cf5619bcb51b82e4e1765276e9f67fb1e2d23dff968a653657acf35bafff8bf4

Sharing

Copy URL

Twitter E-mail

General

Target

DS4Windows_3.3.3_x64.zip
Size

4.1MB
Sample

240312-eta35sgc4t
MD5

b35e3aaeb5ffca32d4b426474a755361
SHA1

e869c8164400e1801e48c561b608e84a91515109
SHA256

cf5619bcb51b82e4e1765276e9f67fb1e2d23dff968a653657acf35bafff8bf4
SHA512

1868be9ac68473e002efc248c69f5f4273824bb6d4280443f8886744f95fec915e9c61242f9a5aee2969ae00f9624fa849afeac1004fb4d9bb08e74a8daeb4b6
SSDEEP

98304:7rRcOy6CH4Sd0dfLamFW0qaYY5pM8+6VCPlcNdx/5V:7LYHf0NRA0qf+pilwRj

Score

6^/10

Malware Config

Targets

- Target
  
  DS4Windows_3.3.3_x64.zip
- Size
  
  4.1MB
- MD5
  
  b35e3aaeb5ffca32d4b426474a755361
- SHA1
  
  e869c8164400e1801e48c561b608e84a91515109
- SHA256
  
  cf5619bcb51b82e4e1765276e9f67fb1e2d23dff968a653657acf35bafff8bf4
- SHA512
  
  1868be9ac68473e002efc248c69f5f4273824bb6d4280443f8886744f95fec915e9c61242f9a5aee2969ae00f9624fa849afeac1004fb4d9bb08e74a8daeb4b6
- SSDEEP
  
  98304:7rRcOy6CH4Sd0dfLamFW0qaYY5pM8+6VCPlcNdx/5V:7LYHf0NRA0qf+pilwRj
Score

1^/10
behavioral1 behavioral2
- Target
  
  DS4Windows/BezierCurveEditor/build.js
- Size
  
  431KB
- MD5
  
  61b6490d371c57d566ae713880f3ab40
- SHA1
  
  36c2071e549545f02deb5500c296f343d88b08f8
- SHA256
  
  fce907cf01187e1ca0afb91341fb6d793a97d359918278a759ad03ab4dd71348
- SHA512
  
  b6c5b64ad02e85087d2ea71938ad1e1cafeba13184e3ed3eca31a3da47bcdf8e58fed3dae50917a797f7d0bed89a12d391fbcfe0246c264e82bb581866f36953
- SSDEEP
  
  12288:9eTeocrhC4KAl6QhcrlsM0q8btBFWW5Ovyf6Bv+JWcwxXAc6EHmSZGlYBDdyNdyI:IqWcwxXAIG6RdyNdyFmL5NyiBDpgnU
Score

1^/10
behavioral3 behavioral4
- Target
  
  DS4Windows/BezierCurveEditor/index.html
- Size
  
  193B
- MD5
  
  b7f3e0aec1e9905b2706285819ad8627
- SHA1
  
  c86d0c917ef8b6e1ee25d034fad53b0b9f6ba5c4
- SHA256
  
  fbd5e846237145aaa4b1d5275eaf95013a31d41e9cdaaad032d583245de54a7e
- SHA512
  
  036375d1801c4b85c8454a874267cef9dc49bd7aa73a49e308584fca8cd188857ba625f1033149f0a9aa395c5ccb78d1f1abc73e2b85339a6c5895d46759a080
Score

1^/10
behavioral5 behavioral6
- Target
  
  DS4Windows/DS4Updater.exe
- Size
  
  807KB
- MD5
  
  e86b6ba53ca8462baeaee561ae187e9f
- SHA1
  
  b2a8e9be51c24ba9c75b6b97ed8db660ad3c6ff8
- SHA256
  
  622c770e622daf9e08c06e203c982613ec9cc2cf73e0efee68461b7a2e7646a5
- SHA512
  
  7152909f8444d360d1d1471dafad1791109965690c0405aba0152ce80514420504132ebbfa233f13632a948fdba38020bc21ede4ad248390e7057931731eaa55
- SSDEEP
  
  3072:xefQZKfOC31VwyY9egNtfNjJvjmqqF7Hb/LMm5MtD9ma5voSfAm+AAAAAWAAAAAk:xDewyY9egLRePYm5KckfAr
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  DS4Windows/DS4Windows.deps.json
- Size
  
  16KB
- MD5
  
  a2a3bbf0765877ce03b5e3a3414d604a
- SHA1
  
  c9dc04e997d095bd5a8179cde9df0e5aa837cf9f
- SHA256
  
  39915d00fbfb5cfb9cb6efe36c26a620bccb2bc1fb3675f8bf7931a9c2ca5180
- SHA512
  
  b41356b81b2a25adf255c7db314fbdd5c834bc62fe6076d9ef73c0ceebf72a01cdec1a6ee35d4d9b9f4227855eb7d53c85525c05a54280f1e0cdd5599b1e907d
- SSDEEP
  
