Overview

overview

7

Static

static

3

Mad.Father...20.zip

windows11-21h2-x64

1

Mad.Father...ig.exe

windows11-21h2-x64

1

Mad.Father...a.wolf

windows11-21h2-x64

3

Mad.Father...me.exe

windows11-21h2-x64

1

Mad.Father...me.ini

windows11-21h2-x64

3

Mad.Father...ER.exe

windows11-21h2-x64

6

Mad.Father...64.exe

windows11-21h2-x64

6

Mad.Father...mu.ini

windows11-21h2-x64

3

Mad.Father...mu.txt

windows11-21h2-x64

3

Mad.Father...ry.bin

windows11-21h2-x64

3

Mad.Father...ma.bin

windows11-21h2-x64

3

Mad.Father...ms.bin

windows11-21h2-x64

3

Mad.Father...ms.bin

windows11-21h2-x64

3

Mad.Father...me.txt

windows11-21h2-x64

3

Mad.Father...ar.png

windows11-21h2-x64

3

Mad.Father...ll.ini

windows11-21h2-x64

3

Mad.Father...ay.ini

windows11-21h2-x64

3

Mad.Father...ge.ini

windows11-21h2-x64

3

Mad.Father...ge.wav

windows11-21h2-x64

6

Mad.Father...ay.dll

windows11-21h2-x64

1

Mad.Father...ay.dll

windows11-21h2-x64

3

Mad.Father...64.dll

windows11-21h2-x64

1

Mad.Father...pi.dll

windows11-21h2-x64

1

Mad.Father...PC.url

windows11-21h2-x64

1

Mad.Father...up.exe

windows11-21h2-x64

7

Mad.Father...up.exe

windows11-21h2-x64

7

Mad.Father...st.exe

windows11-21h2-x64

6

Mad.Father...64.exe

windows11-21h2-x64

7

Mad.Father...86.exe

windows11-21h2-x64

7

Mad.Father...64.exe

windows11-21h2-x64

7

Mad.Father...86.exe

windows11-21h2-x64

7

Mad.Father...st.msi

windows11-21h2-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mad.Father.v11.07.2020.zip

  • Size

    129.3MB

  • Sample

    240521-xwvjnsfd27

  • MD5

    e5137d37537667e9511bcd2b867cfcb2

  • SHA1

    963acc67c74e0efa6044befa1edb23b8c817cebb

  • SHA256

    83b1cf864bc6c51f8bb092ddfe9710b993a0df3bd61d9aa7e6ca9fb72d495bbc

  • SHA512

    49fabad14e83effe24dcd4f72856847eacb2b0b7f0eeb43ddee4bea568a8e33cde6dbaf9ec6053472e840926c637052c846839798c169dee0368815b6b7e5a64

  • SSDEEP

    3145728:EIRpaq5jPwOz5cvbzzs52OaSxfS47xsCSuK/Ykp+ZCXCi3JAiSA:EIWq5zwJbk52Zqh1s9d/YkUZCXCi5AiJ

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      Mad.Father.v11.07.2020.zip

    • Size

      129.3MB

    • MD5

      e5137d37537667e9511bcd2b867cfcb2

    • SHA1

      963acc67c74e0efa6044befa1edb23b8c817cebb

    • SHA256

      83b1cf864bc6c51f8bb092ddfe9710b993a0df3bd61d9aa7e6ca9fb72d495bbc

    • SHA512

      49fabad14e83effe24dcd4f72856847eacb2b0b7f0eeb43ddee4bea568a8e33cde6dbaf9ec6053472e840926c637052c846839798c169dee0368815b6b7e5a64

    • SSDEEP

      3145728:EIRpaq5jPwOz5cvbzzs52OaSxfS47xsCSuK/Ykp+ZCXCi3JAiSA:EIWq5zwJbk52Zqh1s9d/YkUZCXCi5AiJ

    Score
    1/10
    behavioral1

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Config.exe

    • Size

      168KB

    • MD5

      b6392cda65c4963b2149c14e0a2eea18

    • SHA1

      5f8b04512a62495f9da7a05fe4e7a6639f7ec8c4

    • SHA256

      1e7ec93c478199d9df79e72fb5ec851dd310798361d5199a6408b1a117c2d7cf

    • SHA512

      ba64660c3e379912dd9cd059c73c70b4e0668c103e47983d062ca5d88639b0301337d651815e109d3980098abef174c7387ae474463cfaf67247b75d419e2942

