3f50ce0474094a6774673b72faa456bf2fcda5830edb0cc2b00aba5c08611585

Sharing

Copy URL

Twitter E-mail

General

Target

GMStudio-Installer-1.4.1451.exe
Size

197.1MB
Sample

240906-sxqjwsvaqb
MD5

bf340a3b91675b5e8aee3be209424955
SHA1

e4c3aa347c292f7b9b404eb69744ad6d37feb190
SHA256

3f50ce0474094a6774673b72faa456bf2fcda5830edb0cc2b00aba5c08611585
SHA512

9bc764cf5c603449ed3242f40bd20ad57f44d16b4f16e98fbf2b69d7641f1c0ab4f48d842873717d82de2ccafee345814f4b79d98e010c1a53d72852a8fb9bea
SSDEEP

3145728:6Qra55GGP0eMMYBjDTfxcw1VYuzaQFrez/9b/0D9Re9b+gs7fY0:6Qra5pOBfeMbaQFQoReZBafN

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  GMStudio-Installer-1.4.1451.exe
- Size
  
  197.1MB
- MD5
  
  bf340a3b91675b5e8aee3be209424955
- SHA1
  
  e4c3aa347c292f7b9b404eb69744ad6d37feb190
- SHA256
  
  3f50ce0474094a6774673b72faa456bf2fcda5830edb0cc2b00aba5c08611585
- SHA512
  
  9bc764cf5c603449ed3242f40bd20ad57f44d16b4f16e98fbf2b69d7641f1c0ab4f48d842873717d82de2ccafee345814f4b79d98e010c1a53d72852a8fb9bea
- SSDEEP
  
  3145728:6Qra55GGP0eMMYBjDTfxcw1VYuzaQFrez/9b/0D9Re9b+gs7fY0:6Qra5pOBfeMbaQFQoReZBafN
Score

7^/10

discovery upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $LOCALAPPDATA/GameMaker-Studio/UpgradeZip/upgrade.zip
- Size
  
  194.7MB
- MD5
  
  7f8b9b6cec1129e5b41b01a850a6af7b
- SHA1
  
  98c20ef53db890f500c3efc0464654a606bb1c5f
- SHA256
  
  3b78744be715a9fbc24e61b6ef208f1c5dea3278658e8361d5d9d569f0f1cfa0
- SHA512
  
  327d932cfad19a567ca33a1763dcdb3f80ca99e36ae7cb1931eb00dc88e1cc9ea70f8611001ab26b0db5232298cee555afe6e19771f270a0adbcd44b9ac45e79
- SSDEEP
  
  6291456:8BgYYuwr1plRaIP35YfNPK95lreBBxf6gg9snyauSctqV:86dNP35YxK97qfdg9syxSce
Score

1^/10
behavioral3 behavioral4
- Target
  
  Android/SDKLibs/facebook-android-sdk/facebook/bin/classes/com/facebook/Request$OnProgressCallback.class
- Size
  
  11B
- MD5
  
  8edc10163320b4a79bfb2585a8892d78
- SHA1
  
  c3a9171833c40a0a3988a95daeacac5fd7007010
- SHA256
  
  d9814b3cf1ad09788ad87bdfc7dc99a15b21fd9bddccbb6307564179faabf549
- SHA512
  
  ef946a207db8042bf886001cce903fad809c5c6c0ab40e4f94e3787a80968739e455dab0d5973d46789b0d7bca0da7c21e4e24f673d21ead2c2d3a1fc75a7a1c
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Subversion/1.8/x86/bin/svn_populate_node_origins_index.exe
- Size
  
  4B
- MD5
  
  48ade8cbaddfb3ad785815790f56cf3c
- SHA1
  
  dc8894a667b7fedbe637948c3bd683c31d456381
- SHA256
  
  afd1bd5a6226bc97410f17c6ed3d3831627997e40c60a90eafeed5e3b86b67ea
- SHA512
  
  024d1af1fe359601fd745f30991762bbb26d80f394e562e6849a8e625d57f8c293d3b69a836d8908c8c869a3d038d45bfe7d19ebe7abe29448c681e9f7b85a72
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  25KB
- MD5
  
  752c23314f269cba85384ad27ed57bf4
- SHA1
  
  f6c500773b78bd251b80d567f0e341fcba53569b
- SHA256
  
  45e7e3198ecb0829de5bff3a1a63efd36c29c5abeea8ae4a3e7d972192bc9ef8
- SHA512
  
  e8764633d3fed0e46f99c5f85ed3b3410d385fc36b9ba6cb3f387082c365ff62d994e2c87f2c98a9d232988e0385507fcecc15f01d2e953c37e8eace1715df54
- SSDEEP
  
  96:ikolI26gltSnMYohNNH7YYiz0pACZXKOTqopMiEXeG:ir56glaQtkYXrqoQe
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  150KB
- MD5
  
  8b2e2152e39a995472c35b7a08e0965e
- SHA1
  
  8e46f575c1076c1fef0669a4108f20543b35ce64
- SHA256
  
  e33ab788a03c1e6462c79a4e9ceeab2bc46506f6bf930a3d3c1ce4949c200c14
- SHA512
  
  bfa67ab8101eb49e4411f62f1f60b87ac82e819c175397e592018122ff4be3c93b379504017a8e1b9ff4a13e2334ef26cdca04e683a06c16e923c0a8eb0202b4
- SSDEEP
  
