6a15c07382b7dbd5ab4cef6ab9e280c3d0cdf57dc6c3cd26b65e0343a9dcbdd3

Resubmissions

16-08-2024 20:36

240816-zdtwjawakc 3

16-08-2024 20:31

240816-za2rzayfml 7

16-08-2024 19:15

240816-xybjkssakc 3

Sharing

Copy URL

Twitter E-mail

General

Target

idleon.zip
Size

14.6MB
Sample

240816-za2rzayfml
MD5

0ef4b8ff068b1021841abe66cddaa7aa
SHA1

3b28612bff094c590fd27e8d241d108a12e6db1f
SHA256

6a15c07382b7dbd5ab4cef6ab9e280c3d0cdf57dc6c3cd26b65e0343a9dcbdd3
SHA512

dbac1f21e56ca248d74ac5d486b5fa9b2e8901e63d8e5c114311ac323f7051d473991a9f71f9605e7bc33fb298f7f7db8605296c3833a5f2d8c0dfc9a21251cc
SSDEEP

393216:+KU9o2zi7Yj+drwiu1XsqyDq+SzP4yNXgSuSiBOVVYv6Ud8Q/I33:lmo2zQ3Fwiu1XaDvSz4yNXFvYOIJ8H

Score

7^/10

Malware Config

Targets

- Target
  
  idleon.zip
- Size
  
  14.6MB
- MD5
  
  0ef4b8ff068b1021841abe66cddaa7aa
- SHA1
  
  3b28612bff094c590fd27e8d241d108a12e6db1f
- SHA256
  
  6a15c07382b7dbd5ab4cef6ab9e280c3d0cdf57dc6c3cd26b65e0343a9dcbdd3
- SHA512
  
  dbac1f21e56ca248d74ac5d486b5fa9b2e8901e63d8e5c114311ac323f7051d473991a9f71f9605e7bc33fb298f7f7db8605296c3833a5f2d8c0dfc9a21251cc
- SSDEEP
  
  393216:+KU9o2zi7Yj+drwiu1XsqyDq+SzP4yNXgSuSiBOVVYv6Ud8Q/I33:lmo2zQ3Fwiu1XaDvSz4yNXFvYOIJ8H
Score

1^/10
behavioral1
- Target
  
  InjectCheatsF5.exe
- Size
  
  36.7MB
- MD5
  
  bbb4d7aec90304aa0da8085ea6937558
- SHA1
  
  6ee617a3141b8c3d23742cc454e8e39e35d734e9
- SHA256
  
  09e95b405d1c6efac0326a54b5683c6b35c0c4729c6401067975f23a6a557b67
- SHA512
  
  1125aaaf8bac4bf692a8fd7eab99e335133b04a985076762e38f657f93ab89a8f2244ff59f4ba5aafb75f1536f54ced7188dc01da9286cf29237ddb6f18f0810
- SSDEEP
  
  393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfG:fMguj8Q4VfvBqFTrYp
Score

7^/10

discovery persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral2
- Target
  
  cheats.js
- Size
  
  125KB
- MD5
  
  b51e45e671d712ba99d17f22874c8eca
- SHA1
  
  631afa8f82827f8052c42ebad46343d98895b950
- SHA256
  
  168edce670d7694b8e1b2f4ab783a85646736e15c394af70c98343ea1e1a9bf6
- SHA512
  
  b7b325b1154ca28f8556581a3338109472e9e5a5ec90039a90a98354840564574517eb5556f848be5237f1a0f732400e623ba36aba778766a39ff796683cd4e7
- SSDEEP
  
  3072:xRUGPH2e5wdD8ZZxxradIrGbw0oiB09ld3:x7f2eidD8ZZxxraEGbw0o7p
Score

3^/10

execution
behavioral3
- Target
  
  config.custom.example.js
- Size
  
  3KB
- MD5
  
  bc51f0dc1abea3e74662319018130343
- SHA1
  
  e434dec2257f3c8aea8b2eed1c6fd71e949b55c8
- SHA256
  
  28e0c494204c8896655913f393938adf6b9f461ebeb55e26abbc55b19fc7a14b
- SHA512
  
  99a99a13e5f76355bfee152a50662b51808f7852b2ab4132f8f02e91c00a02dcaa991bd40b844829b175b626dae69dec75d223e72f736deca6c30e3d6402ac9a
Score

3^/10

execution
behavioral4
- Target
  
  config.js
- Size
  
  7KB
- MD5
  
  c258ebf103b3c19d05199abb3ebb5ccb
- SHA1
  
  5f9da22a7f5b8db4a58e54d0e31297e5b266a2e1
- SHA256
  
  d4200cda05d85adfa5efe795e290941291d9cc4bbf4d7216e761697adf8f94b3
- SHA512
  
  c376f908f98ea124bcdab2392d103c18d432ad6c2030525cd0051dab21173b9807bfc95d93536c212c9e04e3b726ec5a2ac20ab0560e825bf8076cf939099ddb
- SSDEEP
  
  192:18oKGPuF2JPwIMXeIPSRxvkeVdKP2tptkD/q7:aoKG2F8PC6HvpaGptkDO
Score

3^/10

execution
behavioral5
- Target
  
  main.js
- Size
  
  8KB
- MD5
  
  348fe320f899ca6b463487234c60a9f2
- SHA1
  
  6f32d1b8f4581f0defecba18571ba576ce2d561e
- SHA256
  
  fbddb60cdb67d3d8f551cca3fd869d78037212d036c5f72ce5c38f82c8289328
- SHA512
  
  819259953ada90bb0466d6ec6ea6c0a2639afa3fd1e39ac905ef0e661ac70601ed845ab63de6f89720a4586347b521bee314db17527c264b2bf4ec5048578b0f
- SSDEEP
  
  192:4C7lhldhC9JWWNP7DqhgNxbmfQtU6cYXzqFmKXEpoq1ez7j7eMKtlN1:RCVR7DhNxbmH6lXzqFmKXEKq1OzA
Score

3^/10

execution
behavioral6
- Target
  
  package-lock.json
- Size
  
  6KB
- MD5
  
  b24081f0801fd70c8093cf19af16457a
- SHA1
  
  db59b39172defc4d1019c558a4960a3f5ffc9637
- SHA256
  
  c79c17338ef719ee450e288bc034d4eec316bebe375519979fe81b025bc3125d
- SHA512
  
  7b0ada7a9baed29836fbe461f66c1f90494e8242e560fa2965094e0198b5716011d81c6646820a996fe8c04c305f5eee6f813bef4cd499cffff29b35e78fbff0
- SSDEEP
  
  192:aa7a6pV0qfsLrQAqlaoU8j6YiRfaKK2Kn+qrQzDaoPF1AA:aabRAivWhI2VzDp1r
Score

3^/10
behavioral7
- Target
  
  package.json
- Size
  
  502B
- MD5
  
  6fae43b43119fb1a90d0d939ff2fd417
- SHA1
  
  26d54286ae79af1fa37f6993f57ecc979c9ed8c1
- SHA256
  
  4c657641b9a51982e2affbc26c43f57e8bf4e8fc07a962712dbc9d5caa883f56
- SHA512
  
  2576e8b7a6023a2c0f8257003139115bd2f08e9ac8804e9c40a1ef920cbe1befd222619494e6402e9942e5e830e46331ef9953aa3c426c6d787eacd8aeed2e91
Score

3^/10
behavioral8