92d28026fc18875893b490f0874773f6e19d45fa8701c60e1995f518ebfb3366

Sharing

Copy URL

Twitter E-mail

General

Target

Rift.Installer.zip
Size

2.4MB
Sample

240903-zz17qsybjb
MD5

972ddd399e4f0b4a64e208c5abde019b
SHA1

f4f51bf8333500293986c58251b2718ec2ed0fc5
SHA256

92d28026fc18875893b490f0874773f6e19d45fa8701c60e1995f518ebfb3366
SHA512

782d6fa15743cdfa48f5167c91f4b9e10171a9f180de2cdaa0c0aa2d72ca22843beabb6364eb0d8175c7056d3a18b56f43026549becef39511a9d6e76e0f53bb
SSDEEP

49152:UTGI+b8CrIf9oKVveq0wu2/9IYGXRHPmwQ/+qUpXp/C4sFe7EG4lAdo:sGI+b94/t10E/9BIoj2qUpXunGQAdo

Score

3^/10

discovery

Malware Config

Targets

- Target
  
  Rift.Installer.zip
- Size
  
  2.4MB
- MD5
  
  972ddd399e4f0b4a64e208c5abde019b
- SHA1
  
  f4f51bf8333500293986c58251b2718ec2ed0fc5
- SHA256
  
  92d28026fc18875893b490f0874773f6e19d45fa8701c60e1995f518ebfb3366
- SHA512
  
  782d6fa15743cdfa48f5167c91f4b9e10171a9f180de2cdaa0c0aa2d72ca22843beabb6364eb0d8175c7056d3a18b56f43026549becef39511a9d6e76e0f53bb
- SSDEEP
  
  49152:UTGI+b8CrIf9oKVveq0wu2/9IYGXRHPmwQ/+qUpXp/C4sFe7EG4lAdo:sGI+b94/t10E/9BIoj2qUpXunGQAdo
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Toolkit.Uwp.Notifications.dll
- Size
  
  140KB
- MD5
  
  1f75ab858befd1afd7491b5605a0749a
- SHA1
  
  9992b53866745fe21d47e69276c78157b178ff62
- SHA256
  
  4d8c8b828d4cc072336d58965db58e11b2660db113989e860bd9fc8dec8b3848
- SHA512
  
  185e9f49b80b3bc7bf2935e04e7ccfc1c2e09b9d1f486448f980c16d62db118877fd91cc4f33563d3e8386769d552b052fbd171d4497511c9a494d7c749d5aa2
- SSDEEP
  
  3072:S9Et3TIuTM0ijrzTaS+wOjM1eYLjB1+YI7OwR:aO3Tszl+DM1NLjB1+Ym
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Win32.Registry.dll
- Size
  
  40KB
- MD5
  
  e1d9a5b63a29e0be888ca6952700ab83
- SHA1
  
  819607a0c5acd057219e22cc1174a2e3078b9d6f
- SHA256
  
  340933ad6701077ae9b8035e4671803d86074ab32f2de8165acfdb954bd260f6
- SHA512
  
  5e153bc90195e20e503c8c04b1361598947de3500c8c6f6fd6baf0e245aa5afc7d84bf55787d11914a28c0e8186a29360a94fcc8b816f482045b7032ea8738d3
- SSDEEP
  
  768:JipxaP/LOgSJzldoB7ViedPHAsmlxPvyyE:AaP/ybu7ViCPHZmlx3yT
Score

1^/10
behavioral5 behavioral6
- Target
  
  Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral7 behavioral8
- Target
  
  RiftInstaller.deps.json
- Size
  
  12KB
- MD5
  
  45a7c95d543fcdebf10a1429bf9bfe45
- SHA1
  
  5eaab14a086d023e782eb31d1f9e59d6b5abf23d
- SHA256
  
  d144da08b129ca9a0954df5a8ff3ae98d080843877aa303bdcdc474b447bc0be
- SHA512
  
  098444e6b5d21388ac25d1550cdcd39d5bd0c938ac6af5f17132b5c25da451633de83951055ad30d493965004a5b95ab15b87632d0b8545d7868737c9cd45680
- SSDEEP
  
  96:YU70CypzoE2/cMsdEf3bAjZereWSd3EjR1CVqKAKDfqJrNz7HLccFSqcHjfXfY2m:YUfE2PCrereWSsCVqKAKr2UZ4r+rpUpL
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  RiftInstaller.dll
- Size
  
  833KB
- MD5
  
  0712270fe6e054ffadcf957c1faa9446
- SHA1
  
  02f71db9d561e4b2da754d2d8853d6935d8f01ef
- SHA256
  
  c88d0047cbb481d26ca610751a70b2b063fb151dccbd2f28a283e14cf1405b8e
- SHA512
  
  e14a0c827b3112cdcfd2412c39f956a6289e806f878ff1f671db65d9bfe87701a8080fe5e849cf07629cdbe1914c138539423d1462bdc06ba2668744cbbf4856
- SSDEEP
  
  12288:RpfS4N5oKwvw7zfHBFugn2i9f3JqUQhM5URnHu6/zQJrG2Iv:v7zPzug2YURnHuGkJrG7
Score

1^/10
behavioral11 behavioral12
- Target
  
  RiftInstaller.exe
- Size
  
  174KB
- MD5
  
  33440fbec56a2034154071aa8346087f
- SHA1
  
  ee9ead83cd21fda295c56058708b867d043ea468
- SHA256
  
  3b861510bec7549fd41e8e040a3144a25b044b56a0c1338de3deb54342c9c504
- SHA512
  
  23e37630e5c0c70d78b6d4f808b5248946f6689e6faec35ac9893115a75d59453a3d04f01486ed0c1ea63a27c6930fa612537b26e084a8ef566f44f60ef61bb0
- SSDEEP
  
  3072:4tL04G/O4BDom5hWkNX2xlkHmJRqAnoqOAcRRwo4wuYrXVL+Y:xxX5URji7WYrXl+
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  RiftInstaller.runtimeconfig.json
- Size
  
  267B
- MD5
  
  8b76a07345e5edceaddb7159c490cf03
- SHA1
  
  55911001e04e99dea946e7f43ce73e7caafadc18
- SHA256
  
  e8153794edaeb9e9eaf7db83e4cadcbb7963fe410371b2aac828863934d4fada
- SHA512
  
  b643ddf46879d524f0410b0fc57c12a76ff8f982bdd78fed247061e15eef342ed57ad59658ba6b1a0177f59e8b6424a0413d8f8c8785ab603b0ae91496273c06
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  SevenZipExtractor.dll
- Size
  
  31KB
- MD5
  
  376fd2ddc06ea2df268d6e4c7858368e
- SHA1
  
  e606955e13a7b312098e24779298c5fd74ca31f7
- SHA256
  
  85babd491ba19290a4cd5916163e3ab9923da25682a346c19b807c7ae4c8c0f2
- SHA512
  
  4431c06b4e7889eea022eea3e4f8d4b992ae0251d9b3ae53e6c09ba8fe3d89245fe0923293d4a67746dcdac7a95b5f958f601953d7319c02ce269d56e286e6b0
- SSDEEP
  
  384:QfysWPYd19qGqt5+qy1D9fozylZu/krYcoeXMbCAxgSlGd:Wy814GAMq6UnCAuR
Score

1^/10
behavioral17 behavioral18
- Target
  
  System.Diagnostics.EventLog.dll
- Size
  
  52KB
- MD5
  
  87072a8e0d0612fc3f91b7d4a5e21f2c
- SHA1
  
  d68036e26435524193439e70d0b14252fe4b3950
- SHA256
  
  c2d2e40907a42c232f50167753722da6c450adaaf6864fb4f1f477975ff3e527
- SHA512
  
  4639cae26d2ec2625e87097cbecc9e779bd5cc7c25d0028e237169804c92759b18865dfa0fc00c6073536efc24a02754cbade0c0c801e4669fcbd35dfb3aff19
- SSDEEP
  
  768:xh+bxanMCMn43GxsGbdqdMBDBjX+PFki6ej6mL+7NQ1OaY74OMv:xSxaabwGxihWNP74OM
Score

1^/10
behavioral19 behavioral20
- Target
  
  System.Security.AccessControl.dll
- Size
  
  54KB
- MD5
  
  2aa3be1a5e32b7fc89ee5460a2c4db18
- SHA1
  
  ff27582916b77d75df896399ede0b9e8ffe369ef
- SHA256
  
  93084849c17a21f641c13c9f17545cfe18c1ec097561f3f0ebbbe26f358ba120
- SHA512
  
  f470fe10e0033a8d96de8a747243eb1f90e07108873270d4ca538a02f46ab20232fd715b05a2f23357c0d58b0c845c4e7ea35f453b90aeda2942f36d57d6d498
- SSDEEP
  
  768:dfYY2UVC44RvZy5cgPWOUl9QR2OreWBkyNFazSuVN:WYtV+hy7WOUlYbrlAzhVN
Score

1^/10
behavioral21 behavioral22
- Target
  
  System.Security.Principal.Windows.dll
- Size
  
  36KB
- MD5
  
  a1f634780387ab0b5219a8741366f4a2
- SHA1
  
  0cf42e1bd78443ae1d6c16223a7ff463c5105d21
- SHA256
  
  7828dfd952a9fd49404477baff714849177d9f18c0654adafadbdcafb4b21f47
- SHA512
  
  77a1a74ed08c746c0de4d523d0128233ebe8af601127bff5a2531a8f062ac83d2e6c792b54ab17ecb0cd4ef4a9ce3216975953ceae8ebaf26374bf809a79bfd0
- SSDEEP
  
  768:Ur8Jx0w6kYq/fru6/EBiOBGyU3J8R64N3:NYq/fL/EB9BGyMJA649
Score

1^/10
behavioral23 behavioral24
- Target
  
  System.ServiceProcess.ServiceController.dll
- Size
  
  33KB
- MD5
  
  8cec91314808d30c9274b59b152b4f29
- SHA1
  
  272702eb399e2d0457dcbcf61e88afa684109b60
- SHA256
  
  c44bd57b8fe3366864c22069491b723db9c6978e930e509bc75404e1d30baa28
- SHA512
  
  38475d6bdf2fe4f7e4a2bcc8e3a34c1452056319f584dad5c355fb12aa7182f9d697c53e56b681e63581e6cc994ee950d0b53468e703ec33e8c7d634e3289d58
- SSDEEP
  
  384:s35fIYoim9rpcDo9f/rgN4KTg/7AGL2/ABNfV2D1Nlt9fM8VKWiWV1upaWB/uPH6:2WVEDYf/cNjO7AUN92D1NltyHMwtKI
Score

1^/10
behavioral25 behavioral26
- Target
  
  runtimes/unix/lib/netcoreapp2.1/System.Security.Principal.Windows.dll
- Size
  
  36KB
- MD5
  
  0035b12417dfd1d22d43d696968cb54f
- SHA1
  
  76ae451be0b87ac0a7cd5de80edbe117ae191535
- SHA256
  
  f470c7ee0f99f5ceaa25f51970988cfbcddbe0f8dd8491ca3e9cf4f9f52fdb75
- SHA512
  
  600a2ce00f779d0a2f87ca23cf3c6d280067666879a3978923056b094815830aea9caba7a5e32bfc6a0b973c8d2a6d706eea1f73658ead840cc05ae705841f43
- SSDEEP
  
  768:hr8Jx005YLlU2mM0faosEbTnQD+o3J8RkK4Rw:4YpFosEbTQD+oJAkKIw
Score

1^/10
behavioral27 behavioral28
- Target
  
  runtimes/win/lib/netcoreapp2.0/System.Security.AccessControl.dll
- Size
  
  99KB
- MD5
  
  5ca4f84f2270a788fa2beef07a4789b1
- SHA1
  
  10471c83f8f24880edc09ccfde4464119ca7e9fa
- SHA256
  
  94d32fbe707c5a162c1f7e37b092f0ec39f5c03152609a140c9f85aa4f8768ec
- SHA512
  
  e5b7f40396515db845e48967f704438ea06359a4e4ff728fe98e44807a935bf44aa0e1c26d1976a4ee8d587f970cdb40f95f0659910fcda6f8f935968882042a
- SSDEEP
  
  1536:f8dCzHuriAqBpmBe2mmEdrrrzDhHbVudX0lqxDU:UMzHu+AOmBlmmEdrrrzDh7VudEqB
Score

1^/10
behavioral29 behavioral30
- Target
  
  runtimes/win/lib/netcoreapp2.1/System.Security.Principal.Windows.dll
- Size
  
  79KB
- MD5
  
  e9f61f68df63cf7ac8353ca16a4dbd26
- SHA1
  
  0b94fa28a00c427536cc948e2b0ecd1f6a67a010
- SHA256
  
  0add93a25fd4e011db55cac9e7c062b807d98447bc8272cf3a24b06b7437c16c
- SHA512
  
  793a139769f93d74b59f7d46846d3023dc46e129c88a6bace865be9d97806832433248e65886c8d080e241201ad4aa04b4b664db42e612ad5408838afa4af89e
- SSDEEP
  
  1536:la2wV3WjgCUdS3gDJyUyEy7pZpH1I/GQhaH41D2wlJAw149Tw6:l7wV3YgUCKE6H1d41D2wcK
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32