d03c4bd3d2392477a6ae2641026304f57f5dded4c78d5177042cbddf3ab702b0

Sharing

Copy URL

Twitter E-mail

General

Target

AK.xolotl.v1.3.13502.rar
Size

422.8MB
Sample

240719-2w9qtavann
MD5

0567aaf80eacbc6a074f282c9ca6be36
SHA1

ca160e0bffdd4ebce379f2f0dd6f1834df93ad94
SHA256

d03c4bd3d2392477a6ae2641026304f57f5dded4c78d5177042cbddf3ab702b0
SHA512

049098945b69760d0c255d50b5d3115dfd5d9f2e88d5905bccdc778c9a2e0bcb19c1fa3e8380f8eb5cc217f07e2838e2ab90bbf76daa1ef7708d58312cb75cfb
SSDEEP

12582912:nGx0a557RXrQCDG/QV+oyS3Avx7/FnyrM0T:Q57LqG+/dyo0T

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/GameAssembly.dll
- Size
  
  55.7MB
- MD5
  
  8f1737cc04d62fcf158bf10d1bfa62a4
- SHA1
  
  eafd340863c87f3ffbd49b01cf48d65bea97a1a9
- SHA256
  
  0520237df0e37e0ff6d18fa0a6affa539c13a54a41bdab798167e99f0555664d
- SHA512
  
  86fa4a523520654b2f8402f0140a9053d02992cf4d9b33cef5b004ccf1dcfab8d992d481f8a83a340bec42096b2a2099652723ce85b530cdd937a3bf9f55b518
- SSDEEP
  
  393216:/Usfn1TifhXhdaJlBxgQOKe0E7hPE6R/14m1hbkxoCVn1fcYqJW0XuXM67dZ4HXG:s8noXwl48e799Cqz3WfD
Score

1^/10
behavioral1 behavioral2
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/Redist/vc_redist.x644.exe
- Size
  
  24.2MB
- MD5
  
  a8a68bcc74b5022467f12587baf1ef93
- SHA1
  
  046f00c519900fcbf2e6e955fc155b11156a733b
- SHA256
  
  1ad7988c17663cc742b01bef1a6df2ed1741173009579ad50a94434e54f56073
- SHA512
  
  70a05bde549e5a973397cd77fe0c6380807cae768aa98454830f321a0de64bd0da30f31615ae6b4d9f0d244483a571e46024cf51b20fe813a6304a74bd8c0cc2
- SSDEEP
  
  393216:Dwlp+dkBSuF2SfUfn6+eDl2ugjMoA+hxV33wsBH+Jh+5l+BvlOchteAHYhx9vy:DMp+Ty2SfUfnxk/kpsjlOchcEu2
Score

4^/10

discovery
behavioral3 behavioral4
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/Redist/vc_redist.x864.exe
- Size
  
  13.2MB
- MD5
  
  9882a328c8414274555845fa6b542d1e
- SHA1
  
  ab4a97610b127d68c45311deabfbcd8aa7066f4b
- SHA256
  
  510fc8c2112e2bc544fb29a72191eabcc68d3a5a7468d35d7694493bc8593a79
- SHA512
  
  c08d1aa7e6e6215a0cee2793592b65668066c8c984b26675d2b8c09bc7fee21411cb3c0a905eaee7a48e7a47535fa777de21eeb07c78bca7bf3d7bb17192acf2
- SSDEEP
  
  196608:oRjgvJ2flpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42BE6+2DQlMp1sHW5ZDmCCM0Xr:IgRIlptVYmfr7yBG/4pXMHsHW76CsGE
Score

4^/10

discovery
behavioral5 behavioral6
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/Redist/vcredist_x64.exe
- Size
  
  5.4MB
- MD5
  
  cbe0b05c11d5d523c2af997d737c137b
- SHA1
  
  027d0c2749ec5eb21b031f46aee14c905206f482
- SHA256
  
  c6cd2d3f0b11dc2a604ffdc4dd97861a83b77e21709ba71b962a47759c93f4c8
- SHA512
  
  75280d721550c2fa19b4f8d42b87d2fc6017f42709d84d2162c7330f7a0338bbd72cdc3f78626b10edcc602e2d22b174039254824334b3173d0ea48b3c06d1df
- SSDEEP
  
  98304:hsPj6quMcylIpk4nM6tmMUrfvEP0hcKju9Z/lTPU8UBHBKNpr1w36ZyY:+PjzDJ4M6tmXDsPKi1lTPmHipJwqL
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/Redist/vcredist_x642.exe
- Size
  
  6.9MB
- MD5
  
  e74f5ac8f39ff69dddce07c8e1f7f943
- SHA1
  
  f283c6f14fea54441697f8d4d1d33cb5a180c20c
- SHA256
  
  4542bf0e828d4428260b2bc975da5bc25d69c060e54176dac1d14b5567ea67d1
- SHA512
  
  893ba3836e03dc14e0cb7e3da6af1cdb436dbed4beb948ec7118816e3483bc7c68ef87e5a4b200588a0f8ddedd3a79843c77a7b1ad0cd1d31df64b43066f6ca9
- SSDEEP
  
