General
-
Target
slimevr_web_installer.exe
-
Size
1.8MB
-
Sample
240512-yxlhtshc64
-
MD5
14b491a8a622cfa3df626fe5009feb72
-
SHA1
d9756cc7e03e0e602928779df03aebbbdd9f1c4d
-
SHA256
259f7b62a1c7407f9055406747ef6d94a7eae323f93b5f8b7f6de694d4772eee
-
SHA512
e7277b618816469e3a201199f1de4d589cbfdc5206603b7b0849720795454e5323ea9153f0f2ccb569d721316156068cd9c196df79b778d7435819ee88ec4357
-
SSDEEP
49152:u7HxaFX/5FIx8qAJDAR/LKT5VEe0wu8OaQ2nq8v6Jseppk:u7HxaFv5FIGlJOLKdVE98Oa1nqEe8
Malware Config
Targets
-
-
Target
slimevr_web_installer.exe
-
Size
1.8MB
-
MD5
14b491a8a622cfa3df626fe5009feb72
-
SHA1
d9756cc7e03e0e602928779df03aebbbdd9f1c4d
-
SHA256
259f7b62a1c7407f9055406747ef6d94a7eae323f93b5f8b7f6de694d4772eee
-
SHA512
e7277b618816469e3a201199f1de4d589cbfdc5206603b7b0849720795454e5323ea9153f0f2ccb569d721316156068cd9c196df79b778d7435819ee88ec4357
-
SSDEEP
49152:u7HxaFX/5FIx8qAJDAR/LKT5VEe0wu8OaQ2nq8v6Jseppk:u7HxaFv5FIGlJOLKdVE98Oa1nqEe8
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
15KB
-
MD5
d74bb4447af48da081c7d9b499f3a023
-
SHA1
dadf6e140e6fd8e49a1851cc144bb022e0adb185
-
SHA256
5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52
-
SHA512
9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758
-
SSDEEP
192:0hdGZ2E0hm+Gc7ROMzCPvXWROt086dXHGrEKcDDi0b5ZsgMgiCXyo1Fp01eLLuIt:0hdGZ2E0YWV2908oj21ILud8
Score3/10 -
-
-
Target
$PLUGINSDIR/NScurl.dll
-
Size
3.6MB
-
MD5
e746969a96345ca1d329f5d64310b0a4
-
SHA1
1cd87cc5036b6f7739f9f025175a47d170037b6a
-
SHA256
8d8fc1d4eeab292c88829f410bab72bd36e9a2507b041c1e8675e4378b7b6e81
-
SHA512
f97b2785139332294d1550649d0db08ff1f255c1e0680a0b2969eaf29c20fc804b42320a9115c616eb51237ebe00e37d81225507f90595b7d4a79c36e11f4d2e
-
SSDEEP
98304:ImrU1b+BAO9X+L7H5jDidiS8qACoL1Dzr:brU1b+eKu/H5idb8qACS1zr
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
192639861e3dc2dc5c08bb8f8c7260d5
-
SHA1
58d30e460609e22fa0098bc27d928b689ef9af78
-
SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
-
SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
-
SSDEEP
192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
Score3/10 -
-
-
Target
$PLUGINSDIR/modern-header.bmp
-
Size
10KB
-
MD5
723798a8c682783ab58976b665ffad64
-
SHA1
ac4e7e58954869a7040d87c9cf8d45fde54f076a
-
SHA256
4c0d25a4f4219dab87d46f2ef160c70f87dc8cb66881d375ed7adcd49b412a72
-
SHA512
75544dab854e45815b9e80df5fd875c0f10da86cb0960febec32dc797dc0a5b625e4ddc3345ff92e5d760d739b21f22c9dd3b0e15a60be12e43c7ec357385b64
-
SSDEEP
48:5Pj6+kqzBkOnudRRRMPh3pWI2ZdUs8xW5p5u50M:5GE6Onu4P6I2ZKs8w5a50M
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
b7d61f3f56abf7b7ff0d4e7da3ad783d
-
SHA1
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e
-
SHA256
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912
-
SHA512
6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8
-
SSDEEP
96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
11092c1d3fbb449a60695c44f9f3d183
-
SHA1
b89d614755f2e943df4d510d87a7fc1a3bcf5a33
-
SHA256
2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77
-
SHA512
c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a
-
SSDEEP
96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$PLUGINSDIR/nsisunz.dll
-
Size
88KB
-
MD5
bd97d86d8bd07ebdc8ec662a3f31dfd5
-
SHA1
5e2b3a1af5ee53ab6d1d6c2cb8127add39ee7e82
-
SHA256
c31b590cba443de87f0f4a81712f0883ac3b506f3868759d918d9a81f84ea922
-
SHA512
4575d1ea0d1b2f74df74cad94eae7fdf31c513e5dc6d945e81e0873b99f94a5d81b1c385c71ab79a19e5bb6c00fc5fffec7a3bbfd60ad7de312cbb53d8bcce9a
-
SSDEEP
1536:uPmnCuZs9reYWvAHvXhxQdJeY3tMCo9NTJwd6aimHr5jr5T51NT:uPmnCuZs9KoPX6rA9Nl2Rrt51h
Score3/10 -
-
-
Target
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341PT.DLL
-
Size
6KB
-
MD5
69b6fec924c30042d329ae56ca8925cc
-
SHA1
54e8d7d9004c8c819fe2e8bf7a1306bcbdd5ecbf
-
SHA256
45494ce819c1b5c21abb72dc47a0ca36807e0ed74ce55b631da174c77a9b24db
-
SHA512
a6bc866712c2b6d2ec115341de6ec5b352505fff159af967b03d27ad767164271f147780639e836a4da54f4b2b688591edf1374802cb5f7340062aee9b341abc
-
SSDEEP
96:UeIX+tip7uemP4I3bYFE6H6IyYrL9Cu6d0CGeSG4qb6Yiigx9BGWsy:Uegda4Irx6HhGLbqig7Lsy
Score1/10 -
-
-
Target
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341S64.SYS
-
Size
58KB
-
MD5
3c0a1b6f538e00f318c109f4a3f29515
-
SHA1
8f337186bfdbff75b11eb510e47c96479fc2327a
-
SHA256
de6ca1ae927081ac622f99ab9c77b2127cbb2df597b4123a4aa2f3da52cd64d5
-
SHA512
1db105044c6d6a9c671cb730e4a49982d3146db54e51d6dec34834144428cdccd333e3980b4b92eeb3a0ce993ea2b773b47399155ebeb99363ba02b27b166ed8
-
SSDEEP
768:Di+r3IRgvQFTOlBg7L2RzlKx3CDjUKZeUSgqg0ACdLgLRHT31mlGdJeB:DvXvQclBgmRzu3wIEefACdsLRH7c5
Score1/10 -
-
-
Target
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341S98.SYS
-
Size
19KB
-
MD5
b6f4a83911336e84bead8f8905285fab
-
SHA1
983786502f45afb946f023d73e32a31bc1bbb91d
-
SHA256
0ecd1222627271ea31d3b64796992b6daf5133d64cc26d43b3873cbe32fd59cb
-
SHA512
93e949ea7cf067e1cec52f6dde8678fc7bceb2e947164040a087fdd63e799cc244eb6974323fc836f70ae777a67e9660f4e9e2dbb42dc0c4b099b1c2be168964
-
SSDEEP
384:3P2ie5TwxdKe9Vk5DT6Im2ULzQFAQOCsznlUt+3x:OiesSVTZm2ULz4A27wx
Score1/10 -
-
-
Target
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341SER.INF
-
Size
6KB
-
MD5
0ecffba87b80f54f7016da633dd9ab1c
-
SHA1
e46668f0267651c248944766291791b0def36f1d
-
SHA256
0cbd34f89b0d11b386e07a825fab531706f86e9da44dcc536ac7c98a6d22c383
-
SHA512
1738bd22be834b053cabe91f2f53a2686d2091b29cb3caba9fd3033fb94108ad2db42829edc25f38dae22bf46ac9bce2cb5919cbf0b63c88bf7d7b22b2b2ca2d
-
SSDEEP
192:VyiC/xM4geO5ZafiWPty4HhGlFuD4JSXQYQLhQ66Auy:ZC/xM4geO5bY1HhuFuDISXQYQLhQ66fy
Score1/10 -
-
-
Target
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341SER.SYS
-
Size
40KB
-
MD5
a9fc675d0029a525335b106487c7d578
-
SHA1
0d8b829640dc907ee9b2e6db1c43f8459d63e2e2
-
SHA256
50877bc8ea82bbac833d25c9ac248e6fc9a240ab3c6d7e2c115667532c23676f
-
SHA512
8cf58435d597452a9d34e02e23fd78f18ab06d76feb7531609eed58b369e10f08ee3d61b2a80a45196f6d76f2ac6249726d01e30102f1a6671b81f275c845238
-
SSDEEP
768:BUkA6vcfLLJQ0y0Apg++LVhf3/CsItc5muLuyJGN:q4uJQ70Apg++LLfvbJAeulN
Score1/10 -
-
-
Target
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341SER.VXD
-
Size
19KB
-
MD5
be7438420f1da854917f58cad557476d
-
SHA1
caf1095963459ab66326cdc7ecab29514938748f
-
SHA256
2a946f316edd7e1185deeafdc2de52b2d2843198be098a724233c12f9ccd0dae
-
SHA512
e35442704374a3b5e79bad491f819ac82ce3054ed50ae1eef0fc3acbb6d3016bdbcdd63902236e247cb4b8279ff8fec377afa2753ebdbca911d6d388d23a63db
-
SSDEEP
384:GzXpHVPakjq16uZuDxqLOvCxXEAjT90DVBAMBTaU:05Hr+EGlXbT9uAQGU
Score1/10 -
-
-
Target
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/ch341SER.CAT
-
Size
10KB
-
MD5
715693624013826d337e792ed86376ac
-
SHA1
a3aa17c2bae326ecbd19b4969fd36724299d5abd
-
SHA256
585fca8ab9c8a13222760d6bbab62ce4069d24f73bd304d89c54b5298b9420bd
-
SHA512
47e60a905b0f966db61688c98cf16005862b5bce61a47b4c72b090e414d7b0c8eeba94795bbf100272ae6b1d0a843142902e852d610a528c2629f35e3f59e46f
-
SSDEEP
192:enOTMcTZwTT4YTQ0T/TZyqeEymwscpH2vByQlT3G/R8X09+3Ef5KYpBjSA0p2:hVZydrLUH2pzx2KXM+3Ef5dpBjh62
Score8/10-
Blocklisted process makes network request
-