0b96d9af471c99a3672ca155220fc5cb453fc587ed69b68adc0d6d568af0a9d6

Resubmissions

16/06/2024, 18:21

240616-wzfn9avhrn 7

16/06/2024, 17:48

240616-wdm67s1alg 8

Sharing

Copy URL

Twitter E-mail

General

Target

MTS_Remoteplay-install-win64.exe
Size

140.1MB
Sample

240616-wdm67s1alg
MD5

bddf7baaf20b9f7dc584b47addfa77ae
SHA1

22e2e824aab479111f4815527ec466e6f1a525d8
SHA256

0b96d9af471c99a3672ca155220fc5cb453fc587ed69b68adc0d6d568af0a9d6
SHA512

a5c9be1425a809c23f80b45b8b10b76c95df7c27037b7d7ff3afabb0ad621f1067740bd820b93794580a988db570515f49b40889658f0f3a03b9c9a8d83996b5
SSDEEP

3145728:vIATPSb+p0c373VuIigW6SKAACRVGq/SEs4egGAQ3M2MdRc:RKb+0c38ZXfYD57jAQ3Mbm

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  MTS_Remoteplay-install-win64.exe
- Size
  
  140.1MB
- MD5
  
  bddf7baaf20b9f7dc584b47addfa77ae
- SHA1
  
  22e2e824aab479111f4815527ec466e6f1a525d8
- SHA256
  
  0b96d9af471c99a3672ca155220fc5cb453fc587ed69b68adc0d6d568af0a9d6
- SHA512
  
  a5c9be1425a809c23f80b45b8b10b76c95df7c27037b7d7ff3afabb0ad621f1067740bd820b93794580a988db570515f49b40889658f0f3a03b9c9a8d83996b5
- SSDEEP
  
  3145728:vIATPSb+p0c373VuIigW6SKAACRVGq/SEs4egGAQ3M2MdRc:RKb+0c38ZXfYD57jAQ3Mbm
Score

8^/10

discovery
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  ece25721125d55aa26cdfe019c871476
- SHA1
  
  b87685ae482553823bf95e73e790de48dc0c11ba
- SHA256
  
  c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
- SHA512
  
  4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
- SSDEEP
  
  384:EXsC43tPegZ3eBaRwCPOYY7nNYXC06/Yosa:EXJTgZ3eBTCmrnNA5p
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  d070f3275df715bf3708beff2c6c307d
- SHA1
  
  93d3725801e07303e9727c4369e19fd139e69023
- SHA256
  
  42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
- SHA512
  
  fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
- SSDEEP
  
  96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  2f69afa9d17a5245ec9b5bb03d56f63c
- SHA1
  
  e0a133222136b3d4783e965513a690c23826aec9
- SHA256
  
  e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0
- SHA512
  
  bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926
Score

3^/10
behavioral5
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10
behavioral6
- Target
  
  bin/7za.exe
- Size
  
  722KB
- MD5
  
  43141e85e7c36e31b52b22ab94d5e574
- SHA1
  
  cfd7079a9b268d84b856dc668edbb9ab9ef35312
- SHA256
  
  ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d
- SHA512
  
  9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc
- SSDEEP
  
  12288:AwAxBpwU5gU+2/9dB5XlH1YAEa5OLW0TjLWG3rn0Yf5ogmn9X9Rf6TIALr22DIVM:AhY2gUfVH5XlVYzagW4/3rn0Y5zmzRfq
Score

1^/10
behavioral7
- Target
  
  bin/ViGEmClient.dll
- Size
  
  141KB
- MD5
  
  a0e608ea48a760aa42c1094fadf410d6
- SHA1
  
  6a2e787a88fb67603ed12ed507e8618ff5a72e18
- SHA256
  
  b38131724395ef708bf0d35d685e17a98d0cf5f2bd1a22cf685b40f52cb2ef94
- SHA512
  
  5037b791a475f480b62fe0ac297cd641063d75f562e62c8d2a9a1688fd542e0f009f3f451c0018704b8ee69a6b3a70455971ca3eb2d598ee97f169146975b5ef
- SSDEEP
  
