Overview
overview
7Static
static
3Papers Ple...ly.dll
windows7-x64
1Papers Ple...ly.dll
windows10-2004-x64
1Papers Ple...se.exe
windows7-x64
1Papers Ple...se.exe
windows10-2004-x64
1Papers Ple...64.dll
windows7-x64
1Papers Ple...64.dll
windows10-2004-x64
1data/Loc.ps1
windows7-x64
1data/Loc.ps1
windows10-2004-x64
1data/Loc.ps1
windows7-x64
1data/Loc.ps1
windows10-2004-x64
1Papers Ple...tor.js
windows7-x64
1Papers Ple...tor.js
windows10-2004-x64
1Papers Ple...tor.js
windows7-x64
1Papers Ple...tor.js
windows10-2004-x64
1Papers Ple...tor.js
windows7-x64
1Papers Ple...tor.js
windows10-2004-x64
1Papers Ple...64.exe
windows7-x64
1Papers Ple...64.exe
windows10-2004-x64
1Papers Ple...er.dll
windows7-x64
1Papers Ple...er.dll
windows10-2004-x64
1Papers Ple...ib.dll
windows7-x64
1Papers Ple...ib.dll
windows10-2004-x64
1STEAMRIP ...es.url
windows7-x64
1STEAMRIP ...es.url
windows10-2004-x64
1_CommonRed...up.exe
windows7-x64
7_CommonRed...up.exe
windows10-2004-x64
7_CommonRed...up.exe
windows7-x64
7_CommonRed...up.exe
windows10-2004-x64
7_CommonRed...st.exe
windows7-x64
7_CommonRed...st.exe
windows10-2004-x64
6_CommonRed...64.exe
windows7-x64
7_CommonRed...64.exe
windows10-2004-x64
7General
-
Target
Papers-Please-SteamRIP.com.rar
-
Size
87.9MB
-
Sample
240223-j71ceadf8t
-
MD5
06623d9262eec7a00471b0349311aa3f
-
SHA1
1b0f157e3a3e4113f04c508d1e09946b49916cce
-
SHA256
46a35ced614c105412aa9b3db9bb8d6cc6262c6e258c5ae544b4c45448853f38
-
SHA512
fa29234f26a7f15e56299772eee0e4870f6740ba26101aa92e6e3adf81fc3679c036c15abb442faaa2d08c6561a4dc10aede5921130fc287abc8991761318229
-
SSDEEP
1572864:9Hi6kh/EUKK6ukYYWjfJdeoqspBPjGMegYlofKY/WD8HftNjAZnFGC:9RC5LYWfJLhneaff/W4fanFGC
Static task
static1
Behavioral task
behavioral1
Sample
Papers Please v1.4.11.124/GameAssembly.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Papers Please v1.4.11.124/GameAssembly.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Papers Please v1.4.11.124/PapersPlease.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Papers Please v1.4.11.124/PapersPlease.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
Papers Please v1.4.11.124/PapersPlease_Data/Plugins/x86_64/steam_api64.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Papers Please v1.4.11.124/PapersPlease_Data/Plugins/x86_64/steam_api64.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
data/Loc.ps1
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
data/Loc.ps1
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
data/Loc.ps1
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
data/Loc.ps1
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/2.0/DefaultWsdlHelpGenerator.js
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/2.0/DefaultWsdlHelpGenerator.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/4.0/DefaultWsdlHelpGenerator.js
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/4.0/DefaultWsdlHelpGenerator.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/4.5/DefaultWsdlHelpGenerator.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/4.5/DefaultWsdlHelpGenerator.js
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
Papers Please v1.4.11.124/UnityCrashHandler64.exe
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
Papers Please v1.4.11.124/UnityCrashHandler64.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral19
Sample
Papers Please v1.4.11.124/UnityPlayer.dll
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
Papers Please v1.4.11.124/UnityPlayer.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral21
Sample
Papers Please v1.4.11.124/baselib.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Papers Please v1.4.11.124/baselib.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral23
Sample
STEAMRIP » Free Pre-installed Steam Games.url
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
STEAMRIP » Free Pre-installed Steam Games.url
Resource
win10v2004-20240221-en
Behavioral task
behavioral25
Sample
_CommonRedist/dotNetFx40_Full_setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
_CommonRedist/dotNetFx40_Full_setup.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral27
Sample
_CommonRedist/dxwebsetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
_CommonRedist/dxwebsetup.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral29
Sample
_CommonRedist/oalinst.exe
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
_CommonRedist/oalinst.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral31
Sample
_CommonRedist/vcredist_2015-2019_x64.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
_CommonRedist/vcredist_2015-2019_x64.exe
Resource
win10v2004-20240221-en
Malware Config
Targets
-
-
Target
Papers Please v1.4.11.124/GameAssembly.dll
-
Size
13.2MB
-
MD5
1746be42a62af26b3303609dc806ff04
-
SHA1
bf011856973c1bccea2281b09af8113d0601ced1
-
SHA256
2a815dde6361553c1b66dc765af02d650717082d62ebafaaece4d8ce3b85a48f
-
SHA512
96ea31781f243f08f22e5f17b5a76ec2673beda5fe6cfe89b8d1f39e04fbb14a74230d15f014afe0016765f78ee276c62be27accbb9758bca3b67be2da333aee
-
SSDEEP
393216:ncw/JUCMY/LfFBhuv8K6IJRDdQYXHk6hyLAHc4CpM5QTbSoyphhPyMwupSJ9:cw/IH
Score1/10 -
-
-
Target
Papers Please v1.4.11.124/PapersPlease.exe
-
Size
638KB
-
MD5
fdc53add928ce28442ef5ad77d24c9cb
-
SHA1
97bf3314fcfb0495e5e3c098e1b53db33b763825
-
SHA256
9451692a33540d96352c290e1fb5fdade29b2b112206ccd40d711e271d2886b7
-
SHA512
ce9098994b93000edeb75880c96102b27522f400f5941d114dce20c2e379728319b0bf8db05e15a207480debcb7a70f7371c2c97dae8d07b91d9ebf63421f1bf
-
SSDEEP
6144:npC62lkCT6tk3uZbnZpxqzCldNDnF77Ev1H:n4eC2pxqz6dNJ77Ev1H
Score1/10 -
-
-
Target
Papers Please v1.4.11.124/PapersPlease_Data/Plugins/x86_64/steam_api64.dll
-
Size
1.8MB
-
MD5
ef194713ae1cfb641147165ead3495c0
-
SHA1
237f7fda6d0e90e780fbe2219c84d441b61733db
-
SHA256
821a6405bbb0d2bb17d8e91d62898d4aba4d2983177b8c4df7d4a87a83c97722
-
SHA512
308498f584833c8514c7f58129779a906e2da116887afab77e6b4e4a361bc5224f4991d0818895ff05e414b7530a5e9d46b25810b06af7be1ddb1746e584b445
-
SSDEEP
24576:nRurrg2LP+RaoIzVNvT9vfR1ur0FujbG+aId3VSIYIsrnBzyOfCHG:n4Hg2LWookvSr0Fuj1rSIYTrfCH
Score1/10 -
-
-
Target
data/Loc.csv
-
Size
219KB
-
MD5
a6c6fc47bbaa77660c2515bc6ead4ee7
-
SHA1
89b2b7508398bb0481ad0154b932e643f2b8e4e1
-
SHA256
0552f8e6da51d756683d4fc52aea87688e6ef3b7dcedb8ad3f73bd0e6d00fe65
-
SHA512
154a94d0954c96e32c2b8b4f6e687664c1fc925d12cad7f3d6e380546cb737735caac553eaa9a32762b7bd49a959827eee96d73539b0b93a48d06537f91b33bc
-
SSDEEP
3072:hBGAZfPCNA6PtXJgKKhURPejXBBxeo68DJFatRXn3M7T/U1Tb9dbc+l0l3gAv:xVhmRX9bKv
Score1/10 -
-
-
Target
data/Loc.csv
-
Size
214KB
-
MD5
10edb63eed369586c5b3a856252f7fbe
-
SHA1
b8f7db6ff7da4eeced558289a7ab98aae0403ade
-
SHA256
94f305caf61995d232ebb708297a04c69c5b2dd7a1c77ae927998babf151cacd
-
SHA512
2880b112ca5881d5dd0176ebcd7af203bf05de898b6c5d1a666963d045a22515c58d623ac639218619151956bab7d8e6057963e3708d74bedb796fa412e4fefe
-
SSDEEP
3072:R0Z3PpPT/qorBJQsGHWo1Rula2hS6Cd/F/fAzxgM3Z:QR/mHWlcHFHsaM3Z
Score1/10 -
-
-
Target
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/2.0/DefaultWsdlHelpGenerator.aspx
-
Size
59KB
-
MD5
f7be9f1841ff92f9d4040aed832e0c79
-
SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae
-
SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
-
SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
-
SSDEEP
768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score1/10 -
-
-
Target
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/4.0/DefaultWsdlHelpGenerator.aspx
-
Size
59KB
-
MD5
f7be9f1841ff92f9d4040aed832e0c79
-
SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae
-
SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
-
SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
-
SSDEEP
