Overview
overview
7Static
static
3RTSSSetup736.exe
windows7-x64
7RTSSSetup736.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3$PLUGINSDI...64.dll
windows7-x64
1$PLUGINSDI...64.dll
windows10-2004-x64
1$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...rd.bmp
windows7-x64
3$PLUGINSDI...rd.bmp
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$R0.dll
windows7-x64
1$R0.dll
windows10-2004-x64
1Codec/rtvcvfw32.dll
windows7-x64
1Codec/rtvcvfw32.dll
windows10-2004-x64
1DesktopOve...st.exe
windows7-x64
1DesktopOve...st.exe
windows10-2004-x64
1DesktopOve...er.exe
windows7-x64
3DesktopOve...er.exe
windows10-2004-x64
7EncoderServer.cfg
windows7-x64
3EncoderServer.cfg
windows10-2004-x64
3EncoderServer.exe
windows7-x64
1EncoderServer.exe
windows10-2004-x64
1EncoderServer64.exe
windows7-x64
1EncoderServer64.exe
windows10-2004-x64
1RTFC.dll
windows7-x64
3RTFC.dll
windows10-2004-x64
3General
-
Target
RTSSSetup736.exe
-
Size
16.0MB
-
Sample
240624-pdxx3s1fkc
-
MD5
f57c07115788603cf14320f2632f6668
-
SHA1
28f8643ec2cccaa623f045912453fc299a48f141
-
SHA256
941cc44f629086310dba8c9e96ab55994f230eef6917a2e70ec6c9b698154d88
-
SHA512
c89ceff65565872a9b5b4d0d5eee27707f60da8d1dabbfd584ab08703923ec516d085e4da2be9c733b1908402d91b61af05754135715985fa92066691158c956
-
SSDEEP
393216:qFBK2BtyEcwROqvt3RQVDDdnnao1aQKT0+FTQP28uci:q7BUEcwRdv9RQJxna3A+VQPzi
Static task
static1
Behavioral task
behavioral1
Sample
RTSSSetup736.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
RTSSSetup736.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LockedList.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LockedList.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/LockedList64.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/LockedList64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$R0.dll
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
$R0.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Codec/rtvcvfw32.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Codec/rtvcvfw32.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
DesktopOverlayHost.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
DesktopOverlayHost.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
DesktopOverlayHostLoader.exe
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
DesktopOverlayHostLoader.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
EncoderServer.cfg
Resource
win7-20240419-en
Behavioral task
behavioral26
Sample
EncoderServer.cfg
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
EncoderServer.exe
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
EncoderServer.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
EncoderServer64.exe
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
EncoderServer64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
RTFC.dll
Resource
win7-20240611-en
Behavioral task
behavioral32
Sample
RTFC.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
RTSSSetup736.exe
-
Size
16.0MB
-
MD5
f57c07115788603cf14320f2632f6668
-
SHA1
28f8643ec2cccaa623f045912453fc299a48f141
-
SHA256
941cc44f629086310dba8c9e96ab55994f230eef6917a2e70ec6c9b698154d88
-
SHA512
