83b1cf864bc6c51f8bb092ddfe9710b993a0df3bd61d9aa7e6ca9fb72d495bbc

Sharing

Copy URL

Twitter E-mail

General

Target

Mad.Father.v11.07.2020.zip
Size

129.3MB
Sample

240521-x19jdsff52
MD5

e5137d37537667e9511bcd2b867cfcb2
SHA1

963acc67c74e0efa6044befa1edb23b8c817cebb
SHA256

83b1cf864bc6c51f8bb092ddfe9710b993a0df3bd61d9aa7e6ca9fb72d495bbc
SHA512

49fabad14e83effe24dcd4f72856847eacb2b0b7f0eeb43ddee4bea568a8e33cde6dbaf9ec6053472e840926c637052c846839798c169dee0368815b6b7e5a64
SSDEEP

3145728:EIRpaq5jPwOz5cvbzzs52OaSxfS47xsCSuK/Ykp+ZCXCi3JAiSA:EIWq5zwJbk52Zqh1s9d/YkUZCXCi5AiJ

Score

7^/10

Malware Config

Targets

- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Config.exe
- Size
  
  168KB
- MD5
  
  b6392cda65c4963b2149c14e0a2eea18
- SHA1
  
  5f8b04512a62495f9da7a05fe4e7a6639f7ec8c4
- SHA256
  
  1e7ec93c478199d9df79e72fb5ec851dd310798361d5199a6408b1a117c2d7cf
- SHA512
  
  ba64660c3e379912dd9cd059c73c70b4e0668c103e47983d062ca5d88639b0301337d651815e109d3980098abef174c7387ae474463cfaf67247b75d419e2942
- SSDEEP
  
  3072:QNEo7qRhbrEO6fHb0Q/5PPvQcEcxs2lxl25VQTO:pLhPJyHAQx3Mc22WV
Score

1^/10
behavioral1 behavioral2
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Game.exe
- Size
  
  6.7MB
- MD5
  
  c7c9a2037932fd3ac58e7a3de7d03321
- SHA1
  
  d083c6766b956f4f8b6919c43a230fd159a560a3
- SHA256
  
  e8c52c34d8428290495c57633cbd06ad6ea9727e4d934de6093b508ea08214fa
- SHA512
  
  e8ab61f79bcc1bc37383be4ab8708cb5b7fc35e414e30ba435aa58a546d69b68bf95b972d5eaa7cf1d7bc1cf168f387cd5079c15fcc95df5098694ce4f11c9d9
- SSDEEP
  
  196608:Pw3DivkTt4ZkvLuPgt7ah0Rt278Qu89Z+AKLblHJ:Ib7ahI2Fx7Kv
Score

1^/10
behavioral3 behavioral4
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/GuruguruSMF4.dll
- Size
  
  144KB
- MD5
  
  528ac7e063e57562df810a91d6b74cb0
- SHA1
  
  44db1d23eb183e44574bfc95b09f5853e5b8351b
- SHA256
  
  0b42d9faacb31da4c44b92dcba11434c433726ce4baad405aad21aa7807779c5
- SHA512
  
  e3d033076d14b6ca464d2bbf9c79bb53c719c43afc307d8a9e11b9a575507e1da9b1bf723493c380e8c2d271054c349fabfea7038c274d38108f0ffdeada6813
- SSDEEP
  
  1536:TXBpovdyQN3Rml4Qg1PrkYNh3rVAPE555D6EiS/ZL3wutO7srl:THL4bBtN0P86EZLTtO7s
Score

3^/10
behavioral5 behavioral6
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/LAUNCHER.exe
- Size
  
  227KB
- MD5
  
  0e7fde098d64a93e60191d25e06bf642
- SHA1
  
  8d0973ef176d03f68d33c4d9e6595ba8c988ff1f
- SHA256
  
  44e6e2035db0ab9c4e811e7418c72f01f50e675dbdffd8114e29f965ec62eb38
- SHA512
  
  b3a63341882abc284bd8d2718608d7c60b565227e672450497f83f4c72890547b49f3730382a87c94cb2faf172397d79d1108a74068b3e1b5465736dcea98006
- SSDEEP
  
  3072:Yz14duOvSxCLLT9qCOY4jb1pQzhHKPtOnO6VrVPoVJtCbhVPoVJtCbFy5w:i14duK5X5mYQydHKPtOnRWehWeQ5
Score

6^/10

bootkit persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral7 behavioral8
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/LAUNCHER_x64.exe
- Size
  
