0eec5e5a54a7255011a4c95d0d42e1d48ffa231517f6af09a130e32238c1ded7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Thunderstore Mod Manager - Installer.exe
Size

2.0MB
Sample

240404-vlyr8sdb6y
MD5

d86b475e7dca882d0f6b1a75ea5fd126
SHA1

eba225d98cd456773fd9fe7cab93879c429f6888
SHA256

0eec5e5a54a7255011a4c95d0d42e1d48ffa231517f6af09a130e32238c1ded7
SHA512

17c263d94f3474d12e01794ac4354ef1c5b3c4e093e7be94b07e368879c4b0d063425ac59da15227a16e7d3a23f203ab1d2a74f3aa02f88316cfb96cffe80be8
SSDEEP

49152:JHFO5xE87vxpsrFpIv5c3zH+PYjQs1YUNbCca:Jw7PN+TIv5AzHyYjQ3V

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  Thunderstore Mod Manager - Installer.exe
- Size
  
  2.0MB
- MD5
  
  d86b475e7dca882d0f6b1a75ea5fd126
- SHA1
  
  eba225d98cd456773fd9fe7cab93879c429f6888
- SHA256
  
  0eec5e5a54a7255011a4c95d0d42e1d48ffa231517f6af09a130e32238c1ded7
- SHA512
  
  17c263d94f3474d12e01794ac4354ef1c5b3c4e093e7be94b07e368879c4b0d063425ac59da15227a16e7d3a23f203ab1d2a74f3aa02f88316cfb96cffe80be8
- SSDEEP
  
  49152:JHFO5xE87vxpsrFpIv5c3zH+PYjQs1YUNbCca:Jw7PN+TIv5AzHyYjQ3V
Score

5^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/OWInstaller.exe
- Size
  
  298KB
- MD5
  
  484de68babd7a0e4a5add11c5b92acf2
- SHA1
  
  cc56ecd6f1b5310e553b7b63f7889a024cabca70
- SHA256
  
  41e095cd6deb6eb11590148e5c4f7543c2545d7b95b2d07734a8759be086a2c4
- SHA512
  
  9d132279e2782f0beb199318043137e2574038c92f24f2f87217da4f60423514a8051482556657f893300c1e527aa0421877591fb327b49d1bc3d8e516a86096
- SSDEEP
  
  6144:MpftR0i7ndZxGTn1apjfSPAlXQX5XF/UsvRnV09bFmoSIm90002q2+SEplmLca:MpfthndZbWAlXQX5XF8svnxoSU0iSo
Score

5^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2