c89ceff65565872a9b5b4d0d5eee27707f60da8d1dabbfd584ab08703923ec516d085e4da2be9c733b1908402d91b61af05754135715985fa92066691158c956
-
SSDEEP
393216:qFBK2BtyEcwROqvt3RQVDDdnnao1aQKT0+FTQP28uci:q7BUEcwRdv9RQJxna3A+VQPzi
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
08de81a4584f5201086f57a7a93ed83b
-
SHA1
266a6ecc8fb7dca115e6915cd75e2595816841a8
-
SHA256
4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
-
SHA512
b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9
-
SSDEEP
48:S46+/1TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mLofjLl:zHuPbOBtWZBV8jAWiAJCdv2CmeL
Score3/10 -
-
-
Target
$PLUGINSDIR/LockedList.dll
-
Size
28KB
-
MD5
84c93011c323095555fcfcbebab4df83
-
SHA1
69d6b67f1d73b9cda8397f8e0748b45c91987bd5
-
SHA256
cf1b3d307918e11f4c90888ef65f9cad0302eabf7235187eaad5764646874340
-
SHA512
c95008dce262608bee2bd2081d456a98e4a9d2814c0bfdd77c9a74394dd3aca373d57975d2c30be5f9af013772abed0a9b924a4e24e266110821147afa5e50e8
-
SSDEEP
768:on7n6hKdgWn9Cb22ryBD3fvMkGksfLqo7B:onWhKdne22ryBDvvMPne+
Score3/10 -
-
-
Target
$PLUGINSDIR/LockedList64.dll
-
Size
9KB
-
MD5
f982f688c44a109382504be756e54a28
-
SHA1
0050bf1d09975c9faa34ddf0cc579f3f611b71c0
-
SHA256
fbe4c84d389b32d3646991f0f59c987d5052ecc0ecbaa4da2bbebd922fd3762c
-
SHA512
fa0f10819b6a8d6a298a6274073b466ef5756f00e8dc7fdc786e5e0a8fd0dbb2777eb608d213874a92bd0481a363464f2a615bcde9ed3ed13db12ab338a91ae9
-
SSDEEP
192:oDe6qk8regn9R+MO2Sz4p/sAMMmsGA/i9MWDqX:oDe6grPEMO2Sz4CAysN/i9Msq
Score1/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
6581c243481c0ba91ec1bd9fd93f1c30
-
SHA1
b00b7fe38b0dbf5576239a8f62f01df7fb993e5d
-
SHA256
72fa1a91185fda8b68a49b9ebb8d5ddf00f899f590d1e657a58c229f9bd0a700
-
SHA512
c882c15e1222929369753addb023fe028dd95345c0b29a5a8c0ba00cbdee45f3a7aacafd9d4cdc5fe86e3676ba958abf841801d73361c4630e7f48ab63725055
-
SSDEEP
96:g8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/c3lkCTcaqHCI:tZIKXgk+cx6QYFkAElncviI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
6e55a6e7c3fdbd244042eb15cb1ec739
-
SHA1
070ea80e2192abc42f358d47b276990b5fa285a9
-
SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
-
SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
-
SSDEEP
192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
Score3/10 -
-
-
Target
$PLUGINSDIR/modern-wizard.bmp
-
Size
25KB
-
MD5
cbe40fd2b1ec96daedc65da172d90022
-
SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944
-
SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
-
SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
SSDEEP
24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
ca5bb0ee2b698869c41c087c9854487c
-
SHA1
4a8abbb2544f1a9555e57a142a147dfeb40c4ca4
-
SHA256
c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324
-
SHA512
363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770
-
SSDEEP
96:ojsvUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3Y/NqkzfS:ojsvWyNO81b8pCHFcM0PuAgkOyhIFc
Score3/10 -
-
-
Target
$R0
-
Size
871KB
-
MD5
0a91221306a3298fba8fd1e0d4be269a
-
SHA1
2ecc9696f03fa694aa0ff01e3658bb24e632ed91
-
SHA256
7865c3e4003778ced6aa3ebcb7fad83421a45a13eb43ea2a5ba303d8e479a4b7
-
SHA512
01885ebb32e0b4ed703341bc083f721393ab2ac1663ac3aaefcdd31990bca4a103e88afb631041bf1a565cb328fefbe8d60e1463f19f9d33f0b0b1affda64045
-
SSDEEP
24576:huBpXNDkxDRsX1sUsJ7mq/ZBx69v9IbzehK9Ko:hqBNgJ7D29Ibzec
Score1/10 -
-
-
Target
Codec/rtvcvfw32.dll
-
Size
871KB
-
MD5
0a91221306a3298fba8fd1e0d4be269a
-
SHA1
2ecc9696f03fa694aa0ff01e3658bb24e632ed91
-
SHA256
7865c3e4003778ced6aa3ebcb7fad83421a45a13eb43ea2a5ba303d8e479a4b7
-
SHA512
01885ebb32e0b4ed703341bc083f721393ab2ac1663ac3aaefcdd31990bca4a103e88afb631041bf1a565cb328fefbe8d60e1463f19f9d33f0b0b1affda64045
-
SSDEEP
24576:huBpXNDkxDRsX1sUsJ7mq/ZBx69v9IbzehK9Ko:hqBNgJ7D29Ibzec
Score1/10 -
-
-
Target
DesktopOverlayHost.exe
-
Size
76KB
-
MD5
7057cab5e1d3d38d3d5a1f8f2f0cd7ef
-
SHA1
fa9d1eb814552f2dbfa4843f25cc6403e423473d
-
SHA256
d594b3870d81ffdcbda2cb630061cac915d239e921b4af7bf19c4fcb26ffceca
-
SHA512
d3b20f7aa0ecd825c80e6516e01e142613ebac2555dbacd9e16b5b3a30eeeb3d2b95492278842360f65606a6588fe580a0976571e9439e48eb0d46686a0ed53c
-
SSDEEP
1536:QHyIDtuLJ+R3LJ7tC3CL3xNOK2Rf+nVszNDtq:Qntue7oyL3xN32cVq10
Score1/10 -
-
-
Target
DesktopOverlayHostLoader.exe
-
Size
25KB
-
MD5
d9ff9504da8b627b720fe8f62f3bd24d
-
SHA1
636b35abd84344b437b24efadd175f2c8bbcb18c
-
SHA256
57dfce7a5cfe97578a45b35731a327e88b22fee0dbc4ec0b4dc1e919cc94e12f
-
SHA512
9510198e016a52da3d231ce4b8a0a1d55987454196a99bdfa998d25d530d4c46646f141ab13ee38a260c2a069a5d07d7d3110e450356b5bfe2be72e44f77d672
-
SSDEEP
384:0UvYJrPjoYTYNJVGzaC/uVGBkNl6bCIN6ki2ApxiRggivcV7Mp:0UvYtcYTYXVFWkNlTD2ApZL07Mp
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
EncoderServer.cfg
-
Size
89B
-
MD5
d81d3a63c3597a1ac1f61e7862e174f1
-
SHA1
416c43386386a8916ae80482aacd5a998e9d4e83
-
SHA256
d505f1850d38d5d6b5d4924cca0f7ed679bbae6ae1ecd8e5c24257fce01f602e
-
SHA512
72188bb3629c4938a5b1c93e5be7b8fd87ed3ca946feccf36de4b3acb999585b3edde4bd517a173c32774ce46492bf94819e5a49350135ebb370648478685f14
Score3/10 -
-
-
Target
EncoderServer.exe
-
Size
72KB
-
MD5
c83df868c43bb65744f1dcc5e53b1355
-
SHA1
b7b3dc21d2a1e67cc498d97b4b42669d6a8c65bb
-
SHA256
cba3059339768ea42be1e14c3a705f71ebddee41dd2c76c9f41c94ad248ea56a
-
SHA512
f4e424f8541f22d6dbec79b44fda912815e50c3e225b0ea08f07a9b9da5135b71416ed68dc9c8db05cdc2dbe1352c04370164d83d6d9c708f25381b4f8c41106
-
SSDEEP
768:6wsRB95r7TLh/8APUHoRGHNxWtHokViHfdO/YrNCWkNlTD2ApZL2:6wsHTLhxcHo4HNxQTVes/zNDt2
Score1/10 -
-
-
Target
EncoderServer64.exe
-
Size
77KB
-
MD5
813f7094987655e2c6846eb1188ab420
-
SHA1
37fd226110dbbf92998c9ba5edd408a5b472b671
-
SHA256
f1ba5943a9010e879dbf832cb6741dae3fc92e19f657ce69335ad904fdbdeae4
-
SHA512
c09759c67490647b2813f46570f865d9619bfbd676311f35b15b2e35f99dac922e860539bf74bdd796a3d1171c44db52f48c1ce9ed974e31f860d7f4fbc54641
-
SSDEEP
768:RCf7sfo4g0aL4aqBxRVldx6rw909zLt6iY1jzd+Pw6iY1lx7SdLjMu735iHfdO/7:eASqteV18zzdcZVxaFr5es/JNDtnt
Score1/10 -
-
-
Target
RTFC.dll
-
Size
72KB
-
MD5
e9257c5379c36eba7e8f301472bccc88
-
SHA1
2aa90a5d69753df9d899d4d8a27a1d19d51b2c1d
-
SHA256
8e2e899f029ee75aa583597566f182f9a3cccd2e9dc4d60ea371efb98152c077
-
SHA512
cdb2cc5216d41c9d9bfb4b82d99c19dec5cbd84df16c8ce2b130e9297ca059db843db441c0fa9c68ee8dbe3b5597c52933729204b7f92406f9a4724300c5d8fd
-
SSDEEP
1536:y8Hdxz/ItCFzDGhS5bh7SOXpY9YG3qxQRhus:X9Ahya3qxQRhu
Score3/10 -