941cc44f629086310dba8c9e96ab55994f230eef6917a2e70ec6c9b698154d88

Sharing

Copy URL

Twitter E-mail

General

Target

RTSSSetup736.exe
Size

16.0MB
Sample

240624-pdxx3s1fkc
MD5

f57c07115788603cf14320f2632f6668
SHA1

28f8643ec2cccaa623f045912453fc299a48f141
SHA256

941cc44f629086310dba8c9e96ab55994f230eef6917a2e70ec6c9b698154d88
SHA512

c89ceff65565872a9b5b4d0d5eee27707f60da8d1dabbfd584ab08703923ec516d085e4da2be9c733b1908402d91b61af05754135715985fa92066691158c956
SSDEEP

393216:qFBK2BtyEcwROqvt3RQVDDdnnao1aQKT0+FTQP28uci:q7BUEcwRdv9RQJxna3A+VQPzi

Score

7^/10

Malware Config

Targets

- Target
  
  RTSSSetup736.exe
- Size
  
  16.0MB
- MD5
  
  f57c07115788603cf14320f2632f6668
- SHA1
  
  28f8643ec2cccaa623f045912453fc299a48f141
- SHA256
  
  941cc44f629086310dba8c9e96ab55994f230eef6917a2e70ec6c9b698154d88
- SHA512
  
  c89ceff65565872a9b5b4d0d5eee27707f60da8d1dabbfd584ab08703923ec516d085e4da2be9c733b1908402d91b61af05754135715985fa92066691158c956
- SSDEEP
  
  393216:qFBK2BtyEcwROqvt3RQVDDdnnao1aQKT0+FTQP28uci:q7BUEcwRdv9RQJxna3A+VQPzi
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  08de81a4584f5201086f57a7a93ed83b
- SHA1
  
  266a6ecc8fb7dca115e6915cd75e2595816841a8
- SHA256
  
  4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
- SHA512
  
  b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9
- SSDEEP
  
  48:S46+/1TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mLofjLl:zHuPbOBtWZBV8jAWiAJCdv2CmeL
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LockedList.dll
- Size
  
  28KB
- MD5
  
  84c93011c323095555fcfcbebab4df83
- SHA1
  
  69d6b67f1d73b9cda8397f8e0748b45c91987bd5
- SHA256
  
  cf1b3d307918e11f4c90888ef65f9cad0302eabf7235187eaad5764646874340
- SHA512
  
  c95008dce262608bee2bd2081d456a98e4a9d2814c0bfdd77c9a74394dd3aca373d57975d2c30be5f9af013772abed0a9b924a4e24e266110821147afa5e50e8
- SSDEEP
  
  768:on7n6hKdgWn9Cb22ryBD3fvMkGksfLqo7B:onWhKdne22ryBDvvMPne+
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/LockedList64.dll
- Size
  
  9KB
- MD5
  
  f982f688c44a109382504be756e54a28
- SHA1
  
  0050bf1d09975c9faa34ddf0cc579f3f611b71c0
- SHA256
  
  fbe4c84d389b32d3646991f0f59c987d5052ecc0ecbaa4da2bbebd922fd3762c
- SHA512
  
  fa0f10819b6a8d6a298a6274073b466ef5756f00e8dc7fdc786e5e0a8fd0dbb2777eb608d213874a92bd0481a363464f2a615bcde9ed3ed13db12ab338a91ae9
- SSDEEP
  
  192:oDe6qk8regn9R+MO2Sz4p/sAMMmsGA/i9MWDqX:oDe6grPEMO2Sz4CAysN/i9Msq
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  6581c243481c0ba91ec1bd9fd93f1c30
- SHA1
  
  b00b7fe38b0dbf5576239a8f62f01df7fb993e5d
- SHA256
  
  72fa1a91185fda8b68a49b9ebb8d5ddf00f899f590d1e657a58c229f9bd0a700
- SHA512
  
  c882c15e1222929369753addb023fe028dd95345c0b29a5a8c0ba00cbdee45f3a7aacafd9d4cdc5fe86e3676ba958abf841801d73361c4630e7f48ab63725055
- SSDEEP
  
  96:g8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/c3lkCTcaqHCI:tZIKXgk+cx6QYFkAElncviI
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  6e55a6e7c3fdbd244042eb15cb1ec739
- SHA1
  
  070ea80e2192abc42f358d47b276990b5fa285a9
- SHA256
  
  acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
- SHA512
  
  2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
- SSDEEP
  
  192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ca5bb0ee2b698869c41c087c9854487c
- SHA1
  
  4a8abbb2544f1a9555e57a142a147dfeb40c4ca4
- SHA256
  
  c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324
- SHA512
  
  363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770
- SSDEEP
  
  96:ojsvUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3Y/NqkzfS:ojsvWyNO81b8pCHFcM0PuAgkOyhIFc
Score

3^/10
behavioral15 behavioral16
- Target
  
  $R0
- Size
  
  871KB
- MD5
  
  0a91221306a3298fba8fd1e0d4be269a
- SHA1
  
  2ecc9696f03fa694aa0ff01e3658bb24e632ed91
- SHA256
  
  7865c3e4003778ced6aa3ebcb7fad83421a45a13eb43ea2a5ba303d8e479a4b7
- SHA512
  
  01885ebb32e0b4ed703341bc083f721393ab2ac1663ac3aaefcdd31990bca4a103e88afb631041bf1a565cb328fefbe8d60e1463f19f9d33f0b0b1affda64045
- SSDEEP
  