  3072:uvrwRZN2j3aCt2A8klXXgj79yj9fQvGeFF6qylGbn:srgT2OCoA8Ony74jCjyl
Score

1^/10
behavioral8
- Target
  
  bin/archive.dll
- Size
  
  685KB
- MD5
  
  af4d941028a57286f49f45bb8fce693d
- SHA1
  
  029821511b016e81b8c8917f9a0147b6a65f1f83
- SHA256
  
  6d085148f96a0fcfc608aaf15043d43c24b99eeebc7e72c46b1fd302326d731a
- SHA512
  
  90026ced3fb7e9e7e66e6c7ac76700235604e56139d7f0cc616668a7e6c24d3f09df800b5ae6ba95424192c973136383fc70306553047b7aae9efe0012c01cd3
- SSDEEP
  
  12288:9UU7YRyCZVoUFMxt1M0OIkNK6C4FshblBcGykir7Wy4UkKc9U:9UU7AyCPvMxtnOIkNK6C4FshblBcN3J1
Score

1^/10
behavioral9
- Target
  
  bin/locales/mr.pak
- Size
  
  711KB
- MD5
  
  fcfe7bcac015436f3d6a42ee7b3dd8be
- SHA1
  
  bedf1bf734e06170dadacc91de84d73449d1650b
- SHA256
  
  4e619bc0707775df00e5fa559ceb129119ff7d3543b0ab8e6c292cfc8a391e51
- SHA512
  
  ca59d82ac35c5d5d8e876474b7ad60976b1e50d15ba09d150a190bfbdcae6443586e0b8d811ba495ab78f62c64635081b3f8a01f287dfd78929436ca2e41042a
- SSDEEP
  
  3072:uTz6Z+SkwcBygqM/ykSp+UXOzQiTuB3RJBvmmi24Vf/8mHwZNYZj/kqJJb6pyXIy:qzoGRzqM5EIWqzmvB5gj3
Score

3^/10

execution
behavioral10
- Target
  
  bin/lz4.dll
- Size
  
  119KB
- MD5
  
  7b01c2d501f8b45b63e893cff04d9b06
- SHA1
  
  6dd8e5ef1edc4bd457ae90df716897743e67df98
- SHA256
  
  b412e4a8fbcfe22de67d95226da4edee8363d652733e023f988d71b641981cc5
- SHA512
  
  cf5fa34f3ae8ac805b6c536a6f39a7c8373d45bd5b1de8064287efda878695f409120ac253b092b71aa3071ce839597709427622e204fdf834db2c296c3607e7
- SSDEEP
  
  1536:W5ipvnkO7ncXe9R1e1VRYee/SpAsqXc8EiVAkqc4wSZpA6LQhz:Wl4HR1CVexjScWZpA6LQJ
Score

1^/10
behavioral11
- Target
  
  bin/miniupnpc.dll
- Size
  
  47KB
- MD5
  
  af874436666b59001604dca3d512a62d
- SHA1
  
  6ce884d6a80da119ac3def8a78df846d3e55c825
- SHA256
  
  841ab2b6ef5f1666cec870d4eea90f13872f25c5b7cdcf695d081728f974fd1f
- SHA512
  
  c112a8994cbce5e06f6be9726dfe29d6be7df2257a66e04b424c3556688728030e84d407fe1cad7b166969fed2c14d549ba75a24ccd9e5c09e3cf3b3d208ed11
- SSDEEP
  
  768:XF1LoYqNCO1j0i9PWnu+Yu8FlNFq/nHqo9sblnwwj2zTBtBqJwcLAH4s:vkLiu+D8FlPYHqo9sblnazTBtBqB8Hj
Score

1^/10
behavioral12
- Target
  
  bin/msvcp140.dll
- Size
  
  561KB
- MD5
  
  72f3d84384e888bf0d38852eb863026b
- SHA1
  
  8e6a0257591eb913ae7d0e975c56306b3f680b3f
- SHA256
  
  a4c2229bdc2a2a630acdc095b4d86008e5c3e3bc7773174354f3da4f5beb9cde
- SHA512
  
  6d53634bc51bd383358e0d55988d70aee6ed3897bc6ae5e0d2413bed27ecff4c8092020682cd089859023b02d9a1858ac42e64d59c38ba90fbaf89b656c539a6
- SSDEEP
  