  196608:E9OaQ54oYY7jLwXjZ41OON2uk3bQWgtyccMEL:rz5x7jLXkmkU4cFe
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral10 behavioral9
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/Redist/vcredist_x643.exe
- Size
  
  6.9MB
- MD5
  
  53e6fd636573c63684b1a2aba4b1e19d
- SHA1
  
  393932f2f2958b9fd8b597ea7db1d82e8dd01318
- SHA256
  
  11cb1f23472e6636cc2532c82b5584f1a644b37210a8bf4c339d4f19482acf93
- SHA512
  
  b221f433806cbcede0b57ccd1e75de6d650c7895fec96731bbeb562987b15ba6d629db71cb9cc1f064579ef8ed06ed15fc2bc2014f48e53a5715837cd6e2a8aa
- SSDEEP
  
  196608:c5oyO3CCT/hBxtVtyUVnmSprzVIY7QKAV:qoywCCT/hXQQlrzF72
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral11 behavioral12
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/Redist/vcredist_x86.exe
- Size
  
  4.8MB
- MD5
  
  cede02d7af62449a2c38c49abecc0cd3
- SHA1
  
  b84b83a8a6741a17bfb5f3578b983c1de512589d
- SHA256
  
  66b797b3b4f99488f53c2b676610dfe9868984c779536891a8d8f73ee214bc4b
- SHA512
  
  d2d99e06d49a5990b449cf31d82a33104a6b45164e76fbeb34c43d10bcd25c3622af52e59a2d4b7f5f45f83c3ba4d23cf1a5fc0c03b3606f42426988e63a9770
- SSDEEP
  
  98304:TsPj6quMBYyuSFOMKykvYgS/ylTpHufHMpPbOZ39c7T3eeom2vJtPShg:wPjzayuSgMKykQgSaTkvMxEYT3OfPShg
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/Redist/vcredist_x862.exe
- Size
  
  6.2MB
- MD5
  
  f5a9debf301d714c39757965cad9ba9b
- SHA1
  
  5765fb4e23900e528746d47ef32e205c3013e9da
- SHA256
  
  4ee185ca12347324f684ae383692a880f749ae1385ba53c1b12dbd9ac3150f0d
- SHA512
  
  63c01e8e47282e2dd3cbf7081033593b3976b378e59224817dcc20a906a518622adeaa0b405dca754f172706ce5c75a39afba692618a064216e458835ecc2689
- SSDEEP
  
  98304:7hEKzHx15bWUuBrNatjJh2eNUrzKRL/RaIswn7aBOC5qZxVqFb2iExMc7FvxwGv6:7RDnuBotjJh2emr8L/YIsG7MOgqHG64/
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral15 behavioral16
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/Redist/vcredist_x863.exe
- Size
  
  6.3MB
- MD5
  
  253773272d79cb515424e78547423948
- SHA1
  
  6ec62445733107785ff6f4cac25bc3fee9e7bcd1
- SHA256
  
  fd8f23c2ed640f7a4b18e55b10ef415febd83cbb8d58338ab71bee693f7e8d84
- SHA512
  
  b1c93b1f7c6641f74279a746d3db2d9a6c25786ead56574fd42046c1f4134fddd84b55455158468a31a167d6a9ce07431ef4d6b07af2ac097e6ed9335594e58a
- SSDEEP
  
  196608:ArKjLs+UIkzHlAv4X6zQRgiwHLD2LQIXG:UKjaxFFP1iLD2LnW
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral17 behavioral18
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/UnityCrashHandler64.exe
- Size
  
  1.1MB
- MD5
  
  391460003bbcaa2e68bc8ee6747e436d
- SHA1
  
  fa5fd3e83ed26c94700ad40a1fccee3f9c6c1b31
- SHA256
  
  7dfc8a960add583ea2e54b48da639444468372a2cb65f35989cef0dea82d1b9f
- SHA512
  
  afbebf0fec48f5ca1812076bc78341136fe1d17e907463c70645157a010b4e2fb929261238a4262e7ef9f9a8c8e1c1f6fa207b0962e364189fae031cb4b0bdfb
- SSDEEP
  
  12288:HGBAp4YQqZSgVykXepgubC6p8blc+GkFhoG9Yro/BofLyVpc3fmp0Qfz2fzAT:HGyijqI00bC6pghRFhHQpLMz+zAT
Score

1^/10
behavioral19 behavioral20
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/UnityPlayer.dll
- Size
  
  29.4MB
- MD5
  
  4c0565c1cab9beff19fc1cc1db6d827f
- SHA1
  
  f5637924d1e882264e8b6239a7112f3a1e7ad95f
- SHA256
  
  51dbbd6ca01b5970dd84e84b62b12643b5157c8dd8bf44f213f1f1f0282628f9
- SHA512
  
  4fb111da6f72aaddbe53b0172dacaeff02cafd027632132cd005956c78b7c11e3b41cb2bc84ea4df9c0d8db02aaa8a858f7b7829164b65474dd1562f3ef0f35e
- SSDEEP
  
