Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

FiveModsSetup.exe

windows10-2004-x64

5

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

resources/...ils.js

windows10-2004-x64

1

resources/...oon.js

windows10-2004-x64

1

resources/...owl.js

windows10-2004-x64

1

resources/...ter.js

windows10-2004-x64

1

resources/...end.js

windows10-2004-x64

1

resources/...ter.js

windows10-2004-x64

1

resources/...tifier

windows10-2004-x64

1

resources/...nt.rtf

windows10-2004-x64

1

resources/...fu.exe

windows10-2004-x64

1

resources/...64.exe

windows10-2004-x64

1

resources/...64.exe

windows10-2004-x64

4

resources/...86.exe

windows10-2004-x64

4

resources/...st.exe

windows10-2004-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/...64.exe

windows10-2004-x64

1

resources/...86.exe

windows10-2004-x64

1

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$R0/Uninst...ds.exe

windows10-2004-x64

5

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Resubmissions

19/02/2024, 20:31

240219-za6qxsdb56 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FiveModsSetup.exe

  • Size

    87.8MB

  • Sample

    240219-za6qxsdb56

  • MD5

    92dc4924c41d7caf172bf6d9db3cacce

  • SHA1

    670169fd51a18fba8f9f85c0ef302fd44c98d7ab

  • SHA256

    7569e4058fb692c9bcb29b8005c0f1eff6a20205da2fb39a83374d5aecf7b83e

  • SHA512

    62e167a0b11ee4e9b31a562939913b9c0d9572828cd96459230e3eaf6491fc98ec8d76ad1fa7f7f4e19543e119629e5a9d7196eef39ba1dd51479944ede88e0f

  • SSDEEP

    1572864:sgh2MpPi9Dg05GCk9S+iNCly/4fTZ/idlOO6UdH7zGuFwGU:sM2Oi1g0tk9S+iUly/AGT6UdH76uFjU

Score
5/10
discoverypersistence

Malware Config

Targets

    • Target

      FiveModsSetup.exe

    • Size

      87.8MB

    • MD5

      92dc4924c41d7caf172bf6d9db3cacce

    • SHA1

      670169fd51a18fba8f9f85c0ef302fd44c98d7ab

    • SHA256

      7569e4058fb692c9bcb29b8005c0f1eff6a20205da2fb39a83374d5aecf7b83e

    • SHA512

      62e167a0b11ee4e9b31a562939913b9c0d9572828cd96459230e3eaf6491fc98ec8d76ad1fa7f7f4e19543e119629e5a9d7196eef39ba1dd51479944ede88e0f

    • SSDEEP

      1572864:sgh2MpPi9Dg05GCk9S+iNCly/4fTZ/idlOO6UdH7zGuFwGU:sM2Oi1g0tk9S+iUly/AGT6UdH76uFjU

    Score
    5/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    1/10
    behavioral2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    behavioral5

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/lib/utils.js

    • Size

      14KB

    • MD5

      46b0f23f133ba1bd568e5cbdde8e7502

    • SHA1

      fa3154cd92cb2c398e8b324e6b8a2402e46c4a32

    • SHA256

      bd5ed859adeda193e15672e769551966b31cecaa6294fc52297533d835af3702

    • SHA512

      198ea2cb626be8ed7ded3188489952ae6a424da8a9294a507345bc23fd14ccbd4715dc472e4febf25f2ece460492ee3d3dceef394a79e79ea8e91950016380fd

    • SSDEEP

      384:lgQtxf7vKWXU5sli8m4q95W+V0TYVRvQliYqG5sYaLhG:ZH1q4ihG

    Score
    1/10
    behavioral6

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/notifiers/balloon.js

    • Size

      4KB

    • MD5

      22e0b5a21107a340bd37f034e88be79a

    • SHA1

      cfa46acdefbfb08542ac890d8de2fd007e343355

    • SHA256

      ef68f4d2e8dfcd1443843d81707a3e0e7a2e01d9573100710736eb1990306220

    • SHA512

      0c45207ec1875459355a01a8ce163811f267a95546171f2837dfd09a9587bd2888add14c4c0f868a67a66b56e6a15fcc8bbfb713141311bb8df737c8a23a91c1