  12288:rSTTigI46Bb3SUPvRgrKtzL4oaQEKZm+jWodEEVPLwtQB:rUStZaQEKZm+jWodEE9CQB
Score

1^/10
behavioral13
- Target
  
  bin/msvcp140_1.dll
- Size
  
  34KB
- MD5
  
  34a0ee0318a6be3f4a17826e5c17f8e3
- SHA1
  
  5b252d10138d6666892ca9da1e1d95af24de1097
- SHA256
  
  91cd05c16c61c39788c47434602a59c17f5b08dbb3eee04ce85f8d5b70e8e604
- SHA512
  
  ffd28202e3dd91b89b7d3161f33243e52e8a0b59d31d917c3cd0005c1e97cc818d1ebba9a4971e602164d31b42448c8fef8d0204618ef4134255876c7bd7fe5b
- SSDEEP
  
  384:zLjh/2cARG7SIXvQ7Q9Ra09dSvWcV5gWWBCSt+eiBHR9z12zfq5yEFHRN7m3hR9i:XlWRGu7QHa0PSxadQr9zjgElmb9ze
Score

1^/10
behavioral14
- Target
  
  bin/msvcp140_2.dll
- Size
  
  262KB
- MD5
  
  0c462afe7502e3646086ea7783022c11
- SHA1
  
  b5a6f2d00b7903cf8f4d2ff26980e2ae612ade1e
- SHA256
  
  713f17b253d802d283d306ce75647e37d83a546aeb1a881e5d9e529e856c007e
- SHA512
  
  6b30815c46bd54778e649aea48f8de64b4b7c49123060737a0cbdb13888669672aeef244a1e16c7c8c8e0d1d2a480309f30d51d2ab11c4debb3ea67f9337e0d6
- SSDEEP
  
  6144:qwJ2pjLMT2arwMnwn3Veu7nqZC9JF7WYuWix7ZA:WaTQ3Veu7+cvWvW/
Score

1^/10
behavioral15
- Target
  
  bin/msvcp140_atomic_wait.dll
- Size
  
  49KB
- MD5
  
  087850398c58be95af0e02b1a31389c7
- SHA1
  
  a42f044fa0d210d7e96078e2d6ffe0753afd387a
- SHA256
  
  aede4ec454a82f146eb4a721e616e2086870107d88aabc6b0bd1eea0a505d935
- SHA512
  
  eb4b035ad1a7750b213a8d7ad4d026a09bf2e2a934c60434c43176565e24ccdeec5fcf2c8a9b693021be435a64d4682b951622b4037f444f4ed32db8b3669267
- SSDEEP
  
  768:ARLBFm+JiM2IvD2FaXcMOz3d32A29zkkgElhFT9zqEC:gaSDYaXcxz3dGACzTZhTzDC
Score

1^/10
behavioral16
- Target
  
  bin/msvcp140_codecvt_ids.dll
- Size
  
  31KB
- MD5
  
  504886fe5e0e0f37c17382d7d3fd9ead
- SHA1
  
  63adee20e54004187275ff6020e81eed3a3b17f7
- SHA256
  
  d52d349fbbe6abc61965c07e04cc82d8ee0cea1de7faf90a838964e3f40acedd
- SHA512
  
  edeb344b5a3413073a8ac93a5f10f665ac72ad1eb8749911abd9909e62a2ed97db7a8ede56b4427a1cf18683a277a3a4d09a4facd7e046af23ccef93b588de46
- SSDEEP
  
  384:14DgvZaspWiLEW9xtSt+e4klR9z3Fo7dMA/NEHRN7TlnREpcR9z7en6:AgvwE7xU59ze7d9ATtREpw9zT
Score

