550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

Sharing

Copy URL

Twitter E-mail

General

Target

sa-mp-0.3.7-R5-1-install.exe
Size

14.8MB
Sample

240302-szhxtsef2y
MD5

f7874cc8637e5ddb98b07ed40a24de58
SHA1

0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef
SHA256

550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3
SHA512

c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1
SSDEEP

393216:suNmflaNtY7G8t+LdFyBV9DVimtbA9yRbABehQtAuGuSwcBk:3NklUt3Nd2VvimtbeGbbhQtWBk

Score

7^/10

upx

Malware Config

Targets

- Target
  
  sa-mp-0.3.7-R5-1-install.exe
- Size
  
  14.8MB
- MD5
  
  f7874cc8637e5ddb98b07ed40a24de58
- SHA1
  
  0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef
- SHA256
  
  550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3
- SHA512
  
  c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1
- SSDEEP
  
  393216:suNmflaNtY7G8t+LdFyBV9DVimtbA9yRbABehQtAuGuSwcBk:3NklUt3Nd2VvimtbeGbbhQtWBk
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  211B
- MD5
  
  e2d5070bc28db1ac745613689ff86067
- SHA1
  
  282e080b4cf847174c5c11e4f9157b8c338ecb19
- SHA256
  
  d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
- SHA512
  
  a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  $SYSDIR/d3dx9_25.dll
- Size
  
  2.2MB
- MD5
  
  5b48fe9d6686f0d54b26a005ace24d1d
- SHA1
  
  1c395f6d2aa729a607e69dca73f8205cefd26aa4
- SHA256
  
  4c54df27ce84d21b2924e64ff79b13e7876ce85d8e0c9c1d0abd8da73888187a
- SHA512
  
  6a4fa549578097ba36495ec210365c27d165065820f0fdad20864a3139949e72da00f9b7c614d07d8950307e596b693ed7a291a5c69cc0f9ba30c5f74d6332f1
- SSDEEP
  
  49152:IxfcP6/1/QQ0ANFrbfxdqPeQ6eg+XMD3hP7zfOHXD:IxfcP6/1X0ANFrbfxdqPeQfg+XMD3hPQ
Score

3^/10
behavioral10 behavioral9
- Target
  
  SAMP/SAMP.ide
- Size
  
  87KB
- MD5
  
  9fc8a6769f18d3daceabbbed8632c68e
- SHA1
  
  5aef67fcfe871e3828b4686553c9471cf9b72497
- SHA256
  
  dd66aa822943526dffe0f80af88547615672c9bb6e9f3fcfde6d6f8b860f93f5
- SHA512
  
  17bad517167dd4fb1d70158dfe58015d2fa7760b3c005626d65a6b5280c29b3a92073ba856175b7e4b74cd2dea4e02b7b4ed83487163bbd2b0cbfda32b2190ee
- SSDEEP
  
  768:vYnhu2+hTAugR8SQHRcg7B3BOPxsmbPOfypzNEkuCm5UTsJE629iWnKjcGmjpEUB:ABNPxsMjzNwM6HkKEEUmfoqWtn
Score

3^/10
behavioral11 behavioral12
- Target
  
  SAMP/SAMP.img
- Size
  
  45.1MB
- MD5
  
  c85eb523407583f602a2f48df572081f
- SHA1
  
  fba6b6ce9d6ec0743e8c4137c8808d3ad1bf9f8e
- SHA256
  
  7755badde82981616e6cdfe7f4be37ded413979f7c881e35ad63b758ca787d2f
- SHA512
  
  ffa70dc3e102a56079247720006698d774a752822ec2da993a2d16d8a27c6b538eddf1c453ac257683d594e28aec5292b09683688be3f921939487fd885e4adc
- SSDEEP
  
  786432:lt+POUX4BBCLTmlfg5ehCDBsXOVVWdwN5nhdWvo0Qo5OCK7gsN:HUX4BBCLTme5SCDBsXOVVWdsnhdWvo0k
Score

3^/10
behavioral13 behavioral14
- Target
  
  SAMP/SAMP.ipl
- Size
  
  2KB
- MD5
  
  f5fc70efa49b43fc48fc71e3c680b50e
- SHA1
  
  32d5cc60c1b56d62f0a4d5503ac1f60b1a1c97f1
- SHA256
  
  a0c31a4593de2ffe6dc734eae06c3794dcec985f53a4e985f6b895789847a26d
- SHA512
  
  ebee62161e512339e91d224b540c0e316e374dc4b9b8243d28395a1a4da0ec69daf99a14b5bc65c92a725698fd033d464dea4831637f3fb98fcad3e63cea0f5f
Score

