Size
1.7MB
-
MD5
0ca58aaed4ac332cd29c37575d1e65d0
-
SHA1
39cc72e01b703fb8b7e415685d08dbda623f8f3a
-
SHA256
a9664894775635033e7b9d7b1dba0d01a08ac6c3a9b8abf8942b158731245c60
-
SHA512
cb4c35103d56774c6a496d8552c888a142f6e2fd03c39fd768f0170ee96c151fed9f9b99da3ed4a74899e8ce66225402c5fde28224cc34e2ee63c6ddf266e3a1
-
SSDEEP
24576:VBYJcKiH/estoQ7Y4AG/SLAruP7+6nHamVb9k83SyssexOZk6gQVkWEKDdBw:fNKimst77/QP7++Vb9kswokMVjFY
Score1/10 -
-
-
Target
D3DDrv.dll
-
Size
773KB
-
MD5
c97d53a02c83b358c3cba5574afc35da
-
SHA1
b64ef4f112abb868b16186475fad22007f284596
-
SHA256
8638d7a9a6a104f96d223f56e2755607b6ddc471365584813e37d26e930297b1
-
SHA512
23c60f11ad3803b987c7728fad901f52255b9a7942e76619175d4e0bd1be7b60742a477cbdf303f3c125857bf82770f89bf74ef056d9075721968354a40c2c1d
-
SSDEEP
12288:wJ5J7MRKwCfMZvfQ10Jt/TBTOsRPYyH1fN47O1eT4JmHBNxnHQlMPXhWz+0nURJ:QS0Qlkq+0nURJ
Score1/10 -
-
-
Target
D3DX9_40.dll
-
Size
4.2MB
-
MD5
eea5e428ce63804f9b12d21c97b5968f
-
SHA1
77a7f48f4bdb7e66ed5e524bb8879e3da0d6cd1d
-
SHA256
16fd909aeb68d0d1aca8529dc7f78880b97d6649d70ce8d03a2c858bc28e216b
-
SHA512
545518dabd82441ddfc17fe1c1cbd7d14603bb58130de1307a31f73b93ca42afdf25dfcf481f0383c4e039edfe4a88ae7b84b06a2850c29bbc3550114e499c73
-
SSDEEP
98304:E6EoQ715V9VRhAuR9ClDt2iHbEsX0sycGoKO0nceqyaWd2U:/Qp5VUuR9ClDt2iHbEsX0s6LO5Wd
Score3/10 -
-
-
Target
DSETUP.dll
-
Size
10KB
-
MD5
49fda5c14716af4add17f1df44d90c6f
-
SHA1
1f29372011058d4ed744285e83f38057ad7f1909
-
SHA256
615d271ebf21140a26fea321f2f0839e37f52e8c5adc6f09c41abaa0e1b40d18
-
SHA512
e9def21c72e4815fc3bf6882f810e95cace5e18f27c98d2c1374765c3be5426eafd9d4b89dae5e05a70f88f417441836761f056eb692c87b83d294c190358668
-
SSDEEP
192:nJ+pOSnaYbHiaqwJRo46AzfueJYQeywApE+eBak7h2c0H99M/m/V:cnWKLdqQeMyBak70ceYc
Score7/10 -
-
-
Target
Engine.dll
-
Size
28.2MB
-
MD5
8184bd4102014f51e320dd22511e84c6
-
SHA1
9dd02d7a487b2a6cbed32db5aa48d06b9d337ee2
-
SHA256
86bcbb2122f14de0e179ea1dd2d71d7d33c42264024db95185a4714e38f7004c
-
SHA512
68d539f00e48a5dfe90327db2f6e9ef0ce78c93edc19201736dcf7271c9b1c52224f248e4eda6faa14c419f2649649f2b8ca3d8412e4592388d0eb1164394a61
-
SSDEEP
98304:1YE4+24q9iTEucpUuSoDdpy+hvwtpzzLMtfr6H7btw8csOMDpxLdt0//p2:ot4Y9pUQe+hvwjzzLM4H73u3w
Score1/10 -
-
-
Target
Fire.dll
-
Size
172KB
-
MD5
eb99d79176c4f09a9df09a51f2fd68dd
-
SHA1
a805143cc6c98834e3890c417b1b80ac3c74a918
-
SHA256
d997be791f6b4769395e921045fa411eb238bf2f970b9d2df4c6936f4a7a0502
-
SHA512
97c4d0bbe50221757e36c9e8fae92b801d905caf8ee1e60e76c5eaecd4ad13742652756109b5a5d1d358473784380c98f9fd3eea37319d434b50e046a66ed259
-
SSDEEP
3072:0FDfGaG9vj+Ll/SzdDhccJyB9+Qy9OIN:0Bkj+LwacsKg
Score1/10 -
-
-
Target
L2.bin
-
Size
3.4MB
-
MD5
e0bdf54f93233062a9b59665b964d119
-
SHA1
cfc0f129fec7449b5bcf1f653496c0e010fc8c8f
-
SHA256
eb94a2b0be8318b5407fe971bfe553e554bb5e0245b3d0abc5cfc508e4c69175
-
SHA512
df3e2a772f1382222c448898c5ec6345dc3498469a786f32aacc4993727418f0e3c4522c9607ed36e60877a0a214cf0ea6c78469aa907a5ec4d8200fe71fe705
-
SSDEEP
49152:AoRTzBsn2W5xrFrH7RCVTnfgNTV+woIGBD:zRfBvW5xJrH7RCRnfgNJVkBD
Score7/10-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
clmods.dll
-
Size
11.2MB
-
MD5
baef30ccc446b01dc8661271de070d6f
-
SHA1
502bb28b0c8768c15d7cec458fca9d3630563a1f
-
SHA256
5cc5d097b81a8ed19f8fc1780854a80ef6d7bdfd919bfa4191f5e5f5cb96a7c3
-
SHA512
0b8efee0094da8c16808e658e22fe601d1af0bf63482a55cbcba2984e4abe6ff910f09cb510aa81b033b9f1ddb914b89d530219a1a3bc97be4416c51559abf05
-
SSDEEP
196608:lgGGw1JL31oSVIgaT/oI2FD1c9k+8t+seo0lJfzrn4kpIrQczV2YhvWNI:lZG0zHVoT/ov28c/oIzrn4FUKfhh
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
en-US.dll
-
Size
108KB
-
MD5
0a0c04434e82ce6d6a4f23e973ffdf75
-
SHA1
8bd181047d0f742f3ed17fc3c90ac381374b4606
-
SHA256
fe1cd3075d120476bd6151222939937bf11abfc8a766bf7fd830049ba86f598d
-
SHA512
10d058089e25a7c823687680e00d8589a818154ad7767dc75ea465deee9efe342d62d10eff5be9eec4fe26e19c6346e6f3da97946ac6c032358d594a5248e084
-
SSDEEP
3072:r2b56HrXxFkRFneVeojdYUkgAQcgZdlSSbnMm6icPN5u0SAPuOVtWhGqPEbbZuiA:KWQOp
Score1/10 -
-
-
Target
l2.exe
-
Size
46.7MB
-
MD5
9298113e7d18e48ce3b3bc0cc554dc7f
-
SHA1
14b671255042c817a27927afac5b45eeeb217923
-
SHA256
60fd97945e88b164a339c7da323c1b1966e17c4d6e280c8f726e62f50f783275
-
SHA512
536db1d539a3040b6a1401bf071a7d4a1b4ee07f12440b9e39789e4f0d0d4106574a5c96174c978884d3f025d2125506f15b1f2e4732e1a22c54432396717761
-
SSDEEP
786432:hD8AnHDKXqzE8D5zHop+4OA7dgtlnborjSPsNo+7kR5mojqjn:hNW6zJzOOAhOlnbk+PsNoEk+oGb
Score7/10-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-