0d60601a1157cff3eba748a058ac48b94f25989aa30aba124be9c45877a7e034

Sharing

Copy URL

Twitter E-mail

General

Target

hlrb11-59cp2009.exe
Size

209.4MB
Sample

240224-w4zypaah29
MD5

f33f25f02ba20880659ca9cb5c029404
SHA1

28649f2fd558b8998c4649cd2f48e16896c6d30b
SHA256

0d60601a1157cff3eba748a058ac48b94f25989aa30aba124be9c45877a7e034
SHA512

1abc956aa029be86d84db2ace94e5f1fe41095bc818763d48a2deb01667e06e3d62ba06d7275cac0cff2acc6bda51be30e48a1c7de3936d3b2cc9ef1cd3c2b9f
SSDEEP

6291456:u7miATfLIlAI1VbB4W68Qw4TrhNIQLjESz0A:u6/L+AI1VbBg8sNyQfv

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  hlrb11-59cp2009.exe
- Size
  
  209.4MB
- MD5
  
  f33f25f02ba20880659ca9cb5c029404
- SHA1
  
  28649f2fd558b8998c4649cd2f48e16896c6d30b
- SHA256
  
  0d60601a1157cff3eba748a058ac48b94f25989aa30aba124be9c45877a7e034
- SHA512
  
  1abc956aa029be86d84db2ace94e5f1fe41095bc818763d48a2deb01667e06e3d62ba06d7275cac0cff2acc6bda51be30e48a1c7de3936d3b2cc9ef1cd3c2b9f
- SSDEEP
  
  6291456:u7miATfLIlAI1VbB4W68Qw4TrhNIQLjESz0A:u6/L+AI1VbBg8sNyQfv
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0285eac59530ff5cc91fe2634b4ed78e
- SHA1
  
  241c12aefca0740e776362f30aa1edffd66d6bdc
- SHA256
  
  44c822afaa4cc7cb95390eaa0ada076d280d3455870569f0cde03637257d9899
- SHA512
  
  1007fbfb82d4e6c04bd5fefb32cd81f4406022ceef4d409eda0f0ddeb8b1f124a2baec86498bc119778e0c241fc41b0c2440d8a8f6731a63ede936be94f81297
- SSDEEP
  
  192:8nK6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTgK72dwF7dBEnbok:8K6UdHXcIiY535zBtMTg+BEnbo
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  d7d5e1ae69a5108aad96eae3634394db
- SHA1
  
  68c27b7ad530bdbb39b7f3cecea63b8b2708cb1c
- SHA256
  
  76067f5d1e3df7fc72d6f0253a0bd0e1aa1b444c8a6953c10cd78f3a7cd3944e
- SHA512
  
  217884d79c896c1b4383184096964c1d559a2c906a3ec50d6715015f1981d3fdee5ed35803118bdc83354dc923e3e2e22b868b03236019185190daeaffbdd899
- SSDEEP
  
  96:iiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8Cqp5tfRhElfL:iiqA7/ZH0uQMtcfCqbtpgf
Score

3^/10
behavioral3
- Target
  
  cl_dlls/client.dll
- Size
  
  496KB
- MD5
  
  fbcbf61cf62dc7f9613f74f91433ba65
- SHA1
  
  1b6c3a01b0f0222b5f3e50c4db997a044ada1fa8
- SHA256
  
  3e14c7936db7fefbc051f6907413949553fd708246b9af7fa287dcc6140f52ea
- SHA512
  
  8b3fce60800a1dd1b16fbb2f396c6d9c22275887a25caee1f10680601f74ddd5bc8c4a6d7a4ffd59ff719cb44b601ad8bd972f29d6ac4ae9535b493accdc3c68
- SSDEEP
  
  6144:9XRoXpn5ijRA+Tm5v9MN4Ev+LOnRgVL3gTOCUHm9zKjlTEY1tur6ejr7u5ulZJEv:90z+c9Ev+LOaVsTOCUHgejKNxT4u5Q
Score

1^/10
behavioral4
- Target
  
  dlls/hlrally.dll
- Size
  
  612KB
- MD5
  
  30629baa0aa05fee4e5be87718db69d1
- SHA1
  
  3da15457e78b5d74412ebbe6baa1457c72f7f1c6
- SHA256
  
  2f595bf696633f1e08ef8d4a654f097ab635322e613818fe29df6946a16d72bb
- SHA512
  
  9649b4d56be749d15e7703bf8965784fa2219293c75e35bde867d2c5df26a31735f312e079c4e403551c392f09b4975d271845037ad733c639ee616de1e22995
- SSDEEP
  
