Overview

overview

8

Static

static

3

Arquivos M...al.rar

windows10-1703-x64

3

Arquivos M...re.dll

windows10-1703-x64

1

Arquivos M...ME.txt

windows10-1703-x64

1

Arquivos M...er.exe

windows10-1703-x64

8

Arquivos M...nt.exe

windows10-1703-x64

1

Arquivos M...OM.dll

windows10-1703-x64

1

Arquivos M...r5.sys

windows10-1703-x64

1

Arquivos M...ok.dll

windows10-1703-x64

1

Arquivos M...ME.txt

windows10-1703-x64

1

Arquivos M...er.exe

windows10-1703-x64

8

Arquivos M...OM.dll

windows10-1703-x64

7

Arquivos M...r5.sys

windows10-1703-x64

1

Arquivos M...32.exe

windows10-1703-x64

1

Arquivos M...er.cfg

windows10-1703-x64

3

Arquivos M...le.ini

windows10-1703-x64

1

Arquivos M...er.ico

windows10-1703-x64

3

Arquivos M...le.nsi

windows10-1703-x64

3

Arquivos M...er.nsi

windows10-1703-x64

3

Arquivos M...er.bmp

windows10-1703-x64

4

Arquivos M...er.nsh

windows10-1703-x64

3

Arquivos M...er.nsh

windows10-1703-x64

3

Arquivos M...sh.bmp

windows10-1703-x64

4

Arquivos M...le.exe

windows10-1703-x64

8

Arquivos M...le.ini

windows10-1703-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Arquivos Minecraft GalegaoTutorial.rar

  • Size

    750KB

  • Sample

    240625-vz9rnawbjq

  • MD5

    13d475d64d971278ca705fa98bae3c1a

  • SHA1

    181df136d7d89bd84739246373ef32f483e40324

  • SHA256

    b2d67f85171a7e394f28cc8df0f0a36f80e7fb7aeada7f9709fd1543b53e4579

  • SHA512

    dc6bfd5f80f8a4a1ee92ac083ead3063112caf9d3a8101bbc121fdcbb8cf25da23b0153bad673eacc4b64c8e7bf53c6b885c2924990f2b3a5683f71d4ca43458

  • SSDEEP

    12288:DUP1eJoMWQZDInXAKX1ua/9oTpt4cr7BalYHIqiN2E6hI4aFjibpYqNkc/qBie6N:oP1eaMf2nX1MaF2BaxqiXbFyWqfqge6N

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Arquivos Minecraft GalegaoTutorial.rar

    • Size

      750KB

    • MD5

      13d475d64d971278ca705fa98bae3c1a

    • SHA1

      181df136d7d89bd84739246373ef32f483e40324

    • SHA256

      b2d67f85171a7e394f28cc8df0f0a36f80e7fb7aeada7f9709fd1543b53e4579

    • SHA512

      dc6bfd5f80f8a4a1ee92ac083ead3063112caf9d3a8101bbc121fdcbb8cf25da23b0153bad673eacc4b64c8e7bf53c6b885c2924990f2b3a5683f71d4ca43458

    • SSDEEP

      12288:DUP1eJoMWQZDInXAKX1ua/9oTpt4cr7BalYHIqiN2E6hI4aFjibpYqNkc/qBie6N:oP1eaMf2nX1MaF2BaxqiXbFyWqfqge6N

    Score
    3/10
    behavioral1

    • Target

      Arquivos Minecraft/System32/Windows.ApplicationModel.Store.dll

    • Size

      2.2MB

    • MD5

      86f54a87a6260befbd8372fdd150b127

    • SHA1

      8e92ff0b8ff2d1b0c2fbe59bcbb1705febadcbfd

    • SHA256

      c1469dea551c95d2c68eb42ceb37f020cb5b75d777e7083f24bf2e54ae2e4f55

    • SHA512

      101756ef73eb4d8cd85d3151fa20dfceed4773039bd1951bf685b913ea7fa0c36df992a98f6d12197befe7bfe2a57cd4115e76251190a33e84da62b9322d3cc1

