3ed46144735c63a90aa11123cbcfd11c778564c6f0e38c1100f15dd227a5d05c

Sharing

Copy URL

Twitter E-mail

General

Target

SFVIP-Player-x64-with-update.zip
Size

60.7MB
Sample

240219-q6gbgaec68
MD5

291e5fe1e8c7af772a20025458a7b9f5
SHA1

e4e07df01b8588aea4cc048ff10f28b29807a0e3
SHA256

3ed46144735c63a90aa11123cbcfd11c778564c6f0e38c1100f15dd227a5d05c
SHA512

4024c04bb61fff09ed5aca068af10df5da801c238aca5c152dffd34b341ef48f69afaee111ecc3e79ba390919ac742ab678a7cfc72bc0940c1d7633f3f47bdd1
SSDEEP

786432:FXKKnPmi5RU08gKbWCpkkv0E/jrUJDX0OCHtZn8yQQE1PQPTHSjyA/eB4VpBgyu:5K+Pjv8lWCpVv0H5XCNZn8yQPQayKeyu

Score

7^/10

Malware Config

Targets

- Target
  
  FileAssociations.exe
- Size
  
  187KB
- MD5
  
  9c506d43f84c9152263780f3d915186f
- SHA1
  
  062ff6d00dda1e60d7e94fa49fa264f940ba6546
- SHA256
  
  4f36716fbd8b9c6b90600037ecf50dcd5fab753bcec864e93e727069b0c4d792
- SHA512
  
  3ee300a5b3ca4bf7ede06548fbbb35e4e7433fd795db634a43815e564e2779f9328e949bf1f7d42d0d78816d99665e801dc81d96d13c1da0178650ad135dd39d
- SSDEEP
  
  1536:pX8bnEkEAD4V6xyBiPpvjnS5pK5YpN5YUYTv/R2ZvAD4V6xyBiPpvZnS5pK5YpNV:ObnFD4Qxy0Ppv48D4Qxy0PpvKJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  Updater.exe
- Size
  
  360KB
- MD5
  
  da0ce2e508257db01a1f9fa3117f3d20
- SHA1
  
  b78eae612eab5d65cc9f8ebe024ae05b99034344
- SHA256
  
  88173972e3a73596aa6197b733cc59509ea2f3077b6eb3f922040da3fc6060d8
- SHA512
  
  8c0bc1d2ea840d3b4c82f06375a28b012182020fe01ab9b8bcb824a6e6629134e3ff26c578bbe854e98bb5d96a73d96a60ff7ecbf00137e99bdead8dbd345d2f
- SSDEEP
  
  6144:0zwd59IJ3nmMTEsKqccj3nb+DC3NoKe2DSoKeT:iHEsK1CdWwSW
Score

1^/10
behavioral3 behavioral4
- Target
  
  libmpv.dll
- Size
  
  428KB
- MD5
  
  917d4de2a361211366d461c12a4f49f4
- SHA1
  
  fe1ef6a2a0e08ddb0cc5206681fd9f544cefaf66
- SHA256
  
  0ea908c745e0cfb01c9c4539ef31c20f0c9cd52aecaf5cab32851adc3d5495e6
- SHA512
  
  270c611997a5f93daa8634b86ff20db2bd8e55a896fd6b88480f562bb52fafbf859afdf03a46961530d7c3ee221af6e70b249ebe49139695fe30a2602915d8de
- SSDEEP
  
  6144:rIFPAhrQQkh7XRUnvvnvvvnvZ9QZrrrZWdc4haMHM/JAMM4uu9NZa7eGQRTE9V7t:rIFPAhrIZXRzqMhUw47T+O+//k
Score

1^/10
behavioral5 behavioral6
- Target
  
  libthemes.dll
- Size
  
  478KB
- MD5
  
  24178b595b2542beba6513d3841f24e0
- SHA1
  
  593861c9004b71b71a542a1d9a111315e82248fa
- SHA256
  
  09eb25d8f02ea4949ca2faa2c882973d2c55da555d79c43f711fcf86842361bb
- SHA512
  
  11479842a47fbcc3561f85ad8acbcbe3ce69b56d1588dbb8e747438b493d4892e622a5a15871b7981933f71f51184e58fa56f96ded7e0c2b7da1fa89b80ed6a6
- SSDEEP
  
  6144:wgTuJVPIdVFVuEap3mxW7WSrPX9r7TX7TC7r+w7kXp8CwrtKg+4JpgkdvSr6E/7N:wEAIDAzZqeilalt49n
Score

