b89486615e9d50de29121851eb142207202c5aa9bc948ea0cfcad5016d5acc08

Resubmissions

28/06/2024, 16:48

240628-vbh9ssxakg 8

28/06/2024, 16:39

240628-t58acawhkh 8

Sharing

Copy URL

Twitter E-mail

General

Target

Ephinea_PSOBB_Installer.exe
Size

821.2MB
Sample

240628-t58acawhkh
MD5

30547facf376fd495b1e0035da0024cf
SHA1

ef1058b8120a25796e56d59690f07e8c679efe24
SHA256

b89486615e9d50de29121851eb142207202c5aa9bc948ea0cfcad5016d5acc08
SHA512

a9c86be0622d117c711cba3be8cbc21cedade05b52aa34d6f655618ffd7ab0f83bd9210ff98edc11e909866230af49aac4efd77c51633f828d130a9c6db6ddd3
SSDEEP

25165824:qNmmQZJHbknUiu7gmZoWGN8SsA82oCthdQzFUH3fhpzZ9:qhQZKvleIRHqz2H3ffzZ9

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Ephinea_PSOBB_Installer.exe
- Size
  
  821.2MB
- MD5
  
  30547facf376fd495b1e0035da0024cf
- SHA1
  
  ef1058b8120a25796e56d59690f07e8c679efe24
- SHA256
  
  b89486615e9d50de29121851eb142207202c5aa9bc948ea0cfcad5016d5acc08
- SHA512
  
  a9c86be0622d117c711cba3be8cbc21cedade05b52aa34d6f655618ffd7ab0f83bd9210ff98edc11e909866230af49aac4efd77c51633f828d130a9c6db6ddd3
- SSDEEP
  
  25165824:qNmmQZJHbknUiu7gmZoWGN8SsA82oCthdQzFUH3fhpzZ9:qhQZKvleIRHqz2H3ffzZ9
Score

3^/10
behavioral1
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  490KB
- MD5
  
  63635b1fbe15beda6f357133921cf38a
- SHA1
  
  ba6439b3c19b84a0e3ef15a8421a7cbc8b87b6d7
- SHA256
  
  4045f33c0cc195950aa92908bab5f904f41f04f54cb2219c11ddddf0268e1a4d
- SHA512
  
  5364e606c583e0fd552fef8b95794a9d872d667a31a9844819e97f9e692a854ba5fbb8ef5a034cc8f61d53ca333cd81ea196d8d8f048723c0bf1abdbbe28e587
- SSDEEP
  
  12288:ECtxgrB3ye+iKzORFNgeA+imQ9pRFZNIEJdIElxPrEIgcvLcglxMwCepM1STUP3i:geB
Score

1^/10
behavioral2
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  43KB
- MD5
  
  5df987cf7831cb3c3a24f62cccfa1959
- SHA1
  
  745a936218023838391d55f714b0b2b9ec9f0d17
- SHA256
  
  db26b08a7bf1319721b57c82fdab40f32b49ab44697be75e9c1cb7923c13dc1f
- SHA512
  
  a0c902a259c3a191f387c5e9937a9e0da24a6c9bf675782477ec69c644fa924a15f319a6552ff26a401e832ea23cad7b32e853b785586b0c0bed315f30d12a69
- SSDEEP
  
  768:kn/WlAKj4s0TV09797+nXDheteXBxc78OSWbZ8lcDP/ryEH0UBy4JjrD1h2j5h3n:k+msYXR3QZ8lcDP/ryEH0UBy4JjrD1aX
Score

1^/10
behavioral3
- Target
  
  PsoBB.exe
- Size
  
  6.7MB
- MD5
  
  e89d53b6c79aca33973e2129586a2ae7
- SHA1
  
  d345fe94c772d7ad6fb49f416ac6e081ede8a834
- SHA256
  
  f4d4bd463c07fec2542452735deb5237641634100d9223d2d0f0ae4000315cc0
- SHA512
  
  0f9d6ffff5d1077f703a50510373f7fbbe4270d29a3bd26824c6e8fab3929ad8b7d5508a8cafc283fbe83cc1b559a29571d2de2d383f52c09eed0b1b2543ca20
- SSDEEP
  
  196608:UxzBce4N3RmOl7G9ETGD78QelnZmrlMcja333m333qet33333323333Uv:Uly3RmOl7G9ETGD78Qelnsla333m333z
Score

6^/10
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral4
- Target
  
  WebView2Loader.dll
- Size
  
  114KB
- MD5
  
  91ad16b368c7703e9b3d7ac665d67a47
- SHA1
  
  95c801d6d350a5820607253c7a3b7df527651575
- SHA256
  
  5659cbae9f3d412662515671a6c85aefe08eee17118c3de1330a2fed74dc415f
- SHA512
  
  cad3a972eee03acb3e8ea4d5d1d306eba0e2ff65388250ebeb65fb36ce0def82323487a70a9fce0d8ddf633f68a12619b3650a1bf2e2ce4876c47f5ec023396d
- SSDEEP
  
  3072:1ny/h/lA9t2JqgDyBGFHyklk3QKHS8TXoEtpAlyh0uchBa:A/lct2JFkxk9Etiwzcva
Score

3^/10
behavioral5
- Target
  
  data/ogg/HEAD_ON.ogg
- Size
  
  2.0MB
- MD5
  
  e32dd292531c643d22d6a17f40364d66
- SHA1
  
  4c5cb5ffa7a7fee4f9e89a79a55e1100e7df0e6b
- SHA256
  
  5a146a0d6dc0228f9b52bc2b8296abe6c7e0b46b9ba2bebc9cb00bd1edeba399
- SHA512
  
  9182e8cae4691d9b9ab54c42ef550f5895e2eb54f2e3c60cd083f4f7d7b1294fa10e86634c068313b1f44383d2eea489fee0a15b58184100b24e843fc9c49638
- SSDEEP
  
  49152:foTAPwcnRiZBmfTO+l8vgFED17Ksx3fzotOL9N6:fOAIcRiZBmLN8YCD17Ksx3rot+z6
Score

3^/10

execution
behavioral6
- Target
  
  dgVoodoo_d3d9.dll
- Size
  
  439KB
- MD5
  
  63928ec29f6f85cca5b6884c85549061
- SHA1
  
  d0aef871968c47be06a0adfb922e733408156cf8
- SHA256
  
  d4c70d42d33e0dbfae4f766735a8d014f7e9a3583b67834d797fad6422877352
- SHA512
  
  d4740fe519c5edb084623445ecd5929e0765ba1ac02fecebf844f88051272eb7542617d9254b860584160d8504870aa707232830baf9dce107fb0faf8ecaa064
- SSDEEP
  
  6144:38gHDzbTg1c7cdXg1VShb/eAZszfC+RZLRR2dAEb0uua4R2z1+KsV1G8wbPs/O/d:3JvbTgG7EgmYA/mLR0CouaIw1+KK46y
Score

1^/10
behavioral7
- Target
  
  dxvk_d3d9.dll
- Size
  
  3.4MB
- MD5
  
  2b296cd5aa8620b323a58ccde01e3aa2
- SHA1
  
  bc3a06cec8df069ac49fedae367c5917a7cf2023
- SHA256
  
  7f8e166035e30cc6568e857151971419aacf64c668f9bfc6a145ef34db85200e
- SHA512
  
  39623b52e0fcdfe177c3dcaad6c6f79af1b7207ba6c7315c0baa562c606dd981bce94e6915378f8159db36045e7bfb2cb7d1a342b4f81a677f1de0110b371857
- SSDEEP
  
  98304:jnSYVgd3Wpqh0QJp8NMY8ZAfATMyRUiU6sgPvbt/9uMNjPK3OmTW0E08RJL+M2kW:jnSYVgApqh0QJp8NMPZAfATDRUiU6sga
Score

1^/10
behavioral8
- Target
  
  ephinea.dll
- Size
  
  27.8MB
- MD5
  
  9494ff52e400182a891f4396ecf3d935
- SHA1
  
  e536ef1f4db6f4782a57d5e0fb1759629e09b665
- SHA256
  
  6a8c4b15e26f6bf65a5356a5cab2b5aa6ac6c63a4c11214a49eb6478d2dab530
- SHA512
  
  ea78f63638628a37b2c92f01622f6f807b8eb6725976c15a44c9e7c029ca4b43ed6ad0096de7c42cbb62ab045c1f674f7a47daea22a7cddb5bd07f572f399417
- SSDEEP
  
  786432:3lJYF6uCRExfnTOXdyvpOXCsPcU6tWhKUvEs7LKJQ:rYF6tRExvTO4OW2hKOLGQ
Score

3^/10
behavioral9
- Target
  
  online.exe
- Size
  
  565KB
- MD5
  
  fb666d5d9a89d3103b224673ce0df911
- SHA1
  
  26630e69380e6fa1138d1aef8a49822c5e8fd0bd
- SHA256
  
  284d0e0a8094c6877a95890ffd828452cae498e09ddc1371c9b2a824cb3b706a
- SHA512
  
  934065fefb2883baccfc3d1bddee9ff97647b265e5db08c9b71683208de55c08dd94ecd246cd90a1e3894210893ad556299e8f27f9be243433fdbad4b255bc89
- SSDEEP
  
  12288:t0C8OYdPATFFLDzaN6iXNQaCeguXGQPFE66TLDzaN6iXNQaCz:tBTFFGXNQaCegkPp6TGXNQaCz
Score

1^/10
behavioral10
- Target
  
  online_compat.exe
- Size
  
  1.7MB
- MD5
  
  6190c213968ab6f302d4ec04567bbee5
- SHA1
  
  25de16ee4c255b8d7322d385b18366f9991af20a
- SHA256
  
  a7538c21afe1d3bfb7a3bc3395f4c426d772dd6ed2301eab84469ad1c09696b5
- SHA512
  
  614f09603547d81dc9cf6cd01978b86d0dc5df0fcc6f798e284277b362699f17b382042b05830f195e46942e05a759b979339f3de07d8e7d6b1cbd1303a4df53
- SSDEEP
  
  24576:lIsrw176xvSMJe/Oh8rsISWiIh6y2+cN:lIsrw17zYe/IFm
Score

1^/10
behavioral11
- Target
  
  online_win7.exe
- Size
  
  562KB
- MD5
  
  6906e30a99744586be9c5123d82002b4
- SHA1
  
  8b5799f7d90b99a88a40205b3d8554dea1f859e8
- SHA256
  
  1df0addde0d03f3cf35ad3e0279949fde44f31416e270c4b28950c546bfdff5d
- SHA512
  
  4b1ab74da5ac50f98123edae9c35536882f258293c4473ccac09564da07367b21061088fa244023c65c3302d7335e514f999156020288f526fa7da86e666a0f0
- SSDEEP
  
  12288:wNpbdPATFFLDzaN6iXNQaCeguXGQPFE66hLDzaN6iXNQaCT:4gTFFGXNQaCegkPp6hGXNQaCT
Score

1^/10
behavioral12
- Target
  
  option.exe
- Size
  
  141KB
- MD5
  
  2ea77b6d368a78f7928a3f63242dcc34
- SHA1
  
  38ce51fd5813d3df32f3b4e84da4189c5f810265
- SHA256
  
  2480b510e54be8d47a5d1f8e031a4ece4702d6a0dd64af113cd1d45216744dc4
- SHA512
  
  e03653e16e4d20898ef22aaf4fcdd5585c17d4444521f304b7c25cc04c193fef3bc87576223f48bcbeb649d3e50fa0323ad019d1a456cf6238c753d14dae7ebe
- SSDEEP
  
  1536:5JPIO3YE//HhkgQlOmjbYG9e78cwf6fRuFomDx9hfUVCyYGx7Fl3qwO8:5Oy2bGYcwoRHmDx9hfknYSD3q2
Score

1^/10
behavioral13
- Target
  
  patchclient.dll
- Size
  
  128KB
- MD5
  
  4225ed93fdd49259965f983fa66236a6
- SHA1
  
  37c410334191c5ba73254dc5d434c1e066c7f375
- SHA256
  
  bf9cd946e71ad9e5ea23d4f0e41fd8812b808f5dbd2291802b2d9ba871aa36d3
- SHA512
  
  f9022871ca35ee799bcf2ff929d68daf541ecd359e2cd76b446c012f33cd691cac65947e5976274b76569559d7b6b459d2bbec1f1836b3a0be85fb2782f7dacf
- SSDEEP
  
  3072:drpIu3+0VWtxTgmCqfmXi/13adBXrcEEopl3TXXmF9T:driu3RcgRqeywXCGjXa9T
Score

8^/10
- Blocklisted process makes network request
behavioral14
- Target
  
  uninstall.exe
- Size
  
  38KB
- MD5
  
  b074c6d37b61163c464a05df8b37e5af
- SHA1
  
  0efced995cd58aa9dd9abbae44b6828e9b2bf051
- SHA256
  
  31724a40bf815b540f844fb9e6d31b0f8f09e1defd41abf7dae7e5d4d70fdaee
- SHA512
  
  7349c9eeda5efe70da04e1288b42e0cb20775e158f35da1fb9a1ea83e06822901f5f29ba804562f41b8462fdd52d4172d2e86a793ce9804b99077a5647e41750
- SSDEEP
  
  768:YWMaPahxVUC30W+Xy3yGZUFExbBMu9+GSlOtj+WnFQlpSUG7ucJRnt6b6:3MpxVUC9B3yGoERbEy/Qlc7uE6b6
Score

7^/10
- Executes dropped EXE
behavioral15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Blocklisted process makes network request

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15