c05eee85b6373145cfecc43b0cd2e630ceebdeaa56cbbf0d536085e7402e1be0

Sharing

Copy URL Twitter E-mail

General

Target

cc4a0bee2116ae1cb3a9a577ce26039b.bin
Size

2.0MB
Sample

240221-e6hczsca78
MD5

cc4a0bee2116ae1cb3a9a577ce26039b
SHA1

4619027d881da257ee1e77da2dd75d45f59835ca
SHA256

c05eee85b6373145cfecc43b0cd2e630ceebdeaa56cbbf0d536085e7402e1be0
SHA512

6010fea1f9f28209cb681f2662d9ec47ce2993e23f0d658bc13d3381c9abd3492777ab7dab8a780db4e168f6a72bf49651aefa9d01d400b6943459df4a5d6656
SSDEEP

49152:Zb0/rCnIVVTBfXcJ7TGM3Xd/PRO68X67+9leNRvpjDWS7WjAr4BEh:R0TCJ7T5HF8Xk+9AH5iSV4Bu

Score

7^/10

Malware Config

Targets

- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/ARK Smart Breeding.exe
- Size
  
  1.7MB
- MD5
  
  3b3e394df30d830395d6cd4c211f4dff
- SHA1
  
  98d628b74fcad7f497f0dd65e703349f92df4f87
- SHA256
  
  955e40ca31a0bb19139dbf9d8c1b8339177b4c79db341fc9aa53b0bd72dcfea0
- SHA512
  
  990e349381178cf7c76d67b39d28746a354bd05d4db4b295c86e88a123f8ae0acf6e507307de3a2a3e0dc9faa4afbff671a03b952fcf9a1320c763caf89ca525
- SSDEEP
  
  24576:tdVBW1XFPuJGs6Jd41dS6QFSC5aHtZkKUe0eB7nKh:tdy97zdIo6QFf5aN5F
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/FluentFTP.dll
- Size
  
  374KB
- MD5
  
  01f14f0039ea1bd21e6130906b29536e
- SHA1
  
  bd945798b379a6b1cc6580612f913311bbb1144e
- SHA256
  
  038128adcb66089b43f4cf823988b8a602987d27cf569ee0a5044caaffee6722
- SHA512
  
  db40598ce98912e0a8dba005f51224f9a94cc4e4cbc65decfae2cbd6305bd2810b754378ffa5b9e284c532cfcce3279e531d9597a2b08fc80b28761f40f4e3c1
- SSDEEP
  
  6144:kmFN7tKPom9blEpZpjKE+REdXBzf88nQ6JIuh:fKP7blET1
Score

1^/10
behavioral3 behavioral4
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  715a1fbee4665e99e859eda667fe8034
- SHA1
  
  e13c6e4210043c4976dcdc447ea2b32854f70cc6
- SHA256
  
  c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e
- SHA512
  
  bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad
- SSDEEP
  
  12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
Score

1^/10
behavioral5 behavioral6
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/SavegameToolkit.dll
- Size
  
  129KB
- MD5
  
  22dc3ad85fd32cd775c2af0449af8185
- SHA1
  
  c744c4b1ddaf5437837e14c5fc093ecb0fc6f5ee
- SHA256
  
  1c2c61fec7a89ff00bd2ebf6b2d91ba56b9187d1d735b7fd51d9e648362defbb
- SHA512
  
  0ed0b434ef53c37e6da0c4647c275347a87553503eda164cb5d7b67eac1d2c9796f43546e34e2b109bd957099d3ac1c9acfb257c733676039a0e7e1b03e34184
- SSDEEP
  
  1536:jRZbhxImt5LZnao9hBaA9+5Jg+MUloMUD3aRgNNRb3zJvavDzXXbWzxw5cWKj6Br:dZb5ooH7zkDjyWKCD9eqPESljtz
Score

1^/10
behavioral7 behavioral8
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/SavegameToolkitAdditions.dll
- Size
  
  20KB
- MD5
  
  893923eee7133c72c84a3821a0960eaa
- SHA1
  
  1720b1c364c23d24e08ff4cfcef1ab54cb9f249b
- SHA256
  
  c1138e702a5fc427507bbd289a18ffc093f733ed43095a41207815897cafb3ca
- SHA512
  
  1de66242785a6e5700cfaafb96cd2f37bcb78bedce1abc1bbc4d548aaf07ae933ba79ef53e000000ffbcbaebe08e3ccb0ff086821c5c3a248a68e1509417a8b6
- SSDEEP
  
  384:M+xbYnokjdtezYt8M4+NP39MbDEIZ2kcIuPMZ8dcc/aO7+ZXR0EMjNO3d:MCbYnokjdIzYt9NP+P1WIu0ZGX/P6ZBb
Score

1^/10
behavioral10 behavioral9
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/System.Collections.Immutable.dll
- Size
  
  295KB
- MD5
  
  d8203aedaabeac1e606cd0e2af397d01
- SHA1
  
  eef943e4369166a039dee90f2d81504613d49ca0
- SHA256
  
  2f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57
- SHA512
  
  ce09543cbb799db65c71ea9d050cef99d702d9af0cc4c7e346f97f616b091d0ab9a211197caf7fd5a53af1ba6ce913b2b121499d36cd43b499fd201376f4f3d6
- SSDEEP
  
  6144:UgQflmXU2jFqgqXf3sHwcmtpAGb2Fwz5UcEUcsoJ:nQflEf2yEXbs7cNc7J
Score

1^/10
behavioral11 behavioral12
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/asb-updater.exe
- Size
  
  573KB
- MD5
  
  8abb9024bed807bbb546903c251b7872
- SHA1
  
  e43ec9ed53ddd429712630f790a1eb1acb13f6d3
- SHA256
  
  051772c9043131fc4f143e49c082a33b0539cae571be2e0c7daa6120de8e49bf
- SHA512
  
  cec82bb8f6e277347fcf7a2d9a254b8dd94c00f0b2a27be1cabc67c9830caed59e2b064b46a3e707f74bae86c8349d0111ccb86b2aeffd8bc6b6fd247c44abd6
- SSDEEP
  
  6144:RkDDH9ny3ppvXoRXlGMzG8DIhl12P2EQhq1bhw9UfTxHACa/5yPPIRszADDH9nb3:oHlyZpPoR1GytQQu0bnCPhgQ2yHlb
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral13 behavioral14
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/de/ARK Smart Breeding.resources.dll
- Size
  
  38KB
- MD5
  
  ee516dfbff06dbdb49f532c93df8d9a7
- SHA1
  
  ec4151e76314f834066d6b3edbe67ee9856de14b
- SHA256
  
  3bb9bdef32d17c7590389db278695c234ecdca0943d89910c563689ec7125dd4
- SHA512
  
  d596eaddfa3c94734623761a2d2f43fba3adaa4f27793c79d40bef50725d72482a3056034ca23c7a5b95ccf10873e352c0d7843bbf980a41d59c8043e5443949
- SSDEEP
  
  768:r6yoVHl4jcc5E8MDQbSxE3coQIPUDicasGWZjs2oBihr0UkX:r6yUl4Ac5E8MDoSxEKJGWZjPoAhr0UkX
Score

1^/10
behavioral15 behavioral16
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/es/ARK Smart Breeding.resources.dll
- Size
  
  28KB
- MD5
  
  71035d098c7abe1a49b461194d2ff6f8
- SHA1
  
  3e2d5d1a44412aaeff5019d1cb494947ee16de1c
- SHA256
  
  326a5143bb103a47d565e54a0c65ee76cb2bef97001d35e6fb65afc5efe89c65
- SHA512
  
  cdc17d514948ac859fb98a9d9f62358194abf11ad569acaad69d943f903dd282eb87692a9e9dff80be90fa23e057a20e543d1c511d73919e8c90d5095a5baf48
- SSDEEP
  
  768:wpaNmaMcVvJl4NIlKkmkgAkAxsztHj7XwHUjSX:wpawaTJl4NIlKHkgAkTztHY8SX
Score

1^/10
behavioral17 behavioral18
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/fr/ARK Smart Breeding.resources.dll
- Size
  
  41KB
- MD5
  
  9394bcd8150ba7e989928d6b9e33b8d3
- SHA1
  
  82177e0b1a4b94ddb32ec0e5fe76fb4839339ae7
- SHA256
  
  3a7126aabfabe6580991d48418130e876fe6dd8600a53a3b1cb4ebaa3dbe4aa9
- SHA512
  
  22d6b90f79615aab7b7f67f1bdb36047496465824888ed9e65c66e1bde666ae70e96b494dc0f92bbc62a40cc8c05a2a1f59d273f966b2fcf5c7849c8ec84e530
- SSDEEP
  
  768:jmFlO+5jQ5LkUwf9nJtEyg2KMdvFCaAJSrz5uQX:jiO+5s5LkUwf9nbEyg2lxFC3UuQX
Score

1^/10
behavioral19 behavioral20
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/it/ARK Smart Breeding.resources.dll
- Size
  
  26KB
- MD5
  
  1e5d93b87a6579af895b1b809fcfdef7
- SHA1
  
  09f6492df23869ae43822c2ca1b02181a5a34e93
- SHA256
  
  d851235b9c2665de8aebdfbfe0de46b6fcd57247cca253a0bd873c7d772f3d5a
- SHA512
  
  20ec3076af2fd8005ff6c6d38e406eae4b29263d4f2434c99dd562446b35d750b4207e1bf4d08a3ea3db1ea364730d7ead9f1f7ab911f9b31239b3346d8686ae
- SSDEEP
  