    • SSDEEP

      3072:QNEo7qRhbrEO6fHb0Q/5PPvQcEcxs2lxl25VQTO:pLhPJyHAQx3Mc22WV

    Score
    1/10
    behavioral2

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Data.wolf

    • Size

      74.4MB

    • MD5

      569ff15a40d645bae994eb55ecf5c4a2

    • SHA1

      d4393b6bbb046ef8c93483d41340ec267a3bca7a

    • SHA256

      fafff9d25505ab3bb02cb96875fcf7c18ce6f491fd172154e9e35303b3b1cb8a

    • SHA512

      17dcbba6ecc0e113d91725f31d1282b6fa1e9039dd3c570d5af57eced1574d89f730c694aeae9614e929dde884178be99296dbe1528b4c1599c8e92afba52a53

    • SSDEEP

      1572864:FD0m7PcaBSTdWERdpFq3R+Dm/fV/h7kj/HwPGzStLWv0ZZILvcdPn:N0ToDsdj2MsfhOLHw+zStLWvKZE6f

    Score
    3/10
    behavioral3

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Game.exe

    • Size

      6.7MB

    • MD5

      c7c9a2037932fd3ac58e7a3de7d03321

    • SHA1

      d083c6766b956f4f8b6919c43a230fd159a560a3

    • SHA256

      e8c52c34d8428290495c57633cbd06ad6ea9727e4d934de6093b508ea08214fa

    • SHA512

      e8ab61f79bcc1bc37383be4ab8708cb5b7fc35e414e30ba435aa58a546d69b68bf95b972d5eaa7cf1d7bc1cf168f387cd5079c15fcc95df5098694ce4f11c9d9

    • SSDEEP

      196608:Pw3DivkTt4ZkvLuPgt7ah0Rt278Qu89Z+AKLblHJ:Ib7ahI2Fx7Kv

    Score
    1/10
    behavioral4

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Game.ini

    • Size

      180B

    • MD5

      97569c6668a607fd1cb294c29a9d5f7d

    • SHA1

      c2f1b5aac27c6329e7339636aef646b017e8201b

    • SHA256

      dcd5be0602e46044f3f1295237caad5fd1857722a5fbf1f7c5cc67861aa0f4e1

    • SHA512

      e27abc97cb23c70023fd2a6259de1f312ffa26f54a90554e23304cc15fc17de3372a0515235cbc7060f78ba15d07189233177cf4ca07989935722872403b4833

    Score
    3/10
    behavioral5

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/LAUNCHER.exe

    • Size

      227KB

    • MD5

      0e7fde098d64a93e60191d25e06bf642

    • SHA1

      8d0973ef176d03f68d33c4d9e6595ba8c988ff1f

    • SHA256

      44e6e2035db0ab9c4e811e7418c72f01f50e675dbdffd8114e29f965ec62eb38

    • SHA512

      b3a63341882abc284bd8d2718608d7c60b565227e672450497f83f4c72890547b49f3730382a87c94cb2faf172397d79d1108a74068b3e1b5465736dcea98006

    • SSDEEP

      3072:Yz14duOvSxCLLT9qCOY4jb1pQzhHKPtOnO6VrVPoVJtCbhVPoVJtCbFy5w:i14duK5X5mYQydHKPtOnRWehWeQ5

    Score
    6/10
    bootkitpersistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral6

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/LAUNCHER_x64.exe

    • Size

      266KB

    • MD5

      e3ba1bc4f348eb8fda383c28b95d1e7f

    • SHA1

      2192a4c48ee0b360c583dafe1a7c231e10397850

    • SHA256

      14e3f10176b339febe4cb6bfbfa31a44818c5f56f028f831a9246e07ba9845d0

    • SHA512

      61df06a3045294b0961dc198bb463f60cbbdf77dab563d881973ebfc3fd33958574cd99f8efb83deada3ecc822eb68ce0b0078b1257766db742c22d793fb984d

    • SSDEEP

      3072:dX6L4KjZvon/3UPMOY4FnjqbGsB3LzHKH0Osi6soCeBVPoVJtCbhVPoVJtCbF:oLRjZveiFY/CslHKH0Osps0WehWe

    Score
    6/10
    bootkitpersistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral7

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu.ini

    • Size

      14KB

    • MD5

      c709c230de8cb3d83406e82c5812aafe

    • SHA1

      957e9a061e065fae015e91d11e6f5563d07f82a6

    • SHA256

      88580d311da0f6fbfee384eedf4a46938a818b26308e69a1ecf81329c21b1512

    • SHA512

      0b665f5e2b7ec00fab886b4690d55abb0e379957463098b97aa465a7f09e76077cecd148a57a90b41ec78f9e97e460a961325739562633651a53b5bf3bd4c52f

    • SSDEEP

      192:VoqIp6ABP8gNBgE18/4rBE+kNEHyUI1CpLfyFwUkXaSDdEhzlTPmmhy:y7pPB2E8/GBlkNwkCZgwUknKhzlTq

    Score
    3/10
    behavioral8

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu.txt

    • Size

      33KB

    • MD5

      f469c2f3e9a4fe6dfd10d9a7aeb844a2

    • SHA1

      90d34ea16bdd7ba34f53fb26b6996a057948ba12

    • SHA256

      6d8ad4ab62dd75dd3c8051cdd6a087c45e6d9cb61c26f1f92555e43feae8e9e5

    • SHA512

      62c7a5846cdc1c0276d748f6be8e706ffc8c91d50f64f51cebb8eef086eee176fb894cfbc74f79836f07b0577b3f6f66d754a0ecbb8b2cbb938e71c7c2d9b3c3

    • SSDEEP

      768:HlElBXBniidCZJMAYyfGV6FdCA2G+KL8U3yyZ+piMvw7TT0iI0kA2u:Hl0GLg4SmCQ4Y/

    Score
    3/10
    behavioral9

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/218620/inventory.bin

    • Size

      76B

    • MD5

      8bee66d4e958dccfa79a796a3200a3c2

    • SHA1

      71aa165c0d0266b2cdcdcc101aec9fd429f4b2ba

    • SHA256

      89fcd21e90d3d8ba5e65e82ec3fb6616d6fb29bf6ffc97738f7b7399ccd13a03

    • SHA512

      9c46ffca14a297455fc2019f71f392e965a7f04eed0e3b8aca5f0f28aa6adff9d5b56887fb3feb84dea3fd3c65aa09eee6ea9bc6ed913bbeef50723ab035f862

    Score
    3/10
    behavioral10

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/218620/item_schema.bin

    • Size

      1.4MB

    • MD5

      9df654c7397ae142118c44d024c83d3b

    • SHA1

      a518a5038b9b8885d7b8f79697a7e7d9c4ef1c0b

    • SHA256

      3b54e7e520d488db83ce6ecf15ed90cf9ce15858353b110f0df5c24d59f065cb

    • SHA512

      b5bb231d87f3004c7989ad91e8ff4a61662cfafc95ea0faf93b994d032ce4cfd8b78e31f5ecc592be611f7f32b5e443abdf7d3b96468a515a1f7138b0a04a9fb

    • SSDEEP

      6144:oIysaHAGIVc6X2BdB/Y7T96HuF/WuXby7W3PRlLHGjrFVmr9SqOXfckcEC9XyrTi:oEO9XU8mbYNVjq

    Score
    3/10
    behavioral11

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/620/items.bin

    • Size

      444B

    • MD5

      775bdcfccc2d7336326484f4fc1647d7

    • SHA1

      45e8f438260a587bf3d324268d5c6f163f40a61f

    • SHA256

      d72dde20b5aeaad449079425aa9ba9f18658da35508658f22373e07cc08fabdd

    • SHA512

      776677ee8017742afa6dd88802408502977d023b9e3c0e33daed0ac51d0b02df738f34c9a10da6f54b0f8093e7b5180b692ae808f8a7b737fcd23e68b1789a5c

    Score
    3/10
    behavioral12

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/730/items.bin

    • Size

      3KB

    • MD5

      d62e8ba533693468983e91c167c2807b

    • SHA1

      170f583b9608b586823ae61c798e35da023ec209

    • SHA256

      65c53bceb8e6b2d921d189b9a109774c685cb5236eb0820136488d7522545e88

    • SHA512

      7a6d7bc1184f9f99cf648307b5a0d366c35314593034d4d5853bbfcb92786f7ff0fc08f67fa66769278088d381bbc8291de291eaa1db2dea6d8e0d415aecb6ba

    Score
    3/10
    behavioral13

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/Readme.txt

    • Size

      86B

    • MD5

      47a3cd85c37413dafdbfe30776c27dcd

    • SHA1

      ae289fbc28f7f433d7771700d871db56a3158319

    • SHA256

      ad2f29e88431d222f8350d16dcbcc63df48d5411ea51a3939fa79407c714cba0

    • SHA512

      bf8293bf598b44bf0891ee439e4860c45316134b1c358b52d17a92baa9312f13440f293f9ada03ed874ef83a3ffef3fe6ee514cb88d15b43b7558e8a92c24aad

    Score
    3/10
    behavioral14

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/avatar.png

    • Size

      797B

    • MD5

      95a1d699b01c4c98f55c1195641e7543

    • SHA1

      2ec15f2a02edefaa9da086ae3557358213e8f83a

    • SHA256

      4d199a03cf58250934b4cce9413466863d732c78bf215b46700051055bfd1533

    • SHA512

      ba2a23e8470a8198c41fbeeb44fb788692079a45121a71849260b0c8e561ad81ada8913d86c5b920d48f5d3488254d8619b0dea6eb7b749526e31412dd1f7746

    Score
    3/10
    behavioral15

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEFirewall.ini

    • Size

      90B

    • MD5

      464c4f1758ba746571bbccf52af9f4d5

    • SHA1

      ea9ed2be71ffd2662a38dfe480b4225f793b2357

    • SHA256

      6518ff35767d28962ab7ac59fab295bf926360ae1c4caaa879a829ef4ec2aeac

    • SHA512

      e41b5036a780e0d42bc627e2e23be368c8aa9c989959e10d92dbfceb2fbc72cfd7ec0f18f18356004c563a3be8d348bce71116e75b3e7a5a11f257eb26036579

    Score
    3/10
    behavioral16

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEOverlay.ini

    • Size

      34B

    • MD5

      480005b54033d978380bff940142462d

    • SHA1

      e84e358f9c806852d2c3a54f98a85c35754c21e9

    • SHA256

      546bde00c0b7a1df06d6dc2d2e47c32a2bcc7df94b0025685b71e321acf07f0d

    • SHA512

      a517dcf5958ae24c2c1dcd89a7a5383673df68767932aba64348ad619b060eac12973054811534dc9963c89f553f2d366a212f35548b05503a936208f1badc61

    Score
    3/10
    behavioral17

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEOverlay/Language.ini

    • Size

      61KB

    • MD5

      d5eaa5cb50a1b0c57edc63d77d366113

    • SHA1

      727c75914c675e7c6be768c221189422124db5b4

    • SHA256

      5ce6d306662dc28040a9eb577fc85fa4f5b732b83020bc5cc99dccf2814ef8b9

    • SHA512

      0b7b6a1c373fd9ed51ba266d18122455cbc5bd9d843b0a769a717a52e858dcb78671d3acd8ad6b4c78c9a73ff1a5b34033453ade783ec1c059395edc8ca8e704

    • SSDEEP

      768:Ye9JOr3UKjDReavolxDVmXnZnCQNa7NlnWCHGd:7JOoKheF7QXnZnC7a

    Score
    3/10
    behavioral18

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEOverlay/message.wav

    • Size

      20KB

    • MD5

      85f38f41d28633a6b08ddd7ce2f64582

    • SHA1

      bf0e27361a9a7f137e7218697af4bd28705ca64a

    • SHA256

      6b5c6c54f08e2f02d4cd6e5bea6a16a4e19ee137c484e3efabcc9462a1b840a4

    • SHA512

      c8b55c431a17624ea72811029329327261cc964f762a170d609fdbf22e30d1df960b21fe09e7fb48d266282686eee5b82444772262103202ea19f6e894cfccfe

    • SSDEEP

      384:nB1S0nqEstDnFlLz5iWRsH3RYDjcfgrgxB5LQ32nCXiqTkmfFbFTdzcfMMyS:BzqEOFlPIWRsH3RYDQMg/5s32nqTthZa

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral19

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/x64/SSEOverlay.dll

    • Size

      1.0MB

    • MD5

      7f6a1e877cbfd1bb706c9c73c5bb359b

    • SHA1

      145adefa1f89748466b85eb838eaa0617ef5dd60

    • SHA256

      7acd1aca527f47abea6efa09d54596438463f63b6a12f947a80ce623b0c4c163

    • SHA512

      fbfe6965a4e1905f447a8a118d895333a7c021627f7a261544f5ac653c07821aa55e1959e28e57397ba20b406f704615db352dc863fbd63f1b69c1c183e8d9a4

