General

  • Target

    Papers-Please-SteamRIP.com.rar

  • Size

    87.9MB

  • Sample

    240223-j71ceadf8t

  • MD5

    06623d9262eec7a00471b0349311aa3f

  • SHA1

    1b0f157e3a3e4113f04c508d1e09946b49916cce

  • SHA256

    46a35ced614c105412aa9b3db9bb8d6cc6262c6e258c5ae544b4c45448853f38

  • SHA512

    fa29234f26a7f15e56299772eee0e4870f6740ba26101aa92e6e3adf81fc3679c036c15abb442faaa2d08c6561a4dc10aede5921130fc287abc8991761318229

  • SSDEEP

    1572864:9Hi6kh/EUKK6ukYYWjfJdeoqspBPjGMegYlofKY/WD8HftNjAZnFGC:9RC5LYWfJLhneaff/W4fanFGC

Malware Config

Targets

    • Target

      Papers Please v1.4.11.124/GameAssembly.dll

    • Size

      13.2MB

    • MD5

      1746be42a62af26b3303609dc806ff04

    • SHA1

      bf011856973c1bccea2281b09af8113d0601ced1

    • SHA256

      2a815dde6361553c1b66dc765af02d650717082d62ebafaaece4d8ce3b85a48f

    • SHA512

      96ea31781f243f08f22e5f17b5a76ec2673beda5fe6cfe89b8d1f39e04fbb14a74230d15f014afe0016765f78ee276c62be27accbb9758bca3b67be2da333aee

    • SSDEEP

      393216:ncw/JUCMY/LfFBhuv8K6IJRDdQYXHk6hyLAHc4CpM5QTbSoyphhPyMwupSJ9:cw/IH

    Score
    1/10
    • Target

      Papers Please v1.4.11.124/PapersPlease.exe

    • Size

      638KB

    • MD5

      fdc53add928ce28442ef5ad77d24c9cb

    • SHA1

      97bf3314fcfb0495e5e3c098e1b53db33b763825

    • SHA256

      9451692a33540d96352c290e1fb5fdade29b2b112206ccd40d711e271d2886b7

    • SHA512

      ce9098994b93000edeb75880c96102b27522f400f5941d114dce20c2e379728319b0bf8db05e15a207480debcb7a70f7371c2c97dae8d07b91d9ebf63421f1bf

    • SSDEEP

      6144:npC62lkCT6tk3uZbnZpxqzCldNDnF77Ev1H:n4eC2pxqz6dNJ77Ev1H

    Score
    1/10
    • Target

      Papers Please v1.4.11.124/PapersPlease_Data/Plugins/x86_64/steam_api64.dll

    • Size

      1.8MB

    • MD5

      ef194713ae1cfb641147165ead3495c0

    • SHA1

      237f7fda6d0e90e780fbe2219c84d441b61733db

    • SHA256

      821a6405bbb0d2bb17d8e91d62898d4aba4d2983177b8c4df7d4a87a83c97722

    • SHA512

      308498f584833c8514c7f58129779a906e2da116887afab77e6b4e4a361bc5224f4991d0818895ff05e414b7530a5e9d46b25810b06af7be1ddb1746e584b445

    • SSDEEP

      24576:nRurrg2LP+RaoIzVNvT9vfR1ur0FujbG+aId3VSIYIsrnBzyOfCHG:n4Hg2LWookvSr0Fuj1rSIYTrfCH

    Score
    1/10
    • Target

      data/Loc.csv

    • Size

      219KB

    • MD5

      a6c6fc47bbaa77660c2515bc6ead4ee7

    • SHA1

      89b2b7508398bb0481ad0154b932e643f2b8e4e1

    • SHA256

      0552f8e6da51d756683d4fc52aea87688e6ef3b7dcedb8ad3f73bd0e6d00fe65

    • SHA512

      154a94d0954c96e32c2b8b4f6e687664c1fc925d12cad7f3d6e380546cb737735caac553eaa9a32762b7bd49a959827eee96d73539b0b93a48d06537f91b33bc

