553b3f3b413e2f29dc857f1cf4e4c67c8f0715e3530e260dd2ac26041d2c7807

General

Target

The.Escapists.v1.37.zip
Size

134.2MB
Sample

240527-yxeqaage6x
MD5

a69f3c0ed36a6cd5ffdaf7f46c6d11bd
SHA1

35e412d88ee0ddc8f6f17ff1b52b13d9c2e884e4
SHA256

553b3f3b413e2f29dc857f1cf4e4c67c8f0715e3530e260dd2ac26041d2c7807
SHA512

adb36a1960e45a20d4f64a3f30416a4f152830d5625db43fd6426e1b0ff711a00c342f6ff4dbde022d962af4b4f0dce8d7eb1b85a20f9d9476dd89e7bfc2f0c4
SSDEEP

3145728:OdHYunPFdRsJikvvWLjIIf4IcbX/3qF0qQmflwhDlJtaX:OJYunPx0Vo+5/mQm9E34X

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  The.Escapists.v1.37/GOG Unlocked - Free GOG Games.url
- Size
  
  50B
- MD5
  
  82d61530bbf17b759e5435090ce3e02c
- SHA1
  
  5736863a67ab9776708bf9d994972d1cba6fe95b
- SHA256
  
  467b3db00b8db3a9a9406bb0ce46b7e83563a91c767458dc1f33a81577a5c01c
- SHA512
  
  1b5bc09b968ec3568bfb999599ec7169d857b1c38b3ab53598ee6f4ad91048dee99ae04337c32096ff4ec37e7890ed246345d567aada1ca30797777c3d752f7c
Score

1^/10
behavioral1
- Target
  
  The.Escapists.v1.37/setup_the_escapists_1.37_jingle_cells_update_(37718).exe
- Size
  
  84.1MB
- MD5
  
  ae3173c7f315bebf96c37735d0f7c51b
- SHA1
  
  568c29e3011e3e538981259d471c0c06e19da2dd
- SHA256
  
  d3207d353bdd99cdeac1dd8754197ac518350f393a9a681a36afcfd02b88c872
- SHA512
  
  37b00159e8b1d009d955451919c763e5b3f33d84a1c7ef2ee35a59881394b72fc951582fc5185881b7ff620bbaaac6384cc9b461c63de6e59127872ee749be98
- SSDEEP
  
  1572864:LN53E6PAQ3T9QZTjhhNsPuK2XxsMV24Tt14eCzNpoE1oRxdshkkw2W/g02b95CL9:J5U6VT2hBlxs22Qt14hzWihkk0/d1L0K
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral2
- Target
  
  The.Escapists.v1.37/setup_the_escapists_alcatraz_1.37_jingle_cells_update_(37718).exe
- Size
  
  9.5MB
- MD5
  
  98a8e4e14fb768f752f64a95310ce135
- SHA1
  
  92ec7859efa6c09fc4bc17da9cee8275fccabd36
- SHA256
  
  1e0afe1680a684759d32ebe419b1af235111870ee0edf06762fffe571ea78ee0
- SHA512
  
  9ae88e092ba3e37104b45832a06f8c7621571f16cc9dc466c1640da5844135d21bb5061b26bcf4cc866307eea02ca66d6a4d8c00c99837cf80b6a786085a5abb
- SSDEEP
  
  196608:HP3LbObkPL90HeqRkBBUv2qqvPyO8djBipIIQ94W7ux1mVtjxMctVLcpV0:HPfKkJk7eevqiO8djApNcx7iQVTjHLco
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3
- Target
  
  The.Escapists.v1.37/setup_the_escapists_duct_tapes_are_forever_1.37_jingle_cells_update_(37718).exe
- Size
  
  18.4MB
- MD5
  
  0e041d8b3acb826898c7f84e4c7d3327
- SHA1
  
  24338b9a44580437c79801f6a11cddde7eb2ca14
- SHA256
  
  a4c1917833ad1723faee440645551842db4c9c13a0840ae95e8c79613436713b
- SHA512
  
  de316611a3d87cf1deae7977e906b0babd7e6468cecce115080519406c262c0e509d0cb854317a07240f8b09202d9d2e83b17971f8b0b457192dab2e6ce320b9
- SSDEEP
  
  393216:jPfrbgGL/p+iYNkBSuwS49K0agY0lX3fp0rD8oyK1yHDuSyQGjngFkMHLcrE:BYaSfza3yXvGXyKc6SynxgH
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral4
- Target
  
  The.Escapists.v1.37/setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).exe
- Size
  
  16.9MB
- MD5
  
  085cb5c6bf4b4d663a20fafacbc00155
- SHA1
  
  f24a66cd4521b7230304e553b7d8b6e49f997e69
- SHA256
  
  9668043f73d61ba2417af4139509759b26adaecac127f4589466ec2c667ec39d
- SHA512
  
  01d1d49e6a8d58784aa121dae21b61ed3ced2b3229b27919b9bb3cc7f99442e47f641a7bbaf881ca7c334ffffd65b7c0a156b3b2b00ad84adf8ba4c517013939
- SSDEEP
  
  393216:IPfpEt0QiT+ylaeg+erc2rHX8dxSCiPCeER8Ody2eCkR6bwHHLcnd:5klTbErHX8dwCiPRER8P2HWW
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5
- Target
  
  The.Escapists.v1.37/setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).exe
- Size
  
  5.9MB
- MD5
  
  edae66c2efc11b84ad821ebbb70f3cfc
- SHA1
  
  961d6377702d2bb748a2856ece7ac76971709689
- SHA256
  
  0aceb49b0bba5d19baec09e1d98bab5417ed5411407499f393b5d05ebefdc2bc
- SHA512
  
  cf2a3d5f8d8fc8f1091f414e04b00df2295d169e9baa987fdf4192388a58153dfd64bf286b90589a0ed4c99bdbf2fa55143bb447cfddb4e35890ec36bc79752e
- SSDEEP
  
  98304:ZP3Lo4OUNPR9RJkmJO/0hzwOHJsOyKnehwawbLGB8t47nmunVYyp5rVLc+5XdBRY:ZP3LbOwRm/0llhehwjbCB8t47nmIdtVk
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Checks installed software on the system

Drops desktop.ini file(s)

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6