    • SSDEEP

      24576:X5FruSDTEz0a7Ny5dZvtxxK6XIpy99Zt:XDruGEzh7Ny57vb864m1

    Score
    1/10
    behavioral20

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/x86/SSEOverlay.dll

    • Size

      855KB

    • MD5

      f204ca9b0cbc6bccf9df5549ae16b5cf

    • SHA1

      249772a9ca13510e7db6485c42963b72e7be0484

    • SHA256

      c7267e2e20e02bb0ca868f8dbb0a0a4199a3cfb2c4ecfba7f297b15b81e5b31a

    • SHA512

      55363ce555be3479259ef9ee54f90d7fe65c96f633de020e05f991c76a2a365b47efe50a930f784b2cddec932650b24652505a2e0e4a99aee8121fffb1a327e0

    • SSDEEP

      12288:7sIylIZ9C4IgNeC5s5NS9Wv1821bZQIi/1GpABaOKNoHBinF086fgTymF50EcJW:7sIylITC4I0051mZ4pAONKAmfz/

    Score
    3/10
    behavioral21

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu64.dll

    • Size

      6.1MB

    • MD5

      b0f933e1a03346d839cd4c3a51c64421

    • SHA1

      2449c5a320f5f049095ddc616d57ebec198770f1

    • SHA256

      815d162dfd7177b95aa8c635fe09eb938896688cdbb518b573b69023f011622e

    • SHA512

      9dfd891bc41e6204a8de3eb0a0cde85aa292ed51bc5ba6242df65248c31ab9c1e7420adca366a965f6d606e59a153dc2ffcd39afc450dda547c7eaff427fb7af

    • SSDEEP

      98304:mCNeiCuEnTPTXt+H5K7PkVxDXru5mevk9x/GqPrJe6YNPgvBEpQDZKFwdnD4T+9c:m6eJuEnT7961

    Score
    1/10
    behavioral22

    • Target

      Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/steam_api.dll

    • Size

      104KB

    • MD5

      d88ce2bf30df70150b86530348fb1bc4

    • SHA1

      f7c2cb2ca170dfed1d6fd455ade17585a2cfe10f

    • SHA256

      0aa533ac3ab500992d9c21905c8194afe7695dd893ed2512033089d5165bcfe9

    • SHA512

      e4c3f1975dd6864040be55afc53c86fb97b1b768413c3c71ab1d230ffd272cf7a81dd0ce8be2a5898bbd17220b78be7cac98475d48938915132151eaee06e342

    • SSDEEP

      1536:JKHB7u+SYT5iOy8v0bQR7gjN7I/fvHnUtgLrngZESAMPURBcz6YB8JGQca/a7d:JKHJNTrwMR7+7I/3n+gzHMClYBKcay7d

    Score
    1/10
    behavioral23

    • Target

      Mad.Father.v11.07.2020/STEAMUNLOCKED ยป Free Steam Games Pre-installed for PC.url

    • Size

      52B

    • MD5

      92672216743fd0ad8799d25ec99e5096

    • SHA1

      68103be0fa83db8a4a2efac6bb6169ce959a0290

    • SHA256

      677d2e85447eea64fa541b8e8a9e92b41e20456360bef8642f898e7eb1b2f0db

    • SHA512

      1ca286141902e64c4cac05fabc1ce0ef4d910582e720c8b38f3cf2799cadaab7cbc9d8fc925eff17e0d3280d5d074ebd856dc75d6cadbd95872cae14eddb7719

    Score
    1/10
    behavioral24

    • Target

      Mad.Father.v11.07.2020/_Redist/dotNetFx40_Full_setup.exe

    • Size

      868KB

    • MD5

      53406e9988306cbd4537677c5336aba4

    • SHA1

      06becadb92a5fcca2529c0b93687c2a0c6d0d610

    • SHA256

      fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425

    • SHA512

      4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99

    • SSDEEP

      24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral25

    • Target

      Mad.Father.v11.07.2020/_Redist/dxwebsetup.exe

    • Size

      281KB

    • MD5

      fd6057b33e15a553ddc5d9873723ce8f

    • SHA1

      f90efb623b5abea70af63c470daa8674444fb1df

    • SHA256

      111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288

    • SHA512

      d894630c9a4bdb767e9f16d1b701acbdf011e721768ba0dc7a24e6d82a4d062a7ca253b1b334edba38c06187104351203a92c017838bdd9f13905cde30f7d94d

    • SSDEEP

      6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral26

    • Target

      Mad.Father.v11.07.2020/_Redist/oalinst.exe

    • Size

      790KB

    • MD5

      694f54bd227916b89fc3eb1db53f0685

    • SHA1

      21fdc367291bbef14dac27925cae698d3928eead

    • SHA256

      b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd

    • SHA512

      55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5

    • SSDEEP

      12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV

    Score
    6/10
    discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral27

    • Target

      Mad.Father.v11.07.2020/_Redist/vcredist_2015-2019_x64.exe

    • Size

      14.3MB

    • MD5

      f0248d477e74687c5619ae16498b13d4

    • SHA1

      9ed4b091148c9b53f66b3f2c69be7e60e74c486a

    • SHA256

      b6c82087a2c443db859fdbeaae7f46244d06c3f2a7f71c35e50358066253de52

    • SHA512

      0c373b06ffe84f3e803831e90f22d7d73304e47a47839db614f63399ff1b7fcf33153bf3d23998877c96d2a75e316291a219fdd12358ca48928526284b802591

    • SSDEEP

      393216:q5lptVYmfr7yBG/4WoI+j6LTinXKSf0fzTDv8:q7pttD7yBG/uljIinXj0fQ

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral28

    • Target

      Mad.Father.v11.07.2020/_Redist/vcredist_2015-2019_x86.exe

    • Size

      13.7MB

    • MD5

      de34b1c517e0463602624bbc8294c08d

    • SHA1

      5ce7923ffea712468c05e7ac376dd9c29ea9f6be

    • SHA256

      ac96016f1511ae3eb5ec9de04551146fe351b7f97858dcd67163912e2302f5d6

    • SHA512

      114bca1ecd17e419ad617a1a4341e607250bcb02626cdc0670eb60be734bbad1f3c84e38f077af9a32a6b1607b8ce6e4b3641c0faefaa779c0fec0d3ac022dac

    • SSDEEP

      393216:/d/FlptVYmfr7yBG/4JU4TRjtjUMy4i6kgsY7i:/1PpttD7yBG/QHTJtYMyke9

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral29

    • Target

      Mad.Father.v11.07.2020/_Redist/vcredist_x64.exe

    • Size

      5.5MB

    • MD5

      630d75210b325a280c3352f879297ed5

    • SHA1

      b330b760a8f16d5a31c2dc815627f5eb40861008

    • SHA256

      b06546ddc8ca1e3d532f3f2593e88a6f49e81b66a9c2051d58508cc97b6a2023

    • SHA512

      b6e107fa34764d336c9b59802c858845df9f8661a1beb41436fd638a044580557921e69883ed32737f853e203f0083358f642f3efe0a80fae7932c5e6137331f

    • SSDEEP

      98304:EuLgywiNHBeSLxYK/bxE3q/BlZkWMGPQflVJ/EK1sLyzs2T2Q1mOjq4/:V7wqheSVYK/bua/BlWWnuVhsus8nm+qi

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral30

    • Target

      Mad.Father.v11.07.2020/_Redist/vcredist_x86.exe

    • Size

      4.8MB

    • MD5

      b88228d5fef4b6dc019d69d4471f23ec

    • SHA1

      372d9c1670343d3fb252209ba210d4dc4d67d358

    • SHA256

      8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

    • SHA512

      cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

    • SSDEEP

      98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral31

    • Target

      Mad.Father.v11.07.2020/_Redist/xnafx40_redist.msi

    • Size

      6.7MB

    • MD5

      97c2eebb30c5a88c68c8f24f37183f1d

    • SHA1

      49efdc29f65fc8263c196338552c7009fc96c5de

    • SHA256

      e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7

    • SHA512

      c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da

    • SSDEEP

      98304:wynfL329J1XswfXO6wiBB+4RZg6aENaCZAU5PMO0MntfERyJGH2YPq/:wYD3C1XXfzH+4cLHU5PM/Mnt+YGlq

    Score
    6/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

2
T1542

Bootkit

2
T1542.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Pre-OS Boot

2
T1542

Bootkit

2
T1542.003

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

18
T1082

Query Registry

8
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

bootkitpersistence
Score
6/10

behavioral7

bootkitpersistence
Score
6/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
6/10

behavioral20

Score
1/10

behavioral21

Score
3/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
7/10

behavioral26

persistence
Score
7/10

behavioral27

discovery
Score
6/10

behavioral28

discovery
Score
7/10

behavioral29

discovery
Score
7/10

behavioral30

Score
7/10

behavioral31

Score
7/10

behavioral32

Score
6/10