3^/10
behavioral15 behavioral16
- Target
  
  SAMP/SAMPCOL.img
- Size
  
  3.2MB
- MD5
  
  eb690e98b644fa584be6917d48ee6cbc
- SHA1
  
  cf5ec69bc0725c3b6b55c5934bfecac971060572
- SHA256
  
  aa6dabfb4b38e3b79949bbb3aa4f90c7e4fd3909feed37335b2d656e73089490
- SHA512
  
  e3a2892e2aede8dbc60ef0c76f9be854c54f5984bc3600ba050ce2f1c81be22e4e17817b83cc396e5ce2d004b074ef9343a9b85f30bb28dfc434def0a7c1fd01
- SSDEEP
  
  49152:FHL7Uy8oZ3bRaNg8GvPYH0EYLz+rxGg333hfLi:RMyNZLRay8GvPYH0EYLz+rxJdm
Score

3^/10
behavioral17 behavioral18
- Target
  
  SAMP/blanktex.txd
- Size
  
  32KB
- MD5
  
  00dc42d499f5ca6059e4683fd761f032
- SHA1
  
  901fd1c737e95f09c096826eb547849ca1873b85
- SHA256
  
  724eff1b323771153a172abb35fcf7fbfaa88af7bab906b51181a94e08ef2e67
- SHA512
  
  4186adf87d23275ef4dde005371b554ce8e1c6141f160033b549e48190e7e3c96d014ef5ed62a88298cad458c6799d0a0baf35b3a32dc34acade7eb3fa5b4772
- SSDEEP
  
  24:HSvqpPaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc:HwW
Score

3^/10
behavioral19 behavioral20
- Target
  
  SAMP/custom.img
- Size
  
  8KB
- MD5
  
  8fc7f2ec79402a952d5b896b710b3a41
- SHA1
  
  8c2dd82d07d41977946eb12225e017d08ff19d81
- SHA256
  
  20de16a9abe3b2bf6f9fa415d855230a9c5487433b3c77037c2ee84d5f35df38
- SHA512
  
  803b6b2bc09782794cc2ba2929eefbc7a6304d7917f2fe8aabdf30882a05d6c8ef47fd0369782d6a0167f51e6371d372372362e8c10b73c274101b636b2a0aec
- SSDEEP
  
  96:Dp3y/CrKs/+qwbp3y/CrKs/+qf/M5k5Yk5x5x5x5x5x5e5b5w5k5q:t3y/CrPY3y/CrPf/qCYCfffffIV2Cq
Score

3^/10
behavioral21 behavioral22
- Target
  
  SAMP/samaps.txd
- Size
  
  640KB
- MD5
  
  e0fdfd9fbe272baa9284e275fb426610
- SHA1
  
  d64ba932095df01aec31255147078d8820f500df
- SHA256
  
  d7a10e2d6497865377f61061abc13c5b7d1c81f8471410c80191640e04948285
- SHA512
  
  81f1c09b649776c935559d420214e9543c1e7a9690a79de43a06df03af6dd54151755e010ea9d06a33058ab5743b30a27816d35f6729657439c6251ee19f1122
- SSDEEP
  
  12288:RVghsoZfX3GnUKMiFnGWOKPzP0Intv+LecSVNjIaS4MzB8wdqhPmbxE1fJ:7UZuiikWOKRtGLecqIntB8wFsR
Score

3^/10
behavioral23 behavioral24
- Target
  
  SAMPUninstall.exe
- Size
  
  56KB
- MD5
  
  bffa504cd63305418858b150faa8f408
- SHA1
  
  86886fd2378aa33935cf684f056454859713aed4
- SHA256
  
  d00f8bf2eaa1994b0064d7b14fc987b0aab9b3c440a4177257ee2d3217fe6d3b
- SHA512
  
  6b8958a4ccffce02ba8e4390f66121a02116e2b2ef9c4baa2eea62b8acfe380d0c0dd5e773f83b7062467a34019612d3f8a531e1a4ffcefb769de964cbf02019
- SSDEEP
  
  1536:HLXB65939tY6HBg4sXJOgdLeAyN/dIM6su:HLk395hYXJOceAlMM
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  211B
- MD5
  
  e2d5070bc28db1ac745613689ff86067
- SHA1
  
  282e080b4cf847174c5c11e4f9157b8c338ecb19
- SHA256
  
  d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
- SHA512
  
  a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de
Score

1^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32