Overview

overview

7

Static

static

3

GrowtopiaI...2).exe

windows7-x64

6

GrowtopiaI...2).exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Growtopia.exe

windows7-x64

1

Growtopia.exe

windows10-2004-x64

1

SecureEngineSDK64.dll

windows7-x64

1

SecureEngineSDK64.dll

windows10-2004-x64

1

ubiservices.dll

windows7-x64

1

ubiservices.dll

windows10-2004-x64

1

vc_redist.x64.exe

windows7-x64

7

vc_redist.x64.exe

windows10-2004-x64

7

vc_redist.x86.exe

windows7-x64

7

vc_redist.x86.exe

windows10-2004-x64

7

zlibwapi.dll

windows7-x64

1

zlibwapi.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GrowtopiaInstaller (2).exe

  • Size

    191.8MB

  • Sample

    240222-tyjneacg86

  • MD5

    51527643a5802cbdee715313ed743b72

  • SHA1

    6460a279da72e0705a773f23d403beb5c7260b71

  • SHA256

    180b585699602924e45e46c6ba98ce91964d37f8e10e9859ec14542ecb45762a

  • SHA512

    6cce49277f55c984b206690e5f9879b4e79021fa0c992279f437801993b372598cf4ec09277cc47c6417d97962b4eae671cd7d61422da4fac74a83a7744400bc

  • SSDEEP

    3145728:GWDBZkc8dHx5+lFkPaR79v8ZpYGHSR01H7V17r/8LrwW5jl+qPR7KiWPw5QUmPOy:tTkXdHx5+l5qZDHSeD7r8wWLT5t3AZ

Score
7/10
discovery

Malware Config

Targets

    • Target

      GrowtopiaInstaller (2).exe

    • Size

      191.8MB

    • MD5

      51527643a5802cbdee715313ed743b72

    • SHA1

      6460a279da72e0705a773f23d403beb5c7260b71

    • SHA256

      180b585699602924e45e46c6ba98ce91964d37f8e10e9859ec14542ecb45762a

    • SHA512

      6cce49277f55c984b206690e5f9879b4e79021fa0c992279f437801993b372598cf4ec09277cc47c6417d97962b4eae671cd7d61422da4fac74a83a7744400bc

    • SSDEEP

      3145728:GWDBZkc8dHx5+lFkPaR79v8ZpYGHSR01H7V17r/8LrwW5jl+qPR7KiWPw5QUmPOy:tTkXdHx5+l5qZDHSeD7r8wWLT5t3AZ

    Score
    6/10
    discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      3e277798b9d8f48806fbb5ebfd4990db

    • SHA1

      d1ab343c5792bc99599ec7acba506e8ba7e05969

    • SHA256

      fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

    • SHA512

      84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

    • SSDEEP

      192:d4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjsK72dwF7dBOne:Wn3T5KdHCMRD/R1cOnrjs+BO

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3f176d1ee13b0d7d6bd92e1c7a0b9bae

    • SHA1

      fe582246792774c2c9dd15639ffa0aca90d6fd0b

    • SHA256

      fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

    • SHA512

      0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

    • SSDEEP

      192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn

    Score
    3/10
    behavioral5behavioral6

    • Target

      Growtopia.exe

    • Size

      19.6MB

    • MD5

      bc0a694d0bd1b02ea41cbe6a2ea8e255

    • SHA1

      4056b7a5cdab04cc09f022d3d5d8e5447ccebdad

    • SHA256

      a5b11c9c85abc21c691454756ba99880b5efc29c8e9278fee417236fe2a392d0

    • SHA512

      452ab7c0806f5aec8f30fe2d64c330184008421f763a04dae75799e6e1907ca5785bcb83d60db22fd05ce79200b4450d87f92346617e966bb03983c01153f4f8

    • SSDEEP

      393216:JBvpzEJCm5fPiJ9kW2nXtrZjCZDGfbKV387yIKaiU9SEFRQh:JZpzLm5fPib34SMfbKeGzan0EvQh

    Score
    1/10
    behavioral7behavioral8

    • Target

      SecureEngineSDK64.dll

    • Size

      28KB

    • MD5

      023ca3f56ce9d9aff9e4839301e82c82

    • SHA1

      fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

    • SHA256

      9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

    • SHA512

      18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

    • SSDEEP

      192:6i08s5GvuxBdKKCeotPpWZlNCryWlHqX5xS5haBWUcSAfMVIBizxUv:6dZxBnCeqPpWZglsfSgA0V

    Score
    1/10
    behavioral10behavioral9

    • Target

      ubiservices.dll

    • Size

      14.8MB

    • MD5

      d06ec93e5877f3f2623ccaa89a349a75

    • SHA1

      a071d570f3af7fd283e99feb95938026eadc3f1a

    • SHA256

      068bc38fa95a55d74470e9df9da71b8106668aaa647619d83a036808f14e6e5b

    • SHA512

      7a3b57a82375835fb14ac735f882c883731ba486025cc1e86b2bb36743e2ad367ffa417f73be7a24585375cbc89ddca876acd9b208e5eebacae78f71aec2d854

    • SSDEEP

      49152:++QTjHVpj56LNzw2Vo/PYfGctqzyf6nPsAAYQDIsPXzqGNXGMi4oY8/wFe5IOXdh:+D+VA/MsjPGRSip1zjFuoe6e

    Score
    1/10
    behavioral11behavioral12

    • Target

      vc_redist.x64.exe

    • Size

      13.9MB

    • MD5

      27b141aacc2777a82bb3fa9f6e5e5c1c

    • SHA1

      3155cb0f146b927fcc30647c1a904cd162548c8c

    • SHA256

      5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

    • SHA512

      7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

    • SSDEEP

      393216:xTPq5dCsKSR65cX7Eyd/qnejOX3L8T8KYfU3j:VP5iw56oyleejcL8T8fc3

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral13behavioral14

    • Target

      vc_redist.x86.exe

    • Size

      13.1MB

    • MD5

      1a15e6606bac9647e7ad3caa543377cf

    • SHA1

      bfb74e498c44d3a103ca3aa2831763fb417134d1

    • SHA256

      fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14

    • SHA512

      e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd

    • SSDEEP

      393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral15behavioral16

    • Target

      zlibwapi.dll

    • Size

      87KB

    • MD5

      dd91e4c7d445c31682ebdd22e732d93d

    • SHA1

      2ed9d1a085fa9179d199e0372d81462816fd7504

    • SHA256

      1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05

    • SHA512

      0e610c0b97a970ed6077e27f8071f32cceef6410133b9ee8934849443b8ebfb022f1d88f9b7bff77f3b5a243c73b5a4e05fae843bdbc849ba09168ecb61d5f87

    • SSDEEP

      1536:3d34luTY6/aYPBqxRjt3JRSVoIOFIORnToIfHyRXCWdd:3hIuBZKjtZMuP5TBfqX/d

    Score
    1/10
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks