2c9ec82181a92a3b86f25a048d0257836ab8b2b441bff186215f5cbab8e3a33c | Triage

Sharing

General

Target

CoreKeeper_Fix_Repair_Steam_Generic.rar
Size

10.4MB
Sample

240905-w9zj4sxgkg
MD5

60a1b4df8e17357383f632acf7c33405
SHA1

65f81d71fb89ccd386c553757c566ab1b662479d
SHA256

2c9ec82181a92a3b86f25a048d0257836ab8b2b441bff186215f5cbab8e3a33c
SHA512

b3b24335ed4c82ffad77dbd120ed9e28a53417ee1dcb3208f9f21b944c1b719b1e1cda0254a6beda4df0c336400ccdff1a66800bb002e1f3b901325c30729bc0
SSDEEP

196608:YVz7LgmY3EzCNUiTDQQqoCGm3aZ6XPF/SfyqLoVUfddB:Y50mU6CRXq5GUaZyhPq8VU1dB

Score

6^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  BepInEx/core/BepInEx.Preloader.dll
- Size
  
  42KB
- MD5
  
  24e30ee42802145447b474613f66c376
- SHA1
  
  096810482069885b56fa430f7dfbcb77506f086d
- SHA256
  
  9a7597d16bfc1d2564c6c1168fb077443155946b66f2041e1d1cf9548de210b2
- SHA512
  
  3cbd64478650c1093e9c778408291d9184a84b5190e2d540060faf112b68feffa2d90a2fb97e82f586b40fd85ff60c77c780adf6f867a591a3c068be3718c0bd
- SSDEEP
  
  384:2MEBj+RTLt5m7jJQNqgXnz2pxZqf3mjE7EP/QvlGM/3G3kDH0nMxbdgRwe5Lybru:vRwJxMejEAPMvGjgbVoLybr6csQp4
Score

1^/10
behavioral1 behavioral2
- Target
  
  CoreKeeper_Data/Plugins/x86_64/steam_api64.dll
- Size
  
  291KB
- MD5
  
  6b4ab6e60364c55f18a56a39021b74a6
- SHA1
  
  39cac2889d8ca497ee0d8434fc9f6966f18fa336
- SHA256
  
  1db3fd414039d3e5815a5721925dd2e0a3a9f2549603c6cab7c49b84966a1af3
- SHA512
  
  c08de8c6e331d13dfe868ab340e41552fc49123a9f782a5a63b95795d5d979e68b5a6ab171153978679c0791dc3e3809c883471a05864041ce60b240ccdd4c21
- SSDEEP
  
  3072:504VEQ2u/niy9UVLCe9ZqdrP+VXvv+sJYB2RHKBi65lhTbCc+hnvvEyP7yq+uei1:QZu/i874ZcrMv2cRh7yqO2CPLHxYq8/B
Score

1^/10
behavioral3 behavioral4
- Target
  
  Custom.dll
- Size
  
  265KB
- MD5
  
  a29fb1e1d4b54b1ba5ab1691e99c77a1
- SHA1
  
  224567640f82d14c690ac30bf2fa678e79cb3559
- SHA256
  
  5adfd3bc6fc10f60905f00c31f2b49c3899e1f60b5e47b31309c592b39d9b40e
- SHA512
  
  574fe61713be270fa4d0fbe3d9c4c48494b446179fb2bca27ccb3a97d0a54269ee3b5372d79058060e787f5a1aee871cbcc348a12c1f02c02e09a9a2aeb2087a
- SSDEEP
  
  3072:1lnJNBhqVKNAX82IuXJVVfubwt7wpTF0nn4VlY+w/ELRx73ZGqVCrnyEEDgRcWz6:DJNobXh9uUt7cTmn4VlYcx73ZOzosuW
Score

1^/10
behavioral5 behavioral6
- Target
  
  OnlineFix.ini
- Size
  
  687B
- MD5
  
  c878eaba3c3b7b5c3275cd7c3d5ec17a
- SHA1
  
  7e86e7f7f2e2c6594b04cd8dc665905a1e79a6f1
- SHA256
  
  3768ca8cf2abd53e5429ce22201116a7a39b772327cd1a585e32839810ceb746
- SHA512
  
  efff96e4819d58596b155108c4df0a1600754ca2d18ede17ade80231651167155fa6de0be698b57b61cb81d4f59ef628815838e8c5b0dc9f03bf8fa53e3c2a7b
Score

1^/10
behavioral7 behavioral8
- Target
  
  OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  OnlineFix64.dll
- Size
  
  11.5MB
- MD5
  
  8757f3d993ee2c707fd3bc2ec9ccd91a
- SHA1
  
  2ed7a354b86539818f1e841f849dc2c35ed4b500
- SHA256
  
  76a8e2d4630a8e3a6914ab35f4ba4c105943c85bcd4ee327b43a976a78fdf8ee
- SHA512
  
  606c903bd2623705e8af207d4ba4cb70a3e601fed6d91155aa7af1b26893d6aae4a4499321e2ba6d2db3493a9c58c74cd977aa01998b378793e200629ef7e983
- SSDEEP
  
  196608:Cc5tN8DOlWKZqI7x68n93H3y1dvCmlHD7CzLD4txdxlEc/HiYDxaVZ477:Cc5P8DOlWMxLnBH38CmlHD7Cz4txLBGs
Score

1^/10
behavioral11 behavioral12
- Target
  
  SteamOverlay64.dll
- Size
  
  114KB
- MD5
  
  0a5429b888c75f6525e1100e32dd2b69
- SHA1
  
  8ae224580aa0838a7b1570c79d4d8f27a1b46d19
- SHA256
  
  f784b4b85b627c7ea541bd2a90c9fc6e9736a0731707c31265aa86fe684dc2df
- SHA512
  
  5f77ac9619ccb5baebabb2e406ce265148ad18c6e1162c7d4c3a5656f38abedf90f756a829da856312689a738a3258382f37a279843bf7db0c14ac953c6992ef
- SSDEEP
  
  1536:h1iaPnCtV4+1/IGiaA7bSMhP3rOy843NxnpWJtRsWkd09dl38s6BtcBRXh4:h1iaPn5+uGi/7bpxaX43Ni3aMLJB1h
Score

1^/10
behavioral13 behavioral14
- Target
  
  dlllist.txt
- Size
  
  198B
- MD5
  
  90876b772c475a69c7251e985300f1be
- SHA1
  
  1c2a4e7fc63dbed25ccba2659ccf2801899b1c59
- SHA256
  
  f1b85990e5a5d0db0dce85eaee84c8983ebf424cfccf10eebbc8b2200109f8d1
- SHA512
  
  255aa00034e2b63e03c7def5a32fa8989ba0bd8166dac50e54e5f00cc58ca758c217c964bd9937cacfcd51beffdfb6af9ac87c57a97ae5a6b3560a2b48dfa44a
Score

1^/10
behavioral15 behavioral16
- Target
  
  winmm.dll
- Size
  
  512KB
- MD5
  
  e59aac558d9f9c5d1312ac24d09c51d5
- SHA1
  
  2f11c4b00f5f92d4466348f9501aa657c9bf6fa7
- SHA256
  
  ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3
- SHA512
  
  1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0
- SSDEEP
  
  12288:XQxOD9ZC0WKOy8zMtJKpBmpMgBNwQuQmMzWq0hNwnoAZwl:XQxOD9ZFKpB+N7JmMzWq0hNwnBZ
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

discoveryevasiontrojan

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18