General

  • Target

    steveAImod.zip

  • Size

    148.0MB

  • Sample

    240727-q2a9nasbkr

  • MD5

    85b2363170e0d8f0562d911be4dc20e1

  • SHA1

    db9d20369367a977b403b8be91d9fbdc5e52f8b7

  • SHA256

    74c92e72eafcc33932dd2ca1a72e17ae730311c06c326794bb0b252ce09713eb

  • SHA512

    5b3e666c9fb1cd69768d1d2ca5af7a2bf0490f6865279ac019a2b94f2a3c2143350e88daceae83511a073a2de94c7ddb4a9e58437412331e1e0127bc401328df

  • SSDEEP

    3145728:MheluO6utTSWGeuyheluO6utTSWGeuNUWbqyPheluO6utTSWGeuV:MM3F3GWM3F3GZWyPM3F3GB

Malware Config

Targets

    • Target

      steveAImod.zip

    • Size

      148.0MB

    • MD5

      85b2363170e0d8f0562d911be4dc20e1

    • SHA1

      db9d20369367a977b403b8be91d9fbdc5e52f8b7

    • SHA256

      74c92e72eafcc33932dd2ca1a72e17ae730311c06c326794bb0b252ce09713eb

    • SHA512

      5b3e666c9fb1cd69768d1d2ca5af7a2bf0490f6865279ac019a2b94f2a3c2143350e88daceae83511a073a2de94c7ddb4a9e58437412331e1e0127bc401328df

    • SSDEEP

      3145728:MheluO6utTSWGeuyheluO6utTSWGeuNUWbqyPheluO6utTSWGeuV:MM3F3GWM3F3GZWyPM3F3GB

    Score
    3/10
    • Target

      READMEPLEASE.txt

    • Size

      37B

    • MD5

      9402fb1961b142cc7ff5555417b73d5f

    • SHA1

      c5a0ca40af85c2fa56eea4688901291480118f32

    • SHA256

      002d336b07a5fd5d523817bc177b21f4bf34bccfaca75178de8f49488f59e6ca

    • SHA512

      2336dd4e8090335070b2f4c00845dfa16f61978423b64b034c0c0d46bde697c71fe8fa3c6accdbd45aa7bc0e46c1791c7a9251eac67ba828adf3c63a3304ac59

    Score
    1/10
    • Target

      assets/fabric-optional/0b/internal-bug/main-menu-bg.scr

    • Size

      46.5MB

    • MD5

      4030faa11ec8559803476d0a7a2a5b0e

    • SHA1

      022b3b40c919ec24e68a89d86ed0019d9409616f

    • SHA256

      5a83bb14b440ff66de68a38a9c27882b6eb60957eb4c180490ab776a57690750

    • SHA512

      6bcfcd74000a41f26efadf6c0f1acf8a206c5bc176fc06d83ae9a7e249c9401cca9f6be973cce94f3510fd6922325dabaf2a12d8388f25597bb52cc96b20d139

    • SSDEEP

      786432:Auc1JRKmxgpgPQOo1QtIbxLa2j6+s7LWB75zuPNi1J4EcmRW8IuLIijPtImZ1666:WVxgp8bkiIpa2qHWB75iVWBTRW6j6ult

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      assets/minecraft/blockstates/acacia_trapdoor.json

    • Size

      1KB

    • MD5

      9d7366d6f5bb14c631473a924015189c

    • SHA1

      b7fdb837d20d0523aba0d5a51a489eff3c712558

    • SHA256

      ccf2aec0eb3fcb5cc718bd7e4737ab03171588cb200d515029c9fef60b0a469c

    • SHA512

      37a70dc919781d507c60bcc2281aa9ebb3c8cfd79aac44b55092f80fb8c9d47996dae5430bc491453a105a6e3eeaac65f2362c1bcd3415c2b0a2d1b60f84d45c

    Score
    3/10
    • Target

      assets/minecraft/blockstates/trapdoor.json

    • Size

      1KB

    • MD5

      8e87b83e74abf424cf0044b3724e974a

    • SHA1

      f7701003f14b8e30cf31d12b04ffa64244efa8b6

    • SHA256

      6706a725784582f23138c20f098a0367f9e8ba4ee3c4a2112ba16cce7770a4ba

    • SHA512

      489445ef86efa6188223f5c3744bbcafdb3d3a02689e08d2ac2a9393864f96545b8efec19f6568a551c7d73b656f1a06216f38e18a9f4c4d51bf35b71da24e8b

