fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b

Sharing

Copy URL

Twitter E-mail

General

Target

pcsx2-v1.6.0-windows-32bit-installer.exe
Size

6.9MB
Sample

240422-yp89xsfe7x
MD5

c6afd2ff3059b840ee2fb939694efafb
SHA1

405c4d526ac498fd61658d94f24426afa8ac4525
SHA256

fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b
SHA512

d0cac8e24d83662d16df3a952cb5853f4e4d1ba5a4d78b274cde1131945fbabbbd1f2c10cfcd416a9dcb466b97ec07edac2acebcb6dc3c3b4d6927f5e6d064db
SSDEEP

196608:LrjpHpHPhXOQi7IGJEfB6+x5McQTVNy6Tp93cfw0acIVa:bpJHV4TEf4+XqVX9Vcf6A

Score

7^/10

Malware Config

Targets

- Target
  
  pcsx2-v1.6.0-windows-32bit-installer.exe
- Size
  
  6.9MB
- MD5
  
  c6afd2ff3059b840ee2fb939694efafb
- SHA1
  
  405c4d526ac498fd61658d94f24426afa8ac4525
- SHA256
  
  fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b
- SHA512
  
  d0cac8e24d83662d16df3a952cb5853f4e4d1ba5a4d78b274cde1131945fbabbbd1f2c10cfcd416a9dcb466b97ec07edac2acebcb6dc3c3b4d6927f5e6d064db
- SSDEEP
  
  196608:LrjpHpHPhXOQi7IGJEfB6+x5McQTVNy6Tp93cfw0acIVa:bpJHV4TEf4+XqVX9Vcf6A
Score

7^/10

discovery link pdf
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  25KB
- MD5
  
  40d7eca32b2f4d29db98715dd45bfac5
- SHA1
  
  124df3f617f562e46095776454e1c0c7bb791cc7
- SHA256
  
  85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
- SHA512
  
  5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
- SSDEEP
  
  384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  dc90f96b169dcc9151ee6e93b47446ea
- SHA1
  
  61e57bbe333a98d14f48815db7382ddbf90db642
- SHA256
  
  afc939ebfd66a6c972d2d6bbcb978559ab3427d1582935e45392f9912ef186ad
- SHA512
  
  11658c2342a2a686a012d81c602cd8e50861506dcee9d38c416bc60451cb1d7fc24e964875b8edfc22c9647f06ffe90088f83a60973eeaffa98538294af1d5ba
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ec9640b70e07141febbe2cd4cc42510f
- SHA1
  
  64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
- SHA256
  
  c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
- SHA512
  
  47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe
- SSDEEP
  
  192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc
Score

3^/10
behavioral10 behavioral9
- Target
  
  $TEMP/PCSX2 1.6.0/Docs/Configuration_Guide.pdf
- Size
  
  588KB
- MD5
  
  c808b3b90e8eede8e1721f7ba0bf56ff
- SHA1
  
  51e29fae622eaa581611cb0a8c73ff433d01d206
- SHA256
  
  d5c6b80c088d3b7bd26f2811280fdbcbe6e0d9edffd00e5775519d0c78745379
- SHA512
  
  fbe4a1f0b8bde128710232ff62865362d944fcdf7edc617dc0859bffe48cf60d448247bb2191956c6d637dde192668a246f31d5f0b7edaa6cc2bbe0143adf955
- SSDEEP
  
  12288:OS5CQfYsvFZnoA2Atj4a14asP2N/wjoXyln89USkesX4au:zk8tFtj34as+N/Oln89RklX4r
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/PCSX2 1.6.0/Docs/GPL.html
- Size
  
  66KB
- MD5
  
  57d074f08a68b718e897b8abdce2cc2b
- SHA1
  
  580010894e04c4f6b9203ebb5e5c569ebce12b2e
- SHA256
  
  a99594610965f8b21c68eba36c0c58204fcc20bde0351df7735eacb4db4a1efa
- SHA512
  
  e74eba7556cfa4d951fc9f171afc5f14c9afd70e4e9b5f90e69dc3b11a28f802d0110a01272a0a7b14fbcf0b3d54361f5f720d75c7c5b3388d8eb23fbf491e77
- SSDEEP
  
