c4e6f9331755878841a23e1bc15def01e21a434f65c3ea5f978901faee26d13d

Sharing

Copy URL

Twitter E-mail

General

Target

ch-20240705T141015Z-001.zip
Size

27.1MB
Sample

240705-rg86mascqd
MD5

317a8d445b3f052206bdaf2b1aa88f94
SHA1

0c776d806f21befad13c4da460c4de896b03ecea
SHA256

c4e6f9331755878841a23e1bc15def01e21a434f65c3ea5f978901faee26d13d
SHA512

41e6be1fb0443164bd39a20a793fc687231a5baacc79368873a51d98919935fc2f2bbcecb593a6c7998e81d66c598bab52eb46ea8394ae5eaa9c12ad9abee3ee
SSDEEP

786432:zeDS1LTpQmdJNAT/tQ+Pn3t9lyer8eFf8/6QmOKnu:yutnNElQWKeK65OKu

Score

5^/10

execution

Malware Config

Targets

- Target
  
  ch/Cheat Engine.exe
- Size
  
  375KB
- MD5
  
  2ce992abd25f22de9a9b737bc608cf89
- SHA1
  
  d42cbe3f341b617f2565bacb7c1b9f40c89580e4
- SHA256
  
  f194daf2370bf554d37377be46b93d5a6b3dfaef1326d24740aee0989745c881
- SHA512
  
  e4f1fceea371d683ecb31ffac61ffa7a75ca8b87f8032ab1fc2624250cc8eef851cccfa12d117c0d104f8056a01ffb4260ac58774faaaef71ced5ecb66ae1ec2
- SSDEEP
  
  6144:/e0N02QaC/5SkHic3ivvM87DeiyF7tWwQE8MktvyFgkiMggugEkkoSE5hsB:G0N02Qh/QkLyvxty+PwkVyFgkidgugEX
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  ch/CheatEngine.chm
- Size
  
  299KB
- MD5
  
  bb80fec3b6e843b61859914480706cd9
- SHA1
  
  0ced874bee5bda6059b5195911aa117693d9d2de
- SHA256
  
  2d52f9d59211f8906ace16525721b1400343bdf720f062cf111d84089f129009
- SHA512
  
  78d8a024dabd111b59beea4dc21150c7fbb3a6924201d2f3ff9e720e4bbc967bbff285ba2064bc35c260ffde433c639fdc0252c47ae29b43398117eda21cf648
- SSDEEP
  
  6144:/UuFqUYSsTDiKebI7F03RPf2rB84daXcXrcURJo8tGgqQdB5+cbsQe/zQXE9LA2:tFhYSsnl0I7FG8S4daC/RGg1bnerQILf
Score

1^/10
behavioral3 behavioral4
- Target
  
  ch/DotNetDataCollector32.exe
- Size
  
  161KB
- MD5
  
  5ae652ca00afa7378b0fcc6f1a85c137
- SHA1
  
  8720955f40a852e9b5b64fda6ad5b0447c363248
- SHA256
  
  12dfdbec903ce46e0132f239ba4c8e8665b2020ca4aa781dc96a7cd98ed60cf4
- SHA512
  
  f3858b9c8718c5379b087cfdec37659740d288ed86dc172f592a3e6008bf03907135bcb4ef9449480795893a9d35d87381caf6b5497dc2bead1e8bbc09eae4e7
- SSDEEP
  
  3072:BFdofg4yfkMJ9ftaJMgMhAVhGmmyGrv1RMqIMqsGLOQKs60DYTMgeIe7eT0Z:ndox2VgLCnys1wMZGqdeNZ
Score

1^/10
behavioral5 behavioral6
- Target
  
  ch/DotNetDataCollector64.exe
- Size
  
  186KB
- MD5
  
  6e4d5643ba06864ca5f9c0598cfa8c41
- SHA1
  
  32a47b05c6f2cf0403a118f130fa62700a6dc97e
- SHA256
  
  3a138fda1ec86d8795114d192613414ecc3a1702674c67da3b14ab970acfc211
- SHA512
  
  c45b7f06256bc2631e9917d636b2de3521f3e817d6fe6fa4ac3bc86fb5ccef408fd0a1a4a376bd80d2ba4fbbaef226d3877555ffb89760e61649f830ba6c49ad
- SSDEEP
  
  3072:PZ9I3HumDI7uSG009IOEMfv+K5SAgH+9gr0zKArFoeeeWA0i:PZ9qBMuSRKDEMX+qC2wti
Score

1^/10
behavioral7 behavioral8
- Target
  
  ch/libipt-32.dll
- Size
  
  146KB
- MD5
  
  00b8f0cba176db6fd6edbef448e2fb03
- SHA1
  
  c89078f9f5c8f913bd5788a0850db5b6a4e59fad
- SHA256
  
  457046d9ae69be14e4a062bd15f74b584c999a596d6ff39e4f7868c3a243ccf2
- SHA512
  
  d14df38ad41c299b63a0d1d54dbd2be40eb80a1cf33135c087660b93fa90dcae3613a601c138f3bceaf185c8cbd72596fb222664be278ee0842ac9d66d268dba
- SSDEEP
  
  3072:o3ukXTNGp7+6zaEY7Zf/a0ye30zJhz8p2y:8TX8F8ECd/jOD8wy
Score

3^/10
behavioral10 behavioral9
- Target
  
  ch/libipt-64.dll
- Size
  
  171KB
- MD5
  
  e92d96e0a263cfda16bcde00ec668fb2
- SHA1
  
  3dce0e63dbe034c5e4d8d281b94db7c260b8edae
- SHA256
  
  89d063997fec2d7f118a4d36fee507293bc8ad009eb114e853c1e02fcd2c65ed
- SHA512
  
  ba2951006ea60bd5bbefd35afa20e691690aff9cb37b97ced1d300f9a16a95b191e1083313c2d06c185ffae631063d49499b8d7c257f87ce79e65a5afd1ad1c3
- SSDEEP
  
  3072:YMTS4QqrM7BqUHEwXDVT6B8AF6aBBcFkLODeYJObCkfzDzI2I:YIQqrc7V5Trw6aBBcFk6Ctb3vJI
Score

1^/10
behavioral11 behavioral12
- Target
  
  ch/libmikmod32.dll
- Size
  
  289KB
- MD5
  
  dacd337030c240f324a3d655ecd876e2
- SHA1
  
  d108dcbd13ca07265085278c61d8a9f751a4905e
- SHA256
  
  041427d5ae979b938fc2771bf3ae6e2b0cf6a669fc881b44be1586e46225532b
- SHA512
  
  83f0343479ea0f92fa48264b70efbdafa5d54f3bce5e0b8be523cdf528eb7891754208e48e7f14df554c2832cf9758377542f9df0eba8c441ccb8cacbfbab08f
- SSDEEP
  
  3072:iQMsoykzuYV4SPaa/Gr+RBmRQ5wipE04CIcFw6eAwE5Sm1Q5jsV+Kzhzr2M:iNJyTuxkC57IZEz1RiM
Score

1^/10
behavioral13 behavioral14
- Target
  
  ch/libmikmod64.dll
- Size
  
  320KB
- MD5
  
  cff044ee3143c7b48ab90e8d1ce52aaa
- SHA1
  
  f95706074717f1ed482806b5e9195b4565d8f9aa
- SHA256
  
  777c84aeea61d35c4e8d714658a105e03eb46c23259022bdef63411f0c6fa6e5
- SHA512
  
  8e1896a4d418ca18e484da0330d2d38d5c60056f3bca95d0194ebcf655f0284499cac6eb6960b7abd77ebf6341e21cce41c5d17db2908d421492f8cd40736f58
- SSDEEP
  
  6144:lnVdQfxRaiC76I/wZGteu+WJrXeN6joNtMrvMl9u61s1JGTBHpMqdmgIIE5pLye6:vdsxs6I6k9MUoNt2vSs8KqdmgIIE/56
Score

1^/10
behavioral15 behavioral16
- Target
  
  ch/lua53-32.dll
- Size
  
  439KB
- MD5
  
  dde3f283f576c0469443f6a59adaca76
- SHA1
  
  aef9a9b07f542eac0dd0012525d12a522bfdb877
- SHA256
  
  7b4f832fdb72fa75a67c9e035f828de0057dbb5d3c4e9963a9fe596719af0cf9
- SHA512
  
  d18f8344673a65678dc610ba60493b12b988741569f61e8abcfd80f69b44cdca8da09012c72f6d2476bab6fdd105d10d514a3655bef79cd897fa48e48337a9a0
- SSDEEP
  
  12288:lBj8paX8fQ/T/md4OASZAOLRwRai6wXGn+hfc:lxLrLmd4OA4L8DXGnmc
Score

3^/10
behavioral17 behavioral18
- Target
  
  ch/lua53-64.dll
- Size
  
  515KB
- MD5
  
  13100b2466570bf52c48725199c4e3c6
- SHA1
  
  166cc1d388de4d292d4cd9331ef65ee3a158a31e
- SHA256
  
  002dcb8ae68f51d54927b05e4726601640c6ddd6a063cc306640a7245b655f57
- SHA512
  
  5e916722673d431417400836e9555148b433a4f9a15e06076ec3eb1c0ba986915c4f4d6940e7f88dcbb2f9599458e14d692bcaaa56dc1e2253005ab295d8589d
- SSDEEP
  
  6144:7shVOadaiL9mUHQMpgL8LgpqClZNKX6SumisBEb/NUidzSky3uDMK/LXTMBQqN5I:TOL9J2L8E5VKKSuLGEhXGstCXoYkc7B6
Score

1^/10
behavioral19 behavioral20
- Target
  
  ch/luaclient-i386.dll
- Size
  
  186KB
- MD5
  
  bc07c7a4b44473183759be6f44f37678
- SHA1
  
  0737b1dcbf2fd2628a437d3b9274328ca210033c
- SHA256
  
  ef7328f5276b8d704327c41dcb9c5ce3713949222ba105a8a2cb4d21331cf7e6
- SHA512
  
  b444389707666a027789726e08334f619ddc51c08e1da87da4c8adbbe0bfd1a54089a4e98e065b82910fa758d465a6387c47ff67d6d9af550f9cf58c882642cd
- SSDEEP
  
  3072:jr03mcDwt5b2+z615yQ7SLVTnyJYpgerOEmgsRBZuz3zJ2YS:jg3mrHb2+z615yQ7GnyOpFOEFK4DQYS
Score

3^/10
behavioral21 behavioral22
- Target
  
  ch/luaclient-x86_64.dll
- Size
  
  249KB
- MD5
  
  e83a7c84c7120245fa540e6739fea9c4
- SHA1
  
  68d899acf257ee7c3d0cef695d3bacf2ed6971c9
- SHA256
  
  e37a3f6f69feb43c7d68c8e4149cbc69507f329fcb9e2ff67bb465db80d09746
- SHA512
  
  c7433ad345dc7aa1c72f7f30a183b8f31c021fa3112d03601b540f1731356178400546f1d2808441377655e42b32a0b89b7a6873ed428f6df65b63dec93dc3b0
- SSDEEP
  
  3072:EK2iOI60nWU4NJ4twEywGLOJQbcOL9z32fY8iV1OQfkz5w4Q7hk1DxzNz82q:EKu0WU4J0w6xJkBAY8i7fkaThkPtVq
Score

1^/10
behavioral23 behavioral24
- Target
  
  ch/plugins/c# template/CEPluginLibrary/PluginExample.cs
- Size
  
  4KB
- MD5
  
  b45c3e2829eed1beb58ed85d8e27362b
- SHA1
  
  9aff1824269b8829b4903ac0dc53e7b314cad5d0
- SHA256
  
  b16c0c45dcd137b01c6bb2ed3bbb7decb406fdec3d4aebbf1f6eeb44e9039397
- SHA512
  
  771506912072fe9eb3500c9ccc9d02236b1db579e02ece9abe538548b5f2fc0ad312edf576dfcde97f64e573d7b70b6cd73452ba426aab1e8f31a9431942cc89
- SSDEEP
  
  96:Jo4h2nXV0VgqojlWXS+vx+FvDVfv6nEbvFUG7Fnm4Auzsq8tdlvuO4BVNT:9UF4ajlWXS+vx+FvDVfv6WdUGBnm4Au9
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.cs
- Size
  
  5KB
- MD5
  
  d6a1ce4fe7d7e9321c47b5ba48bb0675
- SHA1
  
  d2f7178b9607765fdbfc869ef2f3f25405e9d2e4
- SHA256
  
  f47e49ab8e84189b6c1dd2b4a018c43992b34b5e2c025b09cce8be9d60c58b6b
- SHA512
  
  9f4428e86fdf025d94ba897cc68b91056ff28a4bd2ed12de2b9fede00d4396f3f53d05e4115d8cfd8f50b83891a7994001ed359e3a01c53c8578cd89de5cc338
- SSDEEP
  
  96:Jo4h4Dcz02nXVgqQUmzIxT1Y7wx7F74GwPgVK5z536uChJYqt+9UYNY:9KGpFDy7C7FwPgVcqu1NY
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.resx
- Size
  
  5KB
- MD5
  
  4eb5913a0e5aa842250f7419538fa230
- SHA1
  
  31fb76e5d9babe97a11fea041081f96ce426107a
- SHA256
  
  4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298
- SHA512
  
  846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
Score

1^/10
behavioral29 behavioral30
- Target
  
  ch/plugins/c# template/CEPluginLibrary/bin/Release/CEPluginExample.dll
- Size
  
  37KB
- MD5
  
  2df506f3e3969f3dda3ef32d21f8b210
- SHA1
  
  77391130a4c3853315882fea9877b5a0132e737f
- SHA256
  
  c49e654839b293c1d1e6d5f245e49a8cad787e70b3d0eb2659024e6d6ed44bc5
- SHA512
  
  22f7f01ebe710423548015c3c87f758f07aeec93fefece5ed6c2aae8c3d6baf26d60678e382a0c97b7c8942f2163140146c002d72abf3014708a4147b654f410
- SSDEEP
  
  768:o59YiDgzS3ejrtGtl1Ym+l+rZz4Awdewwwwd2d+e5R777N1HVM7gbvIVBlGiezFM:PmgeujrtGt7Ym+AZxwdewwwwcd+e5RPa
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32