General

  • Target

    RuneSurvivalWin64.exe

  • Size

    70.1MB

  • Sample

    240407-s2rmrafh99

  • MD5

    9a32acea28ba21fbc7cd5abb8703657e

  • SHA1

    045359f96a5a70f07737bbbff38c1d950006af6e

  • SHA256

    63f325870a7a2a2e1a5fe26a048459a6d7095603756fd6af22a6120aa2caaa68

  • SHA512

    59894ec7ef88aefe7881d0e3e7464e1ac7f21be62abed685ed335a9d786b30ea357c3fd4db3d261b26f2119819660491b772f1539539fb66b232a8cce7e2ef51

  • SSDEEP

    1572864:R855qpvnDRD4ZauXlzztrTDzHkLzlJpJJiMDKQS8jweYrc7:Y5qJDRUZauX1t7bkXPpdZmo7

Score
7/10

Malware Config

Targets

    • Target

      RuneSurvivalWin64.exe

    • Size

      70.1MB

    • MD5

      9a32acea28ba21fbc7cd5abb8703657e

    • SHA1

      045359f96a5a70f07737bbbff38c1d950006af6e

    • SHA256

      63f325870a7a2a2e1a5fe26a048459a6d7095603756fd6af22a6120aa2caaa68

    • SHA512

      59894ec7ef88aefe7881d0e3e7464e1ac7f21be62abed685ed335a9d786b30ea357c3fd4db3d261b26f2119819660491b772f1539539fb66b232a8cce7e2ef51

    • SSDEEP

      1572864:R855qpvnDRD4ZauXlzztrTDzHkLzlJpJJiMDKQS8jweYrc7:Y5qJDRUZauX1t7bkXPpdZmo7

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      Installer.exe

    • Size

      147.0MB

    • MD5

      e18160dbb5c6bde1712946312f0f4aa8

    • SHA1

      aca5856ba273f37a76c31189d5af86c641fc6007

    • SHA256

      0e8f081f78d102ade19228c18102204516fd04e7067aba0de1a45fdeb396d035

    • SHA512

      0de5725f8bd928a9e2de0d68b9f9a6aade38c149582fed7721e3681d0f67972b1553750cc48690d6d4489509e04b217f7d10be90ccddf20dbc63356841f08c5a

    • SSDEEP

      1572864:EgGRqQdeZ4K5M0PmL0g6dKXPRYGO1QwOVnMKVbmd6LpL28nHQ5OneFBlwb:OV6msmCUhN4lS

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      LICENSES.chromium.html

    • Size

      6.3MB

    • MD5

      6e638956244aaded2c92b77f9d421a81

    • SHA1

      f5269556b6fe04cfca5a1da21af718641708a666

    • SHA256

      652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e

    • SHA512

      f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1

    • SSDEEP

      24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn

    Score
    1/10
    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      cb9807f6cf55ad799e920b7e0f97df99

    • SHA1

      bb76012ded5acd103adad49436612d073d159b29

    • SHA256

      5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

    • SHA512

      f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

    • SSDEEP

      49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI

    Score
    1/10
    • Target

      ffmpeg.dll

    • Size

      2.6MB

    • MD5

      9eaea9979eaaceb2874e898c753974f7

    • SHA1

      89fd07f1af4a235ea699006d9128b9f071d4cf61

    • SHA256

      96b6556b2130751422b836db4e2a18517733e4d92a6628dd96fed4ef7c335ab2

    • SHA512

      1ea096a2f4f533e9ca648d35e7b10cc1ab6c44f0ec8000fe55f2de187dec8ae0fb6e88a5fdff093ae6ea5334ec66e10b8201becae1ebb7471808b27b0f419247

    • SSDEEP

      49152:6YuqVaqc35GHXVNtcZ44yODvSEbO/1o/GRRpYN4MJ8eIknusyUUjkU+jLtyTzQVD:6YLVl54yODvH/ySJUiLtyTzQVkU5qkJx