    • SSDEEP

      96:EaKoSVm5cv9SRMRTvgkKAyJBVNL/wm/1Go/WB6EiTyaugNN2Jv:rKzmGKoEk0JBVB/3/woDzy9Kgv

    Score
    1/10
    behavioral7

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/notifiers/growl.js

    • Size

      1KB

    • MD5

      b899ef0e83aee19a163ce8ee249ac392

    • SHA1

      b729bd63844cb485a8cb183725d8c6720633c23e

    • SHA256

      922eecd40262c26337901479de95b0960c719df76fd3b53dfa3fc3aaed95823f

    • SHA512

      cfc0ab6a0ab5111da7759868d4478043688f6eccd261d4f5fdaa74ffb4422956fe1cfe94974fbf3b08f1405ddd505053ee4ca3102c7182ae1e4ac5006ee2f882

    Score
    1/10
    behavioral8

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/notifiers/notificationcenter.js

    • Size

      2KB

    • MD5

      09de38e77abd206cd405aa6ea70bda26

    • SHA1

      f91eb550baf3378e63086160100fbc82e88a6c1e

    • SHA256

      10dc099d7164133959a61c70ed2951921ef591738c327dbd76d7338f1c9630b4

    • SHA512

      0dff587aedc93fd315b1b6f8001ef33973cbea5b416b5103da80dbb54e8182ceffa00402b3e6affd5193ddbac3b9c3d00210b052e8f1ee0ae91bb306552c056e

    Score
    1/10
    behavioral9

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/notifiers/notifysend.js

    • Size

      2KB

    • MD5

      9792dbfec85c053f46582638e9c8a966

    • SHA1

      35ab80ae67cabc161aa3b91c2539de8c4a00035a

    • SHA256

      29fe357ee97ad29245f55bfcfee3ce75bc86375910d9b9709105a11d28f287de

    • SHA512

      16347295888393ab2cae5730cb5f54fa87cc19fb1f745302cb0132eee1c5326ba15d651f81980fc8568e34fe4a935e0926e31b528ed9ccfc480b2468d53564f9

    Score
    1/10
    behavioral10

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/notifiers/toaster.js

    • Size

      4KB

    • MD5

      5930863c25cd9d285e91ff10cbe7a947

    • SHA1

      4d1a2e9942335d16b8af07b26d780dd2e1dd30cb

    • SHA256

      3dc551eb4aa9f5ef5a2d983336e8e52714b16ad044a6e29435300299058823ed

    • SHA512

      3b60cfb76634e60ae57a147d65930ecc5826b45f82c749bbadb16183cbbcc74faf8bad46a34058e13896f49a24d50492bcb9b1fa67e0e618bfb87d9715fb5d60

    • SSDEEP

      96:XJu9LBshFyQlgf0KkZxHtKEIeBb/rHb9ujBCdDdNnu/O9yPoj:5uRBaYQSf0xxH7Ie1/rHbAMdDHu/Ojj

    Score
    1/10
    behavioral11

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier

    • Size

      85KB

    • MD5

      ade5227f13963b5bb72b47f0ad410819

    • SHA1

      24d1a22cbd8b026c35b29f1981f4d9fdff08af37

    • SHA256

      2588f4ae2118396419767c388cf2b0a9a5e0cb53ce5d05a07c00f68a97a50215

    • SHA512

      ee702782dbd44682f0c9234fbd2d256b14ee70f349186f37e025bdac20ec5b10d515e9d91e6b54a5df7ee7312f2faf4d299e1ba1e03419cfa52585f2c1195fb6

    • SSDEEP

      1536:nTAF22YtIwY0lROGiPcKXXXKV2Qaf5dC1:nTvtIWROJPvXKv

    Score
    1/10
    behavioral12

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/Resources/en.lproj/Credits.rtf

    • Size

      436B

    • MD5

      f0d4a61caf597423ff07c5e9b24a345e

    • SHA1

      60a248148b319de26e36424d25021c2488e23ce8

    • SHA256

      b4386fe1cef65cd91e6c8ecc065d117089083f91b7cadbf0c3e5eae20e8b9640

    • SHA512

      e361011499cf70fc71e247fdda71f49d913654a983aa4ae67d00dc977e53b9cf0d88d4d2ac07efe248261c3ab6e3345e829e22dda3e51dccc221a94c660ace69