  768:esMAtFFezqdgi6OcToucw3YrQmtBDj74rqIuJrvuATIv5pqaC1fS8Pq0EA:eEtFBg5TcsYyWIu1TSqaC1D1h
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/PCSX2 1.6.0/Docs/PCSX2_FAQ.pdf
- Size
  
  286KB
- MD5
  
  42a7d9ebb4dde5cdff264f2e3057e5af
- SHA1
  
  6b6c355b93c70be2858dabd4361ac979e0d877cd
- SHA256
  
  4259363a44d177aa2cf39394531b2325a6049468f75e23ee2fe7701f8b16b0cd
- SHA512
  
  9e30a978b84b2666bd4af7630d6615f04d1c408182f286d7541b7c046587676d9ed75abf40592c9ac338382c22f8748a944fd6f5ac42a1eeac519a6b18527d37
- SSDEEP
  
  6144:3ZflfQ2uS0CPNcve5mtaNNqq2gJgXD0bIclL:3ZJQk0C1EeWqzgXD0PlL
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/PCSX2 1.6.0/Plugins/DEV9null.dll
- Size
  
  20KB
- MD5
  
  d385017936f370b0b104ae1e147e0fb0
- SHA1
  
  a4f5fac1bec27205a693494a901214c1caa8ce66
- SHA256
  
  b2ec278fc344635c9776b0b5efb1193ef794fc1f321aeae36110b4fd3f12aa70
- SHA512
  
  ff26c4142fa172b85572af908013c77ddad228a9bd02cca57b1c03933a93b0d8d63a6d29afecc97bbc09f2c450042f78cb4b8d233141716decdde5dc7991804a
- SSDEEP
  
  192:gjNU2AAC20Ji56fFUdc4TdXekm6z1/B+pb0geaQf2j4QtwTjOCDA40K5RBMZc97p:gjNU8FRujK+pbHzCTjU40IhxdaANU1
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/PCSX2 1.6.0/Plugins/FWnull.dll
- Size
  
  20KB
- MD5
  
  839118a8eda3738109b5d0a20feba5e9
- SHA1
  
  19c0c44145c0640f5fc43e55b57ab9f90b870b58
- SHA256
  
  744d613b00853576a34ec2502f3dbe4bb0ed80fb886bb690eea2196fa807d92c
- SHA512
  
  625e1f5c3da8b1872a842ba130cb8db1afbec6c969aec995012b0ce2b7eccf467a0594c5d1706236efeccecb051b64943ae99ace2cb88239015ca6329a3f32b7
- SSDEEP
  
  384:BbpRuVD+ZfzhKbPHj505QHFYxFfmGgMzNMRa/7:BvFZflOFtlIFfmjMzmE
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/PCSX2 1.6.0/Plugins/GSdx32-AVX2.dll
- Size
  
  2.1MB
- MD5
  
  fd320256beccca46a5ef397ef1105a28
- SHA1
  
  bd22598e49c21a531ffc631a1a32a7595e63ff47
- SHA256
  
  6d5725efb7bf875c5c3b0ef782580a707d0d0eed21b792e59f8ff91b9b5d1fb1
- SHA512
  
  2fb5411c5060435d759919499f85b12a199b541c2c5595c6e63231d9266f8f60e4a1a1a94412f862cac639cb847e43b996cc2a16f4b6f4353dc7fb93e14572e8
- SSDEEP
  
  49152:zM7T4VgOB8mieXSIflTUH+I0Rj+60kJVi10M03IvPJ60JU0WJ46JFZ:zwigOXieSI
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/PCSX2 1.6.0/Plugins/GSdx32-SSE2.dll
- Size
  
