Overview

overview

7

Static

static

3

Ravenfield...CO.url

windows7-x64

6

Ravenfield...CO.url

windows10-2004-x64

3

Ravenfield...OM.url

windows7-x64

6

Ravenfield...OM.url

windows10-2004-x64

3

Ravenfield...64.exe

windows7-x64

7

Ravenfield...64.exe

windows10-2004-x64

7

Ravenfield...86.exe

windows7-x64

7

Ravenfield...86.exe

windows10-2004-x64

7

Ravenfield...ld.exe

windows7-x64

1

Ravenfield...ld.exe

windows10-2004-x64

6

Ravenfield...ss.dll

windows7-x64

1

Ravenfield...ss.dll

windows10-2004-x64

1

Ravenfield...rp.dll

windows7-x64

1

Ravenfield...rp.dll

windows10-2004-x64

1

Ravenfield...3D.dll

windows7-x64

1

Ravenfield...3D.dll

windows10-2004-x64

1

Ravenfield...ty.dll

windows7-x64

1

Ravenfield...ty.dll

windows10-2004-x64

1

Ravenfield...ib.dll

windows7-x64

1

Ravenfield...ib.dll

windows10-2004-x64

1

Ravenfield...ed.dll

windows7-x64

1

Ravenfield...ed.dll

windows10-2004-x64

1

Ravenfield...ri.dll

windows7-x64

1

Ravenfield...ri.dll

windows10-2004-x64

1

Ravenfield...re.dll

windows7-x64

1

Ravenfield...re.dll

windows10-2004-x64

1

Ravenfield...ml.dll

windows7-x64

1

Ravenfield...ml.dll

windows10-2004-x64

1

Ravenfield...em.dll

windows7-x64

1

Ravenfield...em.dll

windows10-2004-x64

1

Ravenfield...ng.dll

windows7-x64

1

Ravenfield...ng.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ravenfield.v24.02.2018.rar

  • Size

    150.1MB

  • Sample

    240613-3sksyszcqj

  • MD5

    baa3447b5ee83acdd70ee6be5488df3e

  • SHA1

    33fa3b77d0598231daadc4ad1166c521ed167507

  • SHA256

    085bbae1b8890fd7cb4afbb4671c2056c037688a04fe84e4a0e0af231bad09b7

  • SHA512

    1500a3711e47d985e8b9f4f214a4d52b3986a08ce1374ec71622e90fd50a33e4c30e559861e490d5bf8440b16f0743d1918a453870344bca7290fb97e9177f5b

  • SSDEEP

    3145728:sKNgPywPMxCnMO6p6NMAHloCuU1Bd/QTTsf3gueq76WKBeTdexJ3R7+D8PZ8o:VNgPjPMcMO6p/AF1vvdIsvDeqmWGeTdI

Score
7/10
evasiontrojan

Malware Config

Targets

    • Target

      Ravenfield.v24.02.2018/GAMESTORRENT.CO.url

    • Size

      196B

    • MD5

      22418db266e93f3d2325a86817a6fc09

    • SHA1

      56fad950b78092feccde4d2d8eeed9eca7eaafca

    • SHA256

      05658194e8de811116b86d073fbf95d0831f8a05b26e97908a44cad5cd8470af

    • SHA512

      9bbe646d3254d769df6e53e884a0a717c8ea68e2b47ff647aa4382f66c597b22f950c1a7d2be9a2a0720506c7964eb4912f22a7c1e02ae6a48bdc13756195a33

    Score
    6/10
    evasiontrojan
    behavioral1behavioral2

    • Target

      Ravenfield.v24.02.2018/IGG-GAMES.COM.url

    • Size

      198B

    • MD5

      e4aeaaca90fce67661f114822a05821c

    • SHA1

      383566802ada60fa79899fafd8965787165cc9a3

    • SHA256

      6626bfe6c288b998647273217e711fc913371597756601d88b4352a57215d591

    • SHA512

      6c53520d70d03ef00526648fd282b83b4faa21d8784aa848682fc023df0173142403723c2e932590d53cb1ff5439b63cc20cc640333c0e646952855436c7282c

