406a23ff989e9ea29398993c0842f5a0202c3cffa54ef2fa21798767624d4719

Sharing

Copy URL

Twitter E-mail

General

Target

MODSKIN_13.10 (1).zip
Size

2.3MB
Sample

240316-rkrezsee83
MD5

1f82c8b99b9702629881ab6f7b53c891
SHA1

907cb606838e72e329f7e4cabfe17569630353a8
SHA256

406a23ff989e9ea29398993c0842f5a0202c3cffa54ef2fa21798767624d4719
SHA512

fa60f63f26eff7b177490d6db45adc7d235fda2b7ea25110a53cd830222a2a6e16c9bf0399824159833b2cfcf392684b06c4b88fe0c281101d823eff00c1ba07
SSDEEP

49152:F6SSW6vM3RQD8V2v1IYZaA9TungduRztl3zcR3GXxniC67TTgf4NL+CfJFDl:4/k3RQD8vo2nbRzzD5BniCjfUBJF5

Score

7^/10

Malware Config

Targets

- Target
  
  LOLPRO 13.10.exe
- Size
  
  449KB
- MD5
  
  420dc8123043a54629f25adfb1cff776
- SHA1
  
  fe54a1692343895742c6f043508d1c1e3913897b
- SHA256
  
  3c08ff244314007374e4f36f88f876b8ef650c6e039d1df6a2c39948f742578a
- SHA512
  
  f08267ba0a2fc9ad8e3bd74ace74d0415097c1a14a433190fe6ac9edb11dc4ae59ff10eb4083d6b3087245c25fad4c85c28220b5f7a962a4e466518110f11c42
- SSDEEP
  
  12288:rBBbTe4jix+DsUp6BOaX8nfM3qEpg81EPC:rBNBe+Q5X8nZMg8n
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  Fraps/LOLPRO.exe
- Size
  
  544KB
- MD5
  
  d1cdf07b0a0587c72b55146081b0464c
- SHA1
  
  8358e460c9909087750cc121c057ec65321a0f19
- SHA256
  
  4623511d7ad5912be5ed0c89f9227d65ae6309dbcb9f4c40fdcba90012261cf1
- SHA512
  
  25c43884a9313d0041e181bf5a0b91550ad5db9c9552bee9b61a25ecf55e9b10ffc321f4fb0308bb08654bae1218470c82e479a6dcd7a10b16501f6526a06382
- SSDEEP
  
  12288:gtqYAXhL0Kg3bWC9wFqV/Y1lh/pg81EPC:KqzL0mC+FqUg8
Score

3^/10
behavioral3 behavioral4
- Target
  
  Fraps/data/Lib/Lib
- Size
  
  137KB
- MD5
  
  8b5a4327dd67b631985471019c6229bc
- SHA1
  
  777c00d8a8569738ad6fb8e04eda26305adfe278
- SHA256
  
  393f97aae4086bf5f0b0384f21be82f72f402384f3cb2ed27466573e5706e94d
- SHA512
  
  01e428961720e6204aa4bb33ea04f153f670a0ec47e8b99cfbc94b2d8d7ba153bb17fdaeb5e4c6b14dd7e4b538ca5c980768e5208efab95bb8d53ecf3e7bd4d4
- SSDEEP
  
  3072:kX0BpBQhnSjU3li1eV6cYkAVHBP2zHTszIxXVD1L:RHKhnt341e5ooH0m1L
Score

3^/10
behavioral5 behavioral6
- Target
  
  Fraps/data/Lib/Lib2
- Size
  
  123KB
- MD5
  
  071433e2dcb08f63c1d74fb5f709bd34
- SHA1
  
  2f93354a307b37ad23eb2bbe7d8d1950980becbd
- SHA256
  
  df3aa5de7ae2e47aeb2b0db06ca0860ddca0e0518a91ce8fd2b9586ae3972c40
- SHA512
  
  842a4c906245ecf875e5892abe3b47e79b64040d5352269da93489f662ba9a710524d07cf4e053b44ee4c60e4315fa3056351ce5944f56a79986e49303a2e75c
- SSDEEP
  
  3072:zZP3eMLyZFKwcRI4CFvIa1h4UjEkMxZVYzxe:B3eMLyWw2I4Ynz4
Score

3^/10
behavioral7 behavioral8
- Target
  
  Fraps/data/Lib/Lib2.dll
- Size
  
  208KB
- MD5
  
  9eefb97a2fd4bc1d3c43db1c86033b00
- SHA1
  
  ca03c90a99fca4360213869f1d1d06075bcba44a
- SHA256
  
  9e17951c529144886b1b7c36df7885033258528c795ab2b606e95d364c519f3d
- SHA512
  
  900977b8be48dbd2ec233a4b9a9e73598a2744c4e6bf95c7e64a61c0888390cf8b74310c025f3398d2666c867d44c353df50a81d0b403e8bd948cf547303fa4e
- SSDEEP
  
  3072:BVoWeMW1/5U/yaRisXt48Lj7oW8SA1AKl0Ckq0Dq88mIilWpoZ+3bbjko:z9IxWyapX3LjMWYCKl0CTeKmMM+J
Score

3^/10
behavioral10 behavioral9
- Target
  
  Fraps/data/Lib/Lib5.dll
- Size
  
  97KB
- MD5
  
  eeaa4f54953ba5b601ffec89cd451a70
- SHA1
  
  29126eb0895223a176781f8b025165669d7c5de9
- SHA256
  
  0d60d9bd7b8bdfa0d5623aebfe5684c8e29c305a4ee590e3933effa8cb7664b0
- SHA512
  
  9a33494e203444576991767d5c83a33a13068764e4c5da58714f60ffa3421f8ea940c26423786586eaacc29aa4317ceae0cb80b5937004f00a89ba6ca6b01ad1
- SSDEEP
  
  1536:y1rEn2kxYT233UJec6lre5j2RUTYaKbF7GykTWxsWMHcd/MAuVOLM:y1ry37c6lK5j2Rg5ykN2/nuVO4
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12