2cb81e24f1789deb60b2aed6aac31a70b96a1adba2f6835c7c1c03b47b5c0c27

Sharing

Copy URL

Twitter E-mail

General

Target

DS4Windows_3.3.3_x64.7z
Size

2.6MB
Sample

240603-qae4jagg43
MD5

5f07abfef193e170dd558ef43409ad32
SHA1

6d720bb8ea84993b66de276ee6b483dad6cd5acb
SHA256

2cb81e24f1789deb60b2aed6aac31a70b96a1adba2f6835c7c1c03b47b5c0c27
SHA512

312ec3f0c7a1bdf55be90bd909db085619077ad861961349b3be9a6af262485d846d765cb6596749b0d3f4a80bb99f55401cc4e4efd7c68301c82bb38161bde9
SSDEEP

49152:YkeCUBFqz+KFvwmBEcp0eIdYZulhrYGdFlQebM86d6Urpc8CGSQO1vZcDtlyw0cT:YxCYFq+KFvw91brYG6egfdL14uO1x8t5

Score

6^/10

execution

Malware Config

Targets

- Target
  
  DS4Windows/BezierCurveEditor/build.js
- Size
  
  431KB
- MD5
  
  61b6490d371c57d566ae713880f3ab40
- SHA1
  
  36c2071e549545f02deb5500c296f343d88b08f8
- SHA256
  
  fce907cf01187e1ca0afb91341fb6d793a97d359918278a759ad03ab4dd71348
- SHA512
  
  b6c5b64ad02e85087d2ea71938ad1e1cafeba13184e3ed3eca31a3da47bcdf8e58fed3dae50917a797f7d0bed89a12d391fbcfe0246c264e82bb581866f36953
- SSDEEP
  
  12288:9eTeocrhC4KAl6QhcrlsM0q8btBFWW5Ovyf6Bv+JWcwxXAc6EHmSZGlYBDdyNdyI:IqWcwxXAIG6RdyNdyFmL5NyiBDpgnU
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  DS4Windows/BezierCurveEditor/index.html
- Size
  
  193B
- MD5
  
  b7f3e0aec1e9905b2706285819ad8627
- SHA1
  
  c86d0c917ef8b6e1ee25d034fad53b0b9f6ba5c4
- SHA256
  
  fbd5e846237145aaa4b1d5275eaf95013a31d41e9cdaaad032d583245de54a7e
- SHA512
  
  036375d1801c4b85c8454a874267cef9dc49bd7aa73a49e308584fca8cd188857ba625f1033149f0a9aa395c5ccb78d1f1abc73e2b85339a6c5895d46759a080
Score

1^/10
behavioral3 behavioral4
- Target
  
  DS4Windows/DS4Updater.exe
- Size
  
  807KB
- MD5
  
  e86b6ba53ca8462baeaee561ae187e9f
- SHA1
  
  b2a8e9be51c24ba9c75b6b97ed8db660ad3c6ff8
- SHA256
  
  622c770e622daf9e08c06e203c982613ec9cc2cf73e0efee68461b7a2e7646a5
- SHA512
  
  7152909f8444d360d1d1471dafad1791109965690c0405aba0152ce80514420504132ebbfa233f13632a948fdba38020bc21ede4ad248390e7057931731eaa55
- SSDEEP
  
  3072:xefQZKfOC31VwyY9egNtfNjJvjmqqF7Hb/LMm5MtD9ma5voSfAm+AAAAAWAAAAAk:xDewyY9egLRePYm5KckfAr
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  DS4Windows/DS4Windows.dll
- Size
  
  4.0MB
- MD5
  
  12ef7ab3e301423c7cd6ed95b52360de
- SHA1
  
  17d9373706f568caef8ed8e5fb20c8c28117d171
- SHA256
  
  d89c4d3d0f45187283a2d71ff22623d0f871d59a34754065a81ea98c7a6e1fda
- SHA512
  
  00117fe6de672857250de26d88d6230d11b0f0d396b913efa42a5fa90e1272159847cec6c666a42b4ad34888776d6d891d7cfece6c10eb38b3a740083d2b57c8
- SSDEEP
  
  49152:vatQm91jfyQOO6dukFM4yGbmhevOCMM43KC9uYdPJzD4Ht3JzDubzwc:vatn1m8uYJzkHhJzSbz
Score

1^/10
behavioral7 behavioral8
- Target
  
  DS4Windows/DS4Windows.exe
- Size
  
  546KB
- MD5
  
  e196e463c0e550d0f49748008fbb27b9
- SHA1
  
  221960368ae1e190f90cf0b7d51199c3d94a6558
- SHA256
  
  ccacb1f4c5b2f24c5a61bf09c10bfe44fb9d46af8b993c1f5bf01dc1b3733a65
- SHA512
  
  dfa3f83930a6eec958cc69b8978a009dda6a9050b026cf399c5e1cd07f787c515ed497202c7341878032ac89b2f57d8d219bcf824dc622dcd40fa2f530b49cae
- SSDEEP
  
  6144:jDewyY9egLRePYm58DKYPbz0YM+SS5hjS8kfdjS0gNsNHZBuh:j6wZePMJzm1S3O8iNS0YQHbe
Score

6^/10
- Drops desktop.ini file(s)
behavioral10 behavioral9
- Target
  
  DS4Windows/DotNetProjects.Wpf.Extended.Toolkit.dll
- Size
  
  1.1MB
- MD5
  
  8983f161391ab632b9d2aea51a69c4ce
- SHA1
  
  d1cba0b5310e7e12e67532c6ac299624d2a8e7f9
- SHA256
  
  8038eeaa3483c1a751f04f5acd1cbe5d01c772f9049d04e3bf0d07d04f5723bf
- SHA512
  
  1bbb924a992008848c9ab6811795591e3be6174eea95136e0470e32c025223fde3a453d5bb06ef469779ed4204f101c4348d90944a03fa47138481c028c42c4f
- SSDEEP
  
  24576:eNT2tSXxytYVB/70FAKluHz6I2uP+LvUaLz3bb4lvYlvx92V08XxjaRdV8WHvG6a:eJx+U/70FAKluHz67Bv3Lz34lvYlvgVp
Score

1^/10
behavioral11 behavioral12
- Target
  
  DS4Windows/FakerInputDll.dll
- Size
  
  14KB
- MD5
  
  7c87a11e5c2bbd4e2414c568ea4f4360
- SHA1
  
  c67a1108118994de1cebfc7149aefada4b2db416
- SHA256
  
  7e3d67a3e6b4ef2aba039a3b1e079acde3ad95e0286a87623949ad74607d1a50
- SHA512
  
  f826b4c8caa89aa27489de32ac426a7f76971c9bfe797a679cea20514e79aad6d35d17d0226ad54b19f13be3b104b77afa178d3ebf70aad66c6361b5cd37a01d
- SSDEEP
  
  192:F+vcSldLwhPcoJFYMV2n9ywc5I9uUcAcqy8:06JgMAn5yIpcgv
Score

1^/10
behavioral13 behavioral14
- Target
  
  DS4Windows/FakerInputWrapper.dll
- Size
  
  10KB
- MD5
  
  25989ccc74dcf12a2216c196d8c94b9b
- SHA1
  
  ae0693dfa6da746c952f2f0140c33ca9e321368d
- SHA256
  
  4792671766a575394d3402a9365af9908af94e812ec1969bfe4975c0ab4f5430
- SHA512
  
  23ebcad4e9eb948c70a557c815fd31af188808ec5ce1c301a912f4bdc6acc7352941514bef801b249fdf6384aa60f120b0b4c27b1929d42fc70c85a3328e4614
- SSDEEP
  
  192:4VwjZiJ1OhXNgCBViwTYrXx5ic2XGIlabgU3K5shX4vJAyT:fiJALxgXx722Ilg7a52IBvT
Score

1^/10
behavioral15 behavioral16
- Target
  
  DS4Windows/H.NotifyIcon.Wpf.dll
- Size
  
  107KB
- MD5
  
  be2a9028bc37629428f8b36d58fc4723
- SHA1
  
  b4bab6b42a51000ddbc672e8b83233d4ec30a612
- SHA256
  
  65bf44ba535e1efd5ba38c6f0ccec5756d1dcdbcf458d22b436eb7502f19f73d
- SHA512
  
  8ca62e90934900f1c4a863fe7449fe363523ed95d430fed24ca8c99cd7400b6edb07d60f72acebb29956495818046fafbdd039edd550caca80c1e5300c685232
- SSDEEP
  
  3072:FMO55R0jszmJtf68LlPHbS+em1lShoG0:FMmeJjVHlh
Score

1^/10
behavioral17 behavioral18
- Target
  
  DS4Windows/H.NotifyIcon.dll
- Size
  
  331KB
- MD5
  
  a44681119866a16fd9a3461a839559a8
- SHA1
  
  a8ebb0b0dfe0559cd35225d2257f58b50aca1540
- SHA256
  
  2afe988b67f36aba97cab8fdafc522df13c4399fc3a9d3dd521f38d25bf0461d
- SHA512
  
  5212746fe3fbd62a2342ec16938d07b94ba8acee83f6aa29a90ae7e11d7634a4ec8d64b377e6ba983979ac0a4586bc675d758930f2bb5f725a52092f5c5eaa63
- SSDEEP
  
  6144:jlTZBDxeagx5aAzicZg9B5lvBgAHZDx8akE2D9/BCN:jHbg66pZI3unEQ9J
Score

1^/10
behavioral19 behavioral20
- Target
  
  DS4Windows/HttpProgress.dll
- Size
  
  13KB
- MD5
  
  e97fb25cb7d477d5c3116f3add7c060e
- SHA1
  
  a764ff39dd41f97f0a4d224acec348d75eef337a
- SHA256
  
  a6c28242c760db5713f12a292a87c470e39e42aef8663d02af8e72a3658b97ba
- SHA512
  
  6c1580d60755fc2f89403138ac082ab7b57d215cb20493f092502d30fb5604340cc016aa5c72300bfc22d3e4add0b12d487f3bcf213044d41c6c13e9b1dfbcaf
- SSDEEP
  
