52cb2900fe999cec1e659ab3aff583d028553a2be2d2b1be6ebc0cca22a5df86

Sharing

Copy URL

Twitter E-mail

General

Target

DBDShop Epic Boost + Alan Wake DLC UPD.rar
Size

6.5MB
Sample

240226-w5zpbadd71
MD5

2477dc045f0378409c459117adbc23d4
SHA1

ab0d6da8903ddfc3a35803017f83ecc1799d3691
SHA256

52cb2900fe999cec1e659ab3aff583d028553a2be2d2b1be6ebc0cca22a5df86
SHA512

8450d0c5abbc5e092d6486582c6fd0aba0c102f7e37dc4be23933275dafee832568dd4f954ed0c30973b4aa8d214f2b6ec3efded9a2c496767f81a6bb19941c5
SSDEEP

196608:mp7Z18iBSzA9tuKFddmGJfq9c1yvoOdRQ:y7Z180SzKFd5FpPOvQ

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  FiddlerSetup.exe
- Size
  
  6.3MB
- MD5
  
  77a80b10028f9c800c5cbb5a80fde929
- SHA1
  
  7e8a8ce83bba6bec7b62cca06ae7680ef5c5ddec
- SHA256
  
  207e1a39c74a03ae535ad04fe74bc435baa777ecefaec95abe78664cd2b34690
- SHA512
  
  883600cb4d5114cef47dba6d7fde929c02f0f4d2baafa9dbb746fccfee92ebb6bfb02602e64dfb2c93b773abfdf8b49ac780b0c02414107761dd66e6999480bc
- SSDEEP
  
  98304:mIouszMd5OYRxqFu5rMnb8ELGUHjvYEarhIPAT99taafHOwRcxzv77Nd6fKnCKbX:FqzMSx3oohYTXt5WwREv77cKCKkBbYOY
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FiddlerSetup.exe
- Size
  
  3.1MB
- MD5
  
  7e3090e237b9f252efc88d097f71ed47
- SHA1
  
  8a1cae86f421c4c74f7f543609826cfc472e5fa8
- SHA256
  
  91547aa10f5b4d1be95c7bfa289499ded2b65d1070ec6fce0208e61771df5318
- SHA512
  
  378d29ca00b73ff5b729d6bc39e63b61f833f7baad9d806db77ee7acab993b3b567f7e533aae2178bf8a9391bc8d205aadd72d75a29a71c0f2827196ff040afa
- SSDEEP
  
  98304:QIouszMd5OYRxqFu5rMnb8ELGUHjvYEarht:rqzMSx3oo8
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b8992e497d57001ddf100f9c397fcef5
- SHA1
  
  e26ddf101a2ec5027975d2909306457c6f61cfbd
- SHA256
  
  98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
- SHA512
  
  8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
- SSDEEP
  
  192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
Score

3^/10
behavioral5 behavioral6
- Target
  
  Analytics.dll
- Size
  
  32KB
- MD5
  
  1c2bd080b0e972a3ee1579895ea17b42
- SHA1
  
  a09454bc976b4af549a6347618f846d4c93b769b
- SHA256
  
  166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
- SHA512
  
  946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
- SSDEEP
  
  384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score

1^/10
behavioral7 behavioral8
- Target
  
  Be.Windows.Forms.HexBox.dll
- Size
  
  60KB
- MD5
  
  e6f7b8c5ec4d1543eaa7f5d148c6327c
- SHA1
  
  61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec
- SHA256
  
  bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
- SHA512
  
  6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4
- SSDEEP
  
  1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve
Score

1^/10
behavioral10 behavioral9
- Target
  
  EnableLoopback.exe
- Size
  
  87KB
- MD5
  
  13072c3b2a5a405b32a60d8cf1631bbc
- SHA1
  
  6996ab027fe913cccb9f8e26ad0e9491d4a609b1
- SHA256
  
  f8ed4cb272e52b7ef2b1c2672dbc6ace9f3ef752a38ce535265cfab891c9cbff
- SHA512
  
  337311e0b2c0a22b749930f7212b5040d27c2b997404dc8cecfbbf89c86f2f5d5077d6157090078a8421acaa23850b24f963ba1b984b0600e9b80505bdb125c5
- SSDEEP
  
  768:HzEI16zcI2eTcvEWm/ljPjOPAxr25znrSh7ANg3CqnZ+6qmmlG0KdFumjDdFWf1:F1H5MiP1zrSh7WwZ3xmlGddFjjDdFWf1
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  ExecAction.exe
- Size
  
  19KB
- MD5
  
  519310853c0ee273a3f8787d7518dd2e
- SHA1
  
  22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8
- SHA256
  
  a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272
- SHA512
  
  30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d
- SSDEEP
  
  192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY
Score

1^/10
behavioral13 behavioral14
- Target
  
  FSE2.exe
- Size
  
  50KB
- MD5
  
  3edc1fc459ea2dc098722261ec3fbe05
- SHA1
  
  8fbb8efa0a3ba27d29a184a4b182ff537f82c9a8
- SHA256
  
  89f3cdd4c1e20eeac4d39fa709d40e8f3ebd8985a0a76673a44cf117eeeb458b
- SHA512
  
  a6cf1c104f8dece689cd21f7d65d510f07e86d25600f42d61838a664fbf640ead66fe4523499a38f37951faa3028bd469ad8f483287f986218f8cbfb50f3256d
- SSDEEP
  