    • SSDEEP

      49152:Tl6ZnGC0xHw4Oan2YLqybPLLgv22SckY03ZXB6md1OI6EmT199zGl33Rq:Tl00kjGq

    Score
    1/10
    behavioral2

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker/README.TXT

    • Size

      1KB

    • MD5

      f3b322aadb14e1b2ba9bf38972dc216c

    • SHA1

      4564f088ec683f8a89894b8158a79d358693bba8

    • SHA256

      b604fa4d14829d2d5b55f94d9b7298417acd0949e4f4c1483a4411bc4968afac

    • SHA512

      9a8e5d36328a796fed7d07e82e45f001ec5891b01b54b47d20d90b6a982d1b8240f9eab3edde7f5d271b3667f54d0aaef4b21c9d1e50b265e70b3e65ee37573c

    Score
    1/10
    behavioral3

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker/Unlocker.exe

    • Size

      93KB

    • MD5

      0ed06220bc07ec9a5d8807f9d5c0d9f0

    • SHA1

      9f87f449aa25feedb3ee6b0b817617573eacaec7

    • SHA256

      04462d02b3967614082d531d7594548c94cb4c715ae4f38203f026f211248659

    • SHA512

      271f924c69eaf9c00b2b8c68866f980162316a1a6e3071c7c90db9f0c6422963664576ef2bdcc988dd27aada502bf69619e8f16af831c7a9242eb6e960371c42

    • SSDEEP

      1536:/j0lEkpFoee4Fdek96JBIKXGehlFTafB4aEFbbOqABTPYhLcwyLzcKBJGyV/X:SF1e4Pek9hKXGeSV/qABTPYhLaX/

    Score
    8/10
    persistence
    behavioral4

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker/UnlockerAssistant.exe

    • Size

      17KB

    • MD5

      255e405d801cf01247390f38f92d8042

    • SHA1

      5c80e7b634c10629b63d43083542a4b1b8603318

    • SHA256

      b0a4c2b6f40d7ad177dbd40c26b579d67cc9a95552970d9f6f0c7de372ce2a2f

    • SHA512

      a8cb3500c80b29a8f646dccf1b48baeac2c86ce2abca71b845b732dbf47f8603ff6d51b319217c2ad1f1314c5ff27bde5a9ad7d2a56363f74eefd275c9970b41

    • SSDEEP

      192:nkf2W/OThExEPYqRWJa+De9zf8pRvBpD3FMXKv+abac5WrYm7+TJ8OLQPF8VlmY:npM+Q3Pe9z0pRb3h+ab1HLU8VE

    Score
    1/10
    behavioral5

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker/UnlockerCOM.dll

    • Size

      10KB

    • MD5

      49b6af547ed4ba1fb07bf6f384fda841

    • SHA1

      d865b17ead0c92339eeaa651c03a629ae5a5e031

    • SHA256

      86e8e34cfb71100cda06fe96573d832049cd18b1b251823139e935a1faefcbe8

    • SHA512

      6ea392a740bef18a770f3b86f691125dad7dcebf7972fcbacf06fdf04e09cd0717fb0705a303a6b245f66d399b4f4f31013b82cd6f0b0b52f90b88a9c5c18889

    • SSDEEP

      192:2BNzky6fIAt/KNn8JZ1QfnMP1aFQ4179BUjAPeJjIKT2Z:2HzzAt/0n8JrQfnMP1aFQ4NBw

    Score
    1/10
    behavioral6

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker/UnlockerDriver5.sys

    • Size

      4KB

    • MD5

      bb879dcfd22926efbeb3298129898cbb

    • SHA1

      cee6b0a5cc1651448b827e55b87d73030b15c287

    • SHA256

      2a24e6cd5d6e0cea3082c0699a2371084cc1268b31bc714098ea0d0c11b3afac

    • SHA512

      49978bb3450330319827ff9c0f373bceaacf7a7f24bbbab6eaa3615604fbb6079c70d873e161bd3a42b16f75d0f5231696774c3a354ddc4c703b00952a8d447e

    Score
    1/10
    behavioral7

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker/UnlockerHook.dll

    • Size

      4KB

    • MD5

      abbee3e367f6e6ed415d33c78121ffa9

    • SHA1

      72ed524e769a9f8e72804c019a1cbf58f0d305a7

    • SHA256

      af36ab81c5befe41140a5da5f605361be18b55d6410da1cbf1bf7e0dcf52bc92

    • SHA512

      a01c955f3f60325c4aba28ea6c4c8c0d9f0b1a46928fccb37d38ad676eeaee8814fb15ca15ccb79739d63802bd850940e365cf542d2de1381276d22796f62c63

    • SSDEEP

      48:C5H6MDvlw43mN6MJmxolFuTUyJaeGA9TKziUFvQ4wZK0E8ee1kAosky4+q+O:AH1ln4J9FwzKBkEtjJ+DO

    Score
    1/10
    behavioral8

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker64/README.TXT

    • Size

      1KB

    • MD5

      f3b322aadb14e1b2ba9bf38972dc216c

    • SHA1

      4564f088ec683f8a89894b8158a79d358693bba8

    • SHA256

      b604fa4d14829d2d5b55f94d9b7298417acd0949e4f4c1483a4411bc4968afac

    • SHA512

      9a8e5d36328a796fed7d07e82e45f001ec5891b01b54b47d20d90b6a982d1b8240f9eab3edde7f5d271b3667f54d0aaef4b21c9d1e50b265e70b3e65ee37573c

    Score
    1/10
    behavioral9

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker64/Unlocker.exe

    • Size

      122KB

    • MD5

      0a77f732624155a215f5ca54df9b2930

    • SHA1

      172bdf71343dd6544cfbe04abbc3dec4535f7d84

    • SHA256

      a0b651038c4301f70e4aea506eb90edc584a5c4ca46880c7dc2ae5eafa6dc506

    • SHA512

      6482c9fc3b5ff9d5798deb9965b4dfab9ba62b889e921011696f29dd96b813194a59f76a52a88fa4962317c6a43a21122c857e4ca80c6c4360c2cee544117352

    • SSDEEP

      1536:QjL8UYqusRZHN+R6iJBf232Qxl1D5ljFerDUF7TGMvB+xpgGfGlbPMcpEkAEAG+L://sRZt+R6+232QLADzMvYonfgQ/Y39

    Score
    8/10
    persistence
    behavioral10

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker64/UnlockerCOM.dll

    • Size

      19KB

    • MD5

      5fe324d6c1dc481136742ab5fb8f6672

    • SHA1

      02f2d4476006cecd771de3cbe247e432950ae916

    • SHA256

      0a66b19bb38385a8879633dce1272b8acf1b4b264c88e254345ec249335b41b1

    • SHA512

      faa76477503923d1c14a12f00d7d416e5fbb485560ea02ed1e6ef6337f9ad88bc612af241ea61c8f9003253ccf5f66b2c7ce4a508bb2adc761c4f36ac345195d

    • SSDEEP

      384:b0cviyVcgoH1a3FveCAmbtQ/o8DhQLMwdYJLygbPbCQW1M6jjDAa:b03nTHsFv+/oih5FLfbCPMmjl

    Score
    7/10
    persistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral11

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker64/UnlockerDriver5.sys

    • Size

      12KB

    • MD5

      9dc07e73a4abb9acf692113b36a5009f

    • SHA1

      0c45b0fa0718e5aba0f21f14178597a1ed3fc208

    • SHA256

      ca7176fc219515d58dcfa66ec61880ece5617275c9b83701bb74d8b60e733d34

    • SHA512

      7bb2f07df990689933b344d2e3061a5e1324aba011e703130379ed24b253bdd464c9d26b8efe2d86523f241236ff1b7edb02919801850bb749849215b1fabf57

    • SSDEEP

      192:dqD9l0Hvj1+z7PcFVyowJL/W6Mgb5+ebCfYEQpkqs1I5Zgjl50Xe:60HvozjeVYJLygbPbCQW1M6jYXe

    Score
    1/10
    behavioral12

    • Target

      Arquivos Minecraft/UnlockerPortable/App/Unlocker64/UnlockerInject32.exe

    • Size

      11KB

    • MD5

      5b964dbcc99edee45a6f235417713a93

    • SHA1

      e65bb79a470a509a50b4c275c10bc10892ab11ca

    • SHA256

      3b1afea2711e5d731a60b41e87f4711fe1db3345fa316be20347376068479dd5

    • SHA512

      60dd41e0434fcc7d6d57a02d69cd47c2b74c9c18316f59aee88da087c22c3e8408aa94ab9738edc1b229db8f83e620354394ae3847e216c2bce33dc0d3e62743

    • SSDEEP

      192:kpjAiTRs0TjebH947yowJL/W6Mgb5+ebCfYEQpkqs1I5Zgjl5w:kWIsUgHqYJLygbPbCQW1M6jk

    Score
    1/10
    behavioral13

    • Target

      Arquivos Minecraft/UnlockerPortable/Data/Unlocker64/Unlocker.cfg

    • Size

      64B

    • MD5

      c179661839047998d88e4f2531c168df

    • SHA1

      e157266ed7e575298e45425a303e52c71e743d06

    • SHA256

      5a2fff77e41c67ee413410ae971514cc6d15f054864e7ea0401a59a4bdc93c33

    • SHA512

      cd7f5b73b42e33cab7b439f36248abdfa68a0cdb08078cdfba68a593a97f9f37112163be57b8721decaacc3bf94203acdb6cb7a6880fa2d04238c9f73e844c83

    Score
    3/10
    behavioral14

    • Target

      Arquivos Minecraft/UnlockerPortable/Data/UnlockerPortable.ini

    • Size

      127B

    • MD5

      59fd99e6831f62babd4c923db9e10ab2

    • SHA1

      f0e002b97f62dc603bbc91de27a5a6b0d3884e95

    • SHA256

      d0b45e3b756e4a7d1614e4de32f3678a224ef10afa28aa4d940067126c7c1d5f

    • SHA512

      5fa71d7f7726096f8707ae4c9c32b0305177d9f433c400542b9f4e5579184f85d3a8465c84c1d3203654abc18fc79fc4b6a24c0e1309a9fabfc2948737096db6

    Score
    1/10
    behavioral15

    • Target

      Arquivos Minecraft/UnlockerPortable/Other/Source/Unlocker.ico

    • Size

      1KB

    • MD5

      9a741b49e6c3df735658ddce5b590fcb

    • SHA1

      1299a06bd70b837d4d9125fc8dec259ea958f30b

    • SHA256

      76983159f6ac5fad2503e0a56d627653e7a08b0fbb3480af937a6e06076de93c

    • SHA512

      2f04ccad7f0b27546cdee1849c38a9ce9422e44345273185feeb9a23474898c0e7f986187ae9274e728b1d1f4b585a29a3ab27d0c752870a76625e6f2e1766e6

    Score
    3/10
    behavioral16

    • Target

      Arquivos Minecraft/UnlockerPortable/Other/Source/_UnlockerPortable.nsi

    • Size

      6KB

    • MD5

      1fb8be36a2c4a946c8fc8790a1e8d399

    • SHA1

      5404f57620d5fb6638cd06c4351c49873ee31b23

    • SHA256

      55338f2e03528a6f44c07e34461e314350d678a43e28e60fed6453697e292fa8

    • SHA512

      fad88ae0d91bd5978fec6bcd0c09c50bc6b572afe30c4d48e99ce019b418f8e14319ef6833e921ee07aa467058c18126e5a6f51294f41e64a77e4b2d531dace5

    • SSDEEP

      192:JU4R20EpF/0bYbELx4IVTaV6ZBXQI1zprztM2cNqGq:JUcEpFsYbELx4IVTaV6/QI1zprztM2cG

    Score
    3/10
    behavioral17

    • Target

      Arquivos Minecraft/UnlockerPortable/Other/Source/_UnlockerPortableInstaller.nsi

    • Size

      3KB

    • MD5

      ec85a43f921e179483c5646a7aa4d348

    • SHA1

      7f9446eae3c49e7ee17e679ba35e077f0e90cc8d

    • SHA256

      2597d482479a1c227123bbba7bc02fe87d04f1b4da68c6f0e38f4c6f16a705ab

    • SHA512

      64e8eca300240801e68a1da11f9f400e7dd5e2fe1b7d308071e44fd407c4d457ef7e362f40ff40c692d72b8ae9bba04f36351859c6a3239f5c214cbc4424b8d0

    Score
    3/10
    behavioral18

    • Target

      Arquivos Minecraft/UnlockerPortable/Other/_Include/Installer.bmp

    • Size

      51KB

    • MD5

      6e9d8e8699f0accc27aa9a1aac8b7e47

    • SHA1

      49caad3187ae8708b36889cad40a959679b52f25

    • SHA256

      fbddcd7882e0cf80452e58356e4d497ee6f08921665e27bd86049a0bb60d6be9

    • SHA512

      84f00c25371c6394e2a96640a344f1d7f9d35a2cf9080565cb03f3ae2f14bdbef05e3597a7943faadc201e847ada2ac0843347a375a58e267cb0948e397a226b

    • SSDEEP

      384:CaMEOFCq0dsgN/Lf53J/Q3BZCeVMz6aIlmXDT2lw6F0e53+Q09cPc/dSP:XMEyX0dF//Q3bCekBiFpHAi