  384:D4DXA5xR0vFPNBJYEk7tpwkjRdmTBHeu5unsEga:D0e0dN7YEkPPmUuDG
Score

1^/10
behavioral21 behavioral22
- Target
  
  DS4Windows/ICSharpCode.AvalonEdit.dll
- Size
  
  602KB
- MD5
  
  7ca104c3e98d3cbd162fdef84edd3b8f
- SHA1
  
  d33e18462f8fefc374fb2ce286d2e176bf414bab
- SHA256
  
  2417e116ed23b3cb7ded9759bdf7dbdcfae0f7d58d71b1dd5e264f5510d3eea1
- SHA512
  
  23aaf202b7e50e5b621bbbf720214f2732ab4013dc34c12f0cc9dcca51c0afdcb0f1a696c425449767c49aafa4e834b8e4ee03c0fe48664d37a3b3ba07a3f4c8
- SSDEEP
  
  6144:TkAkAepj9cKU7RrHLF+UpC5Heq4h2Eoj51+8isj3V+oCiTfWAqjot:fs9Hh48GL
Score

1^/10
behavioral23 behavioral24
- Target
  
  DS4Windows/Lang/ar/DS4Windows.resources.dll
- Size
  
  11KB
- MD5
  
  a9b68e0c6a30fd6a12c6c2b463cb9711
- SHA1
  
  8cbde9092db0e443f6353ad3e0afd4d0f66f87c9
- SHA256
  
  7c7b59283f43107cb7094fa534db00ec4a2dd350dde7b04cc14555bd4474e26c
- SHA512
  
  729188d89dea2f351b04214094b25b4743f4dfb3c4ab183af1eb33791f1c31c8d5803898ad07e44e606324fbe1c9c4a8bf52d9f01b34801181871f272cc606ea
- SSDEEP
  
  192:ku+KU6KRsQK+n3E28i8jffmjE0xu0l3NAx33ZeHCZADacvcrVWr6w:ku+KUUQKw3oujEoBqx3pWocvcE6
Score

1^/10
behavioral25 behavioral26
- Target
  
  DS4Windows/Lang/cs/DS4Windows.resources.dll
- Size
  
  11KB
- MD5
  
  07f0ee3755b7ee84d14fee452cc2ca3b
- SHA1
  
  98e0b7d15202b5cf8f845fe66ffc6b2ce63bbe8a
- SHA256
  
  756e770c9544c8c2635bd0da6099e079f31ca76e8eca17240048ae9f1a1f12cc
- SHA512
  
  417d3dbc3daee2d3818d268e349c22472d97f276b59555210f4e21aaf909e01efa8025e72ccf120223d3c0b83f95f1e383a0ad6efd0d1ed3388c90b5de458967
- SSDEEP
  
  192:NW++aXn5HmUIgixETvqnIevHA5q5BauZADftJH/fODv57ZSRGHrqw:NW+F5GUvixqAHA5q5Bcf7Hsgeq
Score

1^/10
behavioral27 behavioral28
- Target
  
  DS4Windows/Lang/de/DS4Windows.resources.dll
- Size
  
  19KB
- MD5
  
  cf84bf5a4834ce4dabe93a299148c71e
- SHA1
  
  7c930cba7a748166bd90ed9131aa609c7ad28db3
- SHA256
  
  b85914d3db0aa76b04871b6a893c4a79d5aad328d8587e0e90e8fa40ef1d4fb2
- SHA512
  
  5771377125f456892f8f4af2689b9362da5f9c833d5f977a3003bb9ad8a778250addb10b4601bf88fdf5d35e2fbfef6da95ff1d8313705a2c74ee7d5df1f146b
- SSDEEP
  
  384:mO+s9iYci+uk51zvsMSnCuXbcWCbhFI/AAxcWau6:HiYci+uk51zMCuXbYbhy/AAxcWaH
Score

1^/10
behavioral29 behavioral30
- Target
  
  DS4Windows/Lang/de/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  9KB
- MD5
  
  19f3a97f752fd9d5ca2d0f396ff83a3f
- SHA1
  
  ecd4c1f368d963e4a557d17996eff0bb4db2a70a
- SHA256
  
  58258bd7b852491b22887a49efa74a2ddf99f162374f1efc7a3c137615fd4a88
- SHA512
  
  c1ef88053e9255171ac035ee27cd1fe676fa30696aae7a2740409428633c9a52c7b7fbc35979e736f2e8bc20d19474f946b2d909d65cb9a0f0d73a5911814112
- SSDEEP
  
  192:ZiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufPt1S5rxg0XWr:U1Nvb5adVl8P2djJMZJSGu3S5rxg0XWr
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32