e9c172b94b4f15ab7a09e04fc2ee97ab9c755ce446e1a846cc9c67b581329f76

Sharing

Copy URL Twitter E-mail

General

Target

3DSexVilla2Installer.exe
Size

28.3MB
Sample

240809-w3hm1sxfmc
MD5

0769644fc72137f1b032c9a3b6b8b672
SHA1

34eea5f64bc02a894ec6903f303bd37aee05e381
SHA256

e9c172b94b4f15ab7a09e04fc2ee97ab9c755ce446e1a846cc9c67b581329f76
SHA512

011cf22fb147bfc3db589011c6f40b476a539ce1fa1ec696ad04eae3d72f06bdb9d88f1fc44f35c9bcf889971894accf2b259368ab087abf2afcf699124b2f4e
SSDEEP

786432:AeSlVwBz3Zy75ycC0duhXtSpTOWyz01sJrc4:A6vKYcC0dMsN1sJQ4

Score

8^/10

Malware Config

Targets

- Target
  
  3DSexVilla2Installer.exe
- Size
  
  28.3MB
- MD5
  
  0769644fc72137f1b032c9a3b6b8b672
- SHA1
  
  34eea5f64bc02a894ec6903f303bd37aee05e381
- SHA256
  
  e9c172b94b4f15ab7a09e04fc2ee97ab9c755ce446e1a846cc9c67b581329f76
- SHA512
  
  011cf22fb147bfc3db589011c6f40b476a539ce1fa1ec696ad04eae3d72f06bdb9d88f1fc44f35c9bcf889971894accf2b259368ab087abf2afcf699124b2f4e
- SSDEEP
  
  786432:AeSlVwBz3Zy75ycC0duhXtSpTOWyz01sJrc4:A6vKYcC0dMsN1sJQ4
Score

8^/10

discovery persistence privilege_escalation upx
- Downloads MZ/PE file
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  8KB
- MD5
  
  65d017ba65785b43720de6c9979a2e8c
- SHA1
  
  0aed2846e1b338077bae5a7f756c345a5c90d8a9
- SHA256
  
  ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac
- SHA512
  
  31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95
- SSDEEP
  
  96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/FileDump.dll
- Size
  
  99KB
- MD5
  
  20343772cf6cbf2891559b3057a100e0
- SHA1
  
  408d0aa4d127674f9aa14f924c48be88e651f2a2
- SHA256
  
  eb89ddbd4df2660ba1fdd4a8203e4d498efbc0384624c9031ba1002851b9aedb
- SHA512
  
  06da1c1ad38594725f01018031e426364e9ee61076777c6b323cfbabfe13ea6f38fda4f54f14540eedcf144ec26f271163e05e9552d3762fd04eab925dd00f81
- SSDEEP
  
  1536:uLxfoAZocyYC3MdnRkRvnQab5xBTHLFTy4oP5b7/z5wMpJ5sW:0oAZoctnwQwBat/z5wMpJ5s
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  67d8f4d5acdb722e9cb7a99570b3ded1
- SHA1
  
  f4a729ba77332325ea4dbdeea98b579f501fd26f
- SHA256
  
  fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
- SHA512
  
  03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f
- SSDEEP
  
  192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  410a586735f45164c86bda363ad8446f
- SHA1
  
  a68d18a8c72ffaa8f8d9ed9f76ea9b0ed397821b
- SHA256
  
  b15b1fc88d1b56088b2d3738d76772a91fa186a316a3e0a154358820d0fb9005
- SHA512
  
  d12083f67df132b2be57c202601a0cf82dba4c234910e780d2723aac14ae68407b824405b04737b55104bc97750550a3271a944d647661b067ce134075e6cc2a
- SSDEEP
  
  48:aYZT4WeApYxYlxamAWHN+EuWkGWBBWAGr9SdLB8m+ofYZVSA:JCWGSxamjHNDuWRWBBWvmuV
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/MarkerPosition.dll
- Size
  
  60KB
- MD5
  
  8c43a83ad1d7620d9ded9265826f86cd
- SHA1
  
  f1ba23e0c5a079cee3aedce33f4e09c3ba695840
- SHA256
  
  36044ca3833055661543f85302490d744efd9506ce113fb8bf9e96e0e0719f18
- SHA512
  
  8d05a56c94cf23e693c3e4eb1c0cd911470e91f41a2e6d1fe64bda7ba6f4978ab5b1bd4e603c4589e286bb1493b91b68c0069bceaf9743b9469ed0a97b202617
- SSDEEP
  
  1536:YzFX30sdrBqc2zfBFYx+bkfaMT+KIMwjRoUk0l7W2U:YJXksRgHeykf/TaXk0l7xU
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/dotnetfx35setup.exe
- Size
  
  2.8MB
- MD5
  
  c626670633ddcc2a66b0d935195cf2a1
- SHA1
  
  ec9f0c31b9949ca1cf14e9a43bca065fa5bc0e71
- SHA256
  
  6ba7399eda49212524560c767045c18301cd4360b521be2363dd77e23da3cf36
- SHA512
  
  144d3f50315e58a4e173a35b08450cdefe6cebe35190f32275b65591ddda8729720b21e32baa8e42c63060435868af941265288ab7ac6de59b23cec70a8aa2ef
- SSDEEP
  
  49152:cQpDJ082TPqyaP3xhIKc+8m9efm97y8pUcsKY4twQ9/3WOIpXFRDt:cZ826P3xhpum9Icspgw0OfXFP
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $TEMP/launcher_vs2010_sp1_vcredist_x64.exe
- Size
  
  5.4MB
- MD5
  
  cbe0b05c11d5d523c2af997d737c137b
- SHA1
  
  027d0c2749ec5eb21b031f46aee14c905206f482
- SHA256
  
  c6cd2d3f0b11dc2a604ffdc4dd97861a83b77e21709ba71b962a47759c93f4c8
- SHA512
  
  75280d721550c2fa19b4f8d42b87d2fc6017f42709d84d2162c7330f7a0338bbd72cdc3f78626b10edcc602e2d22b174039254824334b3173d0ea48b3c06d1df
- SSDEEP
  
  98304:hsPj6quMcylIpk4nM6tmMUrfvEP0hcKju9Z/lTPU8UBHBKNpr1w36ZyY:+PjzDJ4M6tmXDsPKi1lTPmHipJwqL
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  $TEMP/launcher_vs2010_sp1_vcredist_x86.exe
- Size
  
  4.8MB
- MD5
  
  cede02d7af62449a2c38c49abecc0cd3
- SHA1
  
  b84b83a8a6741a17bfb5f3578b983c1de512589d
- SHA256
  
  66b797b3b4f99488f53c2b676610dfe9868984c779536891a8d8f73ee214bc4b
- SHA512
  
  d2d99e06d49a5990b449cf31d82a33104a6b45164e76fbeb34c43d10bcd25c3622af52e59a2d4b7f5f45f83c3ba4d23cf1a5fc0c03b3606f42426988e63a9770
- SSDEEP
  
  98304:TsPj6quMBYyuSFOMKykvYgS/ylTpHufHMpPbOZ39c7T3eeom2vJtPShg:wPjzayuSgMKykQgSaTkvMxEYT3OfPShg
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  $TEMP/launcher_vs2012_sp4_vcredist_x64.exe
- Size
  
  6.9MB
- MD5
  
  3c03562b5af9ed347614053d459d7778
- SHA1
  
  1a5d93dddbc431ab27b1da711cd3370891542797
- SHA256
  
  681be3e5ba9fd3da02c09d7e565adfa078640ed66a0d58583efad2c1e3cc4064
- SHA512
  
  6c2f4eeb38705c2dafc4d75d8de0036a0aed197f83e9cb261d255fe26e4391f24b0b156e9019c739dd99057041c2bb80f9ab80f56869bc1e01f0469a76f24f75
- SSDEEP
  
  98304:vRWKtOl5CCGomEBkHUBmExJrIUg32t9RRyvo7VnOcyP24Vc35re94tb0eYbY1poo:v3tO3CCT/hBxtVtyUVnmSprzVIY7QKAk
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral21 behavioral22
- Target
  
  $TEMP/launcher_vs2012_sp4_vcredist_x86.exe
- Size
  
  6.3MB
- MD5
  
  7f52a19ecaf7db3c163dd164be3e592e
- SHA1
  
  96b377a27ac5445328cbaae210fc4f0aaa750d3f
- SHA256
  
  b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386
- SHA512
  
  60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b
- SSDEEP
  
  196608:OwKjLs+UIkzHlAv4X6zQRgiwHLD2LQIX/:9KjaxFFP1iLD2LnP
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral23 behavioral24
- Target
  
  infinst.exe
- Size
  
  68KB
- MD5
  
  45d4dac07aa361bcd77aa815d1724a16
- SHA1
  
  3bbdf7da5d51211ae269572961b5ebf508ada28d
- SHA256
  
  34ab99536ea59ad60ba6efda3ea6d18291ef096a0bab3664248d6045805da0ec
- SHA512
  
  d940002a8e0112a3b56a909008403b447e9cbb80e38b9bbd508f40aa68224f7e5d9681e1039e747ae939e0829a25be2319b9f9d0862cebb042e4c525ccbc20be
- SSDEEP
  
  1536:dSKL6bzRYK/ixmu3XyhJRxjWhKfLXJ/y/Fae:dSKL62K/u3XmxCAfLXJ/y/E
Score

4^/10
behavioral25 behavioral26
- Target
  
  xinput1_3.dll
- Size
  
  104KB
- MD5
  
  bfb3091b167550ec6e6454813d3db244
- SHA1
  
  87e86a7c783f607697a4880e7e063ab87bf63034
- SHA256
  
  756cad002e1553cfa1a91ebe8c1b9380ffabe0b4b1916c4a4db802396ddfbef8
- SHA512
  
  ce2ead2480a3942081af4df4baee32de18862b5f0288169b9e8135cc710eb128f9a2b8a36bda87212c53fd4317359349c94d38b5da082638230dcb5669efede9
- SSDEEP
  
  1536:S1ea+pg4i1fprOwSGiExJ70MBzLrPbYMGsJ0OXrLSkfmrxy/Fae:S1nz1UrGiEPg0LH7GNO7LSkfaxy/E
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/tx3_dxsetup/DSETUP.dll
- Size
  
  87KB
- MD5
  
  9e0711bed229b60a853bcc5d10deaafc
- SHA1
  
  2bea53988bd35c5df5c9edcef0bc234c37289477
- SHA256
  
  def6f245762be36cf18b435ba8b7ebc224b9c21d1a1db606a8e8fafdaa97bba0
- SHA512
  
  c0b31872e52c8f4270d991c70d1a1c9ef9a4bbee4807c54c05a449cd1607506ab16ff1e74b378651b36e3276322c86cd843565c8a1aa33a49c47322ef4df0185
- SSDEEP
  
  1536:OtBqvGpPmOEll4RWxiF9G3ZnVdqkFKJuTJbHo0Xm+jN3i97ZTj4FWMD+ZJqsHPCH:OtAvG5mOEll4Roi2pVVFKJuTVtXVpS9a
Score

4^/10

discovery
behavioral29 behavioral30
- Target
  
  $TEMP/tx3_dxsetup/DXSETUP.exe
- Size
  
  524KB
- MD5
  
  ddce338bb173b32024679d61fb4f2ba6
- SHA1
  
  50e51f7c8802559dd9787b0aebc85f192b7e2563
- SHA256
  
  046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de
- SHA512
  
  7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4
- SSDEEP
  
  3072:ti6LKecn5W6VOX6dRJar+GHs6Hl56MA6rKmMH2/5Mjt4zT1mFDYkCIEVNUrlfw0I:3F0JarNX6hWs4VRKs
Score

4^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

UPX packed file

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

Checks installed software on the system

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32