9ad4fd61eb3e523393b887cb6b17ebc5831895bd44f7787ba3b0316ba749a70b

Sharing

Copy URL

Twitter E-mail

General

Target

PapersPlease.tar.xz
Size

31.8MB
Sample

240326-bc995abb49
MD5

1c166aa6610c56d6dbf17ba1dee7bb7d
SHA1

4a9605176019d9f1161f85fc4925f728482c6784
SHA256

9ad4fd61eb3e523393b887cb6b17ebc5831895bd44f7787ba3b0316ba749a70b
SHA512

7c5bf69995db1e74738a9a92e9aa71890338fc2cbd44520d7246a1305553fc2921019675de7742a1844fc8246fa1c304cc7adfc08622d7483150a577229758d1
SSDEEP

786432:Lb9BZNDR7mftItPIjnAgNWP9BXOmqLnbYm3eCse5WD5I:FBZN+ItPIL2TI3Ym31V5Wu

Score

7^/10

Malware Config

Targets

- Target
  
  PapersPlease.tar.xz
- Size
  
  31.8MB
- MD5
  
  1c166aa6610c56d6dbf17ba1dee7bb7d
- SHA1
  
  4a9605176019d9f1161f85fc4925f728482c6784
- SHA256
  
  9ad4fd61eb3e523393b887cb6b17ebc5831895bd44f7787ba3b0316ba749a70b
- SHA512
  
  7c5bf69995db1e74738a9a92e9aa71890338fc2cbd44520d7246a1305553fc2921019675de7742a1844fc8246fa1c304cc7adfc08622d7483150a577229758d1
- SSDEEP
  
  786432:Lb9BZNDR7mftItPIjnAgNWP9BXOmqLnbYm3eCse5WD5I:FBZN+ItPIL2TI3Ym31V5Wu
Score

3^/10
behavioral1 behavioral2
- Target
  
  PapersPlease.tar
- Size
  
  76.1MB
- MD5
  
  ebcfb6c2f1887e05da3376bd15f49dc3
- SHA1
  
  2f49e6c4c011127f9f1fc51178f6c320fbb9b377
- SHA256
  
  6b1cc20661a18e881673801c5416477ae23af79c6c86cb2037ba210b45b30fd8
- SHA512
  
  c2a7f57b0f27743842b523aa62719bdd0a9e71ae38cb0d07682052671ea6d038b9a85c54662133291385a68774f9f03b06d4261d02d4a9c3e458c7a63a239f23
- SSDEEP
  
  786432:46nGIZlz2ARzv8jiEjADwAjP9DCgimI9hxiYUs9xjJNQLB3cM+6pPxn/YoBvymW2:4yamaZADnZitxzUs9RQ6VgrBvO2
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  PapersPlease/PapersPlease
- Size
  
  26.2MB
- MD5
  
  fb92f1791e4c2e01dfb92cbc6244ac1a
- SHA1
  
  3006cf5b11ba3beba67dc77575ffaeb8a74e4bdb
- SHA256
  
  3f248bf8020cfe4ce9e3d2be9c87c7dee7677234fc136d09d7a9c48a6171bed4
- SHA512
  
  7dd3dc4b46ffb23b519558bc9e10c14cf894e97bba729654c465f434295bcee22220e439906b1ebf23f595486b0a7be84da47481661a46cfcf1c69355739cdfa
- SSDEEP
  
  98304:700i8C+OjJJqR5/Nj4vFWhQZks8HhOuv0qap/l3CiAfyFuvNPtVxfyCSmX+M+fBP:KnI54aGk/hOPBk1VHeoCiyaIpWsn
Score

7^/10

antivm keylogger
- Changes its process name
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
- Reads hardware input events
  Reads raw input events from the evdev driver, possibly to record keystrokes.
  keylogger
behavioral5
- Target
  
  PapersPlease/launch.sh
- Size
  
  124B
- MD5
  
  2e0d1702375414ad4ab43f00e7cdcff5
- SHA1
  
  aa6b1605b59fc390a77f6af81eef9724a4ab4024
- SHA256
  
  9730ce7e157e3bdf990a8ae8c1afa17e029ce07495ef114a87e224dd9bdf7270
- SHA512
  
  e95cce117eb005a4ea5837665ccabaee84b4b61f3eeb06443da146acc31a9a4de55d99f1d2b7c2a2a0fc21d26caccea82a4a202aeeac22b994944f3168b0de03
Score

1^/10
behavioral6 behavioral7 behavioral8 behavioral9
- Target
  
  PapersPlease/lime.ndll
- Size
  
  11.0MB
- MD5
  
  0b9d2fb07127d5178c436cfe7a15cf9e
- SHA1
  
  433f344ce64d193e45b346a04d21731cb0f7a627
- SHA256
  
  079566cc233807235ab1d1fcee5d989e45da242f92a331dd51d26e86255e1f75
- SHA512
  
  64b6f2d27f4890277dcbb5277d56b726a2b5b74ec7c6b11bf90377819c480f8ff8eaea2f15c3e45de4d7463d14a2bdfaa772bc999d3977303339032df95252c3
- SSDEEP
  