  192:C2b180yrFyqBV3QkiBSd3SGW8W8vaAPeJXHYmTuSTHByS448b:CsaEWV3QrBSwphydPCT5DBymS
Score

3^/10
behavioral10 behavioral9
- Target
  
  DS4Windows/DS4Windows.dll
- Size
  
  4.0MB
- MD5
  
  12ef7ab3e301423c7cd6ed95b52360de
- SHA1
  
  17d9373706f568caef8ed8e5fb20c8c28117d171
- SHA256
  
  d89c4d3d0f45187283a2d71ff22623d0f871d59a34754065a81ea98c7a6e1fda
- SHA512
  
  00117fe6de672857250de26d88d6230d11b0f0d396b913efa42a5fa90e1272159847cec6c666a42b4ad34888776d6d891d7cfece6c10eb38b3a740083d2b57c8
- SSDEEP
  
  49152:vatQm91jfyQOO6dukFM4yGbmhevOCMM43KC9uYdPJzD4Ht3JzDubzwc:vatn1m8uYJzkHhJzSbz
Score

1^/10
behavioral11 behavioral12
- Target
  
  DS4Windows/DS4Windows.exe
- Size
  
  546KB
- MD5
  
  e196e463c0e550d0f49748008fbb27b9
- SHA1
  
  221960368ae1e190f90cf0b7d51199c3d94a6558
- SHA256
  
  ccacb1f4c5b2f24c5a61bf09c10bfe44fb9d46af8b993c1f5bf01dc1b3733a65
- SHA512
  
  dfa3f83930a6eec958cc69b8978a009dda6a9050b026cf399c5e1cd07f787c515ed497202c7341878032ac89b2f57d8d219bcf824dc622dcd40fa2f530b49cae
- SSDEEP
  
  6144:jDewyY9egLRePYm58DKYPbz0YM+SS5hjS8kfdjS0gNsNHZBuh:j6wZePMJzm1S3O8iNS0YQHbe
Score

6^/10
- Drops desktop.ini file(s)
behavioral13 behavioral14
- Target
  
  DS4Windows/DS4Windows.runtimeconfig.json
- Size
  
  549B
- MD5
  
  d2e7aa8f1b739e4896f676105034aa3d
- SHA1
  
  6d002fad5216f78c2abfcef8597bb985995621fb
- SHA256
  
  37b4fbb913a102f13063829f827a5030168a2ba4cdf88593aee1ca266309fc58
- SHA512
  
  599067b3efed5d9cd8ccaaa33b2fdd76308df23696584b291dcf14764b2c2a06cc660800cfafbcc4020d1b6c8192e88cfbc54592d32a01d081e1bf7617c1cd25
Score

3^/10
behavioral15 behavioral16
- Target
  
  DS4Windows/DotNetProjects.Wpf.Extended.Toolkit.dll
- Size
  
  1.1MB
- MD5
  
  8983f161391ab632b9d2aea51a69c4ce
- SHA1
  
  d1cba0b5310e7e12e67532c6ac299624d2a8e7f9
- SHA256
  
  8038eeaa3483c1a751f04f5acd1cbe5d01c772f9049d04e3bf0d07d04f5723bf
- SHA512
  
  1bbb924a992008848c9ab6811795591e3be6174eea95136e0470e32c025223fde3a453d5bb06ef469779ed4204f101c4348d90944a03fa47138481c028c42c4f
- SSDEEP
  
  24576:eNT2tSXxytYVB/70FAKluHz6I2uP+LvUaLz3bb4lvYlvx92V08XxjaRdV8WHvG6a:eJx+U/70FAKluHz67Bv3Lz34lvYlvgVp
Score

1^/10
behavioral17 behavioral18
- Target
  
  DS4Windows/FakerInputDll.dll
- Size
  
  14KB
- MD5
  
  7c87a11e5c2bbd4e2414c568ea4f4360
- SHA1
  
  c67a1108118994de1cebfc7149aefada4b2db416
- SHA256
  
  7e3d67a3e6b4ef2aba039a3b1e079acde3ad95e0286a87623949ad74607d1a50
- SHA512
  
  f826b4c8caa89aa27489de32ac426a7f76971c9bfe797a679cea20514e79aad6d35d17d0226ad54b19f13be3b104b77afa178d3ebf70aad66c6361b5cd37a01d
- SSDEEP
  
  192:F+vcSldLwhPcoJFYMV2n9ywc5I9uUcAcqy8:06JgMAn5yIpcgv
Score

1^/10
behavioral19 behavioral20
- Target
  
  DS4Windows/FakerInputWrapper.dll
- Size
  
  10KB
- MD5
  
  25989ccc74dcf12a2216c196d8c94b9b
- SHA1
  
  ae0693dfa6da746c952f2f0140c33ca9e321368d
- SHA256
  
  4792671766a575394d3402a9365af9908af94e812ec1969bfe4975c0ab4f5430
- SHA512
  
  23ebcad4e9eb948c70a557c815fd31af188808ec5ce1c301a912f4bdc6acc7352941514bef801b249fdf6384aa60f120b0b4c27b1929d42fc70c85a3328e4614
- SSDEEP
  
  192:4VwjZiJ1OhXNgCBViwTYrXx5ic2XGIlabgU3K5shX4vJAyT:fiJALxgXx722Ilg7a52IBvT
Score

1^/10
behavioral21 behavioral22
- Target
  
  DS4Windows/H.NotifyIcon.Wpf.dll
- Size
  
  107KB
- MD5
  
  be2a9028bc37629428f8b36d58fc4723
- SHA1
  
  b4bab6b42a51000ddbc672e8b83233d4ec30a612
- SHA256
  
  65bf44ba535e1efd5ba38c6f0ccec5756d1dcdbcf458d22b436eb7502f19f73d
- SHA512
  
  8ca62e90934900f1c4a863fe7449fe363523ed95d430fed24ca8c99cd7400b6edb07d60f72acebb29956495818046fafbdd039edd550caca80c1e5300c685232
- SSDEEP
  
  3072:FMO55R0jszmJtf68LlPHbS+em1lShoG0:FMmeJjVHlh
Score

1^/10
behavioral23 behavioral24
- Target
  
  DS4Windows/H.NotifyIcon.dll
- Size
  
  331KB
- MD5
  
  a44681119866a16fd9a3461a839559a8
- SHA1
  
  a8ebb0b0dfe0559cd35225d2257f58b50aca1540
- SHA256
  
  2afe988b67f36aba97cab8fdafc522df13c4399fc3a9d3dd521f38d25bf0461d
- SHA512
  
  5212746fe3fbd62a2342ec16938d07b94ba8acee83f6aa29a90ae7e11d7634a4ec8d64b377e6ba983979ac0a4586bc675d758930f2bb5f725a52092f5c5eaa63
- SSDEEP
  
  6144:jlTZBDxeagx5aAzicZg9B5lvBgAHZDx8akE2D9/BCN:jHbg66pZI3unEQ9J
Score

1^/10
behavioral25 behavioral26
- Target
  
  DS4Windows/HttpProgress.dll
- Size
  
  13KB
- MD5
  
  e97fb25cb7d477d5c3116f3add7c060e
- SHA1
  
  a764ff39dd41f97f0a4d224acec348d75eef337a
- SHA256
  
  a6c28242c760db5713f12a292a87c470e39e42aef8663d02af8e72a3658b97ba
- SHA512
  
  6c1580d60755fc2f89403138ac082ab7b57d215cb20493f092502d30fb5604340cc016aa5c72300bfc22d3e4add0b12d487f3bcf213044d41c6c13e9b1dfbcaf
- SSDEEP
  
  384:D4DXA5xR0vFPNBJYEk7tpwkjRdmTBHeu5unsEga:D0e0dN7YEkPPmUuDG
Score

1^/10
behavioral27 behavioral28
- Target
  
  DS4Windows/ICSharpCode.AvalonEdit.dll
- Size
  
  602KB
- MD5
  
  7ca104c3e98d3cbd162fdef84edd3b8f
- SHA1
  
  d33e18462f8fefc374fb2ce286d2e176bf414bab
- SHA256
  
  2417e116ed23b3cb7ded9759bdf7dbdcfae0f7d58d71b1dd5e264f5510d3eea1
- SHA512
  
  23aaf202b7e50e5b621bbbf720214f2732ab4013dc34c12f0cc9dcca51c0afdcb0f1a696c425449767c49aafa4e834b8e4ee03c0fe48664d37a3b3ba07a3f4c8
- SSDEEP
  
  6144:TkAkAepj9cKU7RrHLF+UpC5Heq4h2Eoj51+8isj3V+oCiTfWAqjot:fs9Hh48GL
Score

1^/10
behavioral29 behavioral30
- Target
  
  DS4Windows/Lang/ar/DS4Windows.resources.dll
- Size
  
  11KB
- MD5
  
  a9b68e0c6a30fd6a12c6c2b463cb9711
- SHA1
  
  8cbde9092db0e443f6353ad3e0afd4d0f66f87c9
- SHA256
  
  7c7b59283f43107cb7094fa534db00ec4a2dd350dde7b04cc14555bd4474e26c
- SHA512
  
  729188d89dea2f351b04214094b25b4743f4dfb3c4ab183af1eb33791f1c31c8d5803898ad07e44e606324fbe1c9c4a8bf52d9f01b34801181871f272cc606ea
- SSDEEP
  
  192:ku+KU6KRsQK+n3E28i8jffmjE0xu0l3NAx33ZeHCZADacvcrVWr6w:ku+KUUQKw3oujEoBqx3pWocvcE6
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32