Overview

overview

8

Static

static

3

SoulsFanta...er.exe

windows7-x64

1

SoulsFanta...er.exe

windows10-2004-x64

8

locales/af.ps1

windows7-x64

3

locales/af.ps1

windows10-2004-x64

3

locales/uk.ps1

windows7-x64

3

locales/uk.ps1

windows10-2004-x64

3

Resubmissions

30/05/2024, 04:01

240530-elbppsdg5z 8

29/05/2024, 23:48

240529-3tmc6see6v 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SoulsFantasyLauncher.rar

  • Size

    73.7MB

  • Sample

    240530-elbppsdg5z

  • MD5

    8eae803760d55ea2ce3f85092a87a9d6

  • SHA1

    a26f2c144e9d72e78bd3ffa343ea90f4b4037a4d

  • SHA256

    7c463f0f3e21d29044068566ade321da7b184fe6d628305e8e66349155cfbe56

  • SHA512

    1916c52f2ca05291e9c1c1f4734d5d0717a6047c81c8bdc500041650fc9864bae3b6e8a557146dbbab1570057c509955395dcfa03531f9fd87ad784e1faca2b9

  • SSDEEP

    1572864:9HwYvJslEGvEPMFOVNaQ3VnIa/6EFhnuSzeID/0lFGhUhgFF4XC1:9H1QEGvk4qIaJuUvD/uuF4K

Score
8/10
executionspywarestealer

Malware Config

Targets

    • Target

      SoulsFantasyLauncher.exe

    • Size

      154.7MB

    • MD5

      717514a93326db3944d69d6c05b728e2

    • SHA1

      ba8d5de65961c856811c443de0cdf2229aa51a84

    • SHA256

      da05d8cda4c3fe5a7c9565b805fc9b255c20ba13845de4518b453666595d6e3e

    • SHA512

      c426436867ea54a3c50ef7ba62f77ba9791f7c54bfd6729c5c68635ececf655939f7ec250a16851c476118cdfa639462a467fefb7b1e116c4b8cb8b41eb61c52

    • SSDEEP

      1572864:wTmw0ciLNpDPuAvHxJLkY2O6Ea3f9kwZXeT6EivLp1vUAtdjtZn+f4FnIvGaC9dU:jv6E70+Mk

    Score
    8/10
    executionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

    • Target

      locales/af.pak

    • Size

      368KB

    • MD5

      7e51349edc7e6aed122bfa00970fab80

    • SHA1

      eb6df68501ecce2090e1af5837b5f15ac3a775eb

    • SHA256

      f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97

    • SHA512

      69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

    • SSDEEP

      6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      locales/uk.pak

    • Size

      688KB

    • MD5

      e4c4e3700469704b936460ca1a90fcc0

    • SHA1

      e809990fc07a1d39fe623046382699e648e343c0

    • SHA256

      29af2abc75a35bb9e3f9bc6e2904228ba651ea4e0ce8e9c7a2d7e272374b9ebb

    • SHA512

      68e33f471c5bf2d4ed9cb00ace3e094ef102a5f1566a6e2c8a3007ef7fbd8a24c36eb36b08745f3608e70940444e9fc7a36fabe1a9945d1f00b4f3f28c7bdaf6

    • SSDEEP

      12288:FkzOqMnty/KiZswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:muGN35EEK

    Score
    3/10
    execution
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks