c291f69fe2c0a95a9949ac15d06182344d646cf591752e0db27e2a09c90a97e6

Sharing

Copy URL

Twitter E-mail

General

Target

gwater2 0.4b.zip
Size

1.9MB
Sample

240705-l8mttawfjq
MD5

a84bd73ba43f88531b3add513b35d2ff
SHA1

54278d180b6a8a296c98046cc4cb20862996f329
SHA256

c291f69fe2c0a95a9949ac15d06182344d646cf591752e0db27e2a09c90a97e6
SHA512

1d7cf5c6dff56b31fdbea2272afb64858b599026fbe0ecc16841ca9eaee0816d59a18c2132663cb4bb6ed3c56e71ca83d926f8d542f8d22da7fdaa363357561f
SSDEEP

49152:Njo6o5V8G8ohKFitriLrVy67Eex+1rb9tlUUntwaBZ:N+qGRVFivQ67EexgTBwaP

Score

3^/10

execution

Malware Config

Targets

- Target
  
  gwater2 0.4b.zip
- Size
  
  1.9MB
- MD5
  
  a84bd73ba43f88531b3add513b35d2ff
- SHA1
  
  54278d180b6a8a296c98046cc4cb20862996f329
- SHA256
  
  c291f69fe2c0a95a9949ac15d06182344d646cf591752e0db27e2a09c90a97e6
- SHA512
  
  1d7cf5c6dff56b31fdbea2272afb64858b599026fbe0ecc16841ca9eaee0816d59a18c2132663cb4bb6ed3c56e71ca83d926f8d542f8d22da7fdaa363357561f
- SSDEEP
  
  49152:Njo6o5V8G8ohKFitriLrVy67Eex+1rb9tlUUntwaBZ:N+qGRVFivQ67EexgTBwaP
Score

1^/10
behavioral1 behavioral2
- Target
  
  GFSDK_Aftermath_Lib.x64.dll
- Size
  
  32KB
- MD5
  
  96a5c5e060ca83652e5798798cb15cb9
- SHA1
  
  241fa3e48e496086acd39dab55e425cb51bd780d
- SHA256
  
  51de58aeda0a44955ff9d00d617e2dedc78e66bf738bdad3d332b18888bb8f4a
- SHA512
  
  bb3713fcd3a3c67f96c3fc5099ccbcb5aff3984363472c6545ec0d2240b17d2930bcca077a6322ffa5e27388d36c26d2857fde58ebb9c4f262ace2446d0ee1f4
- SSDEEP
  
  768:RrSx+nnWOuElBOwLL7fVXRRMs+vdqbDSj0H:ZSx+tPOw5PMGbDSg
Score

1^/10
behavioral3 behavioral4
- Target
  
  GFSDK_Aftermath_Lib.x86.dll
- Size
  
  25KB
- MD5
  
  ec9e77c1667b06494a9379db4b9f9b5b
- SHA1
  
  faae0fbce1b657f63eea4fd5f13be8c1304d00f8
- SHA256
  
  ff30a4ca1b005f05a443ae5d48eb714ea5a917b6b4a5ef361efce8ba1d3c8420
- SHA512
  
  09c3ded060573a601c5f237da616b5f70a0d088bce3c56aef071f6ec1f8fd5f2135d933de2b1f7cf97f8aa261c6ff32a1f624f890c652428d72335037e53f484
- SSDEEP
  
  384:yKMGNMu5Rh2MZvc/77nZZjoQ144Q3AW8umkYIkOI39R3rEGdh1:pMGNMIL2MQ3ZZEQa+WMkYIkRDbL
Score

3^/10
behavioral5 behavioral6
- Target
  
  NvFlexExtReleaseD3D_x64.dll
- Size
  
  426KB
- MD5
  
  5d424b62f3e889ee930b2367f9786025
- SHA1
  
  53094aa45472fc73447f9e48075568c2ac3e7822
- SHA256
  
  c448c3e976527cc7f36c04e55bbc10a25a11b0d8ee9e2c34cca53349009c4074
- SHA512
  
  c47c9bd1f0ee267abf16171f887a7705ff2c96fef9c428fab682175e785bfff203e206c22924ea5e0f627572d4b714a94fd90ce2caf985fec208ccbd97820800
- SSDEEP
  
  6144:Dfose2qHWGroimjMz4pMFvU/Tcda5M27hrNe3Ni7jrJRE+r2mKP9Bwx8fMzR+:DbK18SUYc7hcaLEa24U
Score

1^/10
behavioral7 behavioral8
- Target
  
  NvFlexExtReleaseD3D_x86.dll
- Size
  
  359KB
- MD5
  
  ec26c7e1f205532a1a5aa27cc36d42a8
- SHA1
  
  cf1580cbcce26fa0aef83ab7f1ae8ccd055c7efc
- SHA256
  
  45540d72c90d4410a1a4746da83bc1c80ab5a3a5ed806d63459acbdbd8ad6c92
- SHA512
  
  c311ef34b8d216fa131c2fe6bd5ff8b5427895a1fc963adb144462bfc92d5555abb00085a16fb550b400cc7fa77dc23bc480f25a34283674ebeb173870e1d4f0
- SSDEEP
  
  6144:0dmDXKvDKL/lAKZOZ1N4+pUx3TQlvJKrqJubFfk1ysxIc:0dmDXKmZK7pI3ElvJKtZKywIc
Score

3^/10
behavioral10 behavioral9
- Target
  
  NvFlexReleaseD3D_x64.dll
- Size
  
  1.3MB
- MD5
  
  4884dc449db76c4b5219c264fe23a464
- SHA1
  
  4498f7eab9371f79552990d0ec65badeae0b410d
- SHA256
  
  b79e4680dc16b3e5aa47bd653e23c9383380722d35a97af0bdb49623be53118d
- SHA512
  
  1c32e00fd91346859d407730b18cf8efd0017016e066d61c0fda59553a30b4eeb88a8ceaa37245ce94968934db6a27bf39095685a9034ed1706d4b3324ca4d16
- SSDEEP
  
  12288:f7PWWf+TcsYr8SWF0GqoKbv8qdORqxTYN0/s8GDcpOL:f7PjmTcsYr8SWFQ84fY0/PGDcEL
Score

1^/10
behavioral11 behavioral12
- Target
  
  NvFlexReleaseD3D_x86.dll
- Size
  
  1.2MB
- MD5
  
  aed0c4499c311a2ed4a57fbcde8bb803
- SHA1
  
  4ffb6133cbdf9b936838192c8cba638ffea99b5a
- SHA256
  
  a782ba1ef1a800b5ca44e99c87361d254f857bd2b37ca45b0594e01ae30703ea
- SHA512
  
  4d219f85a95643c4f0450fa1eae4bd32d749b1be00fe9c11b28d907ddab60d030c93d27cc900b05772086d9324e8ad94a3bfc4d94bbdfc819afa712cd220dba0
- SSDEEP
  
  12288:iV4lfmmmkyimT3pYlYewSWDX/ftv/GXQuTD8ykekRT2VJN:iV46YlYfzd/WdTD802T8j
Score

3^/10
behavioral13 behavioral14
- Target
  
  amd_ags_x64.dll
- Size
  
  106KB
- MD5
  
  b94ed14aaf252885f75e9132abc9d389
- SHA1
  
  6726078611731d38f032dcef8a522b64fa7d56f7
- SHA256
  
  37bf20436643db1e483fc44a20ff5ec50abaf0c6a863a2eafaac03e9e5cdbd27
- SHA512
  
  42eb3abe04bc66117da1647793d71f01da496cec77667ec6c77ca6c365be6a4e09288588681f113c65662090729ed15e7b2e3000191aad91b5c885b686596c7e
- SSDEEP
  
  3072:6EcW2rxb5FjFT2HVMrUG1B86bkUy3KiI:32rxFbTUMweBlbknA
Score

1^/10
behavioral15 behavioral16
- Target
  
  amd_ags_x86.dll
- Size
  
  92KB
- MD5
  
  65f4e6e15ba28402b1ffc5ffd1f8a933
- SHA1
  
  07e93edac24c58e411430d61a2f7207d8a7bf078
- SHA256
  
  446f8726d66190fe5f4229e9354be4ec0b9c65e93b20cf1966c7bfda865f30b6
- SHA512
  
  9ccd8d3bafb44979049cdd07dfae62e557caacd3ddd87bbe22189b153dd729516e51fa0c670eb2167a34c939cdd78fac585e63d78c8ff680c9e81fdd860b2abe
- SSDEEP
  
  1536:T2Y4owdQVWGrNRuH5DnzXS6GGKm1mwj6cgE6FF/I4sWjcdF+VGOHF3emxLb:aY4oGCpJRiBzXSfwjaFceH5RxLb
Score

3^/10
behavioral17 behavioral18
- Target
  
  garrysmod/addons/gwater2/lua/autorun/client/gwater_menu2.lua
- Size
  
  43KB
- MD5
  
  5ccfc367e1efb63667a50b8cfc65a11d
- SHA1
  
  3e86d2f56a9d53d56f61b18efd6c145077aeac7f
- SHA256
  
  6432da3b051af493cceac56020b228945612f95fc572e8c80e29143d92db693b
- SHA512
  
  6ba741addf010d7a738ac5b8f20d9bbc4d28b9a6215b78c24d467e682cc025d0a7bf92aabe38a58d4d28ebb5d24988e545c5f97a80f491d06de783d8d6577113
- SSDEEP
  
  768:pQmDfNuoc6I69Wr9J9oJXTqBpdi/ZCLR9yjJd7mp+RzmEwZvQ0MXe8+RzmiisTrB:GCpAboJXTqBpdidjJRmMzmEwZzMXexzr
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  garrysmod/addons/gwater2/lua/autorun/gwater2_init.lua
- Size
  
  6KB
- MD5
  
  bbdd0bcb7001e6c074fe5f5f823ac0a7
- SHA1
  
  7bdeba067c982d7b78faa55f12dd00ed2114207e
- SHA256
  
  045c4d3c7dcd4c84503610ee162d4653cb3a28186fece710a64bab60d27fa1ca
- SHA512
  
  d76a20c7b8ff75edbfe35764a28e7dc8db35e33763f31a452de07fc287072752f414a72c5c91e4dbe64e856a28a4610029d53ba498e1aa5bce0453b9618455d8
- SSDEEP
  
  192:iD3UstHnGU0KlZ+fUSdBUSXvuGVuGqAuGf+lCij5lTnnLgyARGg3mHDnEOXyWC:iD5tHYdGSXvuGVuGhuGfp2ncvtEw
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  garrysmod/addons/gwater2/lua/gwater2_patrons.lua
- Size
  
  12KB
- MD5
  
  e810329bc1e0b077586511f0ec273b9f
- SHA1
  
  f959f55fbb1ac1dd43f46153f23530909bfebe77
- SHA256
  
  1069991c8fb48628b13b05d680f8b0214b8b47ca2aaae6afd668c84f6c372b27
- SHA512
  
  e4275129e3ff8da88620a168b64bd7e4cddb377d27e3deb2b8d9b87a8d79151382170744d5affdec942151ecc3de350fbf30250d3aab9166cd9b5f39342a514d
- SSDEEP
  
  192:6D7HIl5pJGSnZYxWlZqfY1cXOVLz7dKAJ2vf3LBjl6HfJkGP8xlgYkkgMHK:KIljZY5hILzr2HFj4/zkb2Mq
Score

1^/10
behavioral23 behavioral24
- Target
  
  garrysmod/lua/bin/gmcl_gwater2_main_win32.dll
- Size
  
  279KB
- MD5
  
  aa6712e1f56217b7692e8c74ebaab8de
- SHA1
  
  018520ec39588cbc0220b5e2c8f8532c2c860259
- SHA256
  
  11376ceea6baf2cf8db399e832dfb65c026dca582827f4b01f4a9fd939dbfbd0
- SHA512
  
  5a816f9423899390cf839ba82e7adf69069061746562adb66b7c99e17fc4f999bc15bfae1ce93d2e771d1222d3008bfc1e26a955b69069b1949704dbcf10b112
- SSDEEP
  
  6144:6V0bKDxfdKPldui8Jk1XHgqwW0UFjJtB1xW2c:6DBdnnJGXHgqwW0US2c
Score

1^/10
behavioral25 behavioral26
- Target
  
  garrysmod/lua/bin/gmcl_gwater2_win32.dll
- Size
  
  312KB
- MD5
  
  e016f76496c7d0b27483b871bb49dad7
- SHA1
  
  0dc7150d6c4cbe6bf6a895c9c05104e3570799ca
- SHA256
  
  2fc25cef3651a930be2159ff10da7d3ff80b7825fc7f48f0c590b4c3f166a83a
- SHA512
  
  06ca2ecdd3bd1510b402f09af6f3f8218fd4e4a379b43577525a2b80f4321478df72519054dcdabb101d33571f0d4c1180a07b76e6184f12a621259c4081c72f
- SSDEEP
  
  6144:8V03LIExfdRs7LCqEl9UB0Bb1PDsYigE7L1R+bAOkDppd:VkEBdMCN9UB0BBPD2gAUiNpd
Score

1^/10
behavioral27 behavioral28
- Target
  
  garrysmod/lua/bin/gmcl_gwater2_win64.dll
- Size
  
  383KB
- MD5
  
  4003d80e7b67dd0cb10d1890ad897ab0
- SHA1
  
  dddf1725a6a6fe073afd25713b5afde1ea37378e
- SHA256
  
  a09b41bab29414d8a2224db04f3c051f96f7503f751fcf5dad33d97b8d241bf5
- SHA512
  
  59cfc8859a4b88f3ac5f3b60e81f5c046818cd6941eaa4aa043069b5344ebeb5ab774ad97a78414f721ef8c04b6e604a4ad8e904bb0ab4372c2e0241fb9fd707
- SSDEEP
  
  6144:Y47lL47TPkvYNnq17LnmohsN8KOiMBdpY4lIoh04XDas:X14nPkvYNnK7LZGN83Ko7Xus
Score

1^/10
behavioral29 behavioral30
- Target
  
  nvToolsExt32_1.dll
- Size
  
  40KB
- MD5
  
  fc43e0193932b35a0c75a7a31c73e86d
- SHA1
  
  3b0ace857e93475bab58e1023b70a75652436282
- SHA256
  
  2bdcd06f8057a3278a1e29e716809978cc2df9e6f21a589c394faeb95fa3d675
- SHA512
  
  7f8b21f0c94dbba8a64006432d77a5c48e75da67465a8d7af3f833ce97911bf22ef99c656a696ec62a6b1a1b89fc711dda16406c7b2565b4201a41f1d6dfa9f2
- SSDEEP
  
  768:E+ZMXV0Dp9BNnd22fEU8hcoGnTEDrhvyM2LzQA3Lt:xOl2p9o1UM2vM2LzQA3L
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32