    Score
    3/10
    • Target

      assets/minecraft/models/block/acacia_leaves.json

    • Size

      5KB

    • MD5

      bac2953bccdcb04a51bcbeb45b3e3639

    • SHA1

      aebf016e1d0166e4b5f3c3a5563545fb9dee0fa3

    • SHA256

      bf38c242ce4d27145019ebce11ce73b92545b36c9907be4945391fc2a3442b36

    • SHA512

      39638c470a6de94437c9d2897fc6c947c71e83baa4b45a12ff5ef26e9dffd5b86a18458bc82cf1e7c4ea35f7a07d7714876a719731c92678c67192ae27e43a76

    • SSDEEP

      96:fNqWo4CJRcd8CRcTnvR9ZPJRcM9CRcuHnRcV0xnRccD0R9NJVR9HFGyR+beRRcxa:fNqWoRJGd8CGTnv3ZPJGM9CGuHnGV0x8

    Score
    3/10
    • Target

      assets/minecraft/models/block/acacia_trapdoor.json

    • Size

      7KB

    • MD5

      e8878be6eb1e70368fd0d2bafae907ac

    • SHA1

      2322c33bf2e539b6367afe45203e267885de900d

    • SHA256

      b5c240e462ba8d4f0e40bf1826f63459e2aad6f01b7c0da24397a76974718d1a

    • SHA512

      a5f766c5330f2f50d637f9f14cbc1782e5aa651da37931a41bfa28c19a7f493e7966d18dcc899b285d5f177e101a253f77490b69f4e38c0ffbfe6ddafa650ff3

    • SSDEEP

      192:fgYA1BcFsjJ2rtIFvoquUGu7sf+hyuB+ssjXYEQUf:4YA1l/sjIW

    Score
    3/10
    • Target

      assets/minecraft/models/block/acacia_trapdoor_bottom.json

    • Size

      8KB

    • MD5

      80007541e1369f45e702b3e02b50bfaf

    • SHA1

      92ea4750f692a157fca7faf48515754dad16eef0

    • SHA256

      50987fe1b8b8bb2805f08d15eef65c271c3b598c3180fb45eb9eecb5a0562846

    • SHA512

      0edc8494015f91a9bef1f72d674515b16c6b04d3a9edb1a86474b5678c7c00a2be4dadf87b0dff47864a05f15d9846f58b4b4fbb732ac837f0af6f47b5b2fde2

    • SSDEEP

      192:fgYA1B6V9cmII91QyQ+7SxlC87SxHGoLen0yKbDbXtz//EQ6l5:4YA103CsSxPSx1A

    Score
    3/10
    • Target

      assets/minecraft/models/block/acacia_trapdoor_open.json

    • Size

      8KB

    • MD5

      46a51af9ba7d558459c21616aa751a00

    • SHA1

      be87fc4b473d269eef6e052df54c94981ee4cf71

    • SHA256

      fcfac66279c5319aafe2b65e78edfee7389a482fb2ad70029f73bff20bb408c3

    • SHA512

      e51533a2b65683ccb38718688c068313120f58b575fefb28f2485fc49157f48a5e5fe96caec8b7c8c57a61bf22f47d4ea8f28d21f00a0ccbe1fb82ffee2dba66

    • SSDEEP

      192:fgYA1s9OQLCXx4dRcBDZsI1Giq1F49mU470e4paA4HuIrbdVB7XfxHEQU5:4YA1rDXs0V1w1wue

    Score
    3/10
    • Target

      assets/minecraft/models/block/acacia_trapdoor_top.json

    • Size

      8KB

    • MD5

      53ed01de6c7a239ae17f1d3e0bc9287c

    • SHA1

      c951a6ecd52feb5fcbd21c4f84f39cc1be9f8d12

    • SHA256

      7ba9482fa3a6d1762e860902adf51f0173c9943824916ba23b8f26cee491b6d3

    • SHA512

      165f710261edd99cfbb9927d0989ea87d42ac88fcf598718cbf28356bc530a627bd7ad41787b23adbac431f40fb991bee5abdde3a3f9c4c45e95115b91a27cae

    • SSDEEP

      192:fgYA1W9aqXL/F4gJ4dyRRi7SxWns7SxGG4Fw43E4Rf4TS4QuI+46nS4kzEQU5:4YA1FGvgSx9SxHlse

    Score
    3/10
    • Target

      assets/minecraft/models/block/activator_rail.json

    • Size

      40KB

    • MD5

      3e53a00f6ef1e5f2a41c5b3986a293e4

    • SHA1

      eaf2f066958fc82a36b54b48417a9daad7cefcdd

    • SHA256

      30ec84736d432d983c7b9e7dea3e0fef23eac2d0369683c95d02ec07b915f892

    • SHA512

      0d4fcea3a37515cba975e7b93222c8e707dcbd840956bc45fc6f10bfbab518f8ec7be63fb52967c8ec47adaaa5ea930a6581674112acd08bae5935f7295f5ba9

