Overview

overview

9

Static

static

3

Game beta 1.0.0.zip

windows7-x64

1

Game beta 1.0.0.zip

windows10-2004-x64

1

CannonLake...em.inf

windows7-x64

1

CannonLake...em.inf

windows10-2004-x64

1

CannonLake...SS.inf

windows7-x64

1

CannonLake...SS.inf

windows10-2004-x64

1

Setup #1.exe

windows7-x64

9

Setup #1.exe

windows10-2004-x64

8

e1r68x64.sys

windows10-2004-x64

1

setup #2.exe

windows7-x64

8

setup #2.exe

windows10-2004-x64

8

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Client.exe

windows7-x64

3

Client.exe

windows10-2004-x64

3

parameters.ini

windows7-x64

1

parameters.ini

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Game beta 1.0.0.zip

  • Size

    5.9MB

  • Sample

    240829-mv2w9axcqh

  • MD5

    7539c8964b1faeb2e083c0d10d4d615b

  • SHA1

    462986f14043fd01a2bd40a3a75e2ee4b1836289

  • SHA256

    c665de3ac5a746c75886ab30c02efffb131c00a6e6a1d01fb2157f6cb36ba582

  • SHA512

    da9ef0ae40d39251042e9cbf5d5ec045292ae9584e63eafb0906a16f6f6ca75876437c2a1d131616f20df7ebc799f84761941983cefb00588fa4f8cc14abb822

  • SSDEEP

    98304:h+gA+65B8hdyKLEiqJzOhLbRR0SaDWM1h+9aMfOZ1petHJF6nm1BRrCdNvlPiDlE:cqoWSKLEiCzKbRRui4A9gwtymnRr4QlE

Score
9/10
credential_accessdiscoveryevasionexecutionpersistencespywarestealer

Malware Config

Targets

    • Target

      Game beta 1.0.0.zip

    • Size

      5.9MB

    • MD5

      7539c8964b1faeb2e083c0d10d4d615b

    • SHA1

      462986f14043fd01a2bd40a3a75e2ee4b1836289

    • SHA256

      c665de3ac5a746c75886ab30c02efffb131c00a6e6a1d01fb2157f6cb36ba582

    • SHA512

      da9ef0ae40d39251042e9cbf5d5ec045292ae9584e63eafb0906a16f6f6ca75876437c2a1d131616f20df7ebc799f84761941983cefb00588fa4f8cc14abb822

    • SSDEEP

      98304:h+gA+65B8hdyKLEiqJzOhLbRR0SaDWM1h+9aMfOZ1petHJF6nm1BRrCdNvlPiDlE:cqoWSKLEiCzKbRRui4A9gwtymnRr4QlE

    Score
    1/10
    behavioral1behavioral2

    • Target

      CannonLake-HSystem.inf

    • Size

      15KB

    • MD5

      eba7c0036ff9b6d639077ea1d355b386

    • SHA1

      84e890d1c36bc666ab0f9fc8fd2a530083b1faba

    • SHA256

      351ee76409188f1d950eca10da0038a537c662293eb365dfb940040183c454d9

    • SHA512

      46642d74b9409be8f98a25118f3dccfce9705eb4a1297caf67bd17224ba14c9d0c6132cdb4876cc404cddf24b6b7fb681ef76cc7a37f428422dfeb7be4531a15

    • SSDEEP

      384:aryLvxmo9jZ7tCcGRz3djAIbTlvFrFPVDalf3FNdFxjAZFkGoaggWk+A2MOQnWHJ:aH9j+TXW4gL9j+TXW4gmt7yejh

    Score
    1/10
    behavioral3behavioral4

    • Target

      CannonLake-HSystemLPSS.inf

    • Size

      4KB

    • MD5

      2d184fb9e405f60985d1dc4087b19d3f

    • SHA1

      1c83c7fd57a3f17bc1238be3aba007b94dd9c4e8

    • SHA256

      a777d6b01db675304bca1dfac2ecd3ae5c316cf67e0197a085b6324f65c5457f

    • SHA512

      e80ff6b8e03cfabf60a8c234948543f121a3a87e1fe9003af57ce0b36f348f7ac30c14ef77e6a65943104a14250304ccddb629d8dd607565d907ced1dd760a43

    • SSDEEP

      96:f6FDCVZjb69FnGDCVZjb69FCNdPMd8hMHxscS+nJa7ihKavUp:fSDCVZjb69FnGDCVZjb69F7RKai

    Score
    1/10
    behavioral5behavioral6

    • Target

      Setup #1.exe

    • Size

      3.4MB

    • MD5

      ddb568388b04fafdd089d4efb3ff0886

    • SHA1

      5b647d7d44d355c7ab2b80598f1f2c8218161020

    • SHA256

      0bfe5df15ce1e6a9c6f56dce3032aba83f4af936001d728fc1e89acd20779c32

    • SHA512

      151dd37f908989078486938539a5cd89200e0ed8e8cd633d686e8943af90660828ed2217107e2e13b35decc223543a893db9b52bc3273081ac5e1a479a17b8e6

    • SSDEEP

      98304:y654eVu+J4ekCf6uHzMXxKkADT3Zf9X3srqI9:j4eMUICHHSKk+Tply

    Score
    9/10
    credential_accessdiscoveryevasionspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral7behavioral8

    • Target

      e1r68x64.sys

    • Size

      587KB

    • MD5

      14ff771e80ef227abf930096ad103ab3

    • SHA1

      f4250dc2563764bdaa0662e735ffc0feb5bac682

    • SHA256

      68c939123e4b630d3b482f3701868216dc8ec24049e498aa4008060d9d8d2bf2

    • SHA512

      877fcc9cb9134116fae54e80085f48da8e8742cc282694ea5b05dfd6fa065aba5f4e07acb5c6924cc9bc1c7f4b82d8e61e1b540066c93f32dc1512414870aacf

    • SSDEEP

      6144:1htGCexxSevAvTpoabFRR55ZzhjLZv8K9+iNaMMEnK1RrinLLVOfqZCvriY+d:3ixY+GLbFRRfjZ8KkSZMEKrUwfq2GVd

    Score
    1/10
    behavioral9

    • Target

      setup #2.exe

    • Size

      2.5MB

    • MD5

      bf9ff8f3e10de7300f779480f66a2310

    • SHA1

      dba1090de51520da92033cf09cfa6ec2a1c24771

    • SHA256

      fb89ed12ad13f130c2c2d7621eef0977d2310b89406de76ca0d493d1fda80433

    • SHA512

      481ed4ab6af8b62b203355c84568a0c1852c9f03e6e29971b82c90284be5e7abd72e9400955ffcf9434d854f82c51c832a063872590173b6396ebbedcb4f283c

    • SSDEEP

      49152:et/rfiUXmW2EDjYxt7ajwJopN4V9IuIIO4VKTKsFvc55UNQrZR:qZXj8t73JopybfIeWKssdZR

    Score
    8/10
    discoveryevasionexecutionpersistence
    behavioral10behavioral11

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      b5a1f9dc73e2944a388a61411bdd8c70

    • SHA1

      dc9b20df3f3810c2e81a0c54dea385704ba8bef7

    • SHA256

      288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884

    • SHA512

      b9c8d71b5da00f2aff7847b9ec3bd8a588afeb525f47a0df235b52f7b2233edb3928a2c8e0b493f287c923cc52a340ad6fee99822595d6591df0e97870de92a8

    • SSDEEP

      96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH

    Score
    3/10
    discovery
    behavioral12behavioral13

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      05450face243b3a7472407b999b03a72

    • SHA1

      ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    • SHA256

      95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    • SHA512

      f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Score
    3/10
    discovery
    behavioral14behavioral15

    • Target

      Client.exe

    • Size

      5.9MB

    • MD5

      f8438bd3fca219217028fea807ed48bc

    • SHA1

      0493a4709267bf676bbbfdf07b99b5c743b5211f

    • SHA256

      140a81444519172a3abc697b5f6be243bfcb2b99dc63be92b2c32446825f04d8

    • SHA512

      ec7bdc067ea5dbfee23a266fcf6256434873a601eb932d0a338089d476bd851f1e89dcee8aff52efa565d27e78de8506d1a53f4d858388764f4f07582f67414b

    • SSDEEP

      98304:p4P0KqZJcmNEi/iLEnxASgBKQFNzC3SMEYg2WOa9N:pq0Kq3rgSzQPRMBWOaN

    Score
    3/10
    discovery
    behavioral16behavioral17

    • Target

      parameters.ini

    • Size

      178B

    • MD5

      7e536b53ae4a6bc175c3405e7340430b

    • SHA1

      382165bdb8f86cca31975251b95f055801a6eef2

    • SHA256

      4c9247b6803dcf1c8f1b0af41388e4777896793eee21f7d5f3d0e1921f66ade1

    • SHA512

      fbe0b17a0691f7de618b8b883ab67642330d31f0eaedbf1e8a47010a110dbcc3909ea8b9e808c6f2e96ec957081f5183ed9fc9f5c18fee7c1df3f66579275b1c

    Score
    1/10
    behavioral18behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

2
T1569

Service Execution

2
T1569.002

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks