2887361583b370fccefb03e165136c009ab1e16477f29f5a38b461c32b8bfd3d

General

Target

OfflineMinecraftLauncher-Portable-v1.1.0.zip
Size

515KB
Sample

240902-jtll4awarp
MD5

e9026a76614dda5a68a9d16712322e06
SHA1

49ac840370029a3904b65b6a8a239a5977902a3f
SHA256

2887361583b370fccefb03e165136c009ab1e16477f29f5a38b461c32b8bfd3d
SHA512

8e3542d5a4eed69064f709ff49808a12a17806cd77280a3ca89a7205893dba9c7ed35f8d3d5e35a05fea23551e7e8b389fcda26dacd6a2d425782122d26ff626
SSDEEP

12288:URf+Qm79CvtJFWF59i+Eksh4Dfyi14DAPBkW4nJOxx:URftm79CtDWF6DeqwCAPVuJOxx

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  CmlLib.dll
- Size
  
  166KB
- MD5
  
  933374634f0e8eced0c244f4442f921b
- SHA1
  
  a948f422dc61d09ec0f2cbf789c2640c6cd99440
- SHA256
  
  53b132748eb25d898c7a63343b368d9b4f7ea8fa66c673a5019ab0980b66dc8d
- SHA512
  
  3f657b3067027ca5b06e5b16c017e8207d36d5cbbea199567423c0c5f042a8a26be13920a8edbc3cbfe6c217db773d8dfd6a996af6ba5d20c8a56423774d9fbe
- SSDEEP
  
  3072:QP0naSU8YpjOwZXE7N2jlUoIXQ0d5g/mS8nMbpfjBnw+YjqHXHygAZi:QsnaSbYpjO/XVy/l8Mb5jG
Score

1^/10
behavioral1
- Target
  
  ICSharpCode.SharpZipLib.dll
- Size
  
  200KB
- MD5
  
  f44081428f0a6f84dc2afd25763e2ab6
- SHA1
  
  51d030410c88f247fae34d480e5a728fd3984dd7
- SHA256
  
  2b8ba0da97b61d572f234539b3357f79abc50aa925966e3435fca9ab4c9ff36f
- SHA512
  
  4ac19556d9107a8bb5de1c44c686c6c977fbdcfc8da595d34a862c7634cba916ec3c83c1c898808fff73dbea0afbe6faf86601d65416724b8337409648919425
- SSDEEP
  
  3072:bJ1o3gvhN6QX8/5ULEDoSj/OMVhC2WG+ovlf1tupIISBd250RI6rEaEcF6Zu5DkK:N1RvhX8/5vDoSLOMVJWi8pIISBQKjLn
Score

1^/10
behavioral2
- Target
  
  Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral3
- Target
  
  OfflineMinecraftLauncher.dll
- Size
  
  340KB
- MD5
  
  0d7738269c0a326a038eebd6d2e5a2d2
- SHA1
  
  5052a84ce8aebe1115255efc2bab9f602af73dda
- SHA256
  
  760705aeaed5406715a756e3b6f29c606f9aa49f36adbde5e7d3418b28e875c6
- SHA512
  
  d28a6b04741e1ee6ee87c4a739c387504c91018700bbb80e5a4d2d0c3c60098819998f0cf00985884f18c7080cf6cd32feb38a94ed397f42369274d05faf7b2d
- SSDEEP
  
  768:nsG7jrQQvJiR33yyyyyyyyyyyyyyyyyfg33yyyyyyyyyyyyyyyyyf9:hsQm3cg3c9
Score

1^/10
behavioral4
- Target
  
  OfflineMinecraftLauncher.exe
- Size
  
  308KB
- MD5
  
  f8a1b87d17f7c247935c1f3bf48c5670
- SHA1
  
  0b26092a7e92921905939a2f96ce638f1984d8ce
- SHA256
  
  d2fabf7f3179b69c2a78f8943c192a483370d2053c8c38799544790ce0c708d7
- SHA512
  
  875d7ef307e8ac2fd9a71c3ead27e3b69b669a827b8535a2e659dc0b99df8b7cfa23ac88ad9763a98f5ded963347663b4b7cf669b1a9c2c295ce1fe54776e111
- SSDEEP
  
  3072:Oczkitvo4BpYN/6mBPry8TXROLdW5m4mUR59OOGk0kfcq:OA4NCmBPry/N2lOOhZc
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral5
- Target
  
  SevenZip.dll
- Size
  
  49KB
- MD5
  
  11eb138db53f5896f3cf95144d04132a
- SHA1
  
  204fd914b84630366c3a656254f39a99a884d8d4
- SHA256
  
  f80c92ce064a19d514cdaaf1838244f203c188462d26119df7b408291d68f8b8
- SHA512
  
  da60124b8c95e6bc7d123def35e61041f567df57401737ad3fdaeef12140d2a6410eedf6cd29889f401cae4cff7b6c0bdd71507b2885e06cb39d75da42bd63d5
- SSDEEP
  
  1536:Pyl9DERHUxDiJrVPpO+KeH8Ie1sGvLq4WMn:Kl9DGHUxDiJrRcIcsYV
Score

1^/10
behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Creates a large amount of network flows

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6