d5a224fbaae6973995669dfa116f87205d1bf6aa41800a7d9de5294a681609f5 | Triage

Sharing

General

Target

RJ332432_-_Zombie_Party.zip
Size

378.3MB
Sample

240719-mj5h1awerm
MD5

4335ddc83cd8bec42be4576ceac405a9
SHA1

216c79a731f28983b434ac045a9f40215859b28d
SHA256

d5a224fbaae6973995669dfa116f87205d1bf6aa41800a7d9de5294a681609f5
SHA512

9b1925163fe23baa68002db071839df554446bb9021b79a8faee4300b8f6e1556d1948ae70ae6d338005a42bb2e9b938fb921872747381bd64859cde56da12e5
SSDEEP

6291456:1Ah2LvyUQgXzmnjy30oU3mmLKpW+db+9phlRfFhkHUVIBOX7TRdeD:1AcLvXDx30CpWUbSRfjVIim

Score

7^/10

execution

Malware Config

Targets

- Target
  
  RJ332432 - Zombie Party/Game.exe
- Size
  
  1.5MB
- MD5
  
  9ebc7dd20fa66f5deabfd8873a4ed8c6
- SHA1
  
  cf1b1da0e5215738a8e972077be5804cb326b8ed
- SHA256
  
  487bd28f3d0b43ed9827ba519d6d113c4f31059bd62b4492da586c7bc82a9474
- SHA512
  
  5d0a052edec070ee573bc43ed9eb7eb92c0460efe60a5abc31d1200e092937b91eafce5492cd945d46645f9029f0f80a37907fe6292639d37f15f58dae377271
- SSDEEP
  
  24576:5XVhPcthsRP/d3qI4N+Nl49LPSncvK51CvO8ofTWIZAmOLB:R5RP/d6IxNIKnL5mO8ofTrZAmm
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/EnemyBook.js
- Size
  
  11KB
- MD5
  
  de6b0221b326f897f7cd37c39cda97d8
- SHA1
  
  c08a5316b09fd0d52c13e9b931e255a2d7f902d1
- SHA256
  
  03f52b3152a71060e542cab551f2bbe8d3674539db67025a8dfd9d31a9521d61
- SHA512
  
  d8f623ac08d424bceccc2e131c4e7f300f7220663a4821146b7c005ad06c8c9d3a66db7ed73aa792875aaaaaeb6a401ba75e981b511b743eb775e78920e4856f
- SSDEEP
  
  192:wqeE2PWz7B9FA1JQa0QTOTH6qbBpBL5sfUlvHc9J9oKQqXfsaH75dvANKJFUEhdd:wS7BXdRQTOTH6qb5L6fUlvUoK/TF6No5
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/EnemySlideIn.js
- Size
  
  1KB
- MD5
  
  6da28989acc3b084d5e24f4f31b0c82d
- SHA1
  
  3bde57b6e01de70faad9338efcb4625847a4ff27
- SHA256
  
  8e5f3417c982ddcb8b2969b359b7519f1b1ded2e9cca430a494485b2d206d13f
- SHA512
  
  67860e659051d0ffa84c922d7e4bb33fa0cb76c24c62f1fb416e2be1e7778d5d6ff7b51f0f22b0ec008828fe77be969148409663b7247ebe7bb3da41d629d5d8
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/ExtendsExp.js
- Size
  
  72KB
- MD5
  
  db491643e1f41c1f2cf83405a3c211b9
- SHA1
  
  123a8670eefa3ac4f2db86cb1aa55f032ffc2a9a
- SHA256
  
  9915aefc1256c818ec89e3aeb62fea7f84bb6a4e1e925f720458f75905ff4999
- SHA512
  
  b0932d120d85014208b3bec80ff2a5e606c422bec4c86cc1182ffc5f320adc5e4ae7ff0ed2b3723864d791b9059bf1e3dc5951373148dee8ae0167c7b2e0f141
- SSDEEP
  
  1536:d2Oq8qtWXLTRWASiAS0ASJQEJVO1EKwR2itfvHU/yef6oT8nPT5TQaoZZNJHPg:d2Oq8qtWXoASiAS0ASJzDrKwR2itfvHJ
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/FloatVariables.js
- Size
  
  4KB
- MD5
  
  45aaa2c9e469ef8eafc5413ad77c86cb
- SHA1
  
  b47006b2ae1711b0e8733bf8546846f569df7700
- SHA256
  
  55ffbc130db67d41547f39b5783ed21ec5229bd322e0ce33855471b67d60bacc
- SHA512
  
  1e2cdf326fa3c24b5bd6d2547068705e9250382d40d0401ef48f14159c59fe381c61883c8ee7b514deb736fcb6f12649a9a80a10d671afd923fa4c28cef080fa
- SSDEEP
  