1^/10
behavioral17
- Target
  
  bin/resources/notification/index.html
- Size
  
  303B
- MD5
  
  8c14e24c8a9269edfd98e2f0870679e4
- SHA1
  
  f1b95772aceb7c2f8c9ab61389fc3706162cd78f
- SHA256
  
  dbb88e598b30825ef64ff8e70240303e6c6954e3acb19a983132e521f5362371
- SHA512
  
  93787e9332224e921f82f036dcdb840814f5f99d09755d3f1320b259627f133c71582344c7edeefb0b55802378edc750fccb04cc0cc1e090a263b53904420804
Score

1^/10
behavioral18
- Target
  
  bin/resources/notification/static/js/main.905537bd.js
- Size
  
  213KB
- MD5
  
  ded79f7c8ce76096b88a6bbffabe177f
- SHA1
  
  dbba7dbe9de5d288db32c3e1c61d6460e0b1bcd0
- SHA256
  
  b812522087b75ed9d5ec64bffd86f2d13cbe2ee517141af2181bf5b1d65e8a80
- SHA512
  
  f1755433f9d85864809f6cbf8522171dacabac8d62164d9a985c15e7cfc32180d2e302bd9eb7e9702c453366a2a53300b391ecf9769e7f5d250d83bf637644d7
- SSDEEP
  
  3072:r4heWo/4/i3nDg48qyTPHzFwJBeassTYOfXNu:rvWh/i3n78q4PzHaswXI
Score

3^/10

execution
behavioral19
- Target
  
  bin/resources/static/js/main.dd7c58ec.js
- Size
  
  2.4MB
- MD5
  
  4290aa4f467d10abfda5cc71b3825dc5
- SHA1
  
  6510c52b4b3a11672af75ea350c4f1e2e5cb9e0c
- SHA256
  
  53036e81899ed6a58b4183aae8b94404a226d98d7ed200bd2044b5c85804a308
- SHA512
  
  38318c56fcf5081b095ac34f062342b4fc5a5939fe30b074e8f700c1b9074dae584aabb3dd6c73123477b8a7a74c40b083b038d315535872a2206abf62d59e58
- SSDEEP
  
  12288:M4XJ1eOFcCNA79W2rOkThdf6aor7hnCwPQlP2oTrwWP6dDm:nzemcWA79W2z3fQPhCwPg2oTrwWP6dDm
Score

3^/10

execution
behavioral20
- Target
  
  bin/sentry.dll
- Size
  
  256KB
- MD5
  
  046619d5829f595b2b46911e2787f132
- SHA1
  
  9d232bb49f22f613215d5d3d264acb01904b7003
- SHA256
  
  3d6e212b10e60272d5da55ca4a05eb466857c678313ffedc6de4ff18ff76ad92
- SHA512
  
  c28e2c1f604b13069c2f017657d7f7a9bb830a8395159881f7b07b49a34118b240a9fcbc9cf30de27e51fe03e100324fa22b2f29f02c49c627bd9b8394a2b339
- SSDEEP
  
  6144:faHNOk5t6HIUQWZYKCtya1aM8jHECIdy31g:hk5t6o3MYKCtya1CEnG1g
Score

1^/10
behavioral21
- Target
  
  bin/sqlite3.dll
- Size
  
  993KB
- MD5
  
  d7a776918bef07f70e40c856b626d2f2
- SHA1
  
  bb805727653ceeb21df93408a0d1579620958b9d
- SHA256
  
  775956f59c74b0552687ff5f55e4e8a4def6dd8b7fe4606ef71f735d1ade51f7
- SHA512
  
  3e154a236e21b12e5173096505259da8dd366d0c789647000d95f23ec5a6abe4288b0b7b560c3c6ca6f72338aa18c04475e1d04d6705167be070dc94ba00140d
- SSDEEP
  
  24576:o3AbW+HakZUvLr7SRa1HMw5FSVjI7tV9vVsgTk:hauUvjSE1H75FSpI7XFVTg
Score

1^/10
behavioral22
- Target
  
  bin/tesseract53.dll
- Size
  
  2.6MB
- MD5
  
  8c966b189578e9194693cf9afec3c9ae
- SHA1
  
  7a3cf1c0f361f88bb6bd19d62d84ecd6f68ba961
- SHA256
  
  ecba64c9a8a00abc4ca9a4f37e43f8ff2104a9834b7369c744ea5586b4c6f8f2
- SHA512
  
  c608f93c24783e05c0b338dc85446695794c374e11f50245ed4406a35a8a327d2db4465432cc8d8bd5afc6d98d869384a086482e520ddc30652c70934c8c39d9
- SSDEEP
  
