dcfe168ca869fc3631de17fe0c36df34a43be0b85a34c06df933ff5b0f5ec21c

Sharing

Copy URL

Twitter E-mail

General

Target

BO2 GSC Loader.rar
Size

84.6MB
Sample

240223-xzf6fsgc6v
MD5

2c30bb500cc04db25d515a3e62ca29c9
SHA1

5222e02af9987e7b3e447a5206b31501f22da97d
SHA256

dcfe168ca869fc3631de17fe0c36df34a43be0b85a34c06df933ff5b0f5ec21c
SHA512

d5102f078eeb4e10260781e8e4ef1ba3c26e85949aa05e3147dc4020c57dabc7c1f76d441b59b096711ec2e7aa190bee33ca93642bf9b90f4cff17c6984855e2
SSDEEP

1572864:SoI0pMpPKLng1mD/bYxqUcw1MW1Gtdkf5ZSGAMd7+B0YUyp4MqFqz/:So7cPKLg1E/knh0k/SY6Bl41a/

Score

7^/10

Malware Config

Targets

- Target
  
  BO2 GSC Loader.rar
- Size
  
  84.6MB
- MD5
  
  2c30bb500cc04db25d515a3e62ca29c9
- SHA1
  
  5222e02af9987e7b3e447a5206b31501f22da97d
- SHA256
  
  dcfe168ca869fc3631de17fe0c36df34a43be0b85a34c06df933ff5b0f5ec21c
- SHA512
  
  d5102f078eeb4e10260781e8e4ef1ba3c26e85949aa05e3147dc4020c57dabc7c1f76d441b59b096711ec2e7aa190bee33ca93642bf9b90f4cff17c6984855e2
- SSDEEP
  
  1572864:SoI0pMpPKLng1mD/bYxqUcw1MW1Gtdkf5ZSGAMd7+B0YUyp4MqFqz/:So7cPKLg1E/knh0k/SY6Bl41a/
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  BO2 TU18/common_patch_mp.ff
- Size
  
  742KB
- MD5
  
  1c27e5da7bd8442439aed418e3305326
- SHA1
  
  604098af095fd43cfa4b3791f7060a982f68b011
- SHA256
  
  6cd7e66a9d2abc78120049ea24b4a8db0abcc3b6a143d481d05b6239c9379af4
- SHA512
  
  01d8ed342425e665b52a84520190fc4d2a674d46226b240565bbff20a7231bd6269dd35aec57fc578aa75c23021b8641c38f409cf78ec3a07878362b169a851b
- SSDEEP
  
  12288:LJ+9SCD9gGALD90CpLeetXAtVE43tsxpRSAoJEZX1vbQ3ZzwFv4b2Op/iKp6zVIh:dBCBALuC5eeWcUyxiwZFzQJsFwSYSzVx
Score

3^/10
behavioral3 behavioral4
- Target
  
  BO2 TU18/en_patch_loc.ff
- Size
  
  180KB
- MD5
  
  55ccf72da233d11dc5d3fa59044aac94
- SHA1
  
  d715e141fe09cf967e6f3a139ff090ac5067294a
- SHA256
  
  1c2fa1622b28e08e0c80e136be80c0a2b41f51253edfce766050057fd37183d1
- SHA512
  
  bc1fc769f2829b2540afda088b257c3d640a57f1e8f1e4a83b8444f49ef5470e553391703e56da5838e63ec95e6b6c9a4dc8172ea7b0cd49466fafc57fe51679
- SSDEEP
  
  3072:BMUUc/k7UbFgUV/w5hQ0Zd7fr33qWnRxnmI/gjGoi2e/fVeelDizo43GTS4ie7wR:BtUcMYbFgUd2hQid7JRxmILl9BlDizoM
Score

3^/10
behavioral5 behavioral6
- Target
  
  BO2 TU18/en_patch_loc_mp.ff
- Size
  
  105KB
- MD5
  
  540a71cc0c0cbf5ae3dfb9e1d44c7335
- SHA1
  
  9eadce036a8d17e2bf012427d7bd6e75a6ef5042
- SHA256
  
  8e68941703c92e699e7df589749e65f5d3c1bd3f3a526a151d9336449f3ecd59
- SHA512
  
  3a94f59a26a470d716c8cf45336ed2aab437830841eb3f8799c8e9e9478cc526d7cd32d7db9cfa837eda2bb6bf7390dbc88ca811ecb0f06ace9bea7a4b554a2d
- SSDEEP
  
  3072:zYyGo3LjooSEhismdC7DmRgRLkpvtrtH7moNISN:zYmLjIEhEdcDm2WLrB1KSN
Score

3^/10
behavioral7 behavioral8
- Target
  
  BO2 TU18/en_patch_loc_zm.ff
- Size
  
  44KB
- MD5
  
  eec04d688878d37e376c8936ec3bee0c
- SHA1
  
  479c78b6dc20f51f70e22f6081733a4647a6fd3a
- SHA256
  
  234a9d7739a7435052247f9b339daeac57fd952dc520427d3275193833529653
- SHA512
  
  e460e2dc4ae701399a9fa9a84723d97258c070beaa6ccfe2949231f31deb92b762ce5aad54fc228342b3541d42b7d1dda6bc4fa2a770ae3565f102e905c5e51b
- SSDEEP
  
  768:Cy1mfTb++GT0HTnqEJgOoRhDHqsnns4wZCtLAFQFksuG0n/uUrN543XX/87JpQTE:d1mj9rqEJgOojDHYdI4nnnLp+3SU
Score

3^/10
behavioral10 behavioral9
- Target
  
  BO2 TU18/en_patch_ui_loc_mp.ff
- Size
  
  1KB
- MD5
  
  fffce4fe2d9e694d18ba25ebd2ae4cf6
- SHA1
  
  9bd1019bec473c3d613c96aca9f8cb57a1a78769
- SHA256
  
  a078136789f358a89e9492aca13ab5c50e2701629a447d267a55a90d03ba58f4
- SHA512
  
  4ac19c98263ad84558bdc426c6c2ee5c9d433ac531a7e7d72978f6c71589c376c51ae85183cac1202711bf49826506945935aeb9b8b43eedad55cbffcf1d38a6
Score

3^/10
behavioral11 behavioral12
- Target
  
  BO2 TU18/en_patch_ui_loc_zm.ff
- Size
  
  1KB
- MD5
  
  51ea28c201e166fa38e3ac26870171a8
- SHA1
  
  60a126b739d689a74f77c51d9673152208009637
- SHA256
  
  dafd6e1edffdce323f39ea4c8ec22299d6d6fb919645faf15373cce5b482b0d5
- SHA512
  
  f4514bad567dd7f979599539b4f54051d02c0f8922bb523e8a976fd9eabfbff4931fd260d8aa9b976c55577714cb30369d800896f0b9464c81b8b44831931789
Score

3^/10
behavioral13 behavioral14
- Target
  
  BO2 TU18/en_zm_transit_dr_loc.ff
- Size
  
  18KB
- MD5
  
  239dea7c51803da15a2ae34c0ba8a93e
- SHA1
  
  5f7b142d8dd07803e9f160db7adefd09df38d34b
- SHA256
  
  073e81464ed6c12cae66ce0d79de590b7d3f9618b0ece0bcb08a81fedcdcb1a5
- SHA512
  
  7aba2ebb81919f62eb6e49b2ce5d08a607db7d7797a46300ee97abf50d1015b1a5f763e8808c54892cdb6f4c823a51a4c04e03c498d1e74a6ed240234196d726
- SSDEEP
  
  384:tHBSzHM0bgb7aj1NlwfUoRviasSk9K9K9K9K9K9K9K9K9K9SPKNBdquxGO5Gf:tHBOs0Ubc1N+fRJiaQ4444444449LRxK
Score

3^/10
behavioral15 behavioral16
- Target
  
  BO2 TU18/fr_patch_loc.ff
- Size
  
  193KB
- MD5
  
  068e56b6853fcd65be182731bd5f2912
- SHA1
  
  6d0fc708d6c1ca14cbb71f41a55d4a03c9fa6514
- SHA256
  
  0904a9ce53a157eab5b7fcc58965f4ab96a6a5228e76d08567ce50e3e0b94ee9
- SHA512
  
  c559d28d9b85bc2e946a7dab0874cb102601b29d8b40249f16b27cb1869cf88b19275774cff4758d83121e1c648292d4f17fdfb9914e1559b6df40808af29cce
- SSDEEP
  
  3072:2kLVLlvluGQov+B4xBLCaiDCp7nsnlsURuvhD2o3XPPvO6S9hx/DhKKScTfO1L9k:NhvluGQj4TLAqlD2o3XP49hBbkLy
Score

3^/10
behavioral17 behavioral18
- Target
  
  BO2 TU18/fr_patch_loc_mp.ff
- Size
  
  108KB
- MD5
  
  f4b6da07c8d0956db2324031d68e0fae
- SHA1
  
  be48935c765f57aabeb96e3e058a7d6e7906a5bd
- SHA256
  
  87c16762c470719868dcc75905b68f27db2d189b05212782673b346a2a3641b8
- SHA512
  
  52f59eecacf27e85ac46b62065aea17ed7fb84a3aa2c78100a96771349df42c6ec522d765d77e32540cd93029eaee394a977615ff366f1017a9732a039d4571c
- SSDEEP
  
