75a3295f8c688359fcb7555b80e3f71ee42c5ac1d4525a39b2571107acf06a45

Sharing

Copy URL

Twitter E-mail

General

Target

modest-menu_v1.0.0_unknowncheats.me__unknowncheats.me_.zip
Size

16.8MB
Sample

240522-zh2ryaga56
MD5

13b33baf9597ae6ddc68fa9634af16f1
SHA1

57f3a723634ec00b4f09d066bc0607084cc4b6e5
SHA256

75a3295f8c688359fcb7555b80e3f71ee42c5ac1d4525a39b2571107acf06a45
SHA512

ed38d6150cbeae60451b74ae50af1bbbaf035924fdd266cf8a8fc8b84fe403dcb689185d1a9b5db048f1c11106a1a655d14d4833c7593512c5661d4c587a2e1c
SSDEEP

393216:L4fEsf5x2pN6HtduMm1hfs9mosX3jtV6sEgmOnCcgXPzhEgM1lpOmi:LaEsX2ONdF3sn39ESnh6hQXW

Score

9^/10

Malware Config

Targets

- Target
  
  modest-menu_v1.0.0_unknowncheats.me__unknowncheats.me_.zip
- Size
  
  16.8MB
- MD5
  
  13b33baf9597ae6ddc68fa9634af16f1
- SHA1
  
  57f3a723634ec00b4f09d066bc0607084cc4b6e5
- SHA256
  
  75a3295f8c688359fcb7555b80e3f71ee42c5ac1d4525a39b2571107acf06a45
- SHA512
  
  ed38d6150cbeae60451b74ae50af1bbbaf035924fdd266cf8a8fc8b84fe403dcb689185d1a9b5db048f1c11106a1a655d14d4833c7593512c5661d4c587a2e1c
- SSDEEP
  
  393216:L4fEsf5x2pN6HtduMm1hfs9mosX3jtV6sEgmOnCcgXPzhEgM1lpOmi:LaEsX2ONdF3sn39ESnh6hQXW
Score

9^/10

evasion themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  config.json
- Size
  
  3KB
- MD5
  
  3bea77ef233e2e32636ba889ceb489e3
- SHA1
  
  6a0a6be2e24cd5497fbf0298e244234716f5419a
- SHA256
  
  a8732f591cbed2b2ab923236d22948f10cb7c4011d6a1018be2fe3c8e8fbf5f2
- SHA512
  
  c924567c6c683b90b6dd31af7e976a8222d164c99137b38149ef79d4a1222b35c8bdfef155ee071e66c38b1601f3868c22c30d477fbc5f2dcd7599cd7f4be707
Score

3^/10
behavioral2
- Target
  
  modest-menu.exe
- Size
  
  16.9MB
- MD5
  
  ce03d8db32b901caba01fa8b1beefe54
- SHA1
  
  76377cea7317bd28af0ccaab276bd49360936a9d
- SHA256
  
  a568e2a4d89ab76ab9ff11b30bf320dcc4413353660678c51abc79863ff3c1c4
- SHA512
  
  40ef98ee1dd411d3f634f9fe1ccdac0bc8fa5d13b1392ac5d045bf130db6efc5ebae48298d02a732fe634af953af10c004d54c3a4d5862b7f9cd6736f6ddbfca
- SSDEEP
  
  393216:YwOMvc42XGU57JO0OTOUbHvnqdLNZHgbATTT9:Yeh2Xb1Ra4LNibATv
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3
- Target
  
  scripts/Readme.api
- Size
  
  24KB
- MD5
  
  36754844e4b9d76b810066b529af0e5b
- SHA1
  
  da8c4031d42ae41a796b409d525883b71c23bd0f
- SHA256
  
  668a8e8430485417796ea563eb97fd366fdaa2f7fc6769bf5a18626f19aef1f6
- SHA512
  
  5e0eba72a25c4d8f9727bf4ec2f3ae7dacd71b34df710bb7daf41c5f3dc6ca08473de783580d0b2982831f93394dcac485c9980f46af6973af96aeb03e9de659
- SSDEEP
  