768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score1/10 -
-
-
Target
Papers Please v1.4.11.124/PapersPlease_Data/il2cpp_data/etc/mono/4.5/DefaultWsdlHelpGenerator.aspx
-
Size
59KB
-
MD5
f7be9f1841ff92f9d4040aed832e0c79
-
SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae
-
SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
-
SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
-
SSDEEP
768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score1/10 -
-
-
Target
Papers Please v1.4.11.124/UnityCrashHandler64.exe
-
Size
1.2MB
-
MD5
bbe9045c810c569403ac2edd6092c9ba
-
SHA1
f263a900685e7c02008ba17c8cb78791f92c3194
-
SHA256
10199a7392e8cef04330be0d01ee55dfb9ce95052ed741937fe4bec808511539
-
SHA512
07d6151e4886886f1c13ff60dc5e88c5267b94e4e6795c6bdb8af84eea81b1842468af6bacc04d25a7760cf237cf0539ba4821a6921e6b0885961a511df0d7c8
-
SSDEEP
12288:GE2S3QJYOikCHxKeZuS0dGsQZBWHxTTS0oY6WOlPWLWchy:GE2S3L9kmxKFGtZixTTTpbhy
Score1/10 -
-
-
Target
Papers Please v1.4.11.124/UnityPlayer.dll
-
Size
27.0MB
-
MD5
2b06c406f343711acade9a680f0bc110
-
SHA1
7f86121ae3a9de8392e206e6ec8e27f001b0b439
-
SHA256
081370faf9eee028c662e48683525b7c431c22f4dac9923edd03aa480376cbf4
-
SHA512
514f7793741c2442e80434a00163a6d9e078e37c36bc573e5f913d45598ffe6d3ca8970affc0e40e2af866cb175b4ec30633d7b0703c3e64b29af40a43630bf8
-
SSDEEP
393216:qBsy2R4Ytp6eLUknE3vOT3Imb0VJOSCkzsXgkfKhu7qfE0wNI5S+KyQTM:qBB8FxBSXkfb6ZTETM
Score1/10 -
-
-
Target
Papers Please v1.4.11.124/baselib.dll
-
Size
488KB
-
MD5
2e98a2456173dff46c29756383cd4c32
-
SHA1
9799a347cb2e99e80e36cdc87d70ff16fb9754de
-
SHA256
271399e447f652ed37e1e534ffdafbdc2ca3ef155db5919fee5c506309bac75e
-
SHA512
db02df42b3f800544b72ed47587fbf410f6badfb56babf3b4681823c0e38d8b526e21518537f5d8dc4f2fe594da220180cb082f72e7302c92951240d2ca35903
-
SSDEEP
6144:VJp/ok+IMufGAIxyn9Mv3wNQd9CuATwOGzuqE4ffO57udYohSube5g87NHQ:Rok4Am3eQd1OAubCOgCoINHQ
Score1/10 -
-
-
Target
STEAMRIP » Free Pre-installed Steam Games.url
-
Size
219B
-
MD5
bb3af69a2e7704bc210886920ff7681f
-
SHA1
42fa4a09d62cce1c0d70a63e0816135fd6b410e3
-
SHA256
4572f3812daf7bcd347d1a36834c5a9fec1f530093adf688a6ecd9e6092cbf76
-
SHA512
4f86d06f06859ed87d5f5353de9971c118477c956a8e0e0019b275f6eb035b2841c7cb959c9f4823a599ca7e73f6a0ed320207d917e8f4ab2a9b20e732551839
Score1/10 -
-
-
Target
_CommonRedist/dotNetFx40_Full_setup.exe
-
Size
868KB
-
MD5
53406e9988306cbd4537677c5336aba4
-
SHA1
06becadb92a5fcca2529c0b93687c2a0c6d0d610
-
SHA256
fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
-
SHA512
4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99
-
SSDEEP
24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
_CommonRedist/dxwebsetup.exe
-
Size
281KB
-
MD5
fd6057b33e15a553ddc5d9873723ce8f
-
SHA1
f90efb623b5abea70af63c470daa8674444fb1df
-
SHA256
111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288
-
SHA512
d894630c9a4bdb767e9f16d1b701acbdf011e721768ba0dc7a24e6d82a4d062a7ca253b1b334edba38c06187104351203a92c017838bdd9f13905cde30f7d94d
-
SSDEEP
6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
_CommonRedist/oalinst.exe
-
Size
790KB
-
MD5
694f54bd227916b89fc3eb1db53f0685
-
SHA1
21fdc367291bbef14dac27925cae698d3928eead
-
SHA256
b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd
-
SHA512
55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5
-
SSDEEP
12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
_CommonRedist/vcredist_2015-2019_x64.exe
-
Size
14.3MB
-
MD5
f0248d477e74687c5619ae16498b13d4
-
SHA1
9ed4b091148c9b53f66b3f2c69be7e60e74c486a
-
SHA256
b6c82087a2c443db859fdbeaae7f46244d06c3f2a7f71c35e50358066253de52
-
SHA512
0c373b06ffe84f3e803831e90f22d7d73304e47a47839db614f63399ff1b7fcf33153bf3d23998877c96d2a75e316291a219fdd12358ca48928526284b802591
-
SSDEEP
393216:q5lptVYmfr7yBG/4WoI+j6LTinXKSf0fzTDv8:q7pttD7yBG/uljIinXj0fQ
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-