  3072:Op5tW7yr63oiZhTojNlUpvf9cCuLKM2KMF1tPWx:C5UA65Lo8pNueMtMF15Wx
Score

3^/10
behavioral19 behavioral20
- Target
  
  BO2 TU18/fr_patch_loc_zm.ff
- Size
  
  49KB
- MD5
  
  a2bfac6ca3587543822c9495eaa5a54c
- SHA1
  
  f01b3c9ae772b1a0556fb743d88ec0dea4d8cace
- SHA256
  
  323037aad1e649c1896042947179bedb1554fe479743b729fe24411a2091a39d
- SHA512
  
  98b00db4c95928cb930d931ce628f889e462046057a25b8d20bd4d9d421558c934cbe43c5e5a5b51a7a0956dd2958947c609c98e9927b7bbcebad85a7e66d0a4
- SSDEEP
  
  1536:af5gQrHsyYGCZTGjSK4Xe2fzdFMTcFONltD:g5RrMhah43owyl5
Score

3^/10
behavioral21 behavioral22
- Target
  
  BO2 TU18/fr_patch_ui_loc_mp.ff
- Size
  
  1KB
- MD5
  
  3e95bdb271173d44510051ebe2a96b53
- SHA1
  
  930b1af147a8ebbc6282860049237624dfb68053
- SHA256
  
  d18561f009c5ed3db5b3dc87cc383f85ed2daae1b77b95de83d637fc4d88a69f
- SHA512
  
  1bf0ab16a49f68d0601fff0bf44c0243c4b2f7a4dc48b8e95dc62ac5046d14a1bf910f008e3c18792a4f388cdb4693038f51e84e56f40ea9a3541be08c2a273d
Score

3^/10
behavioral23 behavioral24
- Target
  
  BO2 TU18/fr_patch_ui_loc_zm.ff
- Size
  
  1KB
- MD5
  
  59a75efeafeda6d1e819021871dd3995
- SHA1
  
  c8b70eb51bf09da5989b71d5a1ec4b4f8ada5dc1
- SHA256
  
  7035cd26a77d4227f7b7a0f149628be42ae53d4aff9a823cd593514982cee255
- SHA512
  
  5c8a77c2bcdc4edd3c1452a33ce76ec0ab6e4cd88d6a0d9647e656d528fdc18a6e2a90be49467c2528f9f6ab455dacaddac0eaf508badfae67f40480e2cf3aea
Score

3^/10
behavioral25 behavioral26
- Target
  
  BO2 TU18/fr_zm_transit_dr_loc.ff
- Size
  
  6KB
- MD5
  
  331f2b7ce3923ce6e3c9bb57e9b0b2ef
- SHA1
  
  e84c0916de632f082a18aa645610feec7145924d
- SHA256
  
  701a58ed461a2952c33a3b267c6dca27ad3ec53fc50e79d97ca7abb6cb68c9aa
- SHA512
  
  b2b329163c5e76aff026f69238a024c3597c8510cf3386ade8a9922b0e3446c4550e12d44dc9b6acb560f422393399bf6c3f33dd2fab147a02cf312165613607
- SSDEEP
  
  192:/d9v6+y7vTGPgdCltLB0/MHF1gj2Lv1yxC6roL7H81OIL:/d9vivTjIltKwe2Lv1+OD81OS
Score

3^/10
behavioral27 behavioral28
- Target
  
  BO2 TU18/frontend_patch.ff
- Size
  
  123KB
- MD5
  
  0c98ca7fe1d8210b2d6982600421c254
- SHA1
  
  f7013885673dfe9e7fdabd681f7140b7341ff9b3
- SHA256
  
  1ce09ea7a40b0d1607deef79f6ef9379945459b21da805d3f2b3474a4df1169b
- SHA512
  
  d8dad0d5c7278c9440b7443af72bef96e1c43bb84cfeda8e2d00b1793155e308a47a1e7d22d6a857a3a3f5e397874c2533b78e0c8dc09a9c51604121e10aeb63
- SSDEEP
  
  3072:hFrdDLRx7AHUeaiq/gi1lTo0tx00TGoKU1Ov68qj5/:jFbXiq/gIocx006oKSR8q
Score

3^/10
behavioral29 behavioral30
- Target
  
  BO2 TU18/ge_patch_loc.ff
- Size
  
  192KB
- MD5
  
  5b85f6206d4ff59d37f1e71db3522408
- SHA1
  
  4c78ae5a685aca7fa6f3ebe3a0eec62fcbd67a67
- SHA256
  
  6abf8ad1cd8d18c4329e384f5c6201b0527a6151fb72eb1b2a11ab438a3fa0eb
- SHA512
  
  a045fca49c711c916059ed6189b6f727d3b026023bac743a58aaacd4c34a30ab1a28380e8408d31a212bca96093f4aa1fa8a6ff5b30b7511ac2d5569c2683133
- SSDEEP
  
  6144:rl0qutV35R/SpIbhAiqlhyTYxL9SQO2DExSv4HsXC/:rljuxRKpIOiIAcpOAExSv4MXG
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32