  768:PhiPG/q1nVY2kh5yGJMwCH8Ufrg04g0rTpEIkGAwd:pzonVXkhVJMwCH5frgiMd
Score

3^/10
behavioral15 behavioral16
- Target
  
  Fiddler.exe
- Size
  
  1.4MB
- MD5
  
  bf4fb7029571683986ecf3a48eacd4fd
- SHA1
  
  5f1c4f0a79f4a0c8e96d27adbf0153a45a58cc11
- SHA256
  
  b0eab66bae42868d402f326a37cb0e4364d4a686eb5feb4d93325b5078c1bc0e
- SHA512
  
  ec240842386f28e87576720252d12c5a02ea9e2c29485d1acaea34c89a1577041462610d953a59e9e4acef4d3c566e861d6672a00d9bf196d778bf13a45bb25e
- SSDEEP
  
  24576:HA93BNl5yPcNBSuUsRCb/l+53flpmjaqkIw:swLzkIw
Score

3^/10
behavioral17 behavioral18
- Target
  
  ForceCPU.exe
- Size
  
  19KB
- MD5
  
  b982a103b0d4e0db856026a163124bf3
- SHA1
  
  40772be00068bbd394ff0fccd551151a822f3e70
- SHA256
  
  2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
- SHA512
  
  214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
- SSDEEP
  
  192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score

1^/10
behavioral19 behavioral20
- Target
  
  GA.Analytics.Monitor.dll
- Size
  
  52KB
- MD5
  
  6f9e5c4b5662c7f8d1159edcba6e7429
- SHA1
  
  c7630476a50a953dab490931b99d2a5eca96f9f6
- SHA256
  
  e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
- SHA512
  
  78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
- SSDEEP
  
  768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score

1^/10
behavioral21 behavioral22
- Target
  
  ImportExport/BasicFormats.dll
- Size
  
  116KB
- MD5
  
  0a81f697f485f316f3d013fe2643ae18
- SHA1
  
  296d7b5cc4f2b51545db42b92c52e40183e3f8c0
- SHA256
  
  c80a4f7d93f37cdf96dcb6ab2869da4cc4513993a3ea9d8b07a16b57adee0b9a
- SHA512
  
  d16e688fdf5c372ced38c5e08a8ab6e8dd84267177205fb4c3175cad610d4d76d8ada61bd9f26550b9bc65ba2772290e6869d772a311c948eb44e6eaa2bf5462
- SSDEEP
  
  3072:D7oO+xPm/sjzY4WctGYPhfhGY1rERA1TenDV++HOc2e4dFbdF0fn:UxVtTJfs2QidNd6fn
Score

1^/10
behavioral23 behavioral24
- Target
  
  ImportExport/VSWebTestExport.dll
- Size
  
  49KB
- MD5
  
  09a3037e9629d6eaa18b0121adf0b8c7
- SHA1
  
  f59543bb925101195193a4a3f43482600e785e55
- SHA256
  
  22435be7a701e6c9d421a94b53c35f1d09d388d1e9e5adfb6306a237fa16262a
- SHA512
  
  a0ea0829f62718c27f59fa1d83ef1e969e006f47036df0684604dbb64d54bf84f80856641757916cb7a4c371468e5da253f6a90b67195ca7e0b27f137efdfecf
- SSDEEP
  
  768:v12VLhSX96KTIvdF9T5T7Enn/IRXILJtGiU83aTcaOKdFKdFGfcf:AtU5Cds/LtrU83ajrdFKdFGfcf
Score

1^/10
behavioral25 behavioral26
- Target
  
  Inspectors/QWhale.Common.dll
- Size
  
  192KB
- MD5
  
  ac80e3ca5ec3ed77ef7f1a5648fd605a
- SHA1
  
  593077c0d921df0819d48b627d4a140967a6b9e0
- SHA256
  
  93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
- SHA512
  
  3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
- SSDEEP
  
  1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score

1^/10
behavioral27 behavioral28
- Target
  
  Inspectors/QWhale.Editor.dll
- Size
  
  816KB
- MD5
  
  eaa268802c633f27fcfc90fd0f986e10
- SHA1
  
  21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
- SHA256
  
  fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
- SHA512
  
  c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
- SSDEEP
  
  12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score

1^/10
behavioral29 behavioral30
- Target
  
  Inspectors/QWhale.Syntax.Schemes.dll
- Size
  
  284KB
- MD5
  
  681abb88692a8d2662c527eab350744b
- SHA1
  
  58bf5fdfa668c2add65a6b7edbb43eab47648821
- SHA256
  
  9ad5749ba1914101cd4cf2736d0e74bbb8c7abbe93fd5e83377d5cbf33ddb78d
- SHA512
  
  5f2a370b4bd64e03469ddaa90b7ebd75e588033dbe48ae1b111fa537e56aa13b5bd7e067126d3cc543faf45cd0595ea2355d8fa412197b61f18754e4f9876823
- SSDEEP
  
  1536:/YiCDgqGqtbeBLmTnNLUSgk9NPOEbg0hIc2Vrl2XuPtlPpXB1sJOm8M93f2AkkgW:abMmTnNLUSgk9NPOEL2Wg1TOV
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Software Discovery

T1518

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks for common network interception software

Modifies Windows Firewall

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32