4ab520bd8bab609a94e8dadf25ce40ed998b1fdfd7609bc1c4de72958a5d5cf2

Sharing

Copy URL

Twitter E-mail

General

Target

Anime-Best Setup 1.0.11.exe
Size

54.7MB
Sample

240809-s5nehasdmk
MD5

0df068979f57f6813eeb67521b4914bb
SHA1

339a17a7a68bb74aa4b04db590c0452b533d041e
SHA256

4ab520bd8bab609a94e8dadf25ce40ed998b1fdfd7609bc1c4de72958a5d5cf2
SHA512

568498fdddae77306be6ab882695cd4d4b1207d22af7fc46eae4ad4c6568f6b90480aeae352fc2445fd4c0415fe03a307c5497374788bd65ef3c391bdfd693e3
SSDEEP

1572864:cgF1s9gTrfbj4OnXRqgHIOmMnHlu24vT6qFpu:cgF1s6j4O4cpo2s7pu

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  Anime-Best Setup 1.0.11.exe
- Size
  
  54.7MB
- MD5
  
  0df068979f57f6813eeb67521b4914bb
- SHA1
  
  339a17a7a68bb74aa4b04db590c0452b533d041e
- SHA256
  
  4ab520bd8bab609a94e8dadf25ce40ed998b1fdfd7609bc1c4de72958a5d5cf2
- SHA512
  
  568498fdddae77306be6ab882695cd4d4b1207d22af7fc46eae4ad4c6568f6b90480aeae352fc2445fd4c0415fe03a307c5497374788bd65ef3c391bdfd693e3
- SSDEEP
  
  1572864:cgF1s9gTrfbj4OnXRqgHIOmMnHlu24vT6qFpu:cgF1s6j4O4cpo2s7pu
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Anime-Best.exe
- Size
  
  112.4MB
- MD5
  
  d2b5925e3739acfa73b78fdc303e67e9
- SHA1
  
  2bbc12e73bdd4e95257343e67f246a5865aef42a
- SHA256
  
  af46ef0855c8d532e03db49cfe063e241944085c31cdbe79ac66a9e31d79bbb6
- SHA512
  
  3c53c1cbbe4880265733447d1ca0f53fb69aa0c7d7a98f36b21a745d425c482d778b175b51ee8b9a8b5802ca8678e9823e4ee14d2acf590db6261d112901f573
- SSDEEP
  
  1572864:XzeRomoaC09nEiziYtpg0Ymr7owq3Ddn35FZevY4v034WZZB0HDh996O/fJaCJp:jeRomF3o3V/ZevY/CHHd+Z
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral11 behavioral12
- Target
  
  LICENSES.chromium.html
- Size
  
  5.1MB
- MD5
  
  6b84319ee8a0a0af690273d3d2dcbaf4
- SHA1
  
  857ca353e0582d100dcbc6cb6761bb4430d0cb90
- SHA256
  
  fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585
- SHA512
  
  26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a
- SSDEEP
  
  24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  3.5MB
- MD5
  
  2f2e363c9a9baa0a9626db374cc4e8a4
- SHA1
  
  17f405e81e5fce4c5a02ca049f7bd48b31674c8f
- SHA256
  
  2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df
- SHA512
  
  e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924
- SSDEEP
  
  49152:sXMoHAsisjBFjJMLhHELxJm8ZU8W/GBj5Z535TMpinAizxkl/cD11bqCG7jHbOkD:srZOb8W/G5hnAizxz7NZy9AG
Score

3^/10

discovery
behavioral15
- Target
  
  ffmpeg.dll
- Size
  
  2.5MB
- MD5
  
  d2cc6fc3a7b6c5bcca5fae428fe799e0
- SHA1
  
  89cba6e9195cf95a7aa993d7aaadb331392b3bda
- SHA256
  
  0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319
- SHA512
  
  34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736
- SSDEEP
  
  49152:8LmyB/kMqMdqev+YEdOzvKi5rWniVA8IOF:UmI/kMqMdqe9zvKiOL8T
Score

3^/10

discovery
behavioral16 behavioral17
- Target
  
  libEGL.dll
- Size
  
  346KB
- MD5
  
  dccd99cb80c5022d4ed21c068d4e4ae5
- SHA1
  
  4fcdc6be313d0e3baa5168a7556df992e3364da4
- SHA256
  
  2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6
- SHA512
  
  02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf
- SSDEEP
  
  6144:DMsJQmSGv9SHEOCK6tNu2JztBwNWqERYRg2Z4uVPZIcwpJAc21Dq2bTm:DmERK6tNVwNWqEnFuVPicAwE
Score

3^/10

discovery
behavioral18 behavioral19
- Target
  
  libGLESv2.dll
- Size
  
  6.6MB
- MD5
  
  d36a30ef5726be3e3b3ed3f886a781a8
- SHA1
  
  0a47ed6013866aef030683e0398937013ce7fdf0
- SHA256
  
  3672e62c20b1d253ad642e155ae32ba5c1ca1f2cce37565c71a7d8aad21515dd
- SHA512
  
  8ac4adc7879cc7b0661809394e118220a350c9b8063aadf44fcecd115411fcc040ea73cb1fb2896931c34ec04b6146e5b5f7cda531249698dceb09aa1f9b4078
- SSDEEP
  
  98304:3QCYyoIganb7rvoRVNBlrErukVVraNqk6xjL5V9zEYT/lv3:3QCYyZDnyVfqrukTrBTxR
Score

3^/10

discovery
behavioral20 behavioral21
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral22 behavioral23
- Target
  
  swiftshader/libEGL.dll
- Size
  
  366KB
- MD5
  
  c51dc7e0ca92c9a45467a202aeceebf3
- SHA1
  
  5f35ec0c4e9b7663d7467a6c5f10062479519758
- SHA256
  
  0d4015adb1b1a4996378e06c9341b19d00e3cab8d18c002197ea9311feaf5d11
- SHA512
  
  8439f2a36f0a85dbfe12e786672278c6f6250be5029313efa285f851491357e134d6c9e03b339985eb255e80988e82d37540ffaef4f358c4428f6fc6aaec9ab0
- SSDEEP
  
  6144:z0xXgHVFDxkm2nh/nyce87Xi4dlwhNEkqZCC9uZaWPJqSpdZgOBJ4+b2T:Ih/Ze87Xi4dCC1uZaeZGn
Score

3^/10

discovery
behavioral24 behavioral25
- Target
  
  swiftshader/libGLESv2.dll
- Size
  
  2.7MB
- MD5
  
  5629b1c0102dcc1e4217276efdc60630
- SHA1
  
  ffdd7bd4131c53b0ec5725ed8a8529b4be677232
- SHA256
  
  dac51738a42514c68ec31c962e608f6ce4a5a4244b787d2ba404a6a6065d8244
- SHA512
  
  8606a5e86172ab1f8cd65927b5139658e42ccf3fa870c27c2ce2a36cdfbffd3764f2efe83d4cc76c676c89d9fede70ca643950f370bbbd0b1dc8d2df005c46cd
- SSDEEP
  
  49152:9dnrjtIvoFzKkAdACGPIuV95gE+pZRNA32yJ6uhH2elKnmeEkAz4RnEoJ2rdzNBu:9F3tfKNtja1MZdZ1X
Score

3^/10

discovery
behavioral26 behavioral27
- Target
  
  vk_swiftshader.dll
- Size
  
  3.9MB
- MD5
  
  ef923cd8e56388b4e0746883a260a0cc
- SHA1
  
  ca8ea23d0747cab1915acaedaf4a3bd2146095ae
- SHA256
  
  115ade04abfc0bc084c00716490cc9fb1de658516658bc5b95d39f341d05a204
- SHA512
  
  bc1f20be1cf53c2193b3b4f25d212f5c6f1f6e58d3d2a82010d32a7ef790c6074d400e7cff711dc4a1d9713d027f1235cc97a2b58fb7dcff611e5db582d3b0c8
- SSDEEP
  
  49152:YWzcL9x2ydlDTa7GmidqJfec1e6u9px5Uxb92ZpJyTlN9lp/5iY8E8oP7qG7rm79:YaK1GPm4gmZZrVSowgaB
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  vulkan-1.dll
- Size
  
  616KB
- MD5
  
  5cfcea352b182820083249567842e7ba
- SHA1
  
  0998def9b65a187d02b77763343ac81d1eb245c8
- SHA256
  
  96b5833d66faea81bea3da7e7c5735ecb43f3b1e713715304d20377cc1f67a27
- SHA512
  
  0ac1b06bcb6e66d4d326fc73c0573a3caefb54e343e0f7e0298e9af08e15db9432375dbccc51a1abbd6a900a5e21a64dcaad58d266a114b01d9455aeebeef3d5
- SSDEEP
  
  12288:3qVxi0ZmVhGfA8gFlkPdcarfoxpQGyHua8pyE/XPVPYo:4xJRrfQry4yE
Score

3^/10

discovery
behavioral30 behavioral31
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Checks computer location settings

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32