1^/10
behavioral7 behavioral8
- Target
  
  sfvip player.exe
- Size
  
  853KB
- MD5
  
  9d5eb08c1f77ee9cc639daf12202e9ce
- SHA1
  
  955594c1d083433db1354b935d76a629e38b437a
- SHA256
  
  0850c2a156096dc2fcf9cfb04c49495d83c30eaa5e9f77e98408dfce723b517b
- SHA512
  
  34b59be47e287a74e50845364e65ca37f316be185c170b1b0615228b749ae9cf31e52c7176acb6d38b13cbf027c24f28ae62d474faf21b684aeea4e4b25c0269
- SSDEEP
  
  6144:gbAyFN/70t0QNTPCd3n/760ywzr7vHs7IXu7HWTnuMxGJ71wuSfjN111aI1JgeR5:MFN/Fd3nLPGJJw5f113ge0cwAV
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  SFVIP-Player-x64/Updater.exe
- Size
  
  205KB
- MD5
  
  1167f37e5bc323f8bb2dcdb565ed9d9c
- SHA1
  
  3952d65679abaa500c2cd71b68a79f68bc1de024
- SHA256
  
  96703fa2c46d73ee8c3d4e907804f2e747d3241a8c3e14ec75d08b6b66a7a5dc
- SHA512
  
  4f99dda54dcb481e19852b30d5c9c68b5ae499bbbb1be59b06184b48a8ef901d5965da97424779a3af2c94cf59fe77b08f7c5948a5f7128b02b851af1efc8fdf
- SSDEEP
  
  3072:EDPzfc126+ToKe7WSA7hqToKe7WSAphS:xkoKe2WoKeQ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral11 behavioral12
- Target
  
  SFVIP-Player-x64/lib/mpv-1.dll
- Size
  
  65.7MB
- MD5
  
  49c53ee04c87347202573b29f8b3bb9c
- SHA1
  
  dcbf5152c7f6b49b7f8a60ce888f13bec854414b
- SHA256
  
  28a9b7295cdeb1a35257c849c5a96649bda8c5c9c135103e9d388b0d849316d1
- SHA512
  
  863ddae0974c78a98f7b1056792a390c17e236b93f7941b1cf05612ceba7bc7cec985e04f94f362d2eb08f311b170f04de937b62d60dc3b9076c784e544b9920
- SSDEEP
  
  786432:4kiIUX0OWvHVLUFpyvAxRDOhg9X9xUx/iwe+xwuo+d:JYWRUFaAxRWx/iwe+xw
Score

1^/10
behavioral13 behavioral14
- Target
  
  SFVIP-Player-x64/libmpv.dll
- Size
  
  246KB
- MD5
  
  acfceb73889fafad4f5fd95ea4fba61b
- SHA1
  
  c3ef7963f4c4e6ad800e6ac386e7744ff1fa4c25
- SHA256
  
  a2743e9ba82ed7c5d8e2cd730fecc6fdc3b57feff5e2372e521a80657a74f464
- SHA512
  
  9b3627160499a13bb5213ee925be2fb2bf74607be511273bab3a6b4726746b99a9e8b13845fb010f0fb64dad81b11cc731111b561941ed8ee6a80949e6ac5799
- SSDEEP
  
  6144:5Pz+/MyfoxmO2WENbqRx1XiW7ea+7Ji+qJ:xmMyQcOLKbpPqJ
Score

1^/10
behavioral15 behavioral16
- Target
  
  SFVIP-Player-x64/sfvip player.exe
- Size
  
  1.1MB
- MD5
  
  bacba93e72ed75851a55a9b97d57cffd
- SHA1
  
  d1fa2492b6ad51e50e11520ddda17d4300476b24
- SHA256
  
  5f765b67f4083b0d2b1705d9d4c07f1b51177a4c2280180dab1d18563be88c5f
- SHA512
  
  0203eb887df6630d7105c11f9960c812278c0b64fb64f8aff2f9756870df97918c0f6868dbf8d4e89f1291cac3d59e6373f6844dd32037086454482188a27cb5
- SSDEEP
  
  12288:9zFJQ4lVUu/896LkyOSE0fMNclTlPzyEqHbvzbNdIayvRY:9zrNhfMNclTlPzyEOb7uRY
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral17 behavioral18
- Target
  
  SFVIP-Player-x64/youtube-dl.exe
- Size
  
  7.8MB
- MD5
  
  fa2e42ec6caa116175eb5023a413ff5c
- SHA1
  
  f3588397b8ab307da0ef81f4b16be2ae5cb8e177
- SHA256
  
  2345311b6899a1bf78a43b3e3efd2c7b27dbc47da165435c41fde7a4442dd292
- SHA512
  
  b8a28266a0d65511a7e58738ca92dbe92ce6761e77b184bd3aee12461901340e93aea5c6a0350ea398051a4c599d90dd1b508e4304b2d3d2f337329e8892f780
- SSDEEP
  
  196608:n/8LsFceZoWjUEgj7nkLj7GUPGtS3GBkh:n/roEK76j7b8SWBkh
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20