  768:OprFFLomqe7AMDqedtK56T2XKIyfzYqQEupPRX:Oddqe7AGHtKgT25y7YzEupPRX
Score

1^/10
behavioral21 behavioral22
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/ja/ARK Smart Breeding.resources.dll
- Size
  
  38KB
- MD5
  
  cf998d8ef22b775a184ff982aed93b82
- SHA1
  
  4ff3cf6dbc0064b4ed1357d890eb511a97b773b8
- SHA256
  
  fee50ac05bb8366e25355b6ee22a6a6c550c07e38f951994ed505e7c4ec9a535
- SHA512
  
  9d5caa9f3d41021748989289d864b1e9b84ad47a20ddd7448f2ec3779049d139758ffd4c607c73171f1c7a6352b6c1f81800d301fcf55f0ccd7edf6c1b37244b
- SSDEEP
  
  768:WluV6YdhfY6ptZBJ8s5/djB5xOmQY7zX5ZklaA7Y1+X:Ww8YdhQ6ptZBJF5/f5IZwyo1+X
Score

1^/10
behavioral23 behavioral24
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/pl/ARK Smart Breeding.resources.dll
- Size
  
  33KB
- MD5
  
  950240859d284b57ea39acb30f3f8c40
- SHA1
  
  23b5c7ea406f0c1087bd1bfa4101265c08a5e29a
- SHA256
  
  f7a75c11fbe9a68d87c184adc33adbbe17cac5ba6d0ae8d79ac840b9863e69b1
- SHA512
  
  7b04a3f6bd09baf91c3937043010c2d50330738447287a451d79b5d6556d487e3721068380c14d64ab60138d93af5a9cd18fa1cdf48563133060446142975f53
- SSDEEP
  
  384:WI2vC6eCdLz55OjRKFkZ2dBaIyN8iE5ffhlvTECz99wJKCgjXoV2IleWyaK32lMV:kCXC9PO0yZ2dBakL5CVRvy/3sqX
Score

1^/10
behavioral25 behavioral26
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/pt-br/ARK Smart Breeding.resources.dll
- Size
  
  38KB
- MD5
  
  09859adc3ab557312206460f566f1412
- SHA1
  
  733db32eb4321e915e39b064c82173a7b62bb83c
- SHA256
  
  2533d3309eb17c30dd7662eaccbe8cd9d4dc2b332f366f6bb893e40b182b0647
- SHA512
  
  c2b3dd3d368c006ec3b1a4035d74f875cd2c9c0edd177d8d930ef8d5106f80572f6f5acedad3ca7834050c4f84216cb64ff7e6bd8a5e7e2cfae341c8e8a45735
- SSDEEP
  
  768:FQsVD70wFau4Ig9IxorMzraCmG1MAwBWHnOEYPfX:FQsB70wFaufg9kkMGGaanOEYPfX
Score

1^/10
behavioral27 behavioral28
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/ru/ARK Smart Breeding.resources.dll
- Size
  
  50KB
- MD5
  
  558f4dc297317850dde892e3bf17f495
- SHA1
  
  008212e2f28c571ec9834873994cef862215bfff
- SHA256
  
  650fa77b76f339acb1b6c4145a2f401ed7f7fee641c9e93a5bff11a3d18727ed
- SHA512
  
  0d673f9272d077ff91f6f5976c977e38e7907dbf9caeb9e80ecb17ffe5e3c22b753b1b8474311f17decada271f168a49c9bee558c1229df78349e3575d303c33
- SSDEEP
  
  768:SluV67kanWiyrqjOmknjv9V5+JhiW3jyPian6OyX:Sw87RnyrqjOm2jXEJmPian6OyX
Score

1^/10
behavioral29 behavioral30
- Target
  
  ARK.Smart.Breeding_0.58.1.0 (1)/tr/ARK Smart Breeding.resources.dll
- Size
  
  16KB
- MD5
  
  f5ec0006848060e53eb140c2a9757c67
- SHA1
  
  c5ef870448a2bc39c38daf96a95ea16c62853155
- SHA256
  
  facf7f98a376f7982e500f506dbbb23981eb7c45a4cc013ce8522874dffec4e9
- SHA512
  
  fb24fd9cda251747868de48f0ab24607fb67170ce34446d898de1f09a62bd785532e24e6f569897bf45d6dc4794ab3ea84316203d763cb941afe8ed5a41206ff
- SSDEEP
  
  384:YZ4jlSniM4iuzC5OT5IxVjFP9tGM3El1AUERR:VQniM4i35u5cVBlwsfX
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32