40e87b453eee20b6c010483bd7dfb0372e5d1ed8baa196826c13f3bfab8276c9 | Triage

Sharing

General

Target

Tibia_Setup_Simple.exe
Size

7.9MB
Sample

240907-w4b7mazgje
MD5

8b702fbcc70c15ac482c8a352c8d6f66
SHA1

911b03be0c5b05efbb30cc43985e5990f589de9d
SHA256

40e87b453eee20b6c010483bd7dfb0372e5d1ed8baa196826c13f3bfab8276c9
SHA512

e5ebcaae0faef674599cc9a34b6ba1ee911ca4c016caeea64e0163571c3649b160773b89ca3939470900c52624a9943b2a6a89df4b52d6f2530b67c947e868e6
SSDEEP

196608:X3BmbNwNPsVWG1rmMrlfIx77D6F9vvCp57x4G+4ZR+v:obNoE/p5E6F4p/U4ZR+

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  Tibia_Setup_Simple.exe
- Size
  
  7.9MB
- MD5
  
  8b702fbcc70c15ac482c8a352c8d6f66
- SHA1
  
  911b03be0c5b05efbb30cc43985e5990f589de9d
- SHA256
  
  40e87b453eee20b6c010483bd7dfb0372e5d1ed8baa196826c13f3bfab8276c9
- SHA512
  
  e5ebcaae0faef674599cc9a34b6ba1ee911ca4c016caeea64e0163571c3649b160773b89ca3939470900c52624a9943b2a6a89df4b52d6f2530b67c947e868e6
- SSDEEP
  
  196608:X3BmbNwNPsVWG1rmMrlfIx77D6F9vvCp57x4G+4ZR+v:obNoE/p5E6F4p/U4ZR+
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  8KB
- MD5
  
  9f1a88b953fd2a2c23b09703b253186c
- SHA1
  
  29d5a5a24e7f782a07e9f5d2ec1d1a6218fec737
- SHA256
  
  8a8f5bafc105186c85f14e017ab6da33ae8f88a9635e51756f90b6d95381d80d
- SHA512
  
  10b3a812c92b7324bddcd23adf923fcaec2532f31bdd9fbf17494fc33f99aa0a0a48b94f1fdd6599fa0189567626a90b324a1d132bf9cb8b00a6afc547e64018
- SSDEEP
  
  192:RmcLe8uWVNz5ZalBK/7rUlYg5q5LcywvX5:RJdNzMKXUlYg5qPq5
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  c275bc6ee70d85aebc2328c06515a2a2
- SHA1
  
  0f12e4736eff8f1a1a4c467e2f52eba2dac4e7e6
- SHA256
  
  30336c7b09582de438d6c3f561f55366dd7094faf24f34e12df44acf19be9242
- SHA512
  
  aeff89ebf093555aeaaa15f86e519523266b08e814578540430b3f2b67c6ad92a8e0072716f8ab80e6afc9a160a7bbaab0800b372107613d78793a9fd0fb9240
- SSDEEP
  
  96:BgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1t13hhEl7y:BgiqVPgK8K9eIdE9B/tJhg7
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b0c77267f13b2f87c084fd86ef51ccfc
- SHA1
  
  f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
- SHA256
  
  