Overview
overview
8Static
static
37z.dll
windows7-x64
37z.dll
windows10-2004-x64
3DeltaMAX.dll
windows7-x64
1DeltaMAX.dll
windows10-2004-x64
1Wot-cheats.exe
windows7-x64
8Wot-cheats.exe
windows10-2004-x64
8fmod_event_net.dll
windows7-x64
3fmod_event_net.dll
windows10-2004-x64
3fmodex.dll
windows7-x64
1fmodex.dll
windows10-2004-x64
1General
-
Target
9a39adf0b87b4fd446965cb07c2f5d30.bin
-
Size
2.1MB
-
Sample
240611-dl92tssfnl
-
MD5
9a39adf0b87b4fd446965cb07c2f5d30
-
SHA1
60ea7debc5e1ee140c4bed90e3c626d20d0687c2
-
SHA256
749d40671442c6101b111f1045e6a489d57c54863662d1e74965359fa0cca215
-
SHA512
5dde9f694651b8ee1d26cc8f43f8b8437312f8423f6e1834fee40945ffb82b658e4be19e74621dce9ab209feac7100806eb7e4948d40b00810ad6273629e23a4
-
SSDEEP
49152:+CRIqAh5PCJhXuqTsacGCLMOSzleiuwFcpupEvCP+fMHS:+AAhtJaiMPzlV9E6P+QS
Static task
static1
Behavioral task
behavioral1
Sample
7z.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7z.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
DeltaMAX.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
DeltaMAX.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Wot-cheats.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
Wot-cheats.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
fmod_event_net.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
fmod_event_net.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
fmodex.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
fmodex.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
7z.dll
-
Size
999KB
-
MD5
03221f2c4708e8e8fcd5a5f323a3a6cb
-
SHA1
7b0991f89da28a5e3098532437dd5f6fe23e3ef2
-
SHA256
4ca526634a2336521b6925606f93592cd7dab4db9026c5545bd2b9f2ee365a61
-
SHA512
f757d6981a55b4f21fc0c1f60e1f0d789cfb4f991276d9aa6267a4a6d352b163e36f4275cfc8dbee0fd60db21c4ade735691ae0a71b199f8f70eddfb13312d72
-
SSDEEP
24576:HbxlYZpZ3h8uRvtonDbfmaxEGuqNSauKOdZLs8nKMh1a8B/EsJE:H1leZ3xzonPmCEGpXOLLs8nnvb/EsJE
Score3/10 -
-
-
Target
DeltaMAX.dll
-
Size
207KB
-
MD5
ac3f137ad31c20b1b661b997ad4bec16
-
SHA1
e4d4963e6c9c4e280b15a630e31aaef78809cd01
-
SHA256
e56f85ba896a85f90412a2617aae81c1356ed27a7dbb88bb6452e15268ec070b
-
SHA512
c7428e79a81fe5d6e4ab4d6454bde2aacd825c410063279baa2fbb107d0cd8cd5132cb2a4cfa1922c26cdf7f43decf2455931a7d886130975426785632d3ab90
-
SSDEEP
3072:3glhxQUw5q0AJRsQdnAi/pxpOWmfEiaWjNf563koh4wqW94/Hy7:goUw5q0AJRsQX/p6WgjNR+uZK
Score1/10 -
-
-
Target
Wot-cheats.exe
-
Size
1.1MB
-
MD5
f2ca66c857932e47c470e210650a7acf
-
SHA1
26288e4db05ef91222937219726e529ebfc2c23c
-
SHA256
b6c5495bee3b84ade1dd61200cab3c0a1eef290b9aa38a41a787d1f6cad7d484
-
SHA512
8f45d7db3a147f8d1cb882dcc3ff950030b76c32d35ee822ffd32ca9cf88db4a9c4a0a292c16cf4db0d5f5293b7b610abbd97bf72d63c738ebbd3c1edfee79cd
-
SSDEEP
24576:vFOhlA69AzgGZVdSZWhmYyGXpd0g9rYRim:tqlABzgWqZW1yg9Mf
-
Disables Task Manager via registry modification
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
fmod_event_net.dll
-
Size
801KB
-
MD5
3db3c6427c4ea8fd6380ab794df5dc27
-
SHA1
e63c11a0298c434f9ad2f5cd1d550e6315565aa1
-
SHA256
b8302088866a059baae77294377a6beee2c2b20464b8f9eaff23ed68da631849
-
SHA512
e14dddac96122a8f14f935f983109e90144cde6758e7f56a31ff0ac16504e9860df576603f0d103e49e3ed06ad4d2b7c930cc7639159983343f5600d76e8d635
-
SSDEEP
12288:z+/hyGM2LMjlLiMlx6kOcAYty9QA1CUSGYFpR3ZyUfv3mwsYwUJM:CpyGRL+lLr61cAYty9QAEUf0Rd3tN
Score3/10 -
-
-
Target
fmodex.dll
-
Size
1.2MB
-
MD5
87f4ce368c78c76aa3a7566d65095464
-
SHA1
f303fa29fe99dade38d26bbc767946073e25d8a9
-
SHA256
a56a9ce27d2833e0f0c2c058e20f087bda96b03f06a9b646f6055f4a7448a060
-
SHA512
b121652b06006fe73fbcfd7afee028cf81c2136775033cc997bd1752c666d7ada31b814edfd1d8c26e769170a83cabf530554decf9d36dd76ccdb823e1f24282
-
SSDEEP
24576:DSgQ2+hYImH1Fvs2pcRAIw7lhKiKrcbVUi/4OUs9FRF:DzQ2dImr02pBrKrq/4M9
Score1/10 -