  2.1MB
- MD5
  
  3b3ddfa31e1553fae90afc2e619aea99
- SHA1
  
  e7c71f54ae27a279e2b1cb3fccfbd1faa0532082
- SHA256
  
  f26bb9c0c23a2a8a79d7afc96389fb4320dbbf51c3c2bd30d0baac85d8221c00
- SHA512
  
  1cb06558b569ec5373335873fd3957015b177adc435ca6ac4a5a037dc57dd9d55eac2d627b4761d7b969523419f95458058e3feba7823a1ce824d9e4a1b27068
- SSDEEP
  
  49152:qfagEfo5KFfBjb6w9ITrkqI0Rj+60kJVi10M03IvPJ60JU0WJ461N:qHEf4WBP6wy
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/PCSX2 1.6.0/Plugins/GSdx32-SSE4.dll
- Size
  
  2.1MB
- MD5
  
  3b211b8662b7ad58d666ca4fcb11c037
- SHA1
  
  b6dc98be6e107a8fe3559eb42f0f293191fb18aa
- SHA256
  
  6634ca468c9b2468136c990f3c14f243293ea435e123735a9f67d659e9c5c9c1
- SHA512
  
  800f2f57a66206c2614f2375fbc600b86d707067a3886ffb57122ad5ca3fa4f5e4cd9e46ea7002f6bb5990f12931543195faa5d014518280dc67a888c90a10e0
- SSDEEP
  
  49152:ZkM9Nb66KyDkzS1zvT/GBI0Rj+60kJVi10M03IvPJ60JU0WJ46:ZRNb1TDAS1
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/PCSX2 1.6.0/Plugins/LilyPad.dll
- Size
  
  160KB
- MD5
  
  aa051ec979c89401cab6ef88fd1a4dc1
- SHA1
  
  74859edd74277c2298cc2264b0a910aee842e6f0
- SHA256
  
  637def94c71ed72a9f04f1541fbffe4ab63f866461157e80ee90672fc380ada1
- SHA512
  
  5495125fdb8cc1544425e8a7c2e34f53094151b6449f348a2053ae94e25fe5d73a791b73d6045220adc0fdbd61fda4c6907c4eb12e8cb9c43a7668d912f2b1f3
- SSDEEP
  
  1536:u4ocUyhRRFD1a2vvPX6ILExBQVujvwTEt3KHMVMogxXefUdj0W8HPheYwrMneufa:aIqG/6qTq8MKogxXeboYnkm/J2MNKI8
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/PCSX2 1.6.0/Plugins/Spu2-X.dll
- Size
  
  4.6MB
- MD5
  
  5202596cde4bfc60c867b48957d401fa
- SHA1
  
  7b3da7a7d4ae0903188b46cb9a9605973a960d8b
- SHA256
  
  b57287a31f43b130dc463b2e2d80399ec50543fa09f7808001a1523bf1f25349
- SHA512
  
  db79c7c46289a788cce6e9deacb150983b42ddfa8bab3377c0c165adcf7c110fbb7c733684895a9284c3f9c3d86e660699f37e0fae3407a177bc6258a1ec7505
- SSDEEP
  
  98304:1vDs/zXqRD655/Ds/zXOTCp2HLjXr2DNEp:CvH7GN
Score

1^/10
behavioral29 behavioral30
- Target
  
  $TEMP/PCSX2 1.6.0/Plugins/USBnull.dll
- Size
  
  19KB
- MD5
  
  bf242e823221f1c7b9d570932c84ca24
- SHA1
  
  7c46392db41d4a9931f170e9d6f3a9e99b22ad63
- SHA256
  
  04efb9c1e4c6ffefad896fcd671c13405bbaa5cefb68d39707fd746bc1bcc804
- SHA512
  
  2b1325851f3984d56bb27c6e2c731029b91ce6868b45bf57dbe0c542c51da48029ac8ecb209b2eda82e16b4a7ecd07f804588cdcdcb3865e4340c3b423ff60d3
- SSDEEP
  
  384:aZsp/u5t+ZfzOzb/HjSacFJFx64r4HPzNcJau:aZOzZfyn3cNx64r4vzWM
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32