4191ad6b7c669b7566bc56bb517b9a080c2a1b7c6b04c3a9bc48a845c440a433

Sharing

Copy URL

Twitter E-mail

General

Target

CuratorSetup.exe
Size

129.5MB
Sample

240418-fzfq9acb79
MD5

c9ade8d7f83b0c6a7b2a2c1c17f48e7c
SHA1

12886ce21abd1715310fc46f4922c0b18bfcf706
SHA256

4191ad6b7c669b7566bc56bb517b9a080c2a1b7c6b04c3a9bc48a845c440a433
SHA512

91e01d0300782af848930f4e64bb6362957139a577e65023fa0b98daf83d28222b33d2ab725948c2fc3d47023b9d68a29ef7ebf40d83e3c63a5a2cfe8e3a97a7
SSDEEP

3145728:DiqMFwmMBGxEdO1GrVI/YTNfNbgNmbT99ztJciv6gqMsg:sFr5mSCfNYmbTLpv6gvsg

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  CuratorSetup.exe
- Size
  
  129.5MB
- MD5
  
  c9ade8d7f83b0c6a7b2a2c1c17f48e7c
- SHA1
  
  12886ce21abd1715310fc46f4922c0b18bfcf706
- SHA256
  
  4191ad6b7c669b7566bc56bb517b9a080c2a1b7c6b04c3a9bc48a845c440a433
- SHA512
  
  91e01d0300782af848930f4e64bb6362957139a577e65023fa0b98daf83d28222b33d2ab725948c2fc3d47023b9d68a29ef7ebf40d83e3c63a5a2cfe8e3a97a7
- SSDEEP
  
  3145728:DiqMFwmMBGxEdO1GrVI/YTNfNbgNmbT99ztJciv6gqMsg:sFr5mSCfNYmbTLpv6gvsg
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  MonoBleedingEdge/EmbedRuntime/MonoPosixHelper.dll
- Size
  
  762KB
- MD5
  
  46927e70f6f73aa2e110af600a59ed88
- SHA1
  
  c13246aaf3dce9a8677e293af99ea7f4eff46215
- SHA256
  
  210b5bbe9172ee7db18c42d4b7988c0d3a12008b83e0e9a3fceb69dd44aff35e
- SHA512
  
  0c17f3d561bc61ee1a948aaae260b5afb4a691c65f0fa27a6c860597c656e64eb5a45cd58180b4dd80f90b2d216c2ea7d1b4dda2d5c9b184bab7831b2a6f3746
- SSDEEP
  
  12288:zDO9tW5xZpTCJvEFvN9TH+m36rm+QFk0Po1TnmfqXbymL:OILZpTCJvEFvN9Tp2DQFk0Po1TIqbL
Score

1^/10
behavioral2
- Target
  
  MonoBleedingEdge/EmbedRuntime/mono-2.0-bdwgc.dll
- Size
  
  4.7MB
- MD5
  
  f31f7861d56b642547233cd7c020e687
- SHA1
  
  7160d16753d37c3887bfbb62042aa07297081ab2
- SHA256
  
  0e0f8efc84baeb98d4c7668189988d4f21133fc30543abd816898c82520e70ad
- SHA512
  
  d82574d6f3ec2f70be76359f88ffa796481f18c83309ddb48b0ca5a4ef542be7da45fee9c948d6edb075f5282025c165737979d8e0e16b059cd100baa0e58efc
- SSDEEP
  
  49152:+U2KRXUAYDzygTPmSmIlii4/m97PZ9nzBgTDWn0yiAOv1ia0Tso82XbGpc/rMeLK:DRlGp4/m9beOn98iaQyufLWJFwCQqn6a
Score

