b5d324e0527b5516511e3ac8243d68b7eb253e56a9ca869c02a62874297ab6f5

Sharing

Copy URL

Twitter E-mail

General

Target

MRON REBIRTH AIO 4.0.zip
Size

238.0MB
Sample

240802-ts2l2awaqf
MD5

6b565cc8832b9d40401cd5cb339af579
SHA1

6ea2405f40b1057fca6f193c6ba35e99aac466b7
SHA256

b5d324e0527b5516511e3ac8243d68b7eb253e56a9ca869c02a62874297ab6f5
SHA512

be5b96446e079f672e1ae78530ebf1445d3eaf8331d05ed1fae7740d8bd7c3ff020278237d9f2a07d3b8fee3c4d3253ff9e83bbfef12013e2e74bd46062e8675
SSDEEP

6291456:Mw6BBfWTw2m8iy9so5SJb6A3V6RHdeisze/MxAfIABnMzt:MprWTqisFJWhDwe/WWKt

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  AIO [EXTRACT]/noclip.dll
- Size
  
  3.1MB
- MD5
  
  34c3df6070393fe67e9a2e113ad0eafb
- SHA1
  
  65aacab7e179854f1df14129eef218e7ada2c9c7
- SHA256
  
  4a9fd84a235270e428f1a9468c5d584881b6f8f4a13880ee78f2e8708ade35cc
- SHA512
  
  93a87f28e11b2485518e8720ee448d2edeaee93cfcf3ee098bca6382e9f31e024356cee7bae515d07da374020c6cadb69bcbc99c4def2c140d002fc099f7c04e
- SSDEEP
  
  49152:T+DvustdNfEwbcATRQyISE2YWdvhxOHTpjAO/E0mYC0qwysugGU+AfFm3OsOZiZE:Kjs1DNwFz
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  AIO [EXTRACT]/noclip.exe
- Size
  
  556KB
- MD5
  
  e84e4da0f16e40521247870311efd7ac
- SHA1
  
  30683171aae1e7dd7288e3b1ad7ef1fbde632365
- SHA256
  
  fa4da01ef3e3d6eca87a36ba135e9b2084461a68e975895bc57050f6ab472def
- SHA512
  
  0b763636a40bf7bb09521859db1b78ea205bc17a6fe685851a1dce8d3f64a101267c56f706742a7c2dab0e61709924126793853ffa3f84bb706145e6817dbb2b
- SSDEEP
  
  12288:VRSNhZBlfA8/C8sSoC+PZE9O2bJIC0fDNNr:VsfA8K8J+O93l0fZF
Score

8^/10

persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  Script (3.2a)/Shortcut (scripts location).lnk
- Size
  
  1KB
- MD5
  
  85a4589865065982043eb29c2f89608b
- SHA1
  
  8ff913fa90cb0e82e657f3e6eb5576e991be9130
- SHA256
  
  3885f463b54569703ed39e5e861d508935f007dd6b9c974c106f61dc74a721e0
- SHA512
  
  cabd98c84b3d10c1f0e3b562f599aa78dd3243544ba6bb058452177a7fbc58db7c88ec738713d77475891acf978daadd1b5a8986b807b86cdce13f35e8492efe
Score

3^/10
behavioral5 behavioral6
- Target
  
  Script (3.2a)/scripts/script.gscbin
- Size
  
  6KB
- MD5
  
  e42b5ea570de233e3be9d052969e877a
- SHA1
  
  0e20885da049fc8e460da56ddf06b5a2673ef893
- SHA256
  
  7425b6fcacd727b8979d0884dccc1f053ce8fffd82c110694d37877a82e5f58f
- SHA512
  
  2e4e610b1f2af4a81bd5cd8b3746a58ea843fc2fdf9298d9ada2c8b230b4b1620c80ab0d01c334f41f41dd51ae4664324e7c585a54e3e11d838b014b9731d188
- SSDEEP
  
  96:zn+0/8BNd7V/aVwwSrh12nEUf6ILRerdezV4/zrKbW1:3E6wwUq1erdezkzrB
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  To game folder/ModernWarfare.exe
- Size
  
  308.0MB
- MD5
  
  7ec56f192f2207bd9a646e043e387b78
- SHA1
  
  254d952b838bc47b1104812f137b9b698f833139
- SHA256
  
  f2db05ac8b69e6a4042c896a8cabe03b3074e2df72cf610de606b76f6bdd192a
- SHA512
  
  1bed91fba6211c0d458babce324a76c57c37a3286220025dec14b54820013e853e24be9fbcbb289386eb4491c420d9ff5539ec5cc3d179bb20298231846e84d6
- SSDEEP
  
  6291456:zNPxnQQa1orU5w0ex1LMU1gBlhey0Xr54y7v7NWk:p5nLa20CGU1C102yXNWk
Score

1^/10
behavioral10 behavioral9
- Target
  
  To game folder/bootstrap.data.bin
- Size
  
  159B
- MD5
  
  56f0a8c076ae0851f50687d8da51d7b4
- SHA1
  
  90eff33c5c17cb68afc9df45ecbc2ac5dce232fc
- SHA256
  
  49543db53a2e0c05ed64a7c1ae227664c9b6a8c7a452f8652283cf54a41c3db7
- SHA512
  
  13debe0a4e77ae99a5f3bc0064e1e59b17a58ccc611920745d946c6ea81620625614cc0eed26f24b3e48aa2d86aa4fdfc0ef4eea540cbdba65bbfa0cb6132b44
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  To game folder/installscript_2000950.vdf
- Size
  
  1KB
- MD5
  
  0ddce2357225bf8f7203d42729e76778
- SHA1
  
  6948f4c55cd9d212a064e9fb487de39c38fef3dd
- SHA256
  
  cdd7f980d4b4a3f419473bf300d904a4be68eab2c45cc7fc3bce78a54524e7aa
- SHA512
  
  dad903af80c50639cf1a35cfabf1bd3b930656ae31cbfa593706ddae8f28f315c98dc0aef40c9d03822534fee6466bf164fa0cdc3568d4dc5ab2d4196e9cc283
Score

3^/10

discovery
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Sets service image path in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14