    • SSDEEP

      3072:hBGAZfPCNA6PtXJgKKhURPejXBBxeo68DJFatRXn3M7T/U1Tb9dbc+l0l3gAv:xVhmRX9bKv

    Score
    1/10
    • Target

      data/Loc.csv

    • Size

      214KB

    • MD5

      10edb63eed369586c5b3a856252f7fbe

    • SHA1

      b8f7db6ff7da4eeced558289a7ab98aae0403ade

    • SHA256

      94f305caf61995d232ebb708297a04c69c5b2dd7a1c77ae927998babf151cacd

    • SHA512

      2880b112ca5881d5dd0176ebcd7af203bf05de898b6c5d1a666963d045a22515c58d623ac639218619151956bab7d8e6057963e3708d74bedb796fa412e4fefe

    • SSDEEP

      3072:R0Z3PpPT/qorBJQsGHWo1Rula2hS6Cd/F/fAzxgM3Z:QR/mHWlcHFHsaM3Z

    Score
    1/10
    • Target

      Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/2.0/DefaultWsdlHelpGenerator.aspx

    • Size

      59KB

    • MD5

      f7be9f1841ff92f9d4040aed832e0c79

    • SHA1

      b3e4b508aab3cf201c06892713b43ddb0c43b7ae

    • SHA256

      751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

    • SHA512

      380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

    • SSDEEP

      768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw

    Score
    1/10
    • Target

      Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/4.0/DefaultWsdlHelpGenerator.aspx

    • Size

      59KB

    • MD5

      f7be9f1841ff92f9d4040aed832e0c79

    • SHA1

      b3e4b508aab3cf201c06892713b43ddb0c43b7ae

    • SHA256

      751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

    • SHA512

      380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

    • SSDEEP

      768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw

    Score
    1/10
    • Target

      Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/4.5/DefaultWsdlHelpGenerator.aspx

    • Size

      59KB

    • MD5

      f7be9f1841ff92f9d4040aed832e0c79

    • SHA1

      b3e4b508aab3cf201c06892713b43ddb0c43b7ae

    • SHA256

      751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

    • SHA512

      380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

    • SSDEEP

      768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw

    Score
    1/10
    • Target

      Papers Please v1.4.11.124/UnityCrashHandler64.exe

    • Size

      1.2MB

    • MD5

      bbe9045c810c569403ac2edd6092c9ba

    • SHA1

      f263a900685e7c02008ba17c8cb78791f92c3194

    • SHA256

      10199a7392e8cef04330be0d01ee55dfb9ce95052ed741937fe4bec808511539

    • SHA512

      07d6151e4886886f1c13ff60dc5e88c5267b94e4e6795c6bdb8af84eea81b1842468af6bacc04d25a7760cf237cf0539ba4821a6921e6b0885961a511df0d7c8

    • SSDEEP

      12288:GE2S3QJYOikCHxKeZuS0dGsQZBWHxTTS0oY6WOlPWLWchy:GE2S3L9kmxKFGtZixTTTpbhy

    Score
    1/10
    • Target

      Papers Please v1.4.11.124/UnityPlayer.dll

    • Size

      27.0MB

    • MD5

      2b06c406f343711acade9a680f0bc110

    • SHA1

      7f86121ae3a9de8392e206e6ec8e27f001b0b439

    • SHA256

      081370faf9eee028c662e48683525b7c431c22f4dac9923edd03aa480376cbf4

    • SHA512

      514f7793741c2442e80434a00163a6d9e078e37c36bc573e5f913d45598ffe6d3ca8970affc0e40e2af866cb175b4ec30633d7b0703c3e64b29af40a43630bf8

    • SSDEEP

      393216:qBsy2R4Ytp6eLUknE3vOT3Imb0VJOSCkzsXgkfKhu7qfE0wNI5S+KyQTM:qBB8FxBSXkfb6ZTETM

