Overview

overview

3

Static

static

3

GOTOBED (6...rp.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

GOTOBED (6...le.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    27/02/2024, 20:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GOTOBED (64bit)/Go To Bed_Data/Managed/UnityEngine.ClusterRendererModule.dll

  • Size

    21KB

  • MD5

    3b7d03945ffbc55421271a9a33d91d59

  • SHA1

    cdd8782583dd2890052b57f03bbb56e012337236

  • SHA256

    5d156e5d2891d2cdc3f2daf468a0c6e30aabbf1c8413e5b46fe269c9ac2b5b8f

  • SHA512

    6f078face87293f1b0acec1dbc273cde2f9292eb27f59695944b12941737cfabb5a84c0e8bca5ff66c5956579691565d9c46b654f310e746a29f7a5a53395398

  • SSDEEP

    384:zCkFzncH5z2hjMFSZcjOnF6qMNyb8E9VF6IYiTPx3nkEIHJZm:2kFzncHAhjMFSZhF6qMEpYiTPx3kNHPm

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\GOTOBED (64bit)\Go To Bed_Data\Managed\UnityEngine.ClusterRendererModule.dll",#1
    1⤵
      PID:1208

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      133.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.179.17.96.in-addr.arpa
      IN PTR
      Response
      10.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-10deploystaticakamaitechnologiescom
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.2.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.2.37.23.in-addr.arpa
      IN PTR
      Response
      11.2.37.23.in-addr.arpa
      IN PTR
      a23-37-2-11deploystaticakamaitechnologiescom
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.71.91.104.in-addr.arpa
      IN PTR
      Response
      140.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-140deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.179.17.96.in-addr.arpa
      IN PTR
      Response
      9.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-9deploystaticakamaitechnologiescom
    • flag-us
      DNS
      31.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      31.179.17.96.in-addr.arpa
      IN PTR
      Response
      31.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-31deploystaticakamaitechnologiescom
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • 20.231.121.79:80
      46 B
       1
    • 204.79.197.200:443
      g.bing.com
      tls
      2.0kB
       9.2kB
       22
      19
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      133.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      133.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      10.179.17.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      10.179.17.96.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      11.2.37.23.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      11.2.37.23.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      140.71.91.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      140.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      9.179.17.96.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      9.179.17.96.in-addr.arpa

    • 8.8.8.8:53
      31.179.17.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      31.179.17.96.in-addr.arpa

    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      19.229.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.