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      464KB

    • MD5

      504f695201c11a3c3fea7794b2e30438

    • SHA1

      0709b6d703235b945c323fd59f72ccbe5985ab95

    • SHA256

      1b90b893e82dea90caa19eaf773dc989406b8ca518dee803053ea9359d49c0e7

    • SHA512

      dc1b4c633f728eb051adea4c18959cee9ab3900441606055eb565afecc4cba7e3c50c3fed4d058839ad1411c0195d53fdb86281af3159c1faab0a7db70467b4a

    • SSDEEP

      6144:63rGS+e87yDqHfFetvM/jvtGgJ53B6Zj8s1al2zl0ovk1S87e:AGS+e87A6eZM/jvtGgJZB6ZirS

    Score
    1/10
    • Target

      libGLESv2.dll

    • Size

      7.0MB

    • MD5

      549f919f0ba15ba2554a749d19459809

    • SHA1

      88af358173817e6da196be70c0773b4d07b28524

    • SHA256

      ce1ed0fb50875472fb3e0a9a357e243a80f374b18be406dd2d8db90da5e75909

    • SHA512

      0d1473f948737297fa54985b6ea18860cca20d437d4e978c53ca09078f40956f7076ca1671735ade0ac4e3cb24eec0388d015b7fab1a70ca041673865abeab06

    • SSDEEP

      49152:8cRs1/VOY14IRwMqs5Jbkqd0bRh7yWXSnYUIV2Wi5zi1lJf3Lnn6cB7/h2Hmbs2t:XG2Ipp9eR+UDGRSoGetN42n1

    Score
    1/10
    • Target

      locales/de.pak

    • Size

      367KB

    • MD5

      cfc9d90273c31ccf66d81739aa76306a

    • SHA1

      ecab570041654b147b3dd118829e2f7ae668f840

    • SHA256

      8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a

    • SHA512

      c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380

    • SSDEEP

      6144:F+QNkAjzYyqSFaPjON3Be0mzBWCj0Xs5HgIxBI0gql:cQLjMyvFaCN3mzBd5xy0gql

    Score
    1/10
    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10
    • Target

      vk_swiftshader.dll

    • Size

      4.8MB

    • MD5

      6de7d79b89044a3c307b84b7e77085ce

    • SHA1

      8b8f1b4391b8bd2481314e209b34ca00b0171f10

    • SHA256

      5377dc1e04d1dafc540565c2e82e80066603794e94a433e8cb76cdb2e269ccc7

    • SHA512

      1560accac1185a5ca334373d7521a1834b2d26160fe26797b135badee0f1220ab023bbaee48c69de7d8f869534d772dac31c67e19225d253842c3750a6577121

    • SSDEEP

      49152:cveyoM/h2BPSjPJEvoSNxxJanAf9dX2kcngUkomWPG2pu6n9MT5F9AZCeqx7l1ZP:WQM/agZaHt7A4P/

    Score
    1/10
    • Target

      vulkan-1.dll

    • Size

      858KB

    • MD5

      1fa7e2a7de659abf98500dad8a8559d9

    • SHA1

      e915365296802e1a2556d5b4bc12673e5d98e5e4

    • SHA256

      eb4ed249c3fba6607dccadb24e96f336dfb6106984d1e7b3c49aa00e9dbbb0dd

    • SHA512

      3f93b5495a3247dc9fd760a77d06b952f6cf1217749d9715ab3ecc4ed8816604b535332dd79d89cfa6cfd2c1abffa6a20c5c447e85c078870ccd4fd46d659dcf

    • SSDEEP

      12288:xefVW1lX8MvG9E0wsYox2Nmp6yWEaAT6bJUQzH3To+vAEir1iS:xOcTX8p20wsYHmXaATmXj2F

    Score
    1/10
    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      424KB

    • MD5

      80e44ce4895304c6a3a831310fbf8cd0

    • SHA1

      36bd49ae21c460be5753a904b4501f1abca53508

    • SHA256

      b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    • SHA512

      c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

    • SSDEEP

      6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks