General
-
Target
Ark Survival Evolved Kaas v1.03.rar
-
Size
4.2MB
-
Sample
240414-xgql6sea2y
-
MD5
819069afe4a6b35f32bf54de45bbc2ed
-
SHA1
3af19f7c7487c9a28d34ce9a7ce7f63d74a10e37
-
SHA256
8e1b12ac91081bb113f9b5fc11ccc60c83500cc21381e0508e0d98e7a78fcc0a
-
SHA512
0ff739aac6aaf7062da073ab8f06ecd8614fd2510a10ed2dd9b6e01abad263ed19e852a4094020952a3025fe02e921cc2191ed6a89a4e6e2f97954d3d12a6042
-
SSDEEP
98304:zS65TGVSdVyr06vI8jkflLuhoyLd4ImtVQv8:zS61py06vIbtSdd4A8
Static task
static1
Behavioral task
behavioral1
Sample
Ark Survival Evolved Kaas v1.03/Extreme Injector v3.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Ark Survival Evolved Kaas v1.03/Extreme Injector v3.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Ark Survival Evolved Kaas v1.03/pastedmeme.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
Ark Survival Evolved Kaas v1.03/pastedmeme.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
nanocore
1.2.2.0
openporting.ddns.net:13043
127.0.0.1:13043
ffd4cc95-d79c-48c6-8d1b-e8c63c5cc74f
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2017-11-22T17:55:28.345024636Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
13043
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
ffd4cc95-d79c-48c6-8d1b-e8c63c5cc74f
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
openporting.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
Ark Survival Evolved Kaas v1.03/Extreme Injector v3.exe
-
Size
6.8MB
-
MD5
762792c828a199a4b2612d7bb5b45172
-
SHA1
00f51995bbcda1d1b79ea75e1e35881486f2711f
-
SHA256
ae44cab415cf1f312ff3c44f3ea7854b77e0af6708c2c63ac30e3de536dfdfe7
-
SHA512
d92f0a4625985c9c4dc7a6f2ec2bc62adb89828d521025474f12a035d8ffec024957516907ab6360a782c9c3a0c8c1278075eaefc1f45338770f79a042222df8
-
SSDEEP
49152:LKhg7C6i6vIFDExoXj2kCBEFKwbd0G9h5UN3bg3fElDy56RM0QCHga85y2qjwQyo:H
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
Ark Survival Evolved Kaas v1.03/pastedmeme.dll
-
Size
312KB
-
MD5
ceeb14625db5b5a6ea5bbbefdec8798d
-
SHA1
72fffb1b5c51b3e01d54f05a31351a325739702e
-
SHA256
5031494852158b93c9ceba4cc6b97dbeaf7080f54947aa02df3ca7b7c26d98e3
-
SHA512
901bf891db17058efe0c240afcab91b75cddff34c79eb73d45c91003c14bd968c104c2f8e019ae9091980a72bef3d43ede5da59ffc3139c8f3d7a2b7d9f795ff
-
SSDEEP
3072:MjmcpGdGLLvjqExlsY84RxGHNFBsUs4wjGPDkPiG6dk43tbW6cc23Rq9rIFtH7Ct:uPPxmJWM3Rs4wjGPDCixdKc8qd+tb+O
Score3/10 -