    Score
    4/10
    behavioral19

    • Target

      Arquivos Minecraft/UnlockerPortable/Other/_Include/Installer.nsh

    • Size

      4KB

    • MD5

      862fff449c670c197daf51161d932361

    • SHA1

      d3ec1ee093085b4b6a9b938523ee3d0580f8135c

    • SHA256

      addd0a6cb4da3e27269e23c54df3dde7db6860a249423019d0ead5bb743328f3

    • SHA512

      89a8eb6f302534450bdae0e9cf171ccd4ae3f51b1883755e655cad8c0d0f864951db332f46a55260be718c34920fd11a7c41b3b91214cb215d7177723165aeb4

    • SSDEEP

      96:8Yu0E183yDh9Z0NUNojOf7Z583RBJns3Hex:8t0E18CDh9Z0NUNoCjr8Vs3Hu

    Score
    3/10
    behavioral20

    • Target

      Arquivos Minecraft/UnlockerPortable/Other/_Include/Launcher.nsh

    • Size

      12KB

    • MD5

      39f85a59aa6a80b21b5e8820df924194

    • SHA1

      28dc5125984d3728c87eaf8f9b71411315359ac1

    • SHA256

      a2972b05e6c7bc34533ab8d7cf1b1b0c45961b5ed348ca78b77c53d139399f7c

    • SHA512

      58d865677e147356d177460696453bc8dce6c2dcefc265b6fd0ca6db932ef573c61c3dec0ebdfb595cff11625b4e785ebbdeef0c71da0493b7d5b7711c50adca

    • SSDEEP

      384:gXzl1lm5uEVRLwEzVEaOQm0bSxkKp7ELpI6RhfaNUdK2HhqJ9mzU/YMI75wMz0Wl:yzl1LXQm0e2KJypI63S2g2UICM75ie5

    Score
    3/10
    behavioral21

    • Target

      Arquivos Minecraft/UnlockerPortable/Other/_Include/Splash.bmp

    • Size

      42KB

    • MD5

      a4f20461b93fe1c21bb85fa6a01db6b5

    • SHA1

      7f44b55285fa5da77708ccf07d1b5fca6cac346a

    • SHA256

      e40d812697c440bb47ba4c1d33b41bb0e9b984b24fd724febac747e229915f42

    • SHA512

      bf735429294ce6e39b80e82e6677802548ea4e8463113dc10b49d249bc4bb65d03fb9cdcea5cabd73c157b75435e06211747b6837575e67665b464a5eb50003c

    • SSDEEP

      384:U0MF+uAzAq21Wb9ElgniP+MawBcl6kD6T+Q9l2:LkAz3bb9EOniROD6Tbm

    Score
    4/10
    behavioral22

    • Target

      Arquivos Minecraft/UnlockerPortable/UnlockerPortable.exe

    • Size

      77KB

    • MD5

      1ff083c4e1f4716c34ff0e6d0d9e0f5f

    • SHA1

      7b6af81bb33daac2954b30f0a1445175afb210b1

    • SHA256

      41f0d8422752c128b9bb8ecdef2f9609c877262e89b7c61e0157bb9bbe2e2519

    • SHA512

      9b82a1fd27a8deb9c90ccb777c23ba468b0edcf2f039a7acd33e5a58a0c0bc1dadc2a2774ea56bb344a5e5cf856d67091dd1e51ee86186cd9e6d5aa367c6db1e

    • SSDEEP

      1536:YsTimWEFtRU+a8u692KMTqWvesHWFRCYaqCYy0KfhyfH6XF0H:pimWE9ru5RXmsHQRCZtL0KfhwH6XF0H

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Sets service image path in registry

      persistence

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral23

    • Target

      Arquivos Minecraft/UnlockerPortable/UnlockerPortable.ini

    • Size

      133B

    • MD5

      26912d47785dbd35163aec1897665cf6

    • SHA1

      39fab8fa028df54ebee29f36e0778533babc3f97

    • SHA256

      100f87dc6b38d752ca0715f8e74f122c8a95bda68c08ec1c46875cbe2e6aa1f7

    • SHA512

      3c916906acabce106ad7363f808330d60b69480df26024ae8e97e461cf03b3e5cfdbca48274ec88545938330dc42f9849631ed9e12113380d8794241dfd8e831

    Score
    1/10
    behavioral24

MITRE ATT&CK Enterprise v15

Tasks