8e07dd1c1d48abfa44bf0d6308fa48aadbe12e4f2706a8050360b84726267ed1 | Triage

Resubmissions

13/07/2024, 23:29

240713-3g2bka1bjk 8

13/07/2024, 22:53

240713-2t4rsasgja 8

26/11/2023, 22:33

231126-2gk4xacg53 7

Sharing

Copy URL Twitter E-mail

General

Target

Dead By Daylight.exe
Size

70.8MB
Sample

240713-3g2bka1bjk
MD5

cdb5615039c815dd9f46befa237d7423
SHA1

1ae2d5fbb5f9c88838ad739eec5c416968195520
SHA256

8e07dd1c1d48abfa44bf0d6308fa48aadbe12e4f2706a8050360b84726267ed1
SHA512

d928f2ef4586cab3d8f8bab2ce8b98d53f4275b72a0a82294cb02cb76d00958dc83c0da5082af3bc4ca246a1ea46e3b8256b100dd522b18f865c8c7101959e52
SSDEEP

1572864:Y4/4rzOchPZafBq9Ope9syyaSz3Ek+yvDuWjXMzbP0T1V1GU7:7kqcdZ+0o0AjzvDHXMzQT7

Score

8^/10

evasion execution persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  Dead By Daylight.exe
- Size
  
  70.8MB
- MD5
  
  cdb5615039c815dd9f46befa237d7423
- SHA1
  
  1ae2d5fbb5f9c88838ad739eec5c416968195520
- SHA256
  
  8e07dd1c1d48abfa44bf0d6308fa48aadbe12e4f2706a8050360b84726267ed1
- SHA512
  
  d928f2ef4586cab3d8f8bab2ce8b98d53f4275b72a0a82294cb02cb76d00958dc83c0da5082af3bc4ca246a1ea46e3b8256b100dd522b18f865c8c7101959e52
- SSDEEP
  
  1572864:Y4/4rzOchPZafBq9Ope9syyaSz3Ek+yvDuWjXMzbP0T1V1GU7:7kqcdZ+0o0AjzvDHXMzQT7
Score

8^/10

evasion execution persistence privilege_escalation spyware stealer
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionexecutionpersistenceprivilege_escalationspywarestealer

behavioral3

evasionexecutionpersistenceprivilege_escalationspywarestealer

behavioral4

evasionexecutionpersistenceprivilege_escalationspywarestealer