1^/10
behavioral3
- Target
  
  MonoBleedingEdge/etc/mono/2.0/DefaultWsdlHelpGenerator.aspx
- Size
  
  59KB
- MD5
  
  f7be9f1841ff92f9d4040aed832e0c79
- SHA1
  
  b3e4b508aab3cf201c06892713b43ddb0c43b7ae
- SHA256
  
  751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
- SHA512
  
  380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
- SSDEEP
  
  768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score

1^/10
behavioral4
- Target
  
  MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.aspx
- Size
  
  59KB
- MD5
  
  f7be9f1841ff92f9d4040aed832e0c79
- SHA1
  
  b3e4b508aab3cf201c06892713b43ddb0c43b7ae
- SHA256
  
  751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
- SHA512
  
  380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
- SSDEEP
  
  768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score

1^/10
behavioral5
- Target
  
  OrteliaCurator.exe
- Size
  
  635KB
- MD5
  
  f42024f641f5fa36b4ec8b7646cd737f
- SHA1
  
  38d0933b5a0ab5a66bd3b9c13518c8f0eeeed5ba
- SHA256
  
  e1a6ebc1df855faa253e4c52fc7cd8455866d1abcd88d0c09c8eac441f878602
- SHA512
  
  d6eacd342cab364a547066a91269c84cb780062df44125116bb11cd7a3f62d2fbc45b9a3276cecd1df772e7457875bc021a2f6276475256b3bc471a0e0602ead
- SSDEEP
  
  3072:oys7oYfSbbQTLWuiUg7VsS4jMJN0R+fSggy2h03o+K:o/7oYfSHQPWTUg4/vggy2hAof
Score

1^/10
behavioral6
- Target
  
  OrteliaCurator_Data/Managed/AGM.EdgeDetection.dll
- Size
  
  7KB
- MD5
  
  5bc9cf8e8de058009da4a6359c8bb393
- SHA1
  
  caed7fb89b1e764e4a7063c8bef4fa9fb6c50299
- SHA256
  
  76003f3afc482479b9012cf96cf996923048f9d0b2594783bf9fd909437fb493
- SHA512
  
  6a8e9c493255d9542ddefb236acb9b7c8f66d2238225b1dca476f7e52888316980fc47b809f838dea35fb0e7b91737936775309e0dd2530882a4c7ab256cda79
- SSDEEP
  
  96:iYvYSVFJNA3PKxBWRPFmpPPoWnvrGGbWsHG5wkuC1Q+ji4Hfo:1ny3PDPFuwWnvFasHGGkuCuY
Score

1^/10
behavioral7
- Target
  
  OrteliaCurator_Data/Managed/Accessibility.dll
- Size
  
  12KB
- MD5
  
  63c434b864ff270ce9fef43917dc8621
- SHA1
  
  bd0a92569b2a14f52bea0dc52fae7238332c3b8c
- SHA256
  
  c36813bdf03fbad922e6558756c3cc2956e6f74457003947fa4e91952445e19f
- SHA512
  
  0770253b619a3f5b8154aaceb924e7c97fabcbc33a84db636662c3f8d24ac0967ba479745df6cc0e0b8e38483d2c93164540eb55ae3add512675360e88b125d3
- SSDEEP
  
  192:b1n3RPr/jgUiix4ix4eJFBRbl9KYYoK3ESmMadMpCNSeFU:h3p/jgOvRbli3ESmMadM4NhU
Score

1^/10
behavioral8
- Target
  
  OrteliaCurator_Data/Managed/Assembly-CSharp-firstpass.dll
- Size
  
  549KB
- MD5
  
  87eace688bd426b3e32d3f2f2c6f8b10
- SHA1
  
  316a754ec21cadebc16598007a55ec4e64451fc9
- SHA256
  
  7aa2c4846293fd9eb01c51b69a630161c9fdcc8d54d33099d794ceeb80e87aae
- SHA512
  
  1a5bcb7b7bd071b450699574c81c16140fe73e6eae470c9808d19757c02054e301aa78322eec0409f5f156b98dc10d7856b6d9cf3277e42edefd822e3777a020
- SSDEEP
  