  49152:zmegvCeZDX7KR0QgL2fce6/Z7IV7XJD2a2Cilcyf5UutlX26VHWk+n:Siro/poJ2PcEfJ0n
Score

1^/10
behavioral23
- Target
  
  bin/tiff.dll
- Size
  
  447KB
- MD5
  
  701de7ab05d4d606c65a99ad7e4a2bdd
- SHA1
  
  cabe9f93f797d2cee317de27d3a016596e0d924c
- SHA256
  
  fc5b98caa340bc743c5908faead7a19bafb87c9c568b93304f0e572008b693a8
- SHA512
  
  92ee45a1cb2bfadfb915d329ec656a665af590480274f0777f12ba2ddd67b77c731da14b3a21fd18095e6cb346348676adae6ff134bd089f300d2078d215907e
- SSDEEP
  
  6144:6VZy0r0nGDpPRHj6wdtgRGTzjr3bGEEEEEEa0xLI6FhWN2cbvmAOyZui/:6ZDtgRGTzCxLI6FhWNCpi
Score

1^/10
behavioral24
- Target
  
  bin/turbojpeg.dll
- Size
  
  681KB
- MD5
  
  03f89ea655c06ccf2b0e3ca47dc19166
- SHA1
  
  4d04da03ae0c8814da01f29beba7a9a5f9acf249
- SHA256
  
  6063d9dd36e4c3a4695c99c5272e51b97f8e31da1c1339af07db375118d5f5f6
- SHA512
  
  d06fa712e31c21c3b08d120310308c4d5c6fd92c1dcf1f91f555cdbf1bd242e6a16e48f85a016f714cf24c21c1eef945598ecc9d663362551d544d87f817a4f1
- SSDEEP
  
  12288:USUYF/5MiQu7FWwrtPzWoycvhLr6YOEPtXRomUKdBj9w2Me9XBD8+YCdLxVY1Ewh:USUrXpPU
Score

1^/10
behavioral25
- Target
  
  bin/vcruntime140.dll
- Size
  
  117KB
- MD5
  
  caf9edded91c1f6c0022b278c16679aa
- SHA1
  
  4812da5eb86a93fb0adc5bb60a4980ee8b0ad33a
- SHA256
  
  02c6aa0e6e624411a9f19b0360a7865ab15908e26024510e5c38a9c08362c35a
- SHA512
  
  32ac84642a9656609c45a6b649b222829be572b5fdeb6d5d93acea203e02816cf6c06063334470e8106871bdc9f2f3c7f0d1d3e554da1832ba1490f644e18362
- SSDEEP
  
  1536:dI2v39UXigCBs29DdxfggO6vMMKZsY2ofRjoecbdhUwdJTzmZhTzC:diwskD8B6vMMEs5oGecbd2wHT0Te
Score

1^/10
behavioral26
- Target
  
  bin/vcruntime140_1.dll
- Size
  
  48KB
- MD5
  
  2bd576cbc5cb712935eb1b10e4d312f5
- SHA1
  
  dfa7a46012483837f47d8c870973a2dea786d9ff
- SHA256
  
  7dd9aa02e271c68ca6d5f18d651d23a15d7259715af43326578f7dde27f37637
- SHA512
  
  abbd3eb628d5b7809f49ae08e2436af3d1b69f8a38de71ede3d0cb6e771c7758e35986a0dc0743b763ad91fd8190084ee5a5fbe1ac6159eb03690ccc14c64542
- SSDEEP
  
