b97fd5c260a812244120a8d3df6e8756fb0c74222a5e6197a2f440f6b59807e2

Sharing

Copy URL

Twitter E-mail

General

Target

FiveModsSetup.exe
Size

91.6MB
Sample

240808-ehvneayhll
MD5

04d56fd988cc8045e00940637399c766
SHA1

254fc55679074d077aabedfa5825a53b53c4d376
SHA256

b97fd5c260a812244120a8d3df6e8756fb0c74222a5e6197a2f440f6b59807e2
SHA512

1f3575f32d4938e90c4118d01c6ef7e9bd0faef916e9b8966e4c321b46d1640852ad9f6e8647f9d10887350eb86815e740e77619566f762362d2c51d6b6c9c94
SSDEEP

1572864:x7h2MpPi9DgwWOnUYxYbJCQw6Cgob4fTZ/idlOO6UdH7zGu4wQjx:x92Oi1gwWOJCbkOCg8AGT6UdH76u4xx

Score

6^/10

Malware Config

Targets

- Target
  
  FiveModsSetup.exe
- Size
  
  91.6MB
- MD5
  
  04d56fd988cc8045e00940637399c766
- SHA1
  
  254fc55679074d077aabedfa5825a53b53c4d376
- SHA256
  
  b97fd5c260a812244120a8d3df6e8756fb0c74222a5e6197a2f440f6b59807e2
- SHA512
  
  1f3575f32d4938e90c4118d01c6ef7e9bd0faef916e9b8966e4c321b46d1640852ad9f6e8647f9d10887350eb86815e740e77619566f762362d2c51d6b6c9c94
- SSDEEP
  
  1572864:x7h2MpPi9DgwWOnUYxYbJCQw6Cgob4fTZ/idlOO6UdH7zGu4wQjx:x92Oi1gwWOJCbkOCg8AGT6UdH76u4xx
Score

6^/10

discovery execution
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  FiveMods.exe
- Size
  
  158.2MB
- MD5
  
  e12c45583ac31a8afa96f24063171a26
- SHA1
  
  8f8c78887d588c26157db83d0bb134e65031360e
- SHA256
  
  66a71009df713a4c8bbb16f0b8df41c8de5a65ec49e06b18d43f5deac89abe0b
- SHA512
  
  953d104507dd89a1c108137d724f9cb59be408912ceaeea45fb4b42ff62065825b85305eed00c9eafcd192df73c8253add305488feb0e3bfc9ae69e1130d9b1d
- SSDEEP
  
  1572864:ybVZx8PLGKEULTQ9hm/C1tdUKYjgTwFoKnRQwsu/YfWXV/NiisGItlAdgAnEk0Hj:pvCqSkRmj
Score

6^/10

discovery execution
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  LICENSES.chromium.html
- Size
  
  8.4MB
- MD5
  
  e400cd908b8fb7c13985e2f5cc7a7044
- SHA1
  
  bbafebdf5b067a7d7da130025851eaa52ec3c9d7
- SHA256
  
  ee3b1ab8794c749673ce9bd2dd302f12d69f0a1a4adfe40a64247746cc311829
- SHA512
  
  e7ca440f0e042d7fcfa99367426bf19899a2b227c6d7b6e2c25d4f1a40113250f21ebeaaf91067d8569dfbad1415d4fe3e5626d7254722f2778497fcb22e5d6e
- SSDEEP
  
  24576:/UrV6CI675knWSgRBPyQlrUmf1C6C6y6Z6/678HqBMUpuQ:MsWKA
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/index.js
- Size
  
  1KB
- MD5
  
  e4f4ed46cbf7884a2227a07d47907ab9
- SHA1
  
  7b9e4d9904b4468c101b121cf47e4c2816ac77e5
- SHA256
  
  04a22ae517a8f93453097ed636dee04a7635f928eef73cbc003916d091d0bbce
- SHA512
  
  4ba3d99629d983c2b073a584c58ad1d54fc3d2c55eed3e704a18e5db2c8625dc3fd5ffbffe8c56fbe5b096448eddf14b808dc97be9cf73c554095c1d842398f7
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/lib/checkGrowl.js
- Size
  
  550B
- MD5
  
  fa7d81bc020ec4ef6c8055083876fcd0
- SHA1
  
  d3c62e48427f39dc613bca96997d38a06c966283
- SHA256
  
  01c807bd9f273f09ffd87bab13473865bbf321071513f5c487dd1b6e7fbdaf10
- SHA512
  
  4fb0844820363199ad78f0a667e0f945114e9d65d86283fb5bb79a1b97be25dbe8ebd2ce85a9dc40545630f3146b3897433e1d23e9117027d2c74fa698df3f1a
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/lib/utils.js
- Size
  
  14KB
- MD5
  
  46b0f23f133ba1bd568e5cbdde8e7502
- SHA1
  
  fa3154cd92cb2c398e8b324e6b8a2402e46c4a32
- SHA256
  
  bd5ed859adeda193e15672e769551966b31cecaa6294fc52297533d835af3702
- SHA512
  
  198ea2cb626be8ed7ded3188489952ae6a424da8a9294a507345bc23fd14ccbd4715dc472e4febf25f2ece460492ee3d3dceef394a79e79ea8e91950016380fd
- SSDEEP
  
  384:lgQtxf7vKWXU5sli8m4q95W+V0TYVRvQliYqG5sYaLhG:ZH1q4ihG
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/notifiers/balloon.js
- Size
  
  4KB
- MD5
  
  22e0b5a21107a340bd37f034e88be79a
- SHA1
  
  cfa46acdefbfb08542ac890d8de2fd007e343355
- SHA256
  
  ef68f4d2e8dfcd1443843d81707a3e0e7a2e01d9573100710736eb1990306220
- SHA512
  
  0c45207ec1875459355a01a8ce163811f267a95546171f2837dfd09a9587bd2888add14c4c0f868a67a66b56e6a15fcc8bbfb713141311bb8df737c8a23a91c1
- SSDEEP
  
  96:EaKoSVm5cv9SRMRTvgkKAyJBVNL/wm/1Go/WB6EiTyaugNN2Jv:rKzmGKoEk0JBVB/3/woDzy9Kgv
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/notifiers/growl.js
- Size
  
  1KB
- MD5
  
  b899ef0e83aee19a163ce8ee249ac392
- SHA1
  
  b729bd63844cb485a8cb183725d8c6720633c23e
- SHA256
  
  922eecd40262c26337901479de95b0960c719df76fd3b53dfa3fc3aaed95823f
- SHA512
  
  cfc0ab6a0ab5111da7759868d4478043688f6eccd261d4f5fdaa74ffb4422956fe1cfe94974fbf3b08f1405ddd505053ee4ca3102c7182ae1e4ac5006ee2f882
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/notifiers/notificationcenter.js
- Size
  
  2KB
- MD5
  
  09de38e77abd206cd405aa6ea70bda26
- SHA1
  
  f91eb550baf3378e63086160100fbc82e88a6c1e
- SHA256
  
  10dc099d7164133959a61c70ed2951921ef591738c327dbd76d7338f1c9630b4
- SHA512
  
  0dff587aedc93fd315b1b6f8001ef33973cbea5b416b5103da80dbb54e8182ceffa00402b3e6affd5193ddbac3b9c3d00210b052e8f1ee0ae91bb306552c056e
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/notifiers/notifysend.js
- Size
  
  2KB
- MD5
  
  9792dbfec85c053f46582638e9c8a966
- SHA1
  
  35ab80ae67cabc161aa3b91c2539de8c4a00035a
- SHA256
  
  29fe357ee97ad29245f55bfcfee3ce75bc86375910d9b9709105a11d28f287de
- SHA512
  
  16347295888393ab2cae5730cb5f54fa87cc19fb1f745302cb0132eee1c5326ba15d651f81980fc8568e34fe4a935e0926e31b528ed9ccfc480b2468d53564f9
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/notifiers/toaster.js
- Size
  
  4KB
- MD5
  
  5930863c25cd9d285e91ff10cbe7a947
- SHA1
  
  4d1a2e9942335d16b8af07b26d780dd2e1dd30cb
- SHA256
  
  3dc551eb4aa9f5ef5a2d983336e8e52714b16ad044a6e29435300299058823ed
- SHA512
  
  3b60cfb76634e60ae57a147d65930ecc5826b45f82c749bbadb16183cbbcc74faf8bad46a34058e13896f49a24d50492bcb9b1fa67e0e618bfb87d9715fb5d60
- SSDEEP
  
  96:XJu9LBshFyQlgf0KkZxHtKEIeBb/rHb9ujBCdDdNnu/O9yPoj:5uRBaYQSf0xxH7Ie1/rHbAMdDHu/Ojj
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/MacOS/terminal-notifier
- Size
  
  85KB
- MD5
  
  ade5227f13963b5bb72b47f0ad410819
- SHA1
  
  24d1a22cbd8b026c35b29f1981f4d9fdff08af37
- SHA256
  
  2588f4ae2118396419767c388cf2b0a9a5e0cb53ce5d05a07c00f68a97a50215
- SHA512
  
  ee702782dbd44682f0c9234fbd2d256b14ee70f349186f37e025bdac20ec5b10d515e9d91e6b54a5df7ee7312f2faf4d299e1ba1e03419cfa52585f2c1195fb6
- SSDEEP
  
  1536:nTAF22YtIwY0lROGiPcKXXXKV2Qaf5dC1:nTvtIWROJPvXKv
Score

4^/10

evasion
behavioral31
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/Resources/en.lproj/Credits.rtf
- Size
  
  436B
- MD5
  
  f0d4a61caf597423ff07c5e9b24a345e
- SHA1
  
  60a248148b319de26e36424d25021c2488e23ce8
- SHA256
  
  b4386fe1cef65cd91e6c8ecc065d117089083f91b7cadbf0c3e5eae20e8b9640
- SHA512
  
  e361011499cf70fc71e247fdda71f49d913654a983aa4ae67d00dc977e53b9cf0d88d4d2ac07efe248261c3ab6e3345e829e22dda3e51dccc221a94c660ace69
Score

4^/10

discovery
behavioral32