General

  • Target

    Rainbow6SiegeTracker-Installer.exe

  • Size

    2.0MB

  • Sample

    240607-vgw3vacd38

  • MD5

    64c0e4d1dbae30dd58afb32ea864b212

  • SHA1

    f80290f048efbcd720011d3913b0c8b6ca21ef45

  • SHA256

    ce580b9ce230518bcfb68ef867f2f97f47b116ca6e2ee98710e098d79b587a05

  • SHA512

    5f5379163e42a1a854c8e7e6cc46962c2d0234c67219372b5bae6eba8a0cbfe7575e9534dfa942fd0da9aa087556cfdd647db9b461ec0e2029538f63ba0ad06f

  • SSDEEP

    49152:IfuZxE87vxpsrFpIvu7OJGWuMmtcYsdLY7iN3Ccd:IfYPN+TIvTBYek7d

Malware Config

Targets

    • Target

      Rainbow6SiegeTracker-Installer.exe

    • Size

      2.0MB

    • MD5

      64c0e4d1dbae30dd58afb32ea864b212

    • SHA1

      f80290f048efbcd720011d3913b0c8b6ca21ef45

    • SHA256

      ce580b9ce230518bcfb68ef867f2f97f47b116ca6e2ee98710e098d79b587a05

    • SHA512

      5f5379163e42a1a854c8e7e6cc46962c2d0234c67219372b5bae6eba8a0cbfe7575e9534dfa942fd0da9aa087556cfdd647db9b461ec0e2029538f63ba0ad06f

    • SSDEEP

      49152:IfuZxE87vxpsrFpIvu7OJGWuMmtcYsdLY7iN3Ccd:IfYPN+TIvTBYek7d

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/CommandLine.dll

    • Size

      68KB

    • MD5

      9d4f32c3352b55c790a5e8f84fc240d1

    • SHA1

      8153aab9e9aabd663fbff310969ea71a4e6b4a75

    • SHA256

      92ffe5d77dcc039b972c8810634af53470723f7cde0cf523aa2fb763c1302733

    • SHA512

      3969dbdc043259537cf0a3e538484baed2f71d8a9070823954306e4e6e4353bf7195ea39bf92114d52ae9a2ec05475701d5989a99252550bee42cf2390ed5d64

    • SSDEEP

      1536:hZj9JT17qpL/6ePMqBNzrstoJSkrjbgbwzis3hwb7Pu3hu4a:hx9JT17WPMqBNWAkbwzi7bv4a

    Score
    1/10
    • Target

      $PLUGINSDIR/DotNetZip.dll

    • Size

      467KB

    • MD5

      190e712f2e3b065ba3d5f63cb9b7725e

    • SHA1

      75c1c8dd93c7c8a4b3719bb77c6e1d1a1620ae12

    • SHA256

      6c512d9943a225d686b26fc832589e4c8bef7c4dd0a8bdfd557d5d27fe5bba0f

    • SHA512

      2b4898d2d6982917612d04442807bd58c37739b2e4b302c94f41e03e685e24b9183b12de2057b3b303483698ad95e3a37795e6eb6d2d3b71e332b59deeca7d02

    • SSDEEP

      6144:GuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/Wo0k:UQL32ikCaUS4csRBse6sfWNk

    Score
    1/10
    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      24KB

    • MD5

      640bff73a5f8e37b202d911e4749b2e9

    • SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

    • SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    • SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • SSDEEP

      384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh

    Score
    3/10
    • Target

      $PLUGINSDIR/Microsoft.Win32.TaskScheduler.dll

    • Size

      124KB

    • MD5

      1e1639b316cd4173244510d52907d825

    • SHA1

      2bd80c5a289482e4d8484c864325e1993a16cb81

    • SHA256

      9b239bc9be6a74165d86037abc69c39fb0624eb1eee4d9de7616736bc74e4eb6

    • SHA512

      ba394fa17111975c1ae424dcff59c4b0b48b7a08f9e93c065a0058af6e37c82a858a6f6a57994ae21ac6247c0cbf64ab1763ebf472dd99d174ff73fde76de2f5

    • SSDEEP

      3072:ZBCeNh/pcfnLq3wyXYsKRNRwxz+gT37teucRpH00s:ZB/w4xQWO6

    Score
    1/10
    • Target

      $PLUGINSDIR/Newtonsoft.Json.dll

    • Size

      692KB

    • MD5

      98cbb64f074dc600b23a2ee1a0f46448

    • SHA1

      c5e5ec666eeb51ec15d69d27685fe50148893e34

    • SHA256

      7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

    • SHA512

      eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

    • SSDEEP

      12288:p9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3SH:p8m657w6ZBLmkitKqBCjC0PDgM5CH

    Score
    1/10
    • Target

      $PLUGINSDIR/OWInstaller.exe

    • Size

      298KB

    • MD5

      63f5594fcb9d1ebae8cbf66c17c742bc

    • SHA1

      872fe5caca41fbccced6b0102b0e7555c8c96405

    • SHA256

      46251865304dea0996cede10946150bc0555bcd8aae2b8ca9f8fdf14b1680189

    • SHA512

      fe6726ae2f5fd50fa439ca041aa990725d422014829c89de9a938d16cd7498c685210eaf9eb1d79a39b4cbbe0ebc145620509507423a5ee1e823c26ce5692864

