Overview
overview
7Static
static
3underversebattles.exe
windows7-x64
7underversebattles.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/vcre...15.exe
windows7-x64
7$TEMP/vcre...15.exe
windows10-2004-x64
7GMS-WinDev.dll
windows7-x64
1GMS-WinDev.dll
windows10-2004-x64
1NekoPresence_x64.dll
windows7-x64
1NekoPresence_x64.dll
windows10-2004-x64
1UnderverseBattles.exe
windows7-x64
1UnderverseBattles.exe
windows10-2004-x64
1Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3gamepad_fo...us.dll
windows7-x64
1gamepad_fo...us.dll
windows10-2004-x64
1netlog/netlog.exe
windows7-x64
1netlog/netlog.exe
windows10-2004-x64
1General
-
Target
underversebattles.exe
-
Size
232.1MB
-
Sample
240712-3sx4aaycme
-
MD5
8f1b45fafe36e57782652523a563764f
-
SHA1
333d05376080eddc22aed18cc4fe20587e113127
-
SHA256
ff4bacc28cf6eb2e123bb9ef5fc818ace9f83c3c398d2d9ab78b80c224cdb7ba
-
SHA512
1cd0f0f5fdaaf3821063def6c724cb020bb0f27bf6ff71076618599c8dd58277f28a4e2a48b90aae753582b0c0828a0808f62e50f4d66a48669ae79adba9553b
-
SSDEEP
6291456:bGoPivGw61yf3wP4R2YJuclwDkAROad0+P7CwHcHC2:bbAwP40YJuclwgAROQ7e8cHC2
Static task
static1
Behavioral task
behavioral1
Sample
underversebattles.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
underversebattles.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$TEMP/vcredist_x86_2015.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$TEMP/vcredist_x86_2015.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
GMS-WinDev.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
GMS-WinDev.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
NekoPresence_x64.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
NekoPresence_x64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
UnderverseBattles.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
UnderverseBattles.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
Uninstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
Uninstall.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
gamepad_force_focus.dll
Resource
win7-20240705-en
Behavioral task
behavioral22
Sample
gamepad_force_focus.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
netlog/netlog.exe
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
netlog/netlog.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
underversebattles.exe
-
Size
232.1MB
-
MD5
8f1b45fafe36e57782652523a563764f
-
SHA1
333d05376080eddc22aed18cc4fe20587e113127
-
SHA256
ff4bacc28cf6eb2e123bb9ef5fc818ace9f83c3c398d2d9ab78b80c224cdb7ba
-
SHA512
1cd0f0f5fdaaf3821063def6c724cb020bb0f27bf6ff71076618599c8dd58277f28a4e2a48b90aae753582b0c0828a0808f62e50f4d66a48669ae79adba9553b
-
SSDEEP
6291456:bGoPivGw61yf3wP4R2YJuclwDkAROad0+P7CwHcHC2:bbAwP40YJuclwgAROQ7e8cHC2
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
6f3098fb5f3db26f3bb84f5481109e39
-
SHA1
9270793e404cc42c6f5be1eb1eb4305f166c656d
-
SHA256
f90a0893c0b0ce2ae3f8bb65f383bf656ce33381d6cbac2b25a7d82b34fde9bd
-
SHA512
0462beae0fbd882dc0b6a09547a7959c051928b828e28125b433794de0258f90f3dec8f1920290f114970d2540a113224b8ab372fcee4dfe87f139be4ac0c0d1
-
SSDEEP
384:lgw9eYfMCU9oJNJJjL3bhLNdSDL6o5VrSRLmCvl:39AleJNbf3tNgDLn28wl
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
ea00e2678e4679ba28b0f560baec9776
-
SHA1
f9b647b1ab50cc2de981757ac914a5787bccd95a
-
SHA256
60d4a86f65e141d4b6b778e5f448a0c818bd2fa28db7b9dabc1395d354b19cc5
-
SHA512
2ee7a4a0af955ba376c66d13e626ca135b2afd13277a006f523eb2fdc1133a12ea35b065a8c119843fbe82f89190cdb2b769329af14e4313a2419b739b27337a
-
SSDEEP
192:UA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:MR7SrtTv53tdtTgwF4SQbGPX36g9Mw
Score3/10 -
-
-
Target
$TEMP/vcredist_x86_2015.exe
-
Size
13.1MB
-
MD5
1a15e6606bac9647e7ad3caa543377cf
-
SHA1
bfb74e498c44d3a103ca3aa2831763fb417134d1
-
SHA256
fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
-
SHA512
e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd
-
SSDEEP
393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
GMS-WinDev.dll
-
Size
85KB
-
MD5
fb1e3cb9d7fff99956c96baf742dbf6f
-
SHA1
65777480cd33d413bcee7bef89a2be8827bc0b29
-
SHA256
fc86c4f3e9bcb57928cab5ebc43c99093b78c97246d400447aa1b4a5bd524266
-
SHA512
512b60c28de4e0d591d72086009396439d1f7635c3c2aab04d0a30398b0f1db8dc16c4baf1ccca32233783482aff3bd39bd8e6888c49ec715bda3c1895a9e136
-
SSDEEP
1536:VPU8NF9DVMY3UWuFw1LLzhuw0+XA3tJqUsWiJcdAGCKyAP8NqM:Xqy3uw1LLtnKNADrAP8NH
Score1/10 -
-
-
Target
NekoPresence_x64.dll
-
Size
72KB
-
MD5
4e16dcab5d51e96c4a75a474a14361c6
-
SHA1
87eba991de551025cf72cc16e6cab28120944b07
-
SHA256
bd0a41b6f52f02d26fd79f0a6e28c2fb15bc06cebce91cf19a7b84fda58e0591
-
SHA512
8ca679806fb835adc6abdb2216649cc82342ca7cb04ad4bd51cb3dd152e409c0e1e65127adbe85cd387cca24dfaa283f6296ed720cf622cbdf2e2ed8a9f6edef
-
SSDEEP
1536:jz1QHQb1gwVPDOpZRnHdLu6tRIcqU3N1EZAT:f1TqwVGZRn9LucR9qkN1EZAT
Score1/10 -
-
-
Target
UnderverseBattles.exe
-
Size
11.8MB
-
MD5
99046feb2eaaacfc31797895bd3eaf00
-
SHA1
f39c66c46c2d506b01db36d3b9a0226418470906
-
SHA256
d8eb91a821585b3dc778222a7782515a5b404e59dd92a9988ccb1b1003f4e621
-
SHA512
de88ec355a37596488caefe6f6862743144b90ca9389118d52215d240e87e6452f8b317d125c7e9892e6e9f3ae8c5823e546fe6ca573358f6244e5182a021e81
-
SSDEEP
196608:OXDu1wa1XYwsUkxCWU8lAuIUTcEM2QDoQaMRq+AraAuLOUUjrsQUSKNjeI2Cmzls:OIHrmaNO0/L
Score1/10 -
-
-
Target
Uninstall.exe
-
Size
70KB
-
MD5
7117ab480674b8aa780916265ed6db14
-
SHA1
216881c2e8a2c3298f9d251d5ac525760fedd59a
-
SHA256
9af1402ea961ecf470b7bb637bdd6e4497438fa95cbe2f13a6958e317fbec878
-
SHA512
946e60261a6e0fbe9fbab1157b364822eca015a597ac94dfa3e7eb5afb07b1b48ca190a1b310897b721d05ee4e09f976a72b9524e94c57b4b825b284314ab651
-
SSDEEP
1536:LcVxMtkyfWqPG1QIcVdWToWw2JqM9I3pR0tRTGCIXB:L4MrfWdbcDWToWNJ1920rTUB
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
6f3098fb5f3db26f3bb84f5481109e39
-
SHA1
9270793e404cc42c6f5be1eb1eb4305f166c656d
-
SHA256
f90a0893c0b0ce2ae3f8bb65f383bf656ce33381d6cbac2b25a7d82b34fde9bd
-
SHA512
0462beae0fbd882dc0b6a09547a7959c051928b828e28125b433794de0258f90f3dec8f1920290f114970d2540a113224b8ab372fcee4dfe87f139be4ac0c0d1
-
SSDEEP
384:lgw9eYfMCU9oJNJJjL3bhLNdSDL6o5VrSRLmCvl:39AleJNbf3tNgDLn28wl
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
ea00e2678e4679ba28b0f560baec9776
-
SHA1
f9b647b1ab50cc2de981757ac914a5787bccd95a
-
SHA256
60d4a86f65e141d4b6b778e5f448a0c818bd2fa28db7b9dabc1395d354b19cc5
-
SHA512
2ee7a4a0af955ba376c66d13e626ca135b2afd13277a006f523eb2fdc1133a12ea35b065a8c119843fbe82f89190cdb2b769329af14e4313a2419b739b27337a
-
SSDEEP
192:UA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:MR7SrtTv53tdtTgwF4SQbGPX36g9Mw
Score3/10 -
-
-
Target
gamepad_force_focus.dll
-
Size
75KB
-
MD5
a9bf753564e1eb9e51c3b0c7209bfd37
-
SHA1
8eeb41ec22e125b5a36f6e84acb91d7fc27dd6ce
-
SHA256
1ac8f9f484ba452d3cca023927f5cca5e00150ce859ccef30aa015cddd0f3706
-
SHA512
5c885a549e89d1dd398ad54dd0d0a9e62aa74f663916a58a7713dd5db4291f978c014e7930316fee9a6c0128fa3841abf85033e0ed21689fa72cc0bdb29ba932
-
SSDEEP
1536:sLTsIQPOxdKBpzKLkkcgu6YGZ4FbsW1HcdFOs3c34:q0POxdwzKLbu6YGSF2FOss34
Score1/10 -
-
-
Target
netlog/netlog.exe
-
Size
56KB
-
MD5
8b939474a7df8a328e48be7576654814
-
SHA1
7427f2e51308d0f83b2e6ff00057100b69f291c3
-
SHA256
16ba76c0b6fd420ccd89e19c14fcda3629c19011309093587fdb67b543e433e6
-
SHA512
ec03954e1e795a43856e86b6ce96d5943e673a35c41eab2933c3144c1d97318a5cca93efc5d304050a0406ac8fea5a9aebd4fa565e206a106b1423908bb98bcf
-
SSDEEP
768:ghjLXtRCBT1AhmsYS/Wmw1z9OXOo0xYlWlbuwJyqabXd9:ghjzLCTgYS/WeE15uwJfu9
Score1/10 -