  6144:PJAaw/Yxfes1mF6vZprTFvuu7hycRvHmohjP4GtS6oYbRa8f4LoQCJhIzECiH+AB:Pk/YBprpwcRvHmo5BGgeOOviBKC9Z6JO
Score

3^/10
behavioral5
- Target
  
  fmod.dll
- Size
  
  144KB
- MD5
  
  e3ea5ddaa55a500623ea14fa209112b5
- SHA1
  
  a9237187b5e7a7714492908d2f5c29542f834d5d
- SHA256
  
  a0fff211d1a703be35c8204d7721ac9d021b25694fbec0c22c6398ce95eff3eb
- SHA512
  
  4888a2cf0cfb1e3bf2ca8627c0384a9ded034b85f60aeab567fb4b160426bce2dbf5696e3e3c96d1f85d08c7aedd1245924f6eb6bbd3977bd418acd5e699d581
- SSDEEP
  
  3072:zLEYjXzKQ45duSoycNI4XaCSHSTJHArMBiiAZid9zFq:zwYrzj4ovX6KHAgBdAZI9g
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral6
- Target
  
  gfx/env/dmcwft.tga
- Size
  
  192KB
- MD5
  
  b853f9a2a27468b7570188406942bab9
- SHA1
  
  0b4f229d25deb234ab104464d6dcaac92f478076
- SHA256
  
  ca22880752845a238b59931414b298f496891da2dc69b5c9112a3fc7557c2121
- SHA512
  
  3a67b0744cdc363408f8821092c2522991ddff918237996d2b63a68329f6c2b1e05ac8d1667ac6582716a1937c3d81e0c2a9da18cb77c11953d0fd4e7787d2f6
- SSDEEP
  
  3072:nK1hRXMA/Y/01EpbmkJRwIOJfUwGh03DDDUQeHs5akOv1inMttGGcjZncikvvAp:nKTR8x/m+bqIOhlGC3ngLHYwo4gk3Ap
Score

1^/10
behavioral7
- Target
  
  manual/bugs.htm
- Size
  
  4KB
- MD5
  
  2efdec5b7a6628be066ae37cc4ec1820
- SHA1
  
  6fb64e0f09183a424297a217c3691c3904e42876
- SHA256
  
  e84c2a024c2bec50a21e666c574d88b8ae22eb4607c523b9a8c585fac2f5dacc
- SHA512
  
  700823ea0ee7b0ff48cdfc3ab365fc6fdecad3af9a8dee2612e5aa0384abd102b9c057a60a4826d49cc864310eb247b9e13567e6604d06a42c43729387e8a795
- SSDEEP
  
  48:SZrKmMmM7LwlZlCOqV6uWMvO0BcgwlZlCOTAgH62YZgS0yciwlZlCO3lmup+:2KmMmMvwFw6tMrJwFoZgSDwF3lZp+
Score

4^/10
behavioral8
- Target
  
  manual/courses.htm
- Size
  
  31KB
- MD5
  
  2bcbf1a089d788b4e22682dc4dd3d50e
- SHA1
  
  2d568e8f8a9cc1b0377c0ef4e858575c379face6
- SHA256
  
  237c2a0692b7d2ad183965e241af66ec5d65ed0c4510b3719b9c36b86340e27a
- SHA512
  
  b0470f8e696c4a574f15b3640697f86e46657836cd1eaaafa4e6a288ca28ad3588de41eb7c8e2c0d3cc5f051b095d9768f20f871937ae3bf152362ca5e6e0970
- SSDEEP
  
  384:vOP5OBRO7dOHOBOPyyOLR+OOOlOmdOHdO0dOwOaBYOEOdzszzaztzOWOxOwOBON8:827cOt
Score

4^/10
behavioral9
- Target
  
  manual/courses/index.html
- Size
  
  123B
- MD5
  
  2d551cf18458e30a07cb0fdf2dd099fa
- SHA1
  
  c54d3f676d232d408965451f11b028168a771e67
- SHA256
  
  7dede2000eaf23be9607727a9301a45afbc175a0225abad4ac8d3914037e42b1
- SHA512
  
  402630b864df6737f1063701b61c473d614a91473691e4728af5bbf0ed031f0df8d857cf3ef12ed65dfe7b3eb140cb4ccbaf96a504b604898318cf5a0a67b0c7
Score

4^/10
behavioral10
- Target
  
  manual/customization.htm
- Size
  
  22KB
- MD5
  
  536a5817ada88443ca957ab0f97df3e4
- SHA1
  
  23fb61756926b795bc2bd201242cef6c39657c67
- SHA256
  
  90ca3035241ff3f2b2cd56ca745d61c07f78122838e347c941719eb4797b7e74
- SHA512
  
  2647f1aaebbe45d989e21b5e9cf9d9855e95705dfafbd67fb0d4c0d8a3af6188c764faac4dc4440e0599140300faefe60e2fe7f55a88df9c3d7a9eb1bcdf24f2
- SSDEEP
  
  384:8K66fO573f3FGDuK5+Ou6TjQTrJpmXqq9m/flXqq9c3Xqq91:802tfsDuK0h6/WrJpmWflo3p
Score

4^/10
behavioral11
- Target
  
  manual/frame_bottom.htm
- Size
  
  592B
- MD5
  
  51739b2b2a89be11ea3866ea2044b926
- SHA1
  
  e703647cefc304f5be55d74ae5f4382f4911f234
- SHA256
  
  5dd4d17df712d18e1f5419599ec38d73e4a9ebd2b28f9a2866c0bf52de29e1b7
- SHA512
  
  c8dcdf3e6b50a805868672126fffcf67ca8192627c1845ac7c977d64a5b63035f474d1e96c0f395ad70232d16f44682c980ee47234373ac8fc6e747bb46f455b
Score

4^/10
behavioral12
- Target
  
  manual/frame_top.htm
- Size
  
  1KB
- MD5
  
  6716dbdf40a4b8d8d51ce5800ae5e846
- SHA1
  
  0ee365f6e0aedf2783c9540245c216c04497aa19
- SHA256
  
  bdc3d79d74baec6c87d541d7cdb94c01d3e3879996719b3f96af4d303b8138ed
- SHA512
  
  9b0452692284831acf43d23ccb6209da181b0f538250753d1af7619c5a27a0c01fcc5e95e33a65641d55f2b770f273e775efb4eef1084d00a989283820548b85
Score

4^/10
behavioral13
- Target
  
  manual/images/frame_bottom.htm
- Size
  
  642B
- MD5
  
  b228040226516ab776032fde611f6fce
- SHA1
  
  2d2237c9faeef2d9e735dc6536335e0537f79489
- SHA256
  
  422e96c93960b1aada591c7fb8dbe326bee6d3bd332217074b1d6546523bad76
- SHA512
  
  7169ede9760cf5db72e2c1b99dd5ef562410c77831c7757775c53c131c47e7ed47b98b14b89814b3481600d71d1b3551e033128f85d47dd8ebdacdb5bec34b22
Score

4^/10
behavioral14
- Target
  
  manual/images/frame_top.htm
- Size
  
  1KB
- MD5
  
  e7a05808c979bbcc7a7c0cfcb566e78a
- SHA1
  
  9f87adee2fcbe93b92927077278ac7e8c23bb663
- SHA256
  
  4d1fbdbc41b89e9407eae93927167ed74a0301f905d503c0170131daaa4ad3b8
- SHA512
  
  080a109a3f434c0322c0c8de08b46c153358feb600f8899482ace1c97062e710b872f803ec28dee6a851d88c696b7c6aae7a95d1a22429dff9d9fea7e61c4212
Score

4^/10
behavioral15
- Target
  
  manual/images/index.html
- Size
  
  123B
- MD5
  
  2d551cf18458e30a07cb0fdf2dd099fa
- SHA1
  
  c54d3f676d232d408965451f11b028168a771e67
- SHA256
  
  7dede2000eaf23be9607727a9301a45afbc175a0225abad4ac8d3914037e42b1
- SHA512
  
  402630b864df6737f1063701b61c473d614a91473691e4728af5bbf0ed031f0df8d857cf3ef12ed65dfe7b3eb140cb4ccbaf96a504b604898318cf5a0a67b0c7
Score

4^/10
behavioral16
- Target
  
  manual/images/overview.htm
- Size
  
  4KB
- MD5
  
  c6f06d164cd117d3ac1cb5919ef8bfeb
- SHA1
  
  2fad9799e70c923e371e316ecd4150ed6e78df79
- SHA256
  
  93d29cec55edf616f9e3f461ca92ba66d2e45f54b7cfd57f3ae9847bf713d379
- SHA512
  
  0a7ff90b2ded83d9c1f6ad72e4a279ff7f9337f2ef8352f00c958cd9f4838d304f2e38bb2112dcb65cac06334b2354a279d76b4f1bccf03a2e1f4253f7eee10b
- SSDEEP
  
  48:ILm9zSifgDgYLSuL3rrgrrDy5OXZe+0V3KCD7qxcBYu0Li0rNLutrd7J4/2OsQx5:iVLuDI00UC3q+D0rN4yeslQ1MDbrsM
Score

4^/10
behavioral17
- Target
  
  manual/index.htm
- Size
  
  733B
- MD5
  
  6fa5cdfe7ccbcee3b1062b2be04afebe
- SHA1
  
  a4302cb13bb52f1790b26fdae1da1163a52dafb0
- SHA256
  
  380729fd42c0df4015b670557c3c00bb6a66a0b0a67a12a9a749d2e0f066175f
- SHA512
  
  0fc7fc3fc4037635154c3e91c763fedfdca8ab89b2b70eb82bc4b4f94b818257094a2894e1d50622c1940eb60aa80b5ac2a4da0e34bf7d994ac4585b56b31623
Score

4^/10
behavioral18
- Target
  
  manual/overview.htm
- Size
  
  6KB
- MD5
  
  af4c8c7acb37ad8cc2d09312466cf109
- SHA1
  
  1e9502b5b574518caac7b97c6b3b9faaf2f55364
- SHA256
  
  f899b9a1195edb721cdf9d1e33aac99e54be11545bda2bf304b37f6af8ca5635
- SHA512
  
  63bbaafdbe0f43ef139744d98b1acfbc114dcec5883b6f0209d5b3aec4d7209dc45977ff055c2c98f98fd6183e0eb6c1ffc639231a0dc44f99ee7d39fba8367a
- SSDEEP
  
  96:TK6iPaN0QiQqw1xpP00CiSM0CJw0rsQ8XGBVL:TK6iit5NM0C3M0Ca0rsQ82l
Score

4^/10
behavioral19
- Target
  
  manual/team.htm
- Size
  
  5KB
- MD5
  
  359506a6a7dba30dee90c9c5af4fc73d
- SHA1
  
  be6ec7c2c23e0dbebcd032a5c1d82e5bf690daa4
- SHA256
  
  ef72224e76227104c2029fd2c5eeaae7e1ccfb1c9826f06add6b3b3dda4d728e
- SHA512
  
  42c181a4e204d3855d5ff2c3b7df0f07066aeccde700913dc2fb1ed471d377ff8210c36693b4f2c332b42d75f41a0d3c4cb72598ad50a42d8a49617c2c4a0676
- SSDEEP
  
  96:u+E+C9PRBCOWLA/sUkf4QBkA8cu4oK1JssoY0s:LE+CpRBwLA/sPf4QSMu4oy0s
Score

4^/10
behavioral20
- Target
  
  manual/vehicles.htm
- Size
  
  12KB
- MD5
  
  cab76caa0059e9f2d9fb6d4523b2e954
- SHA1
  
  2407311ecc9e490577e16beeb2fac05e891be9f3
- SHA256
  
  8f9f1ada4806d6efdc4f5a517c54679bca4cc86e1ccfafadb110dadf92652f28
- SHA512
  
  4d3b4c4c06d479f8dc412303fec356214a641b187d2beec208e718878a4289ba75f2e57eac5b7c66d25bd71566bbeaf91b47a5205e1fcad284f0b073d820b93a
- SSDEEP
  
  192:CEKU+pEA+faj+8S+pF+edI+mX+m8+9p+8Kp7aE+dA+Db+v+SaB:dwXjKKTIVucEBuWwB
Score

4^/10
behavioral21
- Target
  
  manual/vehicles/index.html
- Size
  
  123B
- MD5
  
  2d551cf18458e30a07cb0fdf2dd099fa
- SHA1
  
  c54d3f676d232d408965451f11b028168a771e67
- SHA256
  
  7dede2000eaf23be9607727a9301a45afbc175a0225abad4ac8d3914037e42b1
- SHA512
  
  402630b864df6737f1063701b61c473d614a91473691e4728af5bbf0ed031f0df8d857cf3ef12ed65dfe7b3eb140cb4ccbaf96a504b604898318cf5a0a67b0c7
Score

4^/10
behavioral22
- Target
  
  maps/rc_canyon.bsp
- Size
  
  2.5MB
- MD5
  
  d464f14d123f92888841f5820cd25aef
- SHA1
  
  e99c99fc47ca4a37456c5c98c29242707c661132
- SHA256
  
  3d22530a3e820dacdb544bb3c00e3d3cb9786ada8c70af3f3fd0d9830cb8d7e0
- SHA512
  
  1fe4ceddae4634183d82b0e3455cf31f4f356ba1b5ec9c956f243f2f7434fdf215fa557cf358f4b2de0813a524ee04c26dee58b3c77e23f2d12ed4bff3e1592e
- SSDEEP
  
  49152:y97n7Ew+8WUtRV9Hou9HYx4CJEvgFLt/JRK:u7n7EwvpT94XJjFtu
Score

1^/10
behavioral23
- Target
  
  models/lcreek/9boulder.mdl
- Size
  
  67KB
- MD5
  
  0e12e7040a3c2a3a9a795e8ed1fe6ddb
- SHA1
  
  c78b15a83cb4317bc91e56f2fb76a1ccc122fcf2
- SHA256
  
  d42f0cf082287aad121752553992c96c6bab8b9bb70bcf25a1790d794bfa0c2f
- SHA512
  
  1a0bfb8a26955f2b1678fd22cbc86e6eaa8a1ee60b037752934805d2f3e8ca17e0537d1d746125280063eba944e6c62bb0520bb08d615987e99031ffee340c2e
- SSDEEP
  
  1536:phL3mtKiPoCrdmwhpdVfB3rdZFb8JZT1dRAzO:bL3mtK5SYA5dg4
Score

1^/10
behavioral24
- Target
  
  settings.scr
- Size
  
  1KB
- MD5
  
  cc5fff2044062cf84c16ff82b0ce3ec6
- SHA1
  
  e04dc1e2f5d52329befb965657585d8bc15cd6ec
- SHA256
  
  dd6ba80fd0d768d9af88df829ae8c539ae31625edfe4388a6d457af356865d73
- SHA512
  
  062d1491526ef8076d349fce3a641d81ec884729b3fd1b47e64e43ab84b244ba734438b6dafe2700bff1489cf4b349434e2f74553600b759d017251a85b3560c
Score

1^/10
behavioral25
- Target
  
  uninstall.exe
- Size
  
  40KB
- MD5
  
  2638bec69fe0827b8e4fb94640100074
- SHA1
  
  d5531ad040b8223c9811d772becc3d9904fbea6e
- SHA256
  
  4db2852af10e8cf301989b2bbf3d76c38390171ce00b7b02ad5444877e1a4b21
- SHA512
  
  99524c97b03e787bead55dffd8537d4fb5d561963f5b26eaaf725b0bf4914b06fbe5041aee4af18628cc33843c9a25f6b2cf9026a1f0e1d992dbbb34bfb3634b
- SSDEEP
  
  768:CzV60pic8jAQVSISj980nSwRdxi4XAfF/O71mJCxk0Zx0GATo:uFicEAwSIknNAUmJCbrfAU
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral26
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  356977adc8dc0d8d17d7f8a2b789004f
- SHA1
  
  c4bf52c11425e6c061d4e36d97c5a2d7a4360191
- SHA256
  
  8091a25eb5307bc1837e1e59a5d7dc36faa5190114202a835c415cc6df069dee
- SHA512
  
  4d6ec569ea719845b31f98713e67e27ab6d6a4037b74a121ab768197a6ee6c4c5581348c9dfa7f228c489ef09e54bead9ed422f39eef74742fffebc8f6658de5
- SSDEEP
  
  48:qVXAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptqGUaEJkof5d2:I11GED5ZTvycNSmwVsTJuft+/d2
Score

3^/10
behavioral27
- Target
  
  user.scr
- Size
  
  1KB
- MD5
  
  d88257637c5db4d91553a1926eed27ea
- SHA1
  
  e2616c8f40d929d0583585478d83e651354eb084
- SHA256
  
  69d7953f2b51d12a75658e02c15b15d34c48ceaedf24ee5e7916ad13dd4af7b6
- SHA512
  
  c2516c7483283433ad4ff6fcd4e9d329e92f66587421df05e4ff8cd752c2382cb48f8ffdebbdcbb2eeb2bfe0bec70662ac67450d59d6b5cdd48f0bd45a3a8ba9
Score

1^/10
behavioral28
- Target
  
  zlib.dll
- Size
  
  52KB
- MD5
  
  4965107d112666d3835308a831a29274
- SHA1
  
  50439b99ce525ecb74c554e1dc43ddb39481dfa4
- SHA256
  
  105280995cd5746078d67b8651dfe4ad2abcd532d7ad528d3100c535b0b538af
- SHA512
  
  38fa8f0eeadd75bf212eaab458833cfd3445d00f3d77f1f8a86b7c3ba99376231c8b3fc3cfdff6f02f2ca9c90956c76f9055717712d35a7ca7b30172a0010b59
- SSDEEP
  
  768:MX8TJyuiie4tVkIuCE8U8tOF5GqqQhGbY5ma78ct+Jn0r25mSSIjpe5uw+/Bz4o1:MXGJxIIuCE8U8tOF5pUB0wEo+X
Score

3^/10
behavioral29

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks installed software on the system

UPX packed file

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29