  192:qNzc4v05Feq0hHBjBCpGjem0uezAsNpGlbWXxX5IS+wwSgU0FXxZujFS+JraytK2:h5ChWGjemBZWXxX5MO0FrujPJreOi4
Score

3^/10
behavioral4
- Target
  
  scripts/demo.lua
- Size
  
  429B
- MD5
  
  a0cdff1f4eaf5af121513b9885295341
- SHA1
  
  e40fc44c5b82a8c02e7248c8b104c0f8abdc4f97
- SHA256
  
  f2b354df9b4d661f6227132c39937b8f706626886cdcf65540ebc5b78f55f6ea
- SHA512
  
  1bf19f211a11c6b88ca9583ff20c1c8ed3e14f8f7ff68622a37c5c151ef2473e41bfd2b503bcc99f6e6e3f79b6845678cecfd3e23406353f35883fbf9b2beecd
Score

3^/10
behavioral5
- Target
  
  scripts/menu.lua
- Size
  
  1KB
- MD5
  
  9596bef3ecd38e99364eb58e56cd49be
- SHA1
  
  676b733db5bb30bdb7824024a1c2fc045a27b4f1
- SHA256
  
  4a7d7886622501f6b6728a0e9860fe81a1c90fd0e5f2fbe7ff94524e05e0b6b8
- SHA512
  
  f2d1b11964181b3017f12f381bc241688f18efb3901acd6697ce0ba462693ac947e1d576d88de08b8e8798680cc4e640c5ec1aa4b2a0f4ad6739904f48ce7665
Score

3^/10
behavioral6
- Target
  
  scripts/sirius.lua.example
- Size
  
  468B
- MD5
  
  1fdd7bce4f24c51ec8267d7fe65b265e
- SHA1
  
  4f247776830fb30cf816f227f13d3645b8d3aa6d
- SHA256
  
  d331a1344d7354019fdeb564a21f95f85f26458f91aa93d7af58affa9728cb1d
- SHA512
  
  4bf9c85600dcab2ff532ef5f459c270d3197ea5a9d46677b4f7f1e0d2e3b3454bc5ba1f64bcb732448cbe37a71a2112511f46166ec4ba0f3db1ca14d4f685bb4
Score

3^/10
behavioral7
- Target
  
  scripts/vehicle.lua
- Size
  
  306B
- MD5
  
  1eceb52600b875b85a169687fb62ed1e
- SHA1
  
  2d13ed39f1d757af9a5d07790065cc8c00c4984b
- SHA256
  
  0cddccf554633f15fbc453cd0080469c3806d7bd13824f68e3a1ee0cfb2da20b
- SHA512
  
  23baa825d5c3dfb66d1582ce6332bee8272f345742ba50977c0622c7be4fb6b9b921b473a424a2453df3cbc0ff0b473cf7897955fe09a4fd7a10d0df2ef2188b
Score

3^/10
behavioral8
- Target
  
  scripts/weapon.lua
- Size
  
  277B
- MD5
  
  402a9279c76afb2c5977cf97d270c3d1
- SHA1
  
  4cd6474f3cbf9c3ca26277d5691460e8744aae59
- SHA256
  
  20d2e8d52504c96dcb846b08da138418048ed3b58128b05ddf1bde09694c5c14
- SHA512
  
  7357aff15e11de58da79a4eaa603c5ad7fb16ec426e71358e87dd14862d19c44b80896c0e66766479978bb0ba88704457b5356f9f86f6f4af41a39c52ffa45db
Score

3^/10
behavioral9
- Target
  
  themes.json
- Size
  
  2KB
- MD5
  
  ecc97a512f2bee4c4344a7a4126b5a5b
- SHA1
  
  73cd4d3e586b17d307decebd1ba8bea105977e29
- SHA256
  
  b5eeb2b5d8656f0399220039f15e50c2566bf13124681f67c65f8b042d8fdc4c
- SHA512
  
  4d411ea0b3c67f2b38034fc9c1491dca070801e6521cc7cd8cdf91e2343a7caa7861313445e3d53cbe8dc8f64a0ce8169b191a054536c186dc2d1dcfba25bd18
Score

3^/10
behavioral10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Suspicious use of NtSetInformationThreadHideFromDebugger

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10