    • SSDEEP

      192:fEgmtphznwJbDS7B/Rdj2yUOJKm2yUOJRX2yUOJ2K2yUOJt62yUOJSl2yUOJCW2r:8gmtKgOBhBZBkBEgtgtgihDl57

    Score
    3/10
    • Target

      assets/minecraft/models/block/activator_rail_on.json

    • Size

      40KB

    • MD5

      1386f282da4f91b388455466190e8460

    • SHA1

      9d573701d5d593e8b99d22603027228699227077

    • SHA256

      5b236a4b375855499d0df68260960be2ec954a0c02f6986ff22d1c51c9a557bf

    • SHA512

      dec13628b7061c06830a192620a7a5f435a55ca67cac45e83c4a3847af5dca7134b35fbae4d9147b38f86b170907d481317b560f58b7dc668dafcc4d9333f382

    • SSDEEP

      192:fEg7tphznwJbDS7B/Rdj2yUOJKm2yUOJRX2yUOJ2K2yUOJt62yUOJSl2yUOJCW2X:8g7tKgOBhBZBkBEgtgJgihDl57

    Score
    3/10
    • Target

      assets/minecraft/models/block/activator_rail_on_raised_ne.json

    • Size

      77KB

    • MD5

      b50dd8f93ebf958774c76e90aceddfd0

    • SHA1

      f4f3ad168d0339f64a4f9302ebdc55165f726c0d

    • SHA256

      8180a662e6790ece1aee772b5e0cdc662bd1036fa33937402975c7d5a805bb51

    • SHA512

      d30c95f97e17b655c85d2f67dea22188797f384495f584d715f0a3e2a71aa651dd8a41015a5a0ac4155225f9f4e3ff414c9b84d4ec5559d9983abf5f2337b19a

    • SSDEEP

      384:8d7tcmgmwmumVmIm0CiHTBiAb8HOBqH/B9HwBqxBdH4Bq3btLBLJxh1lnlFtHjXa:8d7tfl

    Score
    3/10
    • Target

      assets/minecraft/models/block/activator_rail_on_raised_sw.json

    • Size

      58KB

    • MD5

      4eb55bfac42f729f22a186853be42fa3

    • SHA1

      20903abd3ec9c0b47d6448e2f1bc99ca1df94597

    • SHA256

      d68f384eefdfd9be21fb43d578196c9cb0396c01eb184488cc1adb59397e76ac

    • SHA512

      5009092fb885733b1fa56a4dbaf30132a0f7f189c1a2072892da95c2cc16c20840c17d68c5e3b4912fe350481ccd25fe8e302cbf826bdc0efb08f36d0c6f5f5e

    • SSDEEP

      384:vdf7AejAjkjjjVj5jCm1mJmXm6mslmdy16vMToDpHJjO6utBtByTcCwJL:vdf7AyT

    Score
    3/10
    • Target

      assets/minecraft/models/block/activator_rail_raised_ne.json

    • Size

      77KB

    • MD5

      7231cb1d87f8ed4eb3396c1029f93831

    • SHA1

      883a5bf4f107c316b1d4c9ae3279acde2a3a3205

    • SHA256

      d4ca63dc717f8c4b45f2af22a4e8b3dacf07e0f91e0a3df5c1b9723bc23fc035

    • SHA512

      751ca6fdd4d3eec0e908cb2c9b6206d7cf495d49faf8daaee315081f53e875c334446f6f6716774fb02bf5415eeccbf138b0f6bb72248ee0abcf20d6dd59e556

    • SSDEEP

      384:8dmtcmgmwmumVmIm4DxHTB8HOBbH/B8HwBmHxBsH4Bq3btLBLJxh1lnlFtHjXT/I:8dmtMafi

    Score
    3/10
    • Target

      assets/minecraft/models/block/activator_rail_raised_sw.json

    • Size

      58KB

    • MD5

      c83c79a0f68809cc0b746f8521cb19a3

    • SHA1

      51bb890ad09e46ca1595a98a2749fe1b46de8f19

    • SHA256

      49941f86f45fc680ba407879a9cbf10aec100a23ea25032604466851d6808181

    • SHA512

      3949062c320323f0a8b2e09f4b023b88cf93d8463461793cf9576b99447d06ad67898fed0082e5be6f4814253f87d1ab83ed88a0eed68896df67a32ab15d8a92

    • SSDEEP

      384:vdfmAejAjkjjjVj5jCmJmnmImlmLemVy16vMToDpHJjO6utBtByTcCwJ2p:vdfmAaup

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstallerpysilon
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
7/10

behavioral6

evasionexecutionpersistence
Score
9/10

behavioral7

discovery
Score
3/10

behavioral8

Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

Score
3/10