0f19a4a8378e79e044d6d36b2411611dc3562f4c852d433882fa0bd8e82d1f96

Sharing

Copy URL

Twitter E-mail

General

Target

Unofficial Late 2006.rar
Size

8.8MB
Sample

240220-rza2jsac59
MD5

9159c37ff63680824bbd7f6e04a4a80c
SHA1

979f56a305d216ef4baf4da3c6aa790c1965ed0f
SHA256

0f19a4a8378e79e044d6d36b2411611dc3562f4c852d433882fa0bd8e82d1f96
SHA512

20008d947ebd5bfa4ef58603b17663de975714331c32bbed948f23ab7671d2c08a407a0bf007c3a3177d663cf23c4c57543cb096e3bbc42d86de0e1e1de55ca5
SSDEEP

196608:BlkQUc4AJxw10KSIdHoZ/Io7I0jgkNGAbVKsZFXu4dn9Hdi:BlkBc4KxwaKSIWI/agw+gXu4d9Hdi

Score

8^/10

Malware Config

Targets

- Target
  
  Late 2006 lvl7/Microsoft.VC90.CRT/msvcm90.dll
- Size
  
  219KB
- MD5
  
  4a8bc195abdc93f0db5dab7f5093c52f
- SHA1
  
  b55a206fc91ecc3adeda65d286522aa69f04ac88
- SHA256
  
  b371af3ce6cb5d0b411919a188d5274df74d5ee49f6dd7b1ccb5a31466121a18
- SHA512
  
  197c12825efa2747afd10fafe3e198c1156ed20d75bad07984caa83447d0c7d498ef67cee11004232ca5d4dbbb9ae9d43bfd073002d3d0d8385476876ef48a94
- SSDEEP
  
  6144:ge7iXDX5qmzXOZc/cU4HqsKvts6tifkglMqbO0YLJbc89XTiuq5Kz3OaOyp:ge7iXVDzXOGJb5XTiuq5Kz+
Score

8^/10

discovery
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1
- Target
  
  Late 2006 lvl7/Microsoft.VC90.CRT/msvcp90.dll
- Size
  
  555KB
- MD5
  
  6de5c66e434a9c1729575763d891c6c2
- SHA1
  
  a230e64e0a5830544a25890f70ce9c9296245945
- SHA256
  
  4f7ed27b532888ce72b96e52952073eab2354160d1156924489054b7fa9b0b1a
- SHA512
  
  27ec83ee49b752a31a9469e17104ed039d74919a103b625a9250ac2d4d8b8601034d8b3e2fa87aadbafbdb89b01c1152943e8f9a470293cc7d62c2eefa389d2c
- SSDEEP
  
  12288:iUmYoJC//83zMHZg7/yToyvYXO84hUgiW6QR7t5C3Ooc8SHkC2eRZRzS:iUmYoO83W0y8yeO8L3Ooc8SHkC2e8
Score

1^/10
behavioral2
- Target
  
  Late 2006 lvl7/Microsoft.VC90.CRT/msvcr90.dll
- Size
  
  640KB
- MD5
  
  e7d91d008fe76423962b91c43c88e4eb
- SHA1
  
  29268ef0cd220ad3c5e9812befd3f5759b27a266
- SHA256
  
  ed0170d3de86da33e02bfa1605eec8ff6010583481b1c530843867c1939d2185
- SHA512
  
  c3d5da1631860c92decf4393d57d8bff0c7a80758c9b9678d291b449be536465bda7a4c917e77b58a82d1d7bfc1f4b3bee9216d531086659c40c41febcdcae92
- SSDEEP
  
  12288:whr4UCeaHTA80gIZ4BgmOEGVN9vtI0E5uO9FAOu8axTFmRyyrRzS:ga2g5gmO791I0E5uO9FANpmRyyg
Score

1^/10
behavioral3
- Target
  
  Late 2006 lvl7/Microsoft.VC90.MFC/mfc90.dll
- Size
  
  1.1MB
- MD5
  
  462ddcc5eb88f34aed991416f8e354b2
- SHA1
  
  6f4dbb36a8e7e594e12a2a9ed4b71af0faa762c1
- SHA256
  
  287bd98054c5d2c4126298ee50a2633edc745bc76a1ce04e980f3ecc577ce943
- SHA512
  
  35d21e545ce6436f5e70851e0665193bb1c696f61161145c92025a090d09e08f28272cbf1e271ff62ff31862544025290e22b15a7acde1aea655560300efe1ec
- SSDEEP
  
  24576:HMh/PZa3TrShmbjRbf/zxUK4BpifCqY5TcB2sQL+XmDOl:HMh/PZa3HTjtFUKwhqY5TcyL+XmE
Score

1^/10
behavioral4
- Target
  
  Late 2006 lvl7/Microsoft.VC90.MFC/mfcm90.dll
- Size
  
  58KB
- MD5
  
  d4e7c1546cf3131b7d84b39f8da9e321
- SHA1
  
  6b096858723c76848b85d63b4da334299beced5b
- SHA256
  
  c4243ba85c2d130b4dec972cd291916e973d9d60fac5ceea63a01837ecc481c2
- SHA512
  
  4383e2bc34b078819777da73f1bd4a88b367132e653a7226ed73f43e4387ed32e8c2bcafd8679ef5e415f0b63422db05165a9e794f055aa8024fe3e7cabc66b9
- SSDEEP
  
  768:kXS5hxqhOz9XNpOb/AXVuips6Pm550971BVO5nkcwo5ArrwlyQ6mrCHrO1MquTSU:kC/IMZHO0lu+s60VwvrrDmrCrO1HuTR
Score

1^/10
behavioral5
- Target
  
  Late 2006 lvl7/RobloxApp.exe
- Size
  
  6.4MB
- MD5
  
  16149071e5957f5cb11528fccbaba659
- SHA1
  
  b63ed25974c5864f67b6b20c93aaf7cd76847c67
- SHA256
  
  fc98380ca8f443bee3896f054bb31f915315899f0f3fe598ac2e85988ce222af
- SHA512
  
  3198c6f865e6cc6e593cbb2c20600be53a7d862b2414a788b06ef96ccb7ed38ef47a3a369abb2613826b78bbddbf63c914ac28a3871bc87758b4fe8166348956
- SSDEEP
  
  49152:mW4itcnb79Ost6IYATmp/PAHP26LOHk0QNHcGtWlEG5LkuV6pxDMbSWTET/HHxev:mTBOpIe/IvzLOFQ9c6WFpgzAEW
Score

7^/10

evasion trojan upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral6
- Target
  
  Late 2006 lvl7/RobloxInstall.dll
- Size
  
  210KB
- MD5
  
  e9e2f3e90d8560ef82aa7008270980ec
- SHA1
  
  3568df5cbe620999fd8af5312efd6871a8be26a2
- SHA256
  
  ffe76f466744b2e3b1d92a8964580c2368a6a928c79fc360a53bb727ffca86b6
- SHA512
  
  5446d242ff280358a8bbac63697f1c95f254f8d41e665c011fb038782290d1f3539643c7954b1dc2f060f79ab835985067318f5c70a5908a79a730335d67695a
- SSDEEP
  
  3072:7Kvghh6oCowEhN+QNoPje17rUpeDGxAtwKfhsn0rbIzSHozvSuKn5EhS417PN0:7CQhmuN9Ncs7rUpsjwdz+OvS92hDPN
Score

1^/10
behavioral7
- Target
  
  Late 2006 lvl7/RobloxLauncher.dll
- Size
  
  76KB
- MD5
  
  f4c780a3895c8a2dd36668dd59f9a516
- SHA1
  
  7d8727849aecddd9e5c69d52e6e3ffca988327b2
- SHA256
  
  16f31fe344e21d0d117fa041cc8b8770eba4658a4bd6679a26afbda5aa64248a
- SHA512
  
  6de4476db6d6e14b1ef40ebc1c94ebd8db926c5f9ed20fcf2b85b8057f90b163b94b9d93d0bff81fd37744c6aaf5429c5e764c630dbcb540b29b6c9217388f35
- SSDEEP
  
  1536:mT6g/Em2s6lIexZFfMHeCNIZDb5x8lGQlErvlO1SDUTCiHl:l4Em29IgFf6NIZpGl/Er9O1SDli
Score

1^/10
behavioral8
- Target
  
  Late 2006 lvl7/SciLexer.dll
- Size
  
  378KB
- MD5
  
  60c5cc3b77fc94e20a7136f0180d221e
- SHA1
  
  f64708262a6c3d9d8f0dea8903bab6031ebd98c8
- SHA256
  
  19135c5e18534f584c3416582da80fe017ab2707b50eb6ad89adde3de014b869
- SHA512
  
  3deadc74ea9965ee2337ea1b0225db9354cdf4ac03423e554e85250e81b9614df6fc639de5531e2dea29987244aa5ccbd251d26f648fa10e01e6adb2d328cfe2
- SSDEEP
  
  6144:qh7KX/CNX2sfpFlxFNMMsoHWK3RtR6q5aDp9ElDxr3LneSY+Cxa4IGCBeaqL/zrF:I/NmsRF1WMsqbvR6qQwDxDDeSY+Cc4Iy
Score

3^/10
behavioral9
- Target
  
  Late 2006 lvl7/content/RobloxApp_original.exe
- Size
  
  6.4MB
- MD5
  
  40028e7fe003743020228ceabe39e3d9
- SHA1
  
  86b08053a87ed5f26fd637cc30499058fcdadf46
- SHA256
  
  af1acd5d9b383703108609a5e31e6ed68ff310eebe9c5dc12f9470fbab748a75
- SHA512
  
  1529e14400ba4970b84f1519a94dd267b0bc4bf0417cf7c8007d20ebf2be787dcfe3fc7f656ecb42b42b31debc2f3871bff8b88b162c0dbc47e1f114e303cd69
- SSDEEP
  
  49152:jW4itcnb79Ost6IYATmp/PAHP26LOHk0QNHcGtWlEG5LkuV6pxDMbSWTET/HHJfv:jTBOpIe/IvzLOFQ9c6WFpgzlEW
Score

1^/10
behavioral10
- Target
  
  fonts/ContentFonts.dll
- Size
  
  2KB
- MD5
  
  76959570a3f6baeabb16d5218784e0f1
- SHA1
  
  2cc4da4e755bec4c2ebf2b0312135cebe59f5bcc
- SHA256
  
  8ee36e992ca8444163025ce272a654c80b87453b634ecb8502a90b42705937d2
- SHA512
  
  76513f5dadb26439c42a8d6dceffe038d87e95777ff1404cd5b530220cf3b9bcc4bd5ed98c232e1a546f7953c1526b256abe2f7d5fcf88de6dad56553f645edf
Score

1^/10
behavioral11
- Target
  
  Late 2006 lvl7/content/fonts/ContentFonts.dll
- Size
  
  2KB
- MD5
  
  76959570a3f6baeabb16d5218784e0f1
- SHA1
  
  2cc4da4e755bec4c2ebf2b0312135cebe59f5bcc
- SHA256
  
  8ee36e992ca8444163025ce272a654c80b87453b634ecb8502a90b42705937d2
- SHA512
  
  76513f5dadb26439c42a8d6dceffe038d87e95777ff1404cd5b530220cf3b9bcc4bd5ed98c232e1a546f7953c1526b256abe2f7d5fcf88de6dad56553f645edf
Score

1^/10
behavioral12
- Target
  
  Late 2006 lvl7/content/music/ContentMusic.dll
- Size
  
  2KB
- MD5
  
  4a344ffc7bd51deadb481d1a810d540d
- SHA1
  
  d63478624037969afab9aa39bfdb346be770d513
- SHA256
  
  0346fb0337434a7d3bdd1b75257bea1b24987b4a8ba8db1472051a6d2d9e227b
- SHA512
  
  116f5ff0631756d7740760d1e2c436d760b08db41092e106ad11cc2fc2fd6d63a8a44ec0e3bcda7d8e1f0b968ec138fb98c739b7e0579e2ef2f198f10b228336
Score

1^/10
behavioral13
- Target
  
  Late 2006 lvl7/content/sky/ContentSky.dll
- Size
  
  2KB
- MD5
  
  e5d36d6c64b90d61231c407f1e64cacf
- SHA1
  
  8da7bea4630167a806a44562f57ef46d8f177593
- SHA256
  
  79ac21cb93989cf674ba1dce51b20c036a8108b3c353521d9e60faea43e4aee7
- SHA512
  
  4c71681db3e96660032aa51579d790f09ee6ba3a4175ecfb62faab72a8a9ff0a4c14aa03ad4ae02c1eac480f7b6c9a2d22077641a6aeaeb7e7d205d261d9eb84
Score

1^/10
behavioral14
- Target
  
  Late 2006 lvl7/content/sounds/ContentSounds.dll
- Size
  
  2KB
- MD5
  
  3db69093a22b2da73ce824f9a5046c50
- SHA1
  
  9b789407b6e0e68516bc57a85d22c04a9180e62b
- SHA256
  
  6daf25cd02bb2da0ea1c751a5e277f07cd2b7ea832ed4ac01346011eec35a324
- SHA512
  
  bdf54b5b767ae3ce9a42d934c2b428695c9fa754eeb41c6c0463e7098236649d6da2bd6617974c0f69a24eb9225d8e28cb443ce20d09fbaf411b8bc5493e18e7
Score

1^/10
behavioral15
- Target
  
  Late 2006 lvl7/content/textures/ContentTextures.dll
- Size
  
  2KB
- MD5
  
  c13315246e61c6cd63b9af7365d08152
- SHA1
  
  d0eeb5c7dc76cd840b99b0c2a65d78787ee9f06e
- SHA256
  
  fff388b7d6dea50543be7d4a00c8fe2d8a6cb3e487e57bf86013c65c41ce22d2
- SHA512
  
  b36c3dc381e5ae69765c1ba29a1c8967a4b80cb07bc669532b8e1baaabe549c59ac6e76a7022e95fb74b3e51e5fde24699a7d6d760dc2c53cf0b20444b224ceb
Score

1^/10
behavioral16
- Target
  
  Late 2006 lvl7/fmodex.dll
- Size
  
  327KB
- MD5
  
  83e03b8a72a3a0b16dccceffc22db59a
- SHA1
  
  60a933442b3aa6c9ee7b7ee93f8864b692732063
- SHA256
  
  6b99d7373d5426a271c9f61ec732704195addd0ba7bd49699f5a4727d39cd570
- SHA512
  
  5a424982133df6ac525da20070f2a8886dd81c11d05dc5ff835670f743763c108bd6d4b909a71a64fe14d9e54706c1e043957c5587e2d1b594084cff2a315e6e
- SSDEEP
  
  6144:vEOXWo0AG9xypQrs9ZU/3tmG7UG8m1Rdttva/JqebcBmQpYLpl/Hdlm2xCtEp12t:MOXWJjy+rs9mtmNmFnSxCmQpYr
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17
- Target
  
  Late 2006 lvl7/rgdx.dll
- Size
  
  1.1MB
- MD5
  
  d362a9dcecb4c45df2f3ba47a3ea0e0d
- SHA1
  
  be689bd574cca02c0bb8dd3cc3814bc1a5c724b1
- SHA256
  
  dfce3291ea1214f37aae8e009af1891c45ab7843eb639a914d9791418559a50e
- SHA512
  
  4454b7b38ed937308a683b5866fe467064169c51640b2dcb99c68bc530963df12cd1e06da279618b8c5f3214dacc394bf90fb66e07a05e2fa598c3dd8fc1cb5e
- SSDEEP
  
  12288:yYxz617NMg0oHQqDVVaHDTNR4fKHHD+IhfGHKBlXnWgD+GfGaGw5ew6IpsfZzee7:bh6MgtLgWKiIh+AWs+3aGwsYifZzeC
Score

3^/10
behavioral18
- Target
  
  Late 2006 lvl7/rggl.dll
- Size
  
  522KB
- MD5
  
  35dabbbbc3cc4963ee1fc4040dea40af
- SHA1
  
  25c2ae73759864795014cbeb1310efcd3e9b4893
- SHA256
  
  6178fbc6fd0ee00738901cf5803b9399ad4f60987a3e031e10651626836b8480
- SHA512
  
  364b8b00b27d5e9d4c57acabe6cac6b8a4d2e5274523cae0418cf3c65f35c43598892d496da5db63e8aee0789e7e12ce553208d0ab335fa3bf11caaa5a724e93
- SSDEEP
  
  12288:Bt6mcEKyEPiRXGGpCQYmcwMLRqqKnriO/ZWL+GOvFLuk7P:YPxvgMFonruL+GOvFLuk7
Score

3^/10
behavioral19
- Target
  
  Late 2006 lvl7/rgmain.dll
- Size
  
  4.7MB
- MD5
  
  3ea0c7cc88ef1329b4cb60fb9f3861c4
- SHA1
  
  da527ec282fef9e0fc5a74666801b4b57d9a58cf
- SHA256
  
  b67d2e96c5bf28fe48799a96c7927c57b91c74e483b30975ee58ca45f470153c
- SHA512
  
  0fc75a6a299d0542254a1206cde8a5e7964470f5700921a76b3a8cc67ea0f4ffe51b3d40ab5fe3f35e42c181a256d21e7d8d10629589546c118605b9439f8e38
- SSDEEP
  
  49152:Kh0n8/Iupbb89ZMvEyArxbslBIdflK/QeGRx73T7nKZGpyQTD5T/D8CyYghsDN:Nn0XbbolslBcflKxenQGVyY
Score

3^/10
behavioral20
- Target
  
  Late 2006 lvl7/rgpar.dll
- Size
  
  101KB
- MD5
  
  7acb30afe94c12c270f76965d73bef76
- SHA1
  
  c8e497196e24e8d1a8c9965b17bf282c36a0a7b6
- SHA256
  
  97ffa2b58ccf5a9fab91e2d536521348ce0a529c8fc024e5e1de892a6a43d801
- SHA512
  
  47e63d223987a7acbe2bff6d26e4ae887994fafd4b0648419c3c73ce58ccd077367a678d2bcfefdf42bf533d06d4c442006ac159a7510ba9930968c9e271adb1
- SSDEEP
  
  3072:pqAtzrujQ2aMiN2iq5kpwESFWNAPwDhxTxAw0WOtgEXLNP4q:kiHb71pxAw0WOtgE7NPz
Score

3^/10
behavioral21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks for any installed AV software in registry

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

UPX packed file

Checks whether UAC is enabled

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21