  266KB
- MD5
  
  e3ba1bc4f348eb8fda383c28b95d1e7f
- SHA1
  
  2192a4c48ee0b360c583dafe1a7c231e10397850
- SHA256
  
  14e3f10176b339febe4cb6bfbfa31a44818c5f56f028f831a9246e07ba9845d0
- SHA512
  
  61df06a3045294b0961dc198bb463f60cbbdf77dab563d881973ebfc3fd33958574cd99f8efb83deada3ecc822eb68ce0b0078b1257766db742c22d793fb984d
- SSDEEP
  
  3072:dX6L4KjZvon/3UPMOY4FnjqbGsB3LzHKH0Osi6soCeBVPoVJtCbhVPoVJtCbF:oLRjZveiFY/CslHKH0Osps0WehWe
Score

6^/10

bootkit persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10 behavioral9
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu.dll
- Size
  
  4.8MB
- MD5
  
  ce9cad38253b2991281d3c38e5a07735
- SHA1
  
  89eb8dbbf362e59469b37429b50728a80f2b31e2
- SHA256
  
  6800f3dc1d74beb791e3e6e12ab0d6202c116a6ce21006ba67a723b64837d17d
- SHA512
  
  92ae6fa19894e800a15dc3f28e1702badeaa0c18bb1ecb2cb6de75c0fd75da06d44ec49903dcfaa53107b5f871c85047d5965ef90ed1727f5804cb9f84b0496f
- SSDEEP
  
  98304:6JeHhBjfF7w2FWq+PL/pC1VIL8OYKTNzufCpg:De2FaL8MHp
Score

1^/10
behavioral11 behavioral12
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEFirewall.dll
- Size
  
  16KB
- MD5
  
  3c16a45dd3b0d6214d5e292982e9ad22
- SHA1
  
  12ff60924e97c815e288a301fa705fc00eb832c5
- SHA256
  
  56bff3b129a0f05cfb9f125a32aa8d8d1aac4c8668614c5636adc0786955757b
- SHA512
  
  43b1719bea0cd24b6a50440f305fd534275f256bfbecb7de2540692a6380b7f6e53e6fe2b0d279dfbc57ad0563b1070098369ec6bf10ecf6382b2efa6c925133
- SSDEEP
  
  384:VnAxm+gWN5bCpg+NQiKTiZCWPDJj+kZOZKPVC3:hKgWN9ObhZCWPDJjLOZKdC3
Score

3^/10
behavioral13 behavioral14
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEFirewall64.dll
- Size
  
  20KB
- MD5
  
  f5753caf0fdf0aaaff4dd542d2eaf441
- SHA1
  
  9af901c309fd5e2d1c263597ed13b5ca71826390
- SHA256
  
  5ad094eededaee23d57b9248c74116e94032c83053bb2e042e4624bfcd5a0490
- SHA512
  
  9efe0ac8d7a4dc5f01d3d32ba3729ee1fd44b8e33892377fd893ea7eacf09d2cf70c215a9a2c913e69e07838fc9c9f4fb31f5a47b67341c302c3b306e9802e1e
- SSDEEP
  
  384:crMgaY2ey+sW5K0i00k72NoXPeW+F4MGTCxDJAzm6Olxcat:eMZY2d+D5A7k72SXPB44MGTCzAz5Olya
Score

1^/10
behavioral15 behavioral16
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/x64/SSEOverlay.dll
- Size
  
  1.0MB
- MD5
  
  7f6a1e877cbfd1bb706c9c73c5bb359b
- SHA1
  
  145adefa1f89748466b85eb838eaa0617ef5dd60
- SHA256
  
  7acd1aca527f47abea6efa09d54596438463f63b6a12f947a80ce623b0c4c163
- SHA512
  
  fbfe6965a4e1905f447a8a118d895333a7c021627f7a261544f5ac653c07821aa55e1959e28e57397ba20b406f704615db352dc863fbd63f1b69c1c183e8d9a4
- SSDEEP
  
  24576:X5FruSDTEz0a7Ny5dZvtxxK6XIpy99Zt:XDruGEzh7Ny57vb864m1
Score

1^/10
behavioral17 behavioral18
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/x86/SSEOverlay.dll
- Size
  
  855KB
- MD5
  
  f204ca9b0cbc6bccf9df5549ae16b5cf
- SHA1
  
  249772a9ca13510e7db6485c42963b72e7be0484
- SHA256
  
  c7267e2e20e02bb0ca868f8dbb0a0a4199a3cfb2c4ecfba7f297b15b81e5b31a
- SHA512
  
  55363ce555be3479259ef9ee54f90d7fe65c96f633de020e05f991c76a2a365b47efe50a930f784b2cddec932650b24652505a2e0e4a99aee8121fffb1a327e0
- SSDEEP
  
  12288:7sIylIZ9C4IgNeC5s5NS9Wv1821bZQIi/1GpABaOKNoHBinF086fgTymF50EcJW:7sIylITC4I0051mZ4pAONKAmfz/
Score

3^/10
behavioral19 behavioral20
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu64.dll
- Size
  
  6.1MB
- MD5
  
  b0f933e1a03346d839cd4c3a51c64421
- SHA1
  
  2449c5a320f5f049095ddc616d57ebec198770f1
- SHA256
  
  815d162dfd7177b95aa8c635fe09eb938896688cdbb518b573b69023f011622e
- SHA512
  
  9dfd891bc41e6204a8de3eb0a0cde85aa292ed51bc5ba6242df65248c31ab9c1e7420adca366a965f6d606e59a153dc2ffcd39afc450dda547c7eaff427fb7af
- SSDEEP
  
  98304:mCNeiCuEnTPTXt+H5K7PkVxDXru5mevk9x/GqPrJe6YNPgvBEpQDZKFwdnD4T+9c:m6eJuEnT7961
Score

1^/10
behavioral21 behavioral22
- Target
  
  Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/steam_api.dll
- Size
  
  104KB
- MD5
  
  d88ce2bf30df70150b86530348fb1bc4
- SHA1
  
  f7c2cb2ca170dfed1d6fd455ade17585a2cfe10f
- SHA256
  
  0aa533ac3ab500992d9c21905c8194afe7695dd893ed2512033089d5165bcfe9
- SHA512
  
  e4c3f1975dd6864040be55afc53c86fb97b1b768413c3c71ab1d230ffd272cf7a81dd0ce8be2a5898bbd17220b78be7cac98475d48938915132151eaee06e342
- SSDEEP
  
  1536:JKHB7u+SYT5iOy8v0bQR7gjN7I/fvHnUtgLrngZESAMPURBcz6YB8JGQca/a7d:JKHJNTrwMR7+7I/3n+gzHMClYBKcay7d
Score

1^/10
behavioral23 behavioral24
- Target
  
  Mad.Father.v11.07.2020/STEAMUNLOCKED » Free Steam Games Pre-installed for PC.url
- Size
  
  52B
- MD5
  
  92672216743fd0ad8799d25ec99e5096
- SHA1
  
  68103be0fa83db8a4a2efac6bb6169ce959a0290
- SHA256
  
  677d2e85447eea64fa541b8e8a9e92b41e20456360bef8642f898e7eb1b2f0db
- SHA512
  
  1ca286141902e64c4cac05fabc1ce0ef4d910582e720c8b38f3cf2799cadaab7cbc9d8fc925eff17e0d3280d5d074ebd856dc75d6cadbd95872cae14eddb7719
Score

1^/10
behavioral25 behavioral26
- Target
  
  Mad.Father.v11.07.2020/_Redist/dotNetFx40_Full_setup.exe
- Size
  
  868KB
- MD5
  
  53406e9988306cbd4537677c5336aba4
- SHA1
  
  06becadb92a5fcca2529c0b93687c2a0c6d0d610
- SHA256
  
  fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
- SHA512
  
  4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99
- SSDEEP
  
  24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  Mad.Father.v11.07.2020/_Redist/dxwebsetup.exe
- Size
  
  281KB
- MD5
  
  fd6057b33e15a553ddc5d9873723ce8f
- SHA1
  
  f90efb623b5abea70af63c470daa8674444fb1df
- SHA256
  
  111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288
- SHA512
  
  d894630c9a4bdb767e9f16d1b701acbdf011e721768ba0dc7a24e6d82a4d062a7ca253b1b334edba38c06187104351203a92c017838bdd9f13905cde30f7d94d
- SSDEEP
  
  6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral29 behavioral30
- Target
  
  Mad.Father.v11.07.2020/_Redist/oalinst.exe
- Size
  
  790KB
- MD5
  
  694f54bd227916b89fc3eb1db53f0685
- SHA1
  
  21fdc367291bbef14dac27925cae698d3928eead
- SHA256
  
  b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd
- SHA512
  
  55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5
- SSDEEP
  
  12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Looks up external IP address via web service

Writes to the Master Boot Record (MBR)

Looks up external IP address via web service

Writes to the Master Boot Record (MBR)

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32