  768:IzzO6ujT3MbR3vXCz6S5Mq83yJ9d3+DuO9zUgElq9z6m:Fq/XuA3o9dgzUZWz5
Score

1^/10
behavioral27
- Target
  
  bin/vk_swiftshader.dll
- Size
  
  3.7MB
- MD5
  
  f4bd43887da9d31529f55f1fe13b0336
- SHA1
  
  4571bcaf8046b42c02bedaacd7f8da6555f3d18f
- SHA256
  
  731c62b7bb06a2567ebcc2d755c4c4fa2e41c8f26f40fab2dfa5c7399d92c17f
- SHA512
  
  22745ac96fe56435faf1462c0eaa2acd86958ed89198d9cc370004820e90d946e10aff53103ae536e6f43eab04b68de79356dd6be4300f8bbb72fedc7f5ff436
- SSDEEP
  
  49152:Gt0XxbKi2Q/N5FQK/SrxUJEtp5/iPeviWKZhYQzvALrAEm5uSR4lQEx6ZbM2ALBH:EyKPet5yofCl
Score

1^/10
behavioral28
- Target
  
  bin/vulkan-1.dll
- Size
  
  698KB
- MD5
  
  76b93b8aebf460026a984cb1737bcb0a
- SHA1
  
  c1056c40fb860f15a36ad2c10aec641f69d7f50e
- SHA256
  
  fdf00870b1c594226c836b11768810fecce5aacf0e3cc8986d646cb96bb47161
- SHA512
  
  eca5b4e4f56d2ad79e31076da2375adf119d70b64a7f92aa3497174123f829a1e12842938ade6a2543675067a512df8b0e6b9610430eb8bc02bac905ebfd1030
- SSDEEP
  
  12288:8WX35iuRDjwgshq6D7rZ8GrviVjH2ku60cYcIf0o+bB/:FZiuRDjwgshfaGrvMjH2slYz0D
Score

1^/10
behavioral29
- Target
  
  bin/zlib1.dll
- Size
  
  87KB
- MD5
  
  9de432f3b7fd2221940d81c31c34241d
- SHA1
  
  94f4e49543d0e98064cb60ab009ae46848971fb3
- SHA256
  
  170d5ad78488c912e2cbc45aff667369876e11d4748ac3b467a7b152eaf34fa6
- SHA512
  
  544d26332565970ff9d11f5e0c62c146367ab0ab68b17fc7c9ae4adb37a9b678cc4815a16b4c78fbf650ba8aeab0a3418fe32ba209d5e3f6def62b6be4421244
- SSDEEP
  
  1536:icAOkp+eoCiaVEfMpRV4YyPwxiIOcIOyLckl:iukp+nCiaefMpROPwxASyLce
Score

1^/10
behavioral30
- Target
  
  bin/zstd.dll
- Size
  
  632KB
- MD5
  
  c1523909477a33d1c3f31cbe403d9c53
- SHA1
  
  0495a6a4955dbca96908ccba326609ca0b2183dd
- SHA256
  
  a00b43fb3e8c039a1d598a283e218b6e8a48f5b616c74b5b6c5198552e0f1578
- SHA512
  
  bf1ab14fdd04c18f48fd4384057d74dd73f28e3335696bcd17e5e8d8c0626898236cbf54796f232b224ff038ad02a8c557e95bd1a291a0d0db01ee10f654c909
- SSDEEP
  
  6144:VT7S/BQ+AvrcSAsGDHPl9JU8DCpbByd4Y8MqGb/wKguVz7Ku079MMzdVghzkugr:VT7WtDHJHDKiTqGbY8Vz7Ku9o6aug
Score

1^/10
behavioral31
- Target
  
  tmp/ViGEmBusSetup_x64.msi
- Size
  
  856KB
- MD5
  
  d8d2cff2eae7f1d956e3f8a2edaf891d
- SHA1
  
  bc33e35ed5d60c492bd6733462bd6cbc19c2cd59
- SHA256
  
  5abbba8a4a07aaaeb50b4666183b2f243e0e5ad288026d2a9f3595ed237c4b28
- SHA512
  
  50d98dd7d81e309cf764da7d40e321270f2e5ebc387d7b35ddb414c2efcfaa1bf302e51d5dfd3fa4cf871a3449705dc5e57466a3e97fdd5c16f5af3cd3051447
- SSDEEP
  
  12288:ks/zRZDhrFD7Pd2w1t3jOZy2KsGU6a4KsBex5VkDSiF:d9ZDpFD7V2wbzOE2Z34Kd54S
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32