  48:jetql0bZundNtnWNDVKlMgaN/KszAjo0ndNFT0nWNDVKlMgaN/KEpp9ET/fz7Dk7:xqZunhnwN/0nR0nwZpgrfjhf8FnUdTwf
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/Foreground.js
- Size
  
  9KB
- MD5
  
  2486a2654b6bc66af56a6d78b3b5a723
- SHA1
  
  d9210ccb396f3f184efa87ef0cadf607051615d5
- SHA256
  
  c0d3931ae4327a21a05318f4d6ab554b8aa90d378e51b98d067442c5e479712a
- SHA512
  
  cd56ba257a935936e87efb0b5d678eff25a4eb301871874364a33cc534fa0bfb7e28d4c4e114647828829523940d6b06b39085519e3792506c87afe7a81e0031
- SSDEEP
  
  96:aNosYC0QoZD01DctozVGxWx6TiL0iiLi90v0wSRcw+qektXma7FzdcUoDXx2V5F1:XsxDDeIpFzqUoDXgLOKxHVZnj
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/HzRandomChoice.js
- Size
  
  4KB
- MD5
  
  12d0ef2a06dfa6f257c3345bfc2c37f9
- SHA1
  
  a26789c9bbdc0d4cd9ed62f7923a467c576daf4c
- SHA256
  
  f3c887f826f0aeab5c6941f094efc5ae51dcc468fb87a08992a709a657fa4b2e
- SHA512
  
  f1a967322a9add3339719edfebc674058f94666fef5dd020b3898f5f8bab1d6d1f3eef3cce59227f0be61898b4c32956c55bf27920575ba5dde53b59a9a81786
- SSDEEP
  
  96:aTGEXTkl59qYQG8TqycqtTSE3JzTBSycXM:v3t8TXcqAE+yUM
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/InfoWindow.js
- Size
  
  2KB
- MD5
  
  6d95dd1783b7e09970b4822764f931a8
- SHA1
  
  5d486acf0b90affa3d26b55ab871cb5427bdf7d2
- SHA256
  
  7c640820672083377325c12e8517a23246625bc950242772241baea13736d090
- SHA512
  
  9fee7660d6ed72c81b3091ad3e88b19f826b1345621d3871eb20024b96155348cf7340c21bf1b92b39608031964c5b89aa75f79d8bf26728c294f42104d01c35
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/ItemBook.js
- Size
  
  12KB
- MD5
  
  e2721834d106f1b23d2b19b9e98a1691
- SHA1
  
  c9a0b3fccdfebd0a21eda25c9ad213aadff57dae
- SHA256
  
  bd0127bfcd37667a638056d0f2566034db0b4cbfdf34cae173200ba2f8ccef45
- SHA512
  
  a52f1dbea735d96846a75cb7eeda9f7d5ec1b4e31fd1febdcd7ea163b401bfe04699fccf67a3abfd7a555fa42afe268f28122a0fc2583940ad214403495ca5f0
- SSDEEP
  
  384:HXMcLCIXT2Ovh/jIRYEkm1TaNoKY3DjOpeVrS3qeUcl4:ccUGWxT
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/KMS_SomStyleDamage.js
- Size
  
  2KB
- MD5
  
  799b853788e38351025fcc01e210d9fc
- SHA1
  
  e4db7e386e934aafa810a35cccdd745a158eba2a
- SHA256
  
  f98c784ca41f6d723af997d97e68793ed4d2398eda57d30b72826fce36553433
- SHA512
  
  232092d282b277efd07e376d330f04473a3c0e0368b5be3ff9a66ad8f01ba95fb725d4b60af033c6763afea5ca5af9c25a34e66b40c06f24903c0fa836608ec2
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/Lunatlazur_ActorNameWindow.js
- Size
  
  8KB
- MD5
  
  9c52280c4f03fbc3dcf59b7d54cd3bfd
- SHA1
  
  9a998d5078e90bddfdac46bff45e89fd9537dbb7
- SHA256
  
  b8f22140174d2f8ec111727b7ff37318a44bbf3faa9261b38f039b0359c89e4f
- SHA512
  
  1737bc32afb88fa1a83697a9b93525ea618dd78c38598e87f0294c1a0977fee2fa97e87f568cf24032677b8940bb22e870e8bef7df9d2fefa4aa6a6c996f7d53
- SSDEEP
  
  192:VFII9QyZU2NBjsi+OZRRsZo+61PKjeI7lFf81cGJls4C3:VFJawBsBwe7lFBGsZ
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/MKR_PlayerSensor.js
- Size
  
  144KB
- MD5
  
  7f30b9aeb7bad9d4d3aa711cf45b6bf3
- SHA1
  
  3e0c5e89356da64ecce42cd2b7d117602b1f560f
- SHA256
  
  46daf9cda00cb7deb5a6d5e07dbcbd47cb3c0d8ecf079fb5858c6a73eeaaed5d
- SHA512
  
  4a19d613d6756255cdf08cc3873b8f4241ac1d213d08ab46bc4f17db88774950975fd023f3f85f867094d6dff2925b86740a7385815f47ef1f5b60cc5dc8f013
- SSDEEP
  
  1536:AnEbwX7fGtoIXvYIGSWC5wqwgxgSg4gpbsd35Yik42ZttRm9dvTBKinPd5G5IlVg:IgwX7fGtoMzPObTP4ctW9FZlu
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/MOG_BattleCommands.js
- Size
  
  34KB
- MD5
  
  cabcfb65494d38d73fa47dc5480736e7
- SHA1
  
  63bdfe30775d6f696e52fe909b20f8e9e15d4751
- SHA256
  
  7c93b4b57a1915bddaf2d21249a2ac5d2fddf073646d85f8d8c1e8c8d50d68fd
- SHA512
  
  a74f8ce649b4aeb06b554c423d6e7e4dd452fcbf1f67754d115d1c0297d9324a5e0f9479200ea6121e801ce0784526594442106c2afa1a7421693a05a3ff14cd
- SSDEEP
  
  768:kxAD5kNDOqGm4IPw6ikj6kekHXGX090NzjRlBIRH:uAD5ktOqGm4IckLq9RlBMH
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/MOG_BattleHud.js
- Size
  
  135KB
- MD5
  
  6652972decab43f2bf97ce2e422f60c1
- SHA1
  
  3011b785389b4f9695775749d1135f92cb7123ee
- SHA256
  
  d01de29ae4e0821ccce40abb8c6692a28c8ba2f3e65a377180c3a8aa1aef80bf
- SHA512
  
  780cd0c8fb53142a559ba85da23d3f2ada10bf7dbf64eaf1eb4712654c877fff652ac61225910c85664384763836a8dc380835d0c9c8e0c03f69428610470738
- SSDEEP
  
  1536:BPgt7akNJ4CyGaGRy4RBZrXmvpu/B6Q3RgtrlCRZdDfeW2J7dvOwG1AZCL3eovoV:BPgt7akNJ4CyGaGRy4Ry7o+
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/MadeWithMv.js
- Size
  
  10KB
- MD5
  
  e45d623685fb308efb3c79ac99be7477
- SHA1
  
  6c2131cd6052d3fea75c2f3bea0a0a978b7ae00e
- SHA256
  
  eb4f8afed8e68a326b681bc70aea2bb5c597664cc84b99b8fad48943e531be80
- SHA512
  
  9d8fcf2d288d39c73dc3ccc9b6d3c350f297ab00ffc11dbfdcaa1a27c199d6f814466119fa3a88d5ee86b0de82110e0104f32fea9beb6bc93e38eb79337b60f7
- SSDEEP
  
  192:iGjwddLwLNOqkohGcQKILwLa7sgrPQpSnerfj8Afsq7oSEj3fbfFpF1aRCSK/Lj5:iVLwPksTILwbgeSnerfjXff7oSEj3fbP
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  RJ332432 - Zombie Party/www/js/plugins/Mano_CoinShop.js
- Size
  
  5KB
- MD5
  
  4b17d014159a7afe3b3199bb1422e059
- SHA1
  
  38805709ff72434054f1f74d6fdf8d900cf302a9
- SHA256
  
  d52c0372ee51f4d4fbc47bbd446f3eac4d6f8f1e216561cb2a605c9aaa10b5eb
- SHA512
  
  e3b6a15b46f7e4400663f674e29d7acae3ce95d46079114260074e163e3a470645d3ae953b3be62c20186629c7dbf9ab89ba3e9e6502d19ba0ef2b1681e9e8f8
- SSDEEP
  
  96:7k8zMk8Ud2uwNmLPv4CSf7+wP2RUdQA5kP+yGILuO4Nod:Im8h4Pv4CSf7+o2RUdQ6kXGILuW
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32