General

  • Target

    live2dplayer Setup 0.2.6.exe

  • Size

    64.8MB

  • Sample

    240223-qxhsyaad93

  • MD5

    763e3ed48e425ca28fa15b893eeace41

  • SHA1

    f13707401c187f7c542658a9eff1e61682edd6f5

  • SHA256

    2e5a5215b6e17d12a22d922b128a3e4aeaad00ca4521e20a2993ad0ae2d0238f

  • SHA512

    6978e17a795b3bfb17fb6b6384365ad7b3480901994a40af06a013a9bc832599d5b377b92e92300181967b3ae0c4d5c7c09fedfb6fa85c62f75bc523d87c5747

  • SSDEEP

    1572864:EdjBsKd6hag72XeGNiMJX2yLi+7Sfy2DWprPAzd2w++w:EdjBZw0g72l3Jz2yPpr4G

Score
7/10

Malware Config

Targets

    • Target

      live2dplayer Setup 0.2.6.exe

    • Size

      64.8MB

    • MD5

      763e3ed48e425ca28fa15b893eeace41

    • SHA1

      f13707401c187f7c542658a9eff1e61682edd6f5

    • SHA256

      2e5a5215b6e17d12a22d922b128a3e4aeaad00ca4521e20a2993ad0ae2d0238f

    • SHA512

      6978e17a795b3bfb17fb6b6384365ad7b3480901994a40af06a013a9bc832599d5b377b92e92300181967b3ae0c4d5c7c09fedfb6fa85c62f75bc523d87c5747

    • SSDEEP

      1572864:EdjBsKd6hag72XeGNiMJX2yLi+7Sfy2DWprPAzd2w++w:EdjBZw0g72l3Jz2yPpr4G

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    1/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      $PLUGINSDIR/app-64.7z

    • Size

      64.1MB

    • MD5

      5d86e09a44a1eb50691b371551e6704b

    • SHA1

      4512c642243ab1a3b906ffb218aae7a34fd188e3

    • SHA256

      da5e23fa87c45abac70d20f7e15dcd523acad6701b289f747ac9f5c4461a4c33

    • SHA512

      a18dbd0127c325bae3c36ef4019bdef54fddf50daa18b583081330df03e733a2768b87afb223ba207c1174776eff2ffa19e9b6551e4110d2ae111abd0948b45c

    • SSDEEP

      1572864:qjBsKd6hag72XeGNiMJX2yLi+7Sfy2DWprPAzd2w++L:qjBZw0g72l3Jz2yPpr4B

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      resources.pak

    • Size

      4.6MB

    • MD5

      bbc345344366b49311a79701c587df10

    • SHA1

      8cdd0f68a8bd5f1438a8b2d1371663aa11fc7eaa

    • SHA256

      fe010e3e290941e88e3fdf121108b644801027f85813821d32d01ea8b8f026e3

    • SHA512

      21c183b73b2607366564b868430810c15128f0fceba66c3f1e92ba56ba364c4d7b9f4c0d8392cb15a26ae3e8a6d8907c0f6f6129ff5877ef93becbc9183196f6

    • SSDEEP

      98304:6AUqybI1h8fawgGMLdWiz1Z/de8xJtHDgAQcchH:6ATybyhjwYdWm1iovjgAQcchH

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/build.js

    • Size

      6KB

    • MD5

      18b42357d93feebac8cd44ffa7cb1b19

    • SHA1

      35e6caf7535d2b55bd624b18901b1e8c3fa1b9cc

    • SHA256

      667c8af5f36f9263a34f0d3537d91a5db5ed784a3199d865727d9a20cb0a194a

    • SHA512

      ba08516ca80a9faa39fc015eb07296fba27408a735bb647857a39e58076ba7ca77438a30278fdfae3f53e23185bf5e10e2a618ba156d8f939d72556609bb0869

    • SSDEEP

      192:WUWpu2h3Cd+Coi2BXpOqbf85AifqiKPnhaTwIFIS:7x2hXlbbfBC

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/electron-v80-win32-ia32/build/Release/iohook.node

    • Size

      126KB

    • MD5

      dd71bfe07650bc39fa3e5fdc73ea845d

    • SHA1

      b54cc82b9fcf75c306802a77bcf7bcd5e004b381

    • SHA256

      2157bade83bf9958f3975f6b2a07d2ea70b85fa4c870356af936a5d925f16ebd

    • SHA512

      b5f674bfd99a0fc935a9883d1267cdc9033b73912d4f80443884ad2fd109c424894032628c61870a4af379f3d5f24260b5463e08885018272afddda997b96e76

    • SSDEEP

      3072:oZ4k+8skIg+eDFtoGXKSbMlwqjr5XjUndj7B3hldRgN:oZ4gzI4DFjZbMLjrgVhl3gN

    Score
    3/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/electron-v80-win32-ia32/build/Release/uiohook.dll

    • Size

      116KB

    • MD5

      299af0b2bd8734462a4cdf4e30872cb4

    • SHA1

      332b0f26d3be98c78da8da59e92d8fb41fd54cf4

    • SHA256

      bb6bc2b89af1aee8ce27be3bb0a5275d16b0956567ca27e0001da2f9338663a8

    • SHA512

      15d3b31ffd9d5f2bb620c367c2330d0341b36ac0b0e9b9904baa22958e25a0256c1be56289bdf16c7afb7203b384e13ebf5c14a298ec0cab47276156377252ea

    • SSDEEP

      3072:4+tjheWirzar7XnJ6nOqDdVpdAKcbcV1BNbnGjn:Bjc/za/J6nFVQernGL

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/electron-v80-win32-x64/build/Release/iohook.node

    • Size

      156KB

    • MD5

      661aca68b1cabd3d47d4d3acf1b13b93

    • SHA1

      bfa511c859b16dcf6f66d233bd86e48dfb19ca27

    • SHA256

      8e680da293b373fd631bc98bc279d386185bb71f25c50f5c7de697682b71c15d

    • SHA512

      c6e0827cd5086dca07d77ed5b1376c2adf658b4da88cc35a712609b0002d8b710017b2ca460447804f262504715c0271d9d109da99c1a4d0138172d4c87c6928

    • SSDEEP

      3072:7aCy6eTnEbyz0Gdtyp9Dn1+n3I1mfkV4fuN84b:7aYbyzDtiZ+n3ONLb

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/builds/electron-v80-win32-x64/build/Release/uiohook.dll

    • Size

      138KB

    • MD5

      eea0ec29b61db8096ce1e38a43f217e5

    • SHA1

      664740f0e9f2a1fdc57ae67a4f42ad95ebe1a993

    • SHA256

      1be1a40a74b70a19c84d556b679d4fb16caee53c70326ff460e3c6d15d51d371

    • SHA512

      7db4458e1573da8bc145d3faed2f00c0d984e7c4462be6937367ed0484a2fa2477a21bd559abb6ebc92e1f19cc37e066515a223eabd33b2b369776db4e22c3ec

    • SSDEEP

      3072:oKP175wLUhZsSOASfq9DxNq4wp1lBVphx1:BP1PZrSOdN

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/package.json

    • Size

      2KB

    • MD5

      78bd3e4ede32af92d8213ac53dffacac

    • SHA1

      d501359e7a9fcfbd62716ecbbbfa0d60911fe65c

    • SHA256

      e761965987bff4d1f98fc511a2aefcce115ecbc362a1daf4813d4cf449b5072b

    • SHA512

      1a2c65e6107f6fa8e83afe98ae3e1b408f9dc850ae68a6694c7fa1decffbe1dbb347384576d5878f8b0da1754d9cdb0c945464d770ad4538709f94c75b3e905c

    Score
    3/10
    • Target

      resources/app.asar.unpacked/node_modules/iohook/src/iohook.h

    • Size

      517B

    • MD5

      793bede2cd156de96f72215fb7c24490

    • SHA1

      c714d29620a745af2be776f5f7a9f0d793a82a77

    • SHA256

      227782182d3a8676104a4e959f15fd8ca9de25540bb0130b62c55618de03ef36

    • SHA512

      bbec9d718432566ff0aa36031dda3a52a29ad256539759e4d639837e82626d7e16f994b6575028fe239d31019430a7607c9b7cb8024233caf5705743b47c72ce

    Score
    3/10
    • Target

      resources/app.asar.unpacked/node_modules/wallpaper/license

    • Size

      1KB

    • MD5

      915042b5df33c31a6db2b37eadaa00e3

    • SHA1

      5aaf48196ddd4d007a3067aa7f30303ca8e4b29c

    • SHA256

      48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0

    • SHA512

      9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

    Score
    1/10
    • Target

      resources/app.asar.unpacked/node_modules/wallpaper/package.json

    • Size

      597B

    • MD5

      0746a3ba3b7396a24bc44a7b1ece3c24

    • SHA1

      4275e447e7d15688df9975f78f9f92f18fe88157

    • SHA256

      9174fe1b2bc6ad4dfe420460a1ac8de64af18e4dc392c0cbc39d452460555838

    • SHA512

      1450e64a84ce83b0935410a7fe4ea67d7c0cc1054f68173a2b2be317101ba47241886a7eb9e372c013fdac85144184a6d22c7d02b98268aec5e7d8a036e6a1f0

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks