7b4f0026de0ae5880ddb853725015d617a17f4405de54fa009d18ec020150cd3 | Triage

Sharing

General

Target

uRage 186054 Gaming MouseSETUP.exe
Size

28.7MB
Sample

240820-k7gezatemb
MD5

b836315ca399b8825f786aa7f2d6f8a1
SHA1

d9542690686bf4592553a6295de7ef39538178da
SHA256

7b4f0026de0ae5880ddb853725015d617a17f4405de54fa009d18ec020150cd3
SHA512

5827dd63cec456311057e77c19f1608d0bbf73bc88e756c015ba693856fa8d865b5dd0dc5746b2cb446070fa0dcf44ebeaafbe8b473b54b4a83c056ae8544575
SSDEEP

786432:Aar92oW6zOp9cwrB54J2Ni2HOxK9OPHR3VGDHKkzfWAECWoy50D:NYoNzeLBOY8JKo1VGDHKoioy5c

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  uRage 186054 Gaming MouseSETUP.exe
- Size
  
  28.7MB
- MD5
  
  b836315ca399b8825f786aa7f2d6f8a1
- SHA1
  
  d9542690686bf4592553a6295de7ef39538178da
- SHA256
  
  7b4f0026de0ae5880ddb853725015d617a17f4405de54fa009d18ec020150cd3
- SHA512
  
  5827dd63cec456311057e77c19f1608d0bbf73bc88e756c015ba693856fa8d865b5dd0dc5746b2cb446070fa0dcf44ebeaafbe8b473b54b4a83c056ae8544575
- SSDEEP
  
  786432:Aar92oW6zOp9cwrB54J2Ni2HOxK9OPHR3VGDHKkzfWAECWoy50D:NYoNzeLBOY8JKo1VGDHKoioy5c
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsNiuniuSkin.dll
- Size
  
  896KB
- MD5
  
  1834fd72e6a7387749d014a30b53d6ac
- SHA1
  
  e6c51f9f578e86e376501fc08f6d80cfe11bdb52
- SHA256
  
  148cb136ff5ae9711ddb869b5f22065ee89e13eaf5081ce39c07dbe89ccd97b7
- SHA512
  
  c8247a7916c718311a0f458cbb2133d77e3950609bb2c4b9470a9a7725a1d4d595422fb8c3c42f34629fd045675c72b221fee26a5188b9df4a0f3099857ec204
- SSDEEP
  
  24576:/pIQCUFPxa+iDkpxMJIpgT62mQh8lZIn:oUFPxarJICm25oZE
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsis7zU.dll
- Size
  
  313KB
- MD5
  
  06a47571ac922f82c098622b2f5f6f63
- SHA1
  
  8a581c33b7f2029c41edaad55d024fc0d2d7c427
- SHA256
  
  e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9
- SHA512
  
  04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83
- SSDEEP
  
  6144:rA9ssOlBrbYr5UP4m3mC/FvBbhQ1JzI+yQKiJGxdNtsm0:r2S165UP4mL/FvBtC8zQdSDmm0
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  DuiLib.dll
- Size
  
  1.2MB
- MD5
  
  64c2ca0f2b36545f6e3bd58351245163
- SHA1
  
  36515e230f264b8949e885f6a2c38daabc44eae9
- SHA256
  
  7c67b2acd5759a6ba03135552089ad5f6b0ce1c5c26aab50070c19844f3e5345
- SHA512
  
  1874dc1a8b6d813228de0a54790babc98d2ef35fb018e26dffe513523e602ba885e2f3a6e1ca2038afb4fa91bcc28eb15832decc63f4f69365c9b2b54166926f
- SSDEEP
  
  24576:okuqE7GfxUf5gyNEtSxf/1z/Ji9foJvdSRbOf4+aDJpjPi:AOxUf6yNEtSxf/1z/Ji9fot0RbOf0D
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  DuiLib_d.dll
- Size
  
  1.3MB
- MD5
  
  7a2fed4b035b1bfadd29bd9e689328d2
- SHA1
  
  d3d7cd35c4c47caf4a48f1f715c3d780d95409f2
- SHA256
  
  6e7b8c1969c2598ee7f317eb269a02f1e42731967ca13a8baca3544d0a76a007
- SHA512
  
  ed89792ce774649e6a318734a99d192bbd83f02ad31fceb660ea9368bda5f308353579a29e5f47f49eedeaa3fbf85de7141113abc40ef22018f0b205f8b445e8
- SSDEEP
  
  12288:8wRw6nrtg/JHa3Sg7gaRwj7OcFb+f2E85Fqa6odgzDhs2GB6DsLskUzs5YlleQu9:8qthc/ics27FqjodgzDC2GWkaPllEY
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  HookDLL.dll
- Size
  
  44KB
- MD5
  
  1fd575a0b0ff4e5648f6552eaa6dd10b
- SHA1
  
  38c63be2d74fdf8fbe002ea513e2f4d42a40f908
- SHA256
  
  9ab5e1ccff616db6e9a7d571b1d932953abadf85a489194827aee8326e436b12
- SHA512
  
  c6586e43fa3d0c9be6b7fa7a5c69032af8789f861d4ee6b3de7e019ee54e7f9a392dfcd70c52e7cf30608093c60e8aa6fab46b481b4204323febef6102f5656e
- SSDEEP
  
  768:A0MxliBRt2uw294n0Guc7TVrDh9VGgXZ8n+19Yl5C5pYtd4F5i5klWantEDodvyk:ALu92Z7TVB9Vd2
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  SDK/x64/vista/osConfLib.dll
- Size
  
  250KB
- MD5
  
  4ab0fcf586cf65c22a273df0d1a30380
- SHA1
  
  375318b2319d97eca36794e888913e54bb9a767a
- SHA256
  
  20c58530e75179529fc7af38141730cd77815251cb94f5dee296790a0d9ea3b6
- SHA512
  
  7e42ab21c4eda0faf1860696bf02ab533f41be2e7c85e4ecf72695fe6acd40ed6257770a1c97e918604a30bee5804ca5393736559d3886a42e4b4226f535503f
- SSDEEP
  
  6144:/SGC2ZCT2VO2Cr3ndhZd2fnjtEe1vtUE6I55Wdi8v:/Sb2ZCT2VO2CzP2fhjtUhI5Gd
Score

1^/10
behavioral17 behavioral18
- Target
  
  SDK/x86/vista/osConfLib.dll
- Size
  
  236KB
- MD5
  
  7949df4e02ba69f8eed0fc7059b1f96c
- SHA1
  
  328b134d3f4f12133d927910a34ce0f123c5f7f7
- SHA256
  
  b3997b03c2f842386af172cb96c2c63af4e5a69dfe07693646e5c23764a52127
- SHA512
  
  2b242905a2e22a699ac4ef39f3a25b19e077a6c1b0962c6436ee3bbdb45dfa0b9bad36f56e63076320737faacf4b9fc1773c02f7263b91f49f993308781081cc
- SSDEEP
  
  6144:bG4uJVVrV1+ZXp+0ob9j1lIu7ZpuAOCpi:bG4udfUpZob9jIu7ZUZ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  uRage 186054 Gaming Mouse.exe
- Size
  
  2.6MB
- MD5
  
  9e0343414cf0a854fd554c5db4919992
- SHA1
  
  7dd38e9e98a4be05ea6fbde37fb5bfe62abb8914
- SHA256
  
  9e47127d61987291208ea4e25ca6efb58a6ae568e3fd284ed004e1d2c9317c08
- SHA512
  
  38a323be5dc2cee2585d66e862ed54bbfd1fd67f24b12e17faa39ce0d261c4d852b2e89700f704ffe81a740f95a8ffe67f3e2a7133361b56b4f6b62967f656a2
- SSDEEP
  
  49152:r4UwRa3Os1VEpjJ/6ibyb0T9KnL4omwsVgZYFbEeZ+MkiuBEiUW3sVW4Ln5Pelez:EUw61VEpjJ7bybMKnkosVg6FHZ+MkiSW
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  uninst.exe
- Size
  
  1.0MB
- MD5
  
  62649af0492d6848a9d0a3cc4ccd4f19
- SHA1
  
  a2c526e7fd51a5c5d3d8fd8245137ae4baea2451
- SHA256
  
  99c05d96fa431ad6a8bbb0cf67e7e07b763e83efabbc393719d6bf757ed34494
- SHA512
  
  4c46b42e43073a02c3648fe27809e2baeb22b8bd2cdd803098a5bcf6582f237bb26b4db2a54058cfbf6cf63ec03ef317379410fec4ffbeb4c54f0c290d3a23d9
- SSDEEP
  
  24576:sZFIqzK+Whkw2htdPRtpUhyiqxA+xSEox3MP9d+8:Ld+JwQRtpUhex3douPJ
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  8614c450637267afacad1645e23ba24a
- SHA1
  
  e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
- SHA256
  
  0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
- SHA512
  
  af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  132e6153717a7f9710dcea4536f364cd
- SHA1
  
  e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
- SHA256
  
  d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
- SHA512
  
  9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1
- SSDEEP
  
  96:M/SspqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LP39sQvM:M/QUG7lhvov36S5FcUjliSEI5LuQ
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32