  393216:1OqyvL7TpDE4DpESP4A4yFFC2KRaXdGdZONJ7ZMr8kZ+:1GUTnOHlx
Score

1^/10
behavioral21 behavioral22
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/ak-xolotl.exe
- Size
  
  651KB
- MD5
  
  91516651cac9d478be48acde50e454b1
- SHA1
  
  5cfab6c4e0b3df2255bf73c72e8d4e3ee6aa8648
- SHA256
  
  01910e9e1cb086e5e40c9815479c41cf5c25ad944d9666d9e3b4dbf5b2e29a13
- SHA512
  
  0802c57ca610b54b9fbb66b2ed923f2658d827d5842f4498d2ace5e98619f9c1f562a6a6c40b60af94f2c3b6041f62d11b96d58e3005433fb30e580a27adc3b4
- SSDEEP
  
  3072:PQJ/VdFgIW9mYucJ/OD8JlsI9FTIK8dRjMkjCjCoKEU2A1d28a:8/7FG9mpcJ/OD8sKwopf
Score

1^/10
behavioral23 behavioral24
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/ak-xolotl_Data/Plugins/x86_64/Rewired_DirectInput.dll
- Size
  
  12KB
- MD5
  
  0afaa40682693c887a168878a20848f7
- SHA1
  
  8145451c75c6264aaa58a6d89f01d734a96ea879
- SHA256
  
  9989b282d43621259160954f3c2191afc3e3a13adb0091c3f60be228831858ad
- SHA512
  
  6896f54b289249683e2c6471dfabb6c3437e2ac17a9bc848cebc0d1696701755007a7f306cb34eceff49ac51493e4387464ecc05acd21836dd65fb37899dfd51
- SSDEEP
  
  192:TH0LEDv1KAaMBah/F0BJWId1w0jBheChQlgJnd8:TUgDoAaZkJWIHN1BhQlgP
Score

1^/10
behavioral25 behavioral26
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/ak-xolotl_Data/Plugins/x86_64/fmodstudio.dll
- Size
  
  3.0MB
- MD5
  
  15d106fa88f0bc4de2d2d128f6b0447d
- SHA1
  
  d4266baf17bb0bd48ed62cb1efb99711d4c55727
- SHA256
  
  ccb4188e1fe52b352b1778e64e32b1bb0ab79def38aa325a3bb4d9df0c6fe930
- SHA512
  
  66d958cda209f2b730e8f908c0781197404321350851498f0423aaae6868d00fa82ac8f193c695dbaed9bae1740ccc5ab28b36997798924bbf2277ba7f1e8207
- SSDEEP
  
  49152:VhXtEjWfLzmq0psQH0GXEmuPsIXgBat7gPjbRxqK:7qcIRQK
Score

1^/10
behavioral27 behavioral28
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/ak-xolotl_Data/Plugins/x86_64/lib_burst_generated.dll
- Size
  
  91KB
- MD5
  
  f204769c44560b5fae1b93cda1aabd14
- SHA1
  
  d2b320161dfe0f4d7b9cbaf53d7bfa6bbd669e64
- SHA256
  
  d8185790d0909d590c9cb48e9ac60e35cc767a8435b14e1b6b9a57aa61a9f12c
- SHA512
  
  9cefa8e441dce9aeec5ac0abd1acd4f8d766d2852c7c2bc2df845907765124aad2665b07d159e1e23b200228eddf8a839eed667b1a0761fbb1f7baa1176b17d6
- SSDEEP
  
  1536:HPxgV4iJX3C7WmYuJSief5hLE+A1iGeX2EwcXyrU0c21PoTjz85Sn2r+FsMGl3GK:vbaChqVD8UMoTX85Sn2+FsMGl3GWz
Score

1^/10
behavioral29 behavioral30
- Target
  
  AK.xolotl.v1.3.13502/AK.xolotl.v1.3.13502/ak-xolotl_Data/Plugins/x86_64/resonanceaudio.dll
- Size
  
  797KB
- MD5
  
  ec140d6d301e44742a271a7eee92e213
- SHA1
  
  ed206f4365131f64ff140a393513806dfa5081bc
- SHA256
  
  e1667e5336ae067ab1d9aa04e7bcca9789ff5573ed4c7f6fa9305404d0485f99
- SHA512
  
  9ea039990be0c9579933ac0f6c43b83d2457652fb61d761850cb3644cf1842a419f85d0879238a11e93e82fc9c9483a306227e08f7acaff92ac50ead2649a526
- SSDEEP
  
  12288:oqzaaeCi6jAY5B7CehZhfEpEQulB/NCCS2X+pon8NGiV7m7o/t:oqzaajiOAY5jhgyL/NCCS2X6ySZ/
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

Checks installed software on the system

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

Checks installed software on the system

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32