  6144:K3BeUcYqGYqrEzVi5OXMo7qPwD7eixjLQPDpCIWR7GLd5YjZZPzzu:K3LcYqGYqrEzVNcwDbpLQrpCudAzS
Score

1^/10
behavioral9
- Target
  
  OrteliaCurator_Data/Managed/Assembly-CSharp.dll
- Size
  
  2.6MB
- MD5
  
  3a3c7b0c6d14d4e0421b1926ee17632a
- SHA1
  
  66587d0fde1fd28c13f27fc5e9c1a649a1d8a65d
- SHA256
  
  cf645909854666afec91f795b72d5df4f471fad2934e80096359ca3093e6fb06
- SHA512
  
  41cfd5f658cd337c0e724f94160b1fd14826a62aab71d61503a85568626f7e573a5bbd242f332cd3b976e9963996723cfea0a31f292b31776df991959a54bc1e
- SSDEEP
  
  24576:v6eSGRG5kbpS31cQbvS4NiHdsJE4USZDMlNeM1IgtEZz3MuXxzkF:ytIpa1riHdsJp2EgtEZz3MuXxW
Score

1^/10
behavioral10
- Target
  
  OrteliaCurator_Data/Managed/Autodesk.Fbx.dll
- Size
  
  336KB
- MD5
  
  72a5c877e64ae65a9d08c1b802e8874b
- SHA1
  
  6d718fdeb9efc4d59289be5232fd3cae72607edb
- SHA256
  
  b98b797621e1d550f95e567f4680c86ead17f03b4a970de65418ab3515017b30
- SHA512
  
  0df1aac440b22832521783b130a7ef0b7bdcaf8ab5bb4c14908cc63a427a42a60c5a9a061d3d5728c0cedf08750ea5ab7874a351cd699a488b4f12b889d288ce
- SSDEEP
  
  6144:QZG301V5u+/AZuWASRXck9ItuLbmebBXOwPxC:QZG301Vg3XXvbDXOwPU
Score

1^/10
behavioral11
- Target
  
  OrteliaCurator_Data/Managed/BakeryRuntimeAssembly.dll
- Size
  
  21KB
- MD5
  
  e6a45004e5d63eb9fdd58f254cd3bb3c
- SHA1
  
  c0dbb84061d109118d6e635d25ff9372e2c0c0fc
- SHA256
  
  eefbd8329f229df4f6dee73689f38a012d9f1ecaf96f95e501f5493c9fab8580
- SHA512
  
  28d6ce1a57a106a7bef9e64960697583df99656bf2893c44a594216c4f5fee95da6705ed657ab2b345a66eef1e0222e9ace0e09c8227317787adcd99231b79dd
- SSDEEP
  
  384:AWMXoiAYNkU7y6eGpnA0kKE0laDqdHSZAXcTRtEQw35:LMx7GGpnzE0I26RA5
Score

1^/10
behavioral12
- Target
  
  OrteliaCurator_Data/Managed/Byn.Awrtc.Native.dll
- Size
  
  271KB
- MD5
  
  2657b10f3193da16b40e79e79218d793
- SHA1
  
  532924f0021b146096cfe36255137f4317291cd8
- SHA256
  
  575b34f23318af1da14013cadaf44c6207aa9d20bcb4ea87650c0278fbeb608e
- SHA512
  
  8b6ca5dfa101992e37c600a688dbd058b81a546fa86c3923354f8ae7de4ab9c898da49906bdb0d6326cd29a3736a0a3dbd1bc82f5fa3dcf6cffbcbe97c44b4b9
- SSDEEP
  
  6144:6gBINl6jmRTEqfHMckb4d88BmjvDGKY+JJFyiVaSDjFqBmiwVK:/Lj+kY88BmjvDGKY+FyiVaaxqb
Score