  24576:huBpXNDkxDRsX1sUsJ7mq/ZBx69v9IbzehK9Ko:hqBNgJ7D29Ibzec
Score

1^/10
behavioral17 behavioral18
- Target
  
  Codec/rtvcvfw32.dll
- Size
  
  871KB
- MD5
  
  0a91221306a3298fba8fd1e0d4be269a
- SHA1
  
  2ecc9696f03fa694aa0ff01e3658bb24e632ed91
- SHA256
  
  7865c3e4003778ced6aa3ebcb7fad83421a45a13eb43ea2a5ba303d8e479a4b7
- SHA512
  
  01885ebb32e0b4ed703341bc083f721393ab2ac1663ac3aaefcdd31990bca4a103e88afb631041bf1a565cb328fefbe8d60e1463f19f9d33f0b0b1affda64045
- SSDEEP
  
  24576:huBpXNDkxDRsX1sUsJ7mq/ZBx69v9IbzehK9Ko:hqBNgJ7D29Ibzec
Score

1^/10
behavioral19 behavioral20
- Target
  
  DesktopOverlayHost.exe
- Size
  
  76KB
- MD5
  
  7057cab5e1d3d38d3d5a1f8f2f0cd7ef
- SHA1
  
  fa9d1eb814552f2dbfa4843f25cc6403e423473d
- SHA256
  
  d594b3870d81ffdcbda2cb630061cac915d239e921b4af7bf19c4fcb26ffceca
- SHA512
  
  d3b20f7aa0ecd825c80e6516e01e142613ebac2555dbacd9e16b5b3a30eeeb3d2b95492278842360f65606a6588fe580a0976571e9439e48eb0d46686a0ed53c
- SSDEEP
  
  1536:QHyIDtuLJ+R3LJ7tC3CL3xNOK2Rf+nVszNDtq:Qntue7oyL3xN32cVq10
Score

1^/10
behavioral21 behavioral22
- Target
  
  DesktopOverlayHostLoader.exe
- Size
  
  25KB
- MD5
  
  d9ff9504da8b627b720fe8f62f3bd24d
- SHA1
  
  636b35abd84344b437b24efadd175f2c8bbcb18c
- SHA256
  
  57dfce7a5cfe97578a45b35731a327e88b22fee0dbc4ec0b4dc1e919cc94e12f
- SHA512
  
  9510198e016a52da3d231ce4b8a0a1d55987454196a99bdfa998d25d530d4c46646f141ab13ee38a260c2a069a5d07d7d3110e450356b5bfe2be72e44f77d672
- SSDEEP
  
  384:0UvYJrPjoYTYNJVGzaC/uVGBkNl6bCIN6ki2ApxiRggivcV7Mp:0UvYtcYTYXVFWkNlTD2ApZL07Mp
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  EncoderServer.cfg
- Size
  
  89B
- MD5
  
  d81d3a63c3597a1ac1f61e7862e174f1
- SHA1
  
  416c43386386a8916ae80482aacd5a998e9d4e83
- SHA256
  
  d505f1850d38d5d6b5d4924cca0f7ed679bbae6ae1ecd8e5c24257fce01f602e
- SHA512
  
  72188bb3629c4938a5b1c93e5be7b8fd87ed3ca946feccf36de4b3acb999585b3edde4bd517a173c32774ce46492bf94819e5a49350135ebb370648478685f14
Score

3^/10
behavioral25 behavioral26
- Target
  
  EncoderServer.exe
- Size
  
  72KB
- MD5
  
  c83df868c43bb65744f1dcc5e53b1355
- SHA1
  
  b7b3dc21d2a1e67cc498d97b4b42669d6a8c65bb
- SHA256
  
  cba3059339768ea42be1e14c3a705f71ebddee41dd2c76c9f41c94ad248ea56a
- SHA512
  
  f4e424f8541f22d6dbec79b44fda912815e50c3e225b0ea08f07a9b9da5135b71416ed68dc9c8db05cdc2dbe1352c04370164d83d6d9c708f25381b4f8c41106
- SSDEEP
  
  768:6wsRB95r7TLh/8APUHoRGHNxWtHokViHfdO/YrNCWkNlTD2ApZL2:6wsHTLhxcHo4HNxQTVes/zNDt2
Score

1^/10
behavioral27 behavioral28
- Target
  
  EncoderServer64.exe
- Size
  
  77KB
- MD5
  
  813f7094987655e2c6846eb1188ab420
- SHA1
  
  37fd226110dbbf92998c9ba5edd408a5b472b671
- SHA256
  
  f1ba5943a9010e879dbf832cb6741dae3fc92e19f657ce69335ad904fdbdeae4
- SHA512
  
  c09759c67490647b2813f46570f865d9619bfbd676311f35b15b2e35f99dac922e860539bf74bdd796a3d1171c44db52f48c1ce9ed974e31f860d7f4fbc54641
- SSDEEP
  
  768:RCf7sfo4g0aL4aqBxRVldx6rw909zLt6iY1jzd+Pw6iY1lx7SdLjMu735iHfdO/7:eASqteV18zzdcZVxaFr5es/JNDtnt
Score

1^/10
behavioral29 behavioral30
- Target
  
  RTFC.dll
- Size
  
  72KB
- MD5
  
  e9257c5379c36eba7e8f301472bccc88
- SHA1
  
  2aa90a5d69753df9d899d4d8a27a1d19d51b2c1d
- SHA256
  
  8e2e899f029ee75aa583597566f182f9a3cccd2e9dc4d60ea371efb98152c077
- SHA512
  
  cdb2cc5216d41c9d9bfb4b82d99c19dec5cbd84df16c8ce2b130e9297ca059db843db441c0fa9c68ee8dbe3b5597c52933729204b7f92406f9a4724300c5d8fd
- SSDEEP
  
  1536:y8Hdxz/ItCFzDGhS5bh7SOXpY9YG3qxQRhus:X9Ahya3qxQRhu
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32