    Score
    1/10
    • Target

      Papers Please v1.4.11.124/baselib.dll

    • Size

      488KB

    • MD5

      2e98a2456173dff46c29756383cd4c32

    • SHA1

      9799a347cb2e99e80e36cdc87d70ff16fb9754de

    • SHA256

      271399e447f652ed37e1e534ffdafbdc2ca3ef155db5919fee5c506309bac75e

    • SHA512

      db02df42b3f800544b72ed47587fbf410f6badfb56babf3b4681823c0e38d8b526e21518537f5d8dc4f2fe594da220180cb082f72e7302c92951240d2ca35903

    • SSDEEP

      6144:VJp/ok+IMufGAIxyn9Mv3wNQd9CuATwOGzuqE4ffO57udYohSube5g87NHQ:Rok4Am3eQd1OAubCOgCoINHQ

    Score
    1/10
    • Target

      STEAMRIP » Free Pre-installed Steam Games.url

    • Size

      219B

    • MD5

      bb3af69a2e7704bc210886920ff7681f

    • SHA1

      42fa4a09d62cce1c0d70a63e0816135fd6b410e3

    • SHA256

      4572f3812daf7bcd347d1a36834c5a9fec1f530093adf688a6ecd9e6092cbf76

    • SHA512

      4f86d06f06859ed87d5f5353de9971c118477c956a8e0e0019b275f6eb035b2841c7cb959c9f4823a599ca7e73f6a0ed320207d917e8f4ab2a9b20e732551839

    Score
    1/10
    • Target

      _CommonRedist/dotNetFx40_Full_setup.exe

    • Size

      868KB

    • MD5

      53406e9988306cbd4537677c5336aba4

    • SHA1

      06becadb92a5fcca2529c0b93687c2a0c6d0d610

    • SHA256

      fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425

    • SHA512

      4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99

    • SSDEEP

      24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      _CommonRedist/dxwebsetup.exe

    • Size

      281KB

    • MD5

      fd6057b33e15a553ddc5d9873723ce8f

    • SHA1

      f90efb623b5abea70af63c470daa8674444fb1df

    • SHA256

      111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288

    • SHA512

      d894630c9a4bdb767e9f16d1b701acbdf011e721768ba0dc7a24e6d82a4d062a7ca253b1b334edba38c06187104351203a92c017838bdd9f13905cde30f7d94d

    • SSDEEP

      6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Target

      _CommonRedist/oalinst.exe

    • Size

      790KB

    • MD5

      694f54bd227916b89fc3eb1db53f0685

    • SHA1

      21fdc367291bbef14dac27925cae698d3928eead

    • SHA256

      b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd

    • SHA512

      55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5

    • SSDEEP

      12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV

    Score
    7/10
    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      _CommonRedist/vcredist_2015-2019_x64.exe

    • Size

      14.3MB

    • MD5

      f0248d477e74687c5619ae16498b13d4

    • SHA1

      9ed4b091148c9b53f66b3f2c69be7e60e74c486a

    • SHA256

      b6c82087a2c443db859fdbeaae7f46244d06c3f2a7f71c35e50358066253de52

    • SHA512

      0c373b06ffe84f3e803831e90f22d7d73304e47a47839db614f63399ff1b7fcf33153bf3d23998877c96d2a75e316291a219fdd12358ca48928526284b802591

    • SSDEEP

      393216:q5lptVYmfr7yBG/4WoI+j6LTinXKSf0fzTDv8:q7pttD7yBG/uljIinXj0fQ

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
7/10

behavioral26

Score
7/10

behavioral27

persistence
Score
7/10

behavioral28

persistence
Score
7/10

behavioral29

discovery
Score
7/10

behavioral30

discovery
Score
6/10

behavioral31

discovery
Score
7/10

behavioral32

discovery
Score
7/10