    • SSDEEP

      6144:JpFQ9Yd2uAM4TrU96+WejMJKxLhbUV09b1moSIm9l062q2ZSyplfKcV0:JpFQyUuAiqdJMLhedoSF0HSMO

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/OverWolf.Client.CommonUtils.dll

    • Size

      645KB

    • MD5

      4f15fc4110b434e0acdbdc0eb12f556c

    • SHA1

      a7aed9172dc33ebf25b1d2d6f936faab142fb4be

    • SHA256

      eeda9b734f93a155691c2266e6d520ce0053ef5f68a58dbe85edea9b4ea02476

    • SHA512

      f5b84e3455f53efd7dfdd44132cc6dad4f2d8e86072884c07bd87edf6388d9bf8ebb6c989f5008ef0d6e563102bcbbee7d67a0f97e63d72aa60c3a3738725671

    • SSDEEP

      12288:7IbQtrEX3NLbDwsgPInGqNIG/IT25SMLE:iNM/AnvoTFMLE

    Score
    1/10
    • Target

      $PLUGINSDIR/SharpRaven.dll

    • Size

      80KB

    • MD5

      152c32ff32fc64cfa678f84097340411

    • SHA1

      69ffd617f0ee368fb4b9f562bd929e88c654a280

    • SHA256

      31150f5ef648fee33489cbd0b57a09f8df4d012873e7a1e2e7d10040afd94102

    • SHA512

      04584054efd36daada02b73c2f82f2d14a7f7c7c4833e110a1990b75f2dc55aa1f45ea13fe66985a2b5899326544cb57b8c26f0f4b0ab19591649c418ac322a9

    • SSDEEP

      1536:9a9qjviI1YjOrfRK9bvyyfpHbnzDwkk7PO3hQ:9EuqI1lRKbvyyB7nlkt

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      7399323923e3946fe9140132ac388132

    • SHA1

      728257d06c452449b1241769b459f091aabcffc5

    • SHA256

      5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

    • SHA512

      d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

    • SSDEEP

      192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      9301577ff4d229347fe33259b43ef3b2

    • SHA1

      5e39eb4f99920005a4b2303c8089d77f589c133d

    • SHA256

      090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

    • SHA512

      77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

    Score
    3/10
    • Target

      $PLUGINSDIR/app/cmp.html

    • Size

      5KB

    • MD5

      d7b8b31b190e552677589cfd4cbb5d8e

    • SHA1

      09ffb3c63991d5c932c819393de489268bd3ab88

    • SHA256

      6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f

    • SHA512

      32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310

    • SSDEEP

      48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG

    Score
    1/10
    • Target

      $PLUGINSDIR/app/index.html

    • Size

      20KB

    • MD5

      2822a4d01b4f0d0299207626845c6ce2

    • SHA1

      a02ca32d5eb26ea382692acf4973dbc3b230dfd0

    • SHA256

      1f16a65e36c0ee3ec05c4478b12552e89b5ab5cb4863e69823912ee6c429161b

    • SHA512

      9f8fd6a8f8a6c915a3c826b66cdf6d5e49a920c5cff9f71ce09d9f8009177a8a9ace886920575b5d14dfca2d6a0f275851162d6b206aa65cfb75bba94e86571e

    • SSDEEP

      192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8G:+WNaM8UnbjPkZ9+mppH3

    Score
    1/10
    • Target

      $PLUGINSDIR/app/js/app.js

    • Size

      22KB

    • MD5

      715d53e963a034a3721aee76d1c4e8f6

    • SHA1

      4643837ab7d2249fbda6ed23d025ef738cfa6317

    • SHA256

      5b8ab6d562e131159c89eebfc2f665a4a496c8621ef34efcabf7b0a9e1e85b1c

    • SHA512

      15018563724d17dd22c38daa51c8208286f81e8eea6784ff70f46d81cb3385635b688ccd775734f0e4bfd086189c5db721f2bb76daee4e6d6aad02075e44dee7

    • SSDEEP

      384:4X+acDQFcljKdZGb9plmt902wjI3A4vnzwF52xxYRifG6wXR3FGHWdMxj8T:0+acDQ+lOdEbdmXH3A4vnzIAnGifG1X9

    Score
    3/10
    • Target

      $PLUGINSDIR/app/js/block_inputs.js

    • Size

      789B

    • MD5

      b5b52c92b90f4283a761cb8a40860c75

    • SHA1

      7212e7e566795017e179e7b9c9bf223b0cdb9ec2

    • SHA256

      f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

    • SHA512

      16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

    Score
    3/10
    • Target

      $PLUGINSDIR/app/js/libs/cmp.bundle.js

    • Size

      324KB

    • MD5

      1de143ca1babd3c02744f478c8c05c5f

    • SHA1

      ac918b3d2d5f9cbd9e3b3f5e075ce3c96eec16b3

    • SHA256

      7fbc3a088ec303143109e0c1b2c04f4c5a6e450a2d6f3071fefb66e92f643ea0

    • SHA512

      6e419e11f35a3258124127970961907ed8fe0619f618a4c15542ee7f8a01a9f4a7af4d290b634444d21b823ca1afea65f97d5788fff6665d55c2231214edff24

    • SSDEEP

      3072:LWYyrzt6yrtky1UDtDkNdAOoSPGYTckZtVPuuXheQ:oF6yrKD5kNYYTcIp

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
4/10

behavioral2

persistence
Score
5/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
4/10

behavioral14

persistence
Score
5/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10