    Score
    1/10
    behavioral13

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/vendor/notifu/notifu.exe

    • Size

      260KB

    • MD5

      cf96d0f817b08647b10a98399e05a78e

    • SHA1

      733e6b10654e7ecd179cef0ddd77f2fcc5b86266

    • SHA256

      ea4b7d5cd1d73985cd0fbc8dd5c66689d59e18387fdea7ec4701aeb7899ad5fc

    • SHA512

      5323d07235121ad4a57a937924281931bb014ab9846852b42e11b151cb028e19fe70161888cdb35463fadcbf4b7a4add2101648725526ac1f5dcf4e78c98f38f

    • SSDEEP

      3072:KqBnKutGyzlMoDNoq7ZlQ18geiZE1Jk+ibqB82MdYQrYnf3OTkfAd1fS/:Kq0utGyzlM/rpeiZpywY5l0I

    Score
    1/10
    behavioral14

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/vendor/notifu/notifu64.exe

    • Size

      310KB

    • MD5

      f49c9ad85fe306ddf961e5d374fe46d1

    • SHA1

      ba1ad019122827f3dca9679c0072a6dbc51d340e

    • SHA256

      6b6c23fb78ec1381c2128c71beb170a4303fb104287e38891389911c3a64962d

    • SHA512

      46a79c1b6c7dc357357fd52122d2788bab0f3b5028d33bbf4d25b4a87acd70b9a918b66208848683b04e6c5472157cd703d980022deafa45c09d755593288069

    • SSDEEP

      6144:yyXuL7nGyV8EmwzLkFp7BQIoo5tTMH8PiBH0QcPskEbQpCB:yyXajGgkFp7Bgo5isPskC

    Score
    1/10
    behavioral15

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/vendor/snoreToast/snoretoast-x64.exe

    • Size

      2.4MB

    • MD5

      a56977521ffd63d81530afe02fb71730

    • SHA1

      f1ee68583501335db5d7fb74511bd83fe5e96bc8

    • SHA256

      e53b56855a7434a9de103b2590b9f0e0239730116ef12d57532e95c132c04d90

    • SHA512

      025ec599e3e28987fdef40c2b87d473b134656927e9556b3695b6f4a016edbf2dca4d13fbfa9192302a30f02d9cea66866e5b96fd87bb29ef6f8a30f773104f1

    • SSDEEP

      12288:qH8eqe02OxWIYNE9LdQnUkYUkqxXL7FsUnBnkBwAn1cdyRSIoFUsC7N7CBnj9y6:OseqxWIYNkLJF5qxX3FBkBwAn1cipJe

    Score
    4/10
    persistence
    behavioral16

    • Target

      resources/app.asar.unpacked/node_modules/node-notifier/vendor/snoreToast/snoretoast-x86.exe

    • Size

      2.0MB

    • MD5

      051e5081dbaf3e7363591f60ad104f1c

    • SHA1

      177d4003217b34a2e1595fe91e9cf88dd4521c97

    • SHA256

      151932b98b86b5809648ee1a025f8e498b54823b61ca2083a0f725fe75b952c9

    • SHA512

      c6e4706fe2fbe391595b0e5d5382528eacca23e39dde45bc5f3d2d12b4edb2508a1ecd8f218428c30179f923f5c513c1a998df4af9f86e7a6df5c86b86bea40b

    • SSDEEP

      49152:23cbOgvxzNFUqxAhYyYDjGfoBbEQk+03wzqgCNLuLO:D3c

    Score
    4/10
    persistence
    behavioral17

    • Target

      resources/app.asar.unpacked/node_modules/process-exists/node_modules/ps-list/fastlist.exe

    • Size

      64KB

    • MD5

      3da710092314aecf6191dd1d059f392c

    • SHA1

      9908852f9e644e77917e3b23dd83a7dbc4868759

    • SHA256

      676e4e325b0637f0fe71d2c206fe71e20b8f69977aea7a6c26a899af1a662fb1

    • SHA512

      ed2f2acd2135f6dbfcb005fbd01bad724d94c45661c7282c0d261a963b817b77c91077bbe6c007863fef1e5d07bd5458e9396fb0b7be7f42437188db561466eb

    • SSDEEP

      1536:u0OSw77rTpj3U/DY7PcZ6CbGpOTkL75CUYl1L7SQt:NOx7mkQZ6CcOTkfMp1fSQt

    Score
    1/10
    behavioral18

    • Target

      resources/app.asar.unpacked/node_modules/process-exists/node_modules/ps-list/index.js

    • Size

      1KB

    • MD5

      d3d4212183b548694716135fda1fd6bf

    • SHA1

      2a1b28abf4bad549d8b2c925c1d596c11d2a9fb5

    • SHA256

      12ec18fe8707e1555c57f59c4009b5ab4192a59fb4d1128b5da4441bc7224ad9

    • SHA512

      702aa699eda287d22c1b7e0d11a0b18d441a65210b4b85df7b6297a3c52aa660c376c125703b63cdb749d27abbd22d123f1012d1f99c7319dce19d3947ab1c26

    Score
    1/10
    behavioral19

    • Target

      resources/app.asar.unpacked/node_modules/ps-list/index.js

    • Size

      4KB

    • MD5

      32385488335d3acbac238ae79c09256b

    • SHA1

      6945ac03e7581574c5e9dc0b943d89f13eb6bc81

    • SHA256

      fb267dc224440784ece7cac39c0143d79420a206ac8054d5cec1bc702a885a9c

    • SHA512

      76fbdc4e34e68acdbac018c73d937a3da3cad307e417174f9b52db26959388d23f9bb502f9b4f64e44f62565d675dedaabb4f4f3b0f3dbae088b284c96a8bfbe

    • SSDEEP

      96:jF327zAOQaZPXRe/hTfvBaAemtAW1We6mqdSRcsTbPXRYaEsMGUrMUinRboKI:hmrQQBeVfvlemBad+cABL+nwUORboKI

    Score
    1/10
    behavioral20

    • Target

      resources/app.asar.unpacked/node_modules/ps-list/vendor/fastlist-0.3.0-x64.exe

    • Size

      286KB

    • MD5

      ae781efe1a844c93b989729ee512967b

    • SHA1

      40d5e32e06272ffcae7d366bf7127f5605d6fbde

    • SHA256

      e471ba960a8861e5fa515570f8b77a08f47dc800351e04fb7aff9fcbb120346b

    • SHA512

      df2278e1c8c4556030f8d2840de342e315563deb9e357e11e5c50cd7db9ef3bdf2fdf6de3b0a009136af50056d63fc99f545c0cbcc68b119ad3bfb75f65e5518

    • SSDEEP

      6144:YxxmnATc41sT3iVSd87fqCHeohyRDaFsIhg8M:axmnz41s+VSsfT+o4

    Score
    1/10
    behavioral21

    • Target

      resources/app.asar.unpacked/node_modules/ps-list/vendor/fastlist-0.3.0-x86.exe

    • Size

      230KB

    • MD5

      4629d4e7ca1e7c9d352becad14d7888d

    • SHA1

      d1fcafe72067cc2a69f2bbaa67a5ba26fb6628f0

    • SHA256

      589ab9b783d4c898d49fb10faa38e3be650fdf6d74942e5f132c49b4e44ccbda

    • SHA512

      6f55d06d8f28acace9d6a36de630a70f5700fa1c180da004d6cd796e5632748aa4e5b18b9dc6f27100eb0742ba53d2e61e44a21c088eabd333c806db63c5a19f

    • SSDEEP

      6144:9uP738wut5T2/efnO310+Hfd+ueCuMvMLAOgp+HQzN2u:9uPL8wut5T2/eCHF+ueCQeQHQv

    Score
    1/10
    behavioral22

    • Target

      resources/elevate.exe

    • Size

      125KB

    • MD5

      1a4e3ca72216bf54aa6414c1020500f7

    • SHA1

      e91b0ec40bf783743b68eb4a928b1c1baf6ecc4f

    • SHA256

      929e5eb3140f1071a470a813013b3a04e911e434e7bcb04e505a9204c5715a9b

    • SHA512

      ff95b6ef75e9bdcc86200b2244ead7804c7a440f75966b8d0039df5ff06e51ba206f083f31ec96d49340345d3a84c1fa83bf6520f3bded751bc66aadc1837399

    • SSDEEP

      3072:wcbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlbOTkf/rpC1fSV:xPrwRhte1XsE1lpkm

    Score
    1/10
    behavioral23

    • Target

      vk_swiftshader.dll

    • Size

      4.9MB

    • MD5

      9281a9a4a96eaa608ee657de992f5f3d

    • SHA1

      e663c605ee7c2f79409a784a823e0dc9eebbaa0e

    • SHA256

      c7ce4bf37998052ee3be6c36ab5a18f2fae1ae0474f3a0d0fbad2382855aeec1

    • SHA512

      578c1ca8523a94403f6695cf4d201fc036bce75c6dabe63f57ad2b5b1aca8d32ab66ca7df8bdee84a8a7202a539995f5128a448418d07a1589837b53e40013a9

    • SSDEEP

      49152:4dhIZFC8e/N1dUnfO2fq1LLf4+G4UrRW9yqxV11MXnPr1OTQHaA6XWVzV8Ii66US:44ZFCPFXa5MWU66UeP1WyiWj9

    Score
    1/10
    behavioral24

    • Target

      vulkan-1.dll

    • Size

      917KB

    • MD5

      e500db5dbb5d6bb83acc3272011c874d

    • SHA1

      5c2f176831e0376c58d2484334430761b0fc9f4c

    • SHA256

      538d78238812eb6d6847c26bada47ae38f9c26c035739352273e439d4a78bf94

    • SHA512

      3d20e206c44771cc6db52a88b9048b54d8afeb5c0b4ad5e64cd7de0c3589fb5326edecc7fad931d15a5e3a07d30733f8891ab7a0555110068eb73f11de5a069e

    • SSDEEP

      24576:gL99pND/AmS7MzZC+lQv6Z5WoDYsHs6g3P0zAk7Zkk:0pBYmBZ1yv6Z5WoDYsHs6g3P0zAk7ZP

    Score
    1/10
    behavioral25

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec0504e6b8a11d5aad43b296beeb84b2

    • SHA1

      91b5ce085130c8c7194d66b2439ec9e1c206497c

    • SHA256

      5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

    • SHA512

      3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

    • SSDEEP

      96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr

    Score
    3/10
    behavioral26

    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      424KB

    • MD5

      80e44ce4895304c6a3a831310fbf8cd0

    • SHA1

      36bd49ae21c460be5753a904b4501f1abca53508

    • SHA256

      b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    • SHA512

      c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

    • SSDEEP

      6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

    Score
    3/10
    behavioral27

    • Target

      $R0/Uninstall FiveMods.exe

    • Size

      167KB

    • MD5

      d19a6626655b6d464d27c41feb2fe9c3

    • SHA1

      5e6fd52e084bb037a84786714fcc79dc4a418a39

    • SHA256

      a12a3ae27b2977414aac65bc211779154ac050f31d6189e98402d97eaad61692

    • SHA512

      dd7c2dc07531ae5f2d8939acbd052b0a66a40d43a76a6beef1f4b0b7359419d602eb49dd1ca77a5d4750f661af195934f7a8b988b61ace4f4fde207bf27c0302

    • SSDEEP

      3072:Yn77v00hEoDEtauKdXFnXglaH2tvhOEA1RJCir86SrSrv6Ia3KOTkfiWE1fSV:Y740I4xXgls2t0EyL+yaA6da

    Score
    5/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral28

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    behavioral29

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral30

    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    behavioral31

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec0504e6b8a11d5aad43b296beeb84b2

    • SHA1

      91b5ce085130c8c7194d66b2439ec9e1c206497c

    • SHA256

      5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

    • SHA512

      3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

    • SSDEEP

      96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr

    Score
    3/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
5/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

persistence
Score
4/10

behavioral17

persistence
Score
4/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
5/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10