1^/10
behavioral13
- Target
  
  OrteliaCurator_Data/Managed/Byn.Awrtc.dll
- Size
  
  38KB
- MD5
  
  8ac468a1d02e2c739ab58d50534bac71
- SHA1
  
  6b1f301ceadd1854df1e10a08fb4df7a71037d5d
- SHA256
  
  52e3d0413891ba080d38419b688c1d26d3e51ea52a48454d646f34d2aef892b3
- SHA512
  
  4654c67f084571766b95efbd65c865b3fe6cb8fc22b114fe4b2d31d12709f8fd922be9664232a676a50696eb59b034d7e8b658efc5f14f7131756544bae755bb
- SSDEEP
  
  768:26klSOdwhUVyi4z4fddyd20OS7cHdNXwNKgxbYcU6OK+2EQ5SE1Pt:2PzACRfddyd20OS4HdiNdTDjRdF
Score

1^/10
behavioral14
- Target
  
  OrteliaCurator_Data/Managed/CTCommon.dll
- Size
  
  29KB
- MD5
  
  fa3da413aa5494bc571de2f8bf85bb0d
- SHA1
  
  ba8dffaa95a559e2488624f7406355707b507451
- SHA256
  
  fcd31ef253fcc46d39d9f98f59d31f1ef509fdbc55fca0968d49321d209deae1
- SHA512
  
  b254616b4274636fa326493cc616690e2628fb82d1ebc6e32513303bbdcb56ed07091efd46144d9cfdc3024dde1f37ba16cceac60df4869db534050bae4b1150
- SSDEEP
  
  768:JxC+V6BcI5G5hfD+sGFuKlFx0XA10GDG6Kg9:JxC+V0cDqs9K9VSEL
Score

1^/10
behavioral15
- Target
  
  OrteliaCurator_Data/Managed/FreeImageNET.dll
- Size
  
  184KB
- MD5
  
  432255e2a0bb228f71418a1a3ecb1d71
- SHA1
  
  bf46432a07d25ce9d3f1e5b4e9b29f9f8267ad5d
- SHA256
  
  b3b80fcd6d324067586cbcfdb8005aa199b3a8f49b2b40a7ff163ce33c3bb4e4
- SHA512
  
  aac9665a4e30345e2561fa6eb3947be1791224fcebc10f786eaae5cef18e25c212d6de3dbb75e2d561ab58383ebcffc4e4685f435f97d35f1149ebd2a8bfa13a
- SSDEEP
  
  3072:gPi0lzljXMyJT+nfLdiKeYROPgvR2nUHrKQHu90O61IMrDXPgE0T74j+tgNni:g0pMYROPlULKQHuA1IMrrt0T7ftg
Score

1^/10
behavioral16
- Target
  
  OrteliaCurator_Data/Managed/I18N.West.dll
- Size
  
  64KB
- MD5
  
  5451644427598009786cc1cfc09c64d6
- SHA1
  
  f2cbf24675ac08d6234d13ce2e28b5ea62f9ef18
- SHA256
  
  405304b9ae0d11e51961881ec6beb3ab790daac88aa4be246e1ee5e99c20e240
- SHA512
  
  33d3730d35639b359f3a2087b2ef27ca57aaa03b88ec7d0726220c108e643d447db741210c5e5eb5b7bc1ab2636db311b0869089e8e72534e3131c77f5b4b844
- SSDEEP
  
  1536:VJ8AQKyrB4Z9aLBxiNxBxwgxF4A1kAbJ:HyTK
Score

1^/10
behavioral17
- Target
  
  OrteliaCurator_Data/Managed/I18N.dll
- Size
  
  31KB
- MD5
  
  4f87c674a2456c93cbf9b01750e4ce23
- SHA1
  
  df4970874d128c881a9b9c232aa035a9de0d1e3b
- SHA256
  
  aa451cc2823c4e93d451d36b4f00f9cacca0424e4d51825a9f911f53c6b80276
- SHA512
  
  12e4ed10d261666e7182a4100ce95a5999607c3f8bcf106f8df0e8b614a9d2dcccd6804e0f671f60fef0ddf14eb72e107daac6433ac6d6ef9ee85634957ea704
- SSDEEP
  
  384:Q7xdyXVX14qDa8Kh50RAbqYfbCyMqE3BVfaOfX:Q7GlvHYXbqYfbS
Score

1^/10
behavioral18
- Target
  
  OrteliaCurator_Data/Managed/ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  c8164876b6f66616d68387443621510c
- SHA1
  
  7a9df9c25d49690b6a3c451607d311a866b131f4
- SHA256
  
  40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
- SHA512
  
  44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1:GibqI59PpOPf201/z7p
Score

1^/10
behavioral19
- Target
  
  OrteliaCurator_Data/Managed/Mono.Data.Sqlite.dll
- Size
  
  163KB
- MD5
  
  c3f45469e392a105cffe6ce007a54a61
- SHA1
  
  bf0edef3a0cb5fc35920497a108600d5625b869a
- SHA256
  
  5cfd7d5e444ec8d53755d4d82220524aa455f34b87a6f740b984d50465d76d4b
- SHA512
  
  d2fff88539fe6999ea428416cc153500f9ba5c2d130888853bec3568b1599b60d84da40fc3b7f08d4bde439c2d2500c720084064f92277a2ef16840a7cb83ff9
- SSDEEP
  
  3072:9b4Gh78nIXk4uuIgZUHfdNQFNFGFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbz:9b5qI04uuIg+H7QFNFGFOFwcGF6cmFWt
Score

1^/10
behavioral20
- Target
  
  OrteliaCurator_Data/Managed/Mono.Posix.dll
- Size
  
  207KB
- MD5
  
  72c9ea78101c493635c0f763d1795d7a
- SHA1
  
  c04e331b6415bf566e1aa26550bf794651704c7c
- SHA256
  
  a33abceffeaa6b6d5dbd2cf77210daddfe331ed40eeae4cea3c5efb0c0db2cc0
- SHA512
  
  4dcc9495000f0cb0d93381a466f8d0553c2f9ef9521ac71979371b5eded37a25224a861ccc101a24b0b2741d30efb71d81d03fa00ca476bf8339c1786d9c46f2
- SSDEEP
  
  6144:9c9wE0Q11JQ1S+OWMYU7nUXxOwblnsAPe+Eg:9c9wE0Q11JQE+kY1SA1
Score

1^/10
behavioral21
- Target
  
  OrteliaCurator_Data/Managed/Mono.Security.dll
- Size
  
  302KB
- MD5
  
  d1b792d07b0e08ef190eb6ef5361e6f3
- SHA1
  
  36890188d80598132d63561ded707e641282f2a1
- SHA256
  
  2b7651b398dc63af0dbc0038758981c29238a495681a7ed487357a464ad4de15
- SHA512
  
  1229d49068401a078b81ee398524327ccdebcd2fb6134c980d643b76f075244f2670d0773aa35027aa8b8d40ad6c29f16a223b142f3a6595c3641c32c8c31215
- SSDEEP
  
  6144:+JvWNTGENjTzSQfGFzPTzcyaksosrNn95tq:fmFz9mN
Score

1^/10
behavioral22
- Target
  
  OrteliaCurator_Data/Managed/Mono.WebBrowser.dll
- Size
  
  163KB
- MD5
  
  ac6215e0a18a783958a39f6fd8e74057
- SHA1
  
  ac7cbaec3869728b236634691c356512af308054
- SHA256
  
  7d2eb49a5120d9b1f3eb3c6501d4eed6cacf81f921fbf5c248aab5f0d093f2ee
- SHA512
  
  36eee8f732e6e5c4664dcf77f5d1dc03ded650720624de532cbbd4fe2214accbb2a08365ae2cfc8640e30f8ae1aa81532f867ad303c2798fc5288f6393a78e88
- SSDEEP
  
  3072:ot5akP49r7Mt5as0yAg2TMqEHbbqRJz7FW0g:IP40fAMW3
Score

1^/10
behavioral23
- Target
  
  OrteliaCurator_Data/Managed/MoodkieSecurity.dll
- Size
  
  11KB
- MD5
  
  5c6cbab0334dd9aa98631ac04a5e5dc9
- SHA1
  
  fa6b466b3b1d76dd5bc15783748c06f8b994deee
- SHA256
  
  3a6403562a63373df40d44530ebe3a278628a04e71eaa2bd7d93617e9c8c5dda
- SHA512
  
  2c01f1fae087c526c979b2fd8e85e1ebdf8615de66255eb57c0ca329bc145d2b85f42f32a0d6495975f609cb4b3f36e9c235324973407c09e56f814a0e80724c
- SSDEEP
  
  192:hY8y3h6Ytl41mWdVlAolNxpsw4NmSLwMWsA8gGDmn4I:EhxtlYmWP6olNx67NmOZzgV9
Score

1^/10
behavioral24
- Target
  
  OrteliaCurator_Data/Managed/Ookii.Dialogs.dll
- Size
  
  134KB
- MD5
  
  1303dd1ad88bcb093fbafc218cc21241
- SHA1
  
  2b25de6d9e86bce35742a01b0cbcce7e52ee0e6d
- SHA256
  
  9510c64e943d32a0f8dffb74bc28775cbb110a2ee622226287dbea63f9c6cb34
- SHA512
  
  06acd558987815edd3ddea044933cb82b149a7f33100657c244b6ba8658fc79791a10616532729faa6ae6627a4aae10d7301afd0d5ee34423b1a8fbe31da52e1
- SSDEEP
  
  1536:BI47bCYiWACk62smhs2A+d37gdQjs5OaHkKYxWXcQJSAqzspI5kWWJYr39+d5jyr:BI47bCYQiY1Wk303JSAqzJ8CJr
Score

1^/10
behavioral25
- Target
  
  OrteliaCurator_Data/Managed/PLUSManaged.XmlSerializers.dll
- Size
  
  126KB
- MD5
  
  c4727878168f82b11067e076fb466dfa
- SHA1
  
  9ce714cfd4733aaef136eb661ccd6139650591a3
- SHA256
  
  f57b869d005800dd6f5892bce275e67e12d3893c704fe521ffc40b817837cc9e
- SHA512
  
  77efa3391a49ce298503376f749ba67399551433b6d988fad2823472476ac1eeec9291abece4550413070f690c315fa68129a229f4d0911bd8a1050ec3b7bf18
- SSDEEP
  
  3072:+fqFJL+R1zx4HWszOyKxS5hKsDf+8bI6bCJLYQ6jCYttZO2IX+VD00Ht0y7gYBh1:+fp9K
Score

1^/10
behavioral26
- Target
  
  OrteliaCurator_Data/addons/FFmpeg/ffmpeg.exe
- Size
  
  32.6MB
- MD5
  
  31f17d3cd49583f21f07176099949db1
- SHA1
  
  db0c66e3c0c298ef4c6c028ec69091959883bb5e
- SHA256
  
  7616ea27308829bd08d46d9c2c4de674b01d5fcc95c460366678b6d53ecc563b
- SHA512
  
  5ab5bed012e559fb680bbaa35bba0fca75d1e4aa5c5d9ec38dbb72ee991ed76460b36bd2404c2aa3ae687067f715f60e335ca7d3d0f962bafd9e3d73c6790d63
- SSDEEP
  
  393216:BiLp/JlnID/8mrnmUCHLVIUhNVB6Yp+nsNy4oHRQaci3qYEnpBoZ8DrophEpPFX:oLp/JlKEVIUh+j3qPv/F
Score

1^/10
behavioral27
- Target
  
  OrteliaCurator_Data/addons/pdf/wkhtmltopdf.exe
- Size
  
  39.6MB
- MD5
  
  68020601296529ccf4ea274052e446fa
- SHA1
  
  99961615604253f6d3331d4853a3497d3372c7de
- SHA256
  
  64d17682320bffd45b2208ed13b136d59139e82573745f14556cf25e95cbd808
- SHA512
  
  bf5381a85685efdb9efaf09004b9b2aec5676731ecde8bbbc9634fb58f6cb59f296d058eff02482a0fc59123540a11266c9ea27be823f07e436e19d56937e959
- SSDEEP
  
  393216:YPHeFRQAAS1svGdarxl6FnaC+dLc0BMXJsv6tWKFdu9C0wua2JD:YPHqR/A6radl6FnaC+1c9q
Score

1^/10
behavioral28
- Target
  
  UnityCrashHandler64.exe
- Size
  
  1.0MB
- MD5
  
  49ea482dbe2ab3da2a0768821ab77b03
- SHA1
  
  5fb92038a616a267acfe88550a577aa627e28017
- SHA256
  
  320abf0c8bc29a6139061fc5e950b10b301d056ef97c9e800b8aec78745fad50
- SHA512
  
  e99f91b27bf30632227f9c55161e922f4e15d4a89833fcc7b7717ecd95d476c6e51eabe333f46b3da57c06d468b03cac4af0b541469d9fa2150ead54510537d5
- SSDEEP
  
  12288:d+tBorZZPWqHE9chovpJ9DxBU7epbTDqo9+nCkuv:d+Lo1ZPWheovpDX0abTDqOv
Score

1^/10
behavioral29
- Target
  
  UnityPlayer.dll
- Size
  
  24.7MB
- MD5
  
  a66ec5509ee2f6947e26b0c7fbee1fa7
- SHA1
  
  076e7f97ff57335d73e12b2a039b2abd3beb974c
- SHA256
  
  f4c8a1e2e4757230df9dafcb2ba76f5c6ab9113388c65e5ef6a6d45963e1ce81
- SHA512
  
  7fdc294d9614b8d5b93a2e5daac362c8b894c850f0ae1eadfb5e6d5d831ca3922c29fb3fbec10c8b518e50c674eb0a53ea4c738b816285e74c646e0555f0dcc2
- SSDEEP
  
  393216:9HMYV+aCpv+iaIlOtgJ8/A5cfzYHjIM/S:9YvDs6cM/S
Score

1^/10
behavioral30
- Target
  
  uninst.exe
- Size
  
  57KB
- MD5
  
  95e8be2b960f1aeaa7f74b704d7fecdd
- SHA1
  
  60a20cd1bf83eb60e1c06ef78fd705bd286cd6a9
- SHA256
  
  170b6874487f033efc569ddddd1134888df9083d62b6c504b8a011c5b5d845c1
- SHA512
  
  21c0a0466f7cfc7e7eae1f7d1fc606a2363da77626a7dbf64746d3698d90559e64416678f2b72e976a9a69ac7f760140da656c5ae064b0a3b2fa12836a6a00c7
- SSDEEP
  
  1536:kHYMiClDhdyA5x5Z0DvyecSgc+LeAyN/JT8WFB:QYjClDhQlDvrcSkeAsTjX
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral31
- Target
  
  vc_redist.x64.exe
- Size
  
  13.9MB
- MD5
  
  27b141aacc2777a82bb3fa9f6e5e5c1c
- SHA1
  
  3155cb0f146b927fcc30647c1a904cd162548c8c
- SHA256
  
  5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
- SHA512
  
  7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011
- SSDEEP
  
  393216:xTPq5dCsKSR65cX7Eyd/qnejOX3L8T8KYfU3j:VP5iw56oyleejcL8T8fc3
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Deletes itself

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32