4910ce8f31a1b96b52d4e0a78274dd628e709885b475444817183ef895fbde73 | Triage

Sharing

General

Target

CS2ServerPicker_1.zip
Size

396KB
Sample

240421-m5sfkahc98
MD5

d217bcf78eeb1a3c2a89f77c1cf8ea79
SHA1

b3e223b511313fc0f4bfafc1bdd6c851adb74d70
SHA256

4910ce8f31a1b96b52d4e0a78274dd628e709885b475444817183ef895fbde73
SHA512

bd067da63a5f39c470268ce828c025e5a32e4b21b116a5c797b2b9a6ee0d0e524db969da78f3c3af4fb35e7dfda2ac3bd64675bd10a257d25e58b6fe4e273f52
SSDEEP

12288:PHRQkzN+AnTSEKP4AP6MvzJHEwfbXXKSkq2fc4v:PeVo/APhbXXKXhF

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  CS2ServerPicker_1.zip
- Size
  
  396KB
- MD5
  
  d217bcf78eeb1a3c2a89f77c1cf8ea79
- SHA1
  
  b3e223b511313fc0f4bfafc1bdd6c851adb74d70
- SHA256
  
  4910ce8f31a1b96b52d4e0a78274dd628e709885b475444817183ef895fbde73
- SHA512
  
  bd067da63a5f39c470268ce828c025e5a32e4b21b116a5c797b2b9a6ee0d0e524db969da78f3c3af4fb35e7dfda2ac3bd64675bd10a257d25e58b6fe4e273f52
- SSDEEP
  
  12288:PHRQkzN+AnTSEKP4AP6MvzJHEwfbXXKSkq2fc4v:PeVo/APhbXXKXhF
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2
- Target
  
  CS2ServerPicker.exe
- Size
  
  95KB
- MD5
  
  6f48f2d19f10f2b02999db653ed4c08e
- SHA1
  
  3bcc5519b0eb1dc3b449d80074e8617b46816850
- SHA256
  
  b6287e4a5782bdc232fef434f8a7e65889ae36a34afe49b66ebd153afe23163d
- SHA512
  
  c5d0f847da57493afbaecc55e4a483d149e75cd82d375f4079a9de5a80446adcddac66ea3676914d4b193011cca15d7e01275e06f65c04a0b01da7164719268e
- SSDEEP
  
  1536:pudrAYe+FBHlF5J/eO+I0hwGqM2n8wrNvAWshVc+JzQ3EUiWyfsxmo:pK1BFF/hKjYnfNts/cszQUUiWy0o
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral3 behavioral4
- Target
  
  CS2ServerPicker.exe.config
- Size
  
  1KB
- MD5
  
  4f2e4283d039d3ba0bb9cc1219efdf51
- SHA1
  
  1d31ab6731476d51c886035cebb75ea5ee845cfa
- SHA256
  
  12d57e10c3974005065473c57b38b36d284da7f827cd089e7cb6de10f4792e41
- SHA512
  
  54bb98adb42a812749ff5400c75aea6e644fac63662fd7716b0438449d71f3eeedbea28e6409f8e0bc8a367683c158c0f85250316a82d49d29425f95a1f32789
Score

3^/10
behavioral5 behavioral6
- Target
  
  CS2ServerPicker.pdb
- Size
  
  129KB
- MD5
  
  d3dc0156c35e4379d3431706fd7411f8
- SHA1
  
  5f1b716e3cebb56ea56af5e897c73028a29dbcd8
- SHA256
  
  3281b58e7a0bea818c224044aed8e5243146070cd23a55dedad697b2895773c3
- SHA512
  
  d204be0272270a5ec8b5ef0254585581d2ff7559362f19b945ac288e19028ce578a59724ab906bdee57af0985cd642985a6b05681ebddb32477758650b881e99
- SSDEEP
  
  1536:mzVlfybzEslOSY/oiESVhyKeYBR/+6yOAd3VhS4OAd:mXfdsYt/vFhyKeYBR/+/O8VO8
Score

3^/10
behavioral7 behavioral8
- Target
  
  CS2ServerPicker.xml
- Size
  
  1KB
- MD5
  
  c8ec10121c6c567fd56c667f568243d5
- SHA1
  
  a503467b48e6d2d6a65b90b9134204b0ea093567
- SHA256
  
  7c5e4c5f43a64960a7773b7a27d75ce7b88df973b2e70095d0ad9bbf8f8d657a
- SHA512
  
  ace95f8ff6a215c9a9dc8bdbf96fe3416ed300ecb44181316825991af46abf99b2c15a743ed3e8b2dbc95f9720d7f208ecf4903a7ae76fdf5c6bb0f411324d99
Score

1^/10
behavioral10 behavioral9
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral11 behavioral12
- Target
  
  Newtonsoft.Json.xml
- Size
  
  696KB
- MD5
  
  d398ffe9fdac6a53a8d8bb26f29bbb3c
- SHA1
  
  bffceebb85ca40809e8bcf5941571858e0e0cb31
- SHA256
  
  79ee87d4ede8783461de05b93379d576f6e8575d4ab49359f15897a854b643c4
- SHA512
  
  7db8aac5ff9b7a202a00d8acebce85df14a7af76b72480921c96b6e01707416596721afa1fa1a9a0563bf528df3436155abc15687b1fee282f30ddcc0ddb9db7
- SSDEEP
  
  6144:XqqU+k/Rik5aG0rH3jGHdl0/IdHXpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DU1
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14