  98304:yMqt48CArRRv/q14p5/f00hpDfFQ18h79uZXDS8yRyzTU3SE/iH+4Ao2KB3O5wzv:DqBYVE3QN/hRqsX
Score

1^/10
behavioral10
- Target
  
  PapersPlease/loc/de.zip
- Size
  
  543KB
- MD5
  
  32522d826f4b6733beeb4cf36e584af4
- SHA1
  
  a020825fc6fadbfa8f5dded19a218bf5b8d585b7
- SHA256
  
  3c78b6a8474e53ee22343365436d5611e10f568a521e27a8e4c3e6151ad3dff5
- SHA512
  
  9e2ae8703d6e41bb11b4b7b17f99596efd7ead6d4aa699b4e89e9e2d0abaee24a19497efcb907e5fe47b60673ac0132162c4e4e1f40b938891bb1c0da33c6025
- SSDEEP
  
  6144:DlUP8pfTtyWzcBNv4vJZo84iWTEc4D1tZPm/tL++hWnrLsj79VKRtZ+GW0TJqSV:QKrtfzcSJ5dhpm/5++U8GGGWs
Score

1^/10
behavioral11 behavioral12
- Target
  
  PapersPlease/loc/en.zip
- Size
  
  519KB
- MD5
  
  ecfe16f0a9b3095de1d2730de0e487a7
- SHA1
  
  f13e2ea9f9ede890f482c48aeeafc59b874bf397
- SHA256
  
  afc5e696545bde3513747c4bf5de7092404fd7b72e3cf90099f948f3fc4e6d99
- SHA512
  
  065734bde7728fcd962689bceda8333dea06e3b1b9ec8077a85acd57f40568baec0defc9c2d069ddac66b991f0e41b677787f4475125b848bae54ffbc8d5b031
- SSDEEP
  
  6144:f7Xj/8pfTT1lUy3tanW3lA5v3EtG5otl7ObpZUOn/jVNQucnMvMnOtG:fTrKrT1lt+WlA5vUc5olCt3nPQzMvu
Score

1^/10
behavioral13 behavioral14
- Target
  
  PapersPlease/loc/es.zip
- Size
  
  537KB
- MD5
  
  98aaf2441c010883c4d6849d2e6c6447
- SHA1
  
  526a756d2d97e4daafb5588046c8098a7916050c
- SHA256
  
  69386cfabe0ef6122802571d850f122c5f89757b3281165a0b2569f086eac28c
- SHA512
  
  5f116e6b333b06b1e6b33c1f2c49381fd495a631544544ec47a4863d0532ede717bda327addc774b64ada9733f3b58453e6bbe07b84c81269a9d586546d13154
- SSDEEP
  
  12288:xU2x6XwwwwwwGKNL+ko4Ri4SR+F2B9Iu78rV5q5wq1X:xdGLRNSK2BH78r6/1X
Score

1^/10
behavioral15 behavioral16
- Target
  
  PapersPlease/loc/eu.zip
- Size
  
  522KB
- MD5
  
  d68ded64852873b202b0e734510ac833
- SHA1
  
  3817748ddda1654a626d974810a9b34f83fefdfc
- SHA256
  
  5740868ef031081bfb5eba456edaf8debfa2888bd2765f52856dd34cf9938a86
- SHA512
  
  0838072c3ecea8b5ca1e2e0ad5688767047d5e7dc86ff007b76389c384f02dc6b55350eefc3e28e765fe9b1113262b986fe1d00e71e1aaf7dd84895e4f8f03e7
- SSDEEP
  
  6144:G8zAJ4fQ8pPWxnj+FmsObqmx+GV303X/Jd7RsJBdgxxXLi7LTLi2ucrYO6p02vm:G8wXKPWxj6yqmx+MsvP2fEM9uc8O6p3e
Score

1^/10
behavioral17 behavioral18
- Target
  
  PapersPlease/loc/fr.zip
- Size
  
  547KB
- MD5
  
  0ff93943dc7f362837ae3dec5734060e
- SHA1
  
  746debcbfc4098b5224b62e7301029497b3b5f42
- SHA256
  
  d688877fb693c379546faf61f7c86fb0ccc9440a77343986608760dc126ea041
- SHA512
  
  1a72e1303c4df259bffba48968ca3ddde0c754106f7b19a8f61b2263225a831e0949d20f160b8fefbac277a4e7154f9e888835a61532afcd4d43a361e76a022d
- SSDEEP
  
  12288:na4vdtK2RLc20veFpjPswA0lHuN5KYpy8:nX2KpLSL1
Score

1^/10
behavioral19 behavioral20
- Target
  
  PapersPlease/loc/id.zip
- Size
  
  523KB
- MD5
  
  93f791654e3471a839a456be72b755be
- SHA1
  
  7a973a1d016b15a218f02904104ad3f65931ec1b
- SHA256
  
  7a27cbd932e2216b1bba3af29d57eef9fc3041f97aa9e7526f03f5cadaeff446
- SHA512
  
  ad4d2e71d5bf473f6a6d7766b3a6a974bfa0c5a52c70cc6c8ac0a225c1c3fe39a8b3099920a1e13ab75e6d726d01b65807e440253ea4810bb2c775d408e77111
- SSDEEP
  
  6144:c6dVixEbJJ/DJ1Pd42Cyd7fv35dPQcaPVocROqxCDGMflI3xX7svC:5VikJNl42CWf/XQcaPVVhKlIBKC
Score

1^/10
behavioral21 behavioral22
- Target
  
  PapersPlease/loc/it.zip
- Size
  
  527KB
- MD5
  
  b5039aef41ca677e4d0644b5ce787c4a
- SHA1
  
  0585a6ac531256d7178fced9aae3d4da18e95d88
- SHA256
  
  387ab0fd3a7be3857e23810007b34fa67e997fca1bf4d38bc2265ae1544468bb
- SHA512
  
  9141fdbe7c9904fc8d4ba7d2c8f5fe0f787412b975cf338724b3181c30859af019586900a9c71f1e9bd818dedbbcce8ba31f45a4b248f9efcfde9b81249da994
- SSDEEP
  
  6144:LTt5g8puYD4TIerY4YX9P2+3KVeWZctqVlw54GpgcMDBycD6FGClzd+ymR/yHW7G:LToKV8TtrUp3WcoVlLGQDBHD6sBK+SjX
Score

1^/10
behavioral23 behavioral24
- Target
  
  PapersPlease/loc/ja.zip
- Size
  
  551KB
- MD5
  
  89116673240a9cc3c0d18c42faba844c
- SHA1
  
  dcca476c02f66ff779fd0f3c2957cfed708ced03
- SHA256
  
  f56ced4516551eb0e05f7ddb78d69b838050dcdaa284f96a0f50707a4c44fb33
- SHA512
  
  153ab1fba6b0ecb0a5705fa34fde0166e1e2e052a7b25f2bb02169bc9cd2b2cc9a56faa4548ba1362bab5dd419d244e0734652526153068abc8b5043c91dff6c
- SSDEEP
  
  12288:CEMKE+K0WDIWgfD4u0fxRCLj/HD/HSuXAEjdglFimEYt5Q:Oi/LnQxILj/HD/HSuXAEjdglF4OQ
Score

1^/10
behavioral25 behavioral26
- Target
  
  PapersPlease/loc/pl.zip
- Size
  
  354KB
- MD5
  
  1e4d3770fc077b17b994a2e1a8bcfdbe
- SHA1
  
  88663b7afb58afcf4ecabf081ea2ec88dc2a8efb
- SHA256
  
  91d812f36d61ea5e21e275a1e7fc63f85c306f8c54c56a6d72f151c037632b04
- SHA512
  
  5085923d21783a48bd621f05e54188f2d80abae8791c0cd44cd5b7bc46ab93d67784c71cb61d2e31e1f813b5287d8ac3874292be77584678a9c6a87c96017ca7
- SSDEEP
  
  6144:QJifdyOkgEKFhnfrl0n5KNPGrY7L+I0xJrewXY:2iwOkgLFxTGn5KNPaY7L/0xleqY
Score

1^/10
behavioral27 behavioral28
- Target
  
  PapersPlease/loc/pt-BR.zip
- Size
  
  530KB
- MD5
  
  ca139a95a49b1f39da2b28f5986288f5
- SHA1
  
  e7f439f5c9b64a219e0e57a8c6abac6cc4350c69
- SHA256
  
  e9c87a1d0c957e8df97736f8e4aa33fb76f12b075a34f23d31fe38a24c8ec4f4
- SHA512
  
  052d04f31e2465c5f8ae32aceb0f7be1c1bc6896d55b161a1f005b09fdad5e35011e46c256493ff91c53ae2ee544ef66f99b8f5cbae02a636816a08c8fed9ee9
- SSDEEP
  
  6144:G19aU8pkwEVH3CgPzfuD3oEKiIEFQXpjtQfnKSDCvP4jtP9uuXyllJiWRvec16l1:FUKkwEJxzmruiImQFtQgvqP4uX6VecwT
Score

1^/10
behavioral29 behavioral30
- Target
  
  PapersPlease/loc/ru.zip
- Size
  
  580KB
- MD5
  
  4177988d45643170d3f5588575462581
- SHA1
  
  d8ef32b35775d7a971ab9d89d236f9c1e7da5fbb
- SHA256
  
  613bdbc17ca9eddbdd8c02118b09a671490adf447b99a1f1a10bc09643f147bc
- SHA512
  
  895e34c329ffdcb485fe62891d29f923c1c198dd75a9fb6cf1f22d5c64cda889f69136216718c5443c8ac8607d07ea4326688f1f717eae9bc845ae3e4c9f594f
- SSDEEP
  
  12288:6Kg8bi+Gctc6QBQrZYQ9F5w50izuvKnyuK8f029/qB7Kd3DiBJWWEKq5VDGBnLTS:xg+Dtj+GZg/J
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Changes its process name

Checks CPU configuration

Reads CPU attributes

Reads hardware input events

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32