    Score
    6/10
    evasiontrojan
    behavioral3behavioral4

    • Target

      Ravenfield.v24.02.2018/Redist/vcredist_x64.exe

    • Size

      5.4MB

    • MD5

      cbe0b05c11d5d523c2af997d737c137b

    • SHA1

      027d0c2749ec5eb21b031f46aee14c905206f482

    • SHA256

      c6cd2d3f0b11dc2a604ffdc4dd97861a83b77e21709ba71b962a47759c93f4c8

    • SHA512

      75280d721550c2fa19b4f8d42b87d2fc6017f42709d84d2162c7330f7a0338bbd72cdc3f78626b10edcc602e2d22b174039254824334b3173d0ea48b3c06d1df

    • SSDEEP

      98304:hsPj6quMcylIpk4nM6tmMUrfvEP0hcKju9Z/lTPU8UBHBKNpr1w36ZyY:+PjzDJ4M6tmXDsPKi1lTPmHipJwqL

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      Ravenfield.v24.02.2018/Redist/vcredist_x86.exe

    • Size

      4.8MB

    • MD5

      cede02d7af62449a2c38c49abecc0cd3

    • SHA1

      b84b83a8a6741a17bfb5f3578b983c1de512589d

    • SHA256

      66b797b3b4f99488f53c2b676610dfe9868984c779536891a8d8f73ee214bc4b

    • SHA512

      d2d99e06d49a5990b449cf31d82a33104a6b45164e76fbeb34c43d10bcd25c3622af52e59a2d4b7f5f45f83c3ba4d23cf1a5fc0c03b3606f42426988e63a9770

    • SSDEEP

      98304:TsPj6quMBYyuSFOMKykvYgS/ylTpHufHMpPbOZ39c7T3eeom2vJtPShg:wPjzayuSgMKykQgSaTkvMxEYT3OfPShg

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral7behavioral8

    • Target

      Ravenfield.v24.02.2018/ravenfield.exe

    • Size

      21.8MB

    • MD5

      4f49037083338bd9deba72251f528930

    • SHA1

      302dff72085d2b083d0b1e49489bb46b4d3e82c8

    • SHA256

      b933dd4186a8870483a898b09104feb4f8ffc3b2b28f30a487f178db29d8e90c

    • SHA512

      5abd249ca57668f44964e28cb473b90ce4592b018c8f09fb77afb09d0211c7a27fcd7c3b55b33c5af3390dd615bf6e8da5388e378fffb63b578697978dbf94e8

    • SSDEEP

      393216:2RsT2XkPlzmI2v2Bv50xuKT02CMREcJZ0FkWYe1oTqXVVs:6tBWoTqFVs

    Score
    6/10

    • Drops desktop.ini file(s)

    behavioral10behavioral9

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/Assembly-CSharp-firstpass.dll

    • Size

      427KB

    • MD5

      fa2b1386eeb12d348a24ec4c8f29a916

    • SHA1

      3d53d5761f07639df39426eaebd263a516033baf

    • SHA256

      5b6826ff520277b558dd4277ec4d101b44448447d68d113aa6301511e80b60d6

    • SHA512

      934eb02b649e376e61874ed8c09745068fa20bd30f9e0a358c0db4532ad0695577d9dd22d697c047d29da2ef63b9d0c03b3d4ac4faaeab0f512fac1526f36514

    • SSDEEP

      12288:wPGDj7pQYoZYoTUaE/CQIoMELXfozj8rFfx1sosLsrS:wPGDpQYoZYo/0pLCj8rFfx1sosLsrS

    Score
    1/10
    behavioral11behavioral12

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/Assembly-CSharp.dll

    • Size

      1.4MB

    • MD5

      25857e589040164fd7d1e3f0a52f17e3

    • SHA1

      18a8531eabcf9bb8544882fb7dabc262771a3c44

    • SHA256

      680de62b034fa307c335e1277e0d8a2520538842faf4999bae0a394a65e909f2

    • SHA512

      28b0bbd1cede9ffd84780d04ac1588c5a11eceb01c4339e354211952f55e7e05110ce2e5a0b04319d713c03390cf304e919e8ab52a386981a4ba0335ee66cdc6

    • SSDEEP

      24576:30iT0ITsREI09vkGV9sH9MNUet3QLXVdM4ZV7MkLqFTym:30iT0ITsuLh4ZVST

    Score
    1/10
    behavioral13behavioral14

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/EasyRoads3D.dll

    • Size

      154KB

    • MD5

      5f7e7b2dca72d8878ddbf98fa8803d2f

    • SHA1

      ab36a221132ddf474e6b6aa2379adb0278429289

    • SHA256

      3c939d12b0c5b64daa16e36b076c217fcf8f3e25a9d4e177496dc81b3b8394f0

    • SHA512

      f3487cc424a729db026e25737916387c1316b20bc2fbf0fd00142d43049669a10b5f38ae12ea4562e02ee074150d6c0ee8998735ad8f265d3d871eff33c5ba64

    • SSDEEP

      3072:8dW7bXqIbg/n/+SCSzSg+dgo+SpwzmbD1gnmWfuTETSRPQF59jipP0U8hK:8dprkwybKTuK9jaPkh

    Score
    1/10
    behavioral15behavioral16

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/Mono.Security.dll

    • Size

      286KB

    • MD5

      78fceae29625570529d5b89af8921cb0

    • SHA1

      9162e48b846e47f1124b07b063432616a85adf89

    • SHA256

      5d2147513c6fe55274665eaad22a53f6a80ad640a9998df9807f9dd736c69db1

    • SHA512

      fe56f1f4e1f09914e29f8d620d91d52f4f1ae9b71db4552f854c07af954bc5edca0f9fb8008eba691850a1668107728c00c4610f75396e686787ff6f1d1f53d0

    • SSDEEP

      6144:uytgJ7SzJWhaeQTVJRj02ooGzsbFNG5ms7h:iB5ceQ502oVzB

    Score
    1/10
    behavioral17behavioral18

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/Pathfinding.ClipperLib.dll

    • Size

      57KB

    • MD5

      e82386bde402a5a775495a0835809330

    • SHA1

      0db566966943f1639e4f78888fa42d86ea264985

    • SHA256

      4651eba68167202db81c212f445e23a2742560d70b605c0b367ad26a4d8dc1b3

    • SHA512

      d91ba121818424d7836299a43c30dd98e6f3d2c63e8447d120f8e798da39dc77396f0d3bb477897637a5e8aa81bc3a4a4e23cc18b67ee315591d6ffcade3073b

    • SSDEEP

      768:MQJOM4nl+NEkkPDUaRaewvtYq+b3rrF4979qXfthmCZWSQP1SpTY6oBRrmiXc3aX:MMmlWpMaSQPApk6o71YOI4

    Score
    1/10
    behavioral19behavioral20

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/Pathfinding.Ionic.Zip.Reduced.dll

    • Size

      235KB

    • MD5

      1bebc6f68d83ae67251378ac7bfd0e56

    • SHA1

      7650b24feee9be0d5227b59c7f2735df6e05f15a

    • SHA256

      481cc0f9a53a9ba94f8ea3fc0fb2a520b41812c2fdc6ab10581751eada743d34

    • SHA512

      7ca948290df3d9f4f58d3bba2f5c2f111d74f6859b0ae145b94b08e288da8d24e863887decd5507e30b3da764f21912862b8536c828e13d5ed191ec8ae070b7c

    • SSDEEP

      3072:cWWdICvUvLYPPC1hLBy6YmkLqY6+xbrzEw/GAJkGnpA4Pel9GS5axw7Bx6W6EKXv:m2Oa1ohEwCspMl9kx8V6y/Q

    Score
    1/10
    behavioral21behavioral22

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/Pathfinding.Poly2Tri.dll

    • Size

      35KB

    • MD5

      dcda1343c31e6ebf82de68348724fdc8

    • SHA1

      acc2479a5b56c71e2c95cd7cd2b8a75412f1c908

    • SHA256

      6d37c20001d050b2bfd5071d64ee19f7fd7415e021e8122f1e9070613e4d570b

    • SHA512

      7338a203d9cc6f1c98a712421ac715d2b0103b458fac40913922c2e6c2208f8f83f68b728483eeb4bb846a0f0d5ea803d81f8d4dcc6ed3b9ad391ad8eac68e85

    • SSDEEP

      768:cqqQEOxqB+/e1e6xucfffffffffqazvtFhpTePe6Hl:cqpxz2o6fffffffffbtFWPeml

    Score
    1/10
    behavioral23behavioral24

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/System.Core.dll

    • Size

      259KB

    • MD5

      136bdab614828fddcdbf46a92284bd21

    • SHA1

      c295e3436fd6462acd662d3ff1302de354e9ea20

    • SHA256

      b57e480f8153a8bd2c4f6c665192153fe6d38faa2a62e31fc26590376b037d1c

    • SHA512

      f7444212d2153b63a218a9d5e9d88e2e15e1987ea133b978896b4ec9986d35abafcc4720207c2ae4846704b42862cffa4c9be04c31f826bff552cb08d2379887

    • SSDEEP

      6144:3pmYcnyyZrWiXZQOct0jaUDzLH8AhY3qJKV3I:3cnyyZrWiXbct02UjvhWqJ

    Score
    1/10
    behavioral25behavioral26

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/System.Xml.dll

    • Size

      1.2MB

    • MD5

      6da4317e6a12f4a543439017834cc119

    • SHA1

      b1a8cf80a4c34199c7131ec05a37be8fc80efaf1

    • SHA256

      314ddea3dfeed985c49824cc9ff6de52ef5b89ce07a870c2e2c4732bf1b9aeb5

    • SHA512

      761f071bd9be701a6e737f9836f48f3acf23eb2eaf196b3a84bf84cb56bb2b790471a7bc8b591c70d3cf0ea124197165ca4a9b334e4cf7467cb19c305b7e0b35

    • SSDEEP

      12288:PnDZg/nOqY0eFICO72v+FGm+gr5tsJ1S9BUmJ8t+S32b5jB/2Hp9acxRwKmRB2:PnDIOIeF22i+gMJuBUmJ8IPBAx6r2

    Score
    1/10
    behavioral27behavioral28

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/System.dll

    • Size

      1.0MB

    • MD5

      57815c2608e5b5c5a47ceedea16e4792

    • SHA1

      eddb2ccfeca9b4c850301880cf967250b0b3d9ba

    • SHA256

      d65421ac111058b0e1b28a2298268d8f6b86d8f6bbf033e26f4f76b26bd705f2

    • SHA512

      680f2762a6906f7f88672f9dc4033122efcc9235617a586863943dfd4a4114d5aa7b922277ea56274ef173de9717c80cd19e18dab45a0e958bb7e53e6fce3a54

    • SSDEEP

      24576:r4zHCT4+QWd7pQLHJ25wlEb7pkaJ4Vg+nxSHQsAn2rJG8wAFPGKSW:raV5j2rJG8wAFPGK

    Score
    1/10
    behavioral29behavioral30

    • Target

      Ravenfield.v24.02.2018/ravenfield_Data/Managed/UnityEngine.Networking.dll

    • Size

      248KB

    • MD5

      dbd9f16d77475776725c668d30e52733

    • SHA1

      93ac6c33859f1156f96536b2208972c0d8681fab

    • SHA256

      40d978b09d93a97693a747ef8c92a075b682b80a681cbf3ce06ed4d9d3ddc18c

    • SHA512

      3b84f1bbdb7c53091dfa3b74c31be381900f53ad09d1b12924fee55640e8bf1c9bf7ee403aba2b45b9ff01510f2d39074e00303b1d9fa8f6079b1c54bafee11f

    • SSDEEP

      6144:EpQd4JqyX+Azoq4ZQXjylE1q8BHrLpTurT4NgbdVPU:EpQkFX+r7WXjylE0dVP

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

9
T1082

Query Registry

5
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

evasiontrojan
Score
6/10

behavioral2

Score
3/10

behavioral3

evasiontrojan
Score
6/10

behavioral4

Score
3/10

behavioral5

Score
7/10

behavioral6

Score
7/10

behavioral7

Score
7/10

behavioral8

Score
7/10

behavioral9

Score
1/10

behavioral10

Score
6/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10