  192:oyHOuCuRpY4ri3Gn8YN/DPKRzGPXknAzo832mBB+G5c/2s7Znw3vlZPV2W:NHdp2mpHOt2v/PVV
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  BouncyCastle.Crypto.dll
- Size
  
  1.3MB
- MD5
  
  2a01d4f1c2cf4a92cbe4ec08c4e95fe1
- SHA1
  
  db07d3f6ddb2a041524be11728ba11388ae2a7e5
- SHA256
  
  cb4c24076680e24b61986dd3d9667ff8dea3b790f0539863c89ec952d43e3bff
- SHA512
  
  2f67f8f66ac70a819f8288f5063e14d6f845b1342ec02e4530252f2ce8a6357f5462fdf8f10eb3a372e66b5c06c54c274faaef5374d1deaa0385fa53c96c653b
- SSDEEP
  
  24576:df9auy+ETsaTcalcyqx5M0sTl8eJtl6oRStp6c2Z8i6n8xkG54Y+A3qF:Zr1yqxm5Zlgpln8xkG54Y+A3qF
Score

1^/10
behavioral17 behavioral18
- Target
  
  GameMaker-Studio.exe
- Size
  
  146KB
- MD5
  
  2f562511ae5a4c196a210194dfa2a96b
- SHA1
  
  b68d5cb309d6e17de37debd4adbfaa1a61d94a08
- SHA256
  
  86eaa38238e214a98455513f12fc789396058f7fe185ed37cd3d6b7f3d10a48d
- SHA512
  
  f030ab69494da05232c66e338334f798ed0ef05143d90f265bb3f135ffbeeab14dfb726d48bb126d81d18ac09ab20496907b46b3d14097572c3bd233fa8d10de
- SSDEEP
  
  3072:+cQanRvzR1G40rHo8pMFusZ6hncKAYOsLWHp1jq4MExW:+atf0rHo8YGtExW
Score

4^/10
behavioral19 behavioral20
- Target
  
  GameMaker-Studio.exe.config
- Size
  
  2KB
- MD5
  
  d185e80cbb0d9c48f5dd51da95a68645
- SHA1
  
  f47b767499265c8f05cde4a4bdccefad4922c604
- SHA256
  
  80c57cd198bc232a32b42a5772468a6294363b4d13da08a142abc5005c3b9cb9
- SHA512
  
  c0f6cd7118b298896f852d980af9174ed67b1a0aa1a89e639ab3dfeabe967f7bc9c73b7a1480b123f0cfb86c2c189f9ccf463059766be61308d41b7ce4a3b140
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  GameMakerInstaller.nsi
- Size
  
  16KB
- MD5
  
  3e9248ca13c38bf11c6fdc1b274b5d44
- SHA1
  
  d406c4527b1bdcd83ca56bd5d78ce15373e4cf33
- SHA256
  
  7642b2bebf20d03a1de12d135c12305f6b0a4173a9acbe05b8ee6f7d3f002957
- SHA512
  
  fd65e3bb64928981970d1f9ad3eb5b52470e6e1e1860aae7bceac0592f42c2b9e00e2638b0712245eccd68491b53793415b6583df25c8ccc7b458fc33038a1bb
- SSDEEP
  
  384:adpPbFQUj4Ob25xQifdwxwFwY2DakGNb9yZc2wgdSZ82QvQz1NyNC26sDiaeH1Dx:adpPbFQUjm5xQ/xakGNgqlpuHvQz1NyU
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  ICSharpCode.SharpZipLib.dll
- Size
  
  201KB
- MD5
  
  606eaf5d8c2d30ec156aeff472e7c369
- SHA1
  
  f7bceab77110c51bc074d0414242de7fa7966bca
- SHA256
  
  b94efee942d6017515ff8f0f4c8b632475fc8f6945962f5eddd50e54a920f810
- SHA512
  
  14c165295c7d83d74863524c11df69dc26e31086f529305e5f09d6add5582be11c9e0e1835dc9de71b6f0ed8e3d88316e5313a81ddf1eaa20dcc88615d150451
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1+:GibqI59PpOPf201/z7pI
Score

1^/10
behavioral25 behavioral26
- Target
  
  uninstall.exe
- Size
  
  40KB
- MD5
  
  8c20cd51867103de604603ab46c869da
- SHA1
  
  eecd7384c9eed0f90ef78678131073a284c28afd
- SHA256
  
  5f3dcf97cf54e0b58cb0fe1633d72b5f0a428e7d2045faa41c9caf70791f87dd
- SHA512
  
  16a267f4a74addc3deb34dcf0f3e42a8ea724c26164c788dcc8bec8f44682251f8b4ea1facb23b770a264dc6e1eccea4e52af99ae61bb46f41e1f52efc6969bd
- SSDEEP
  
  768:dHJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJhJRnNA:dpgpHzb9dZVX9fHMvG0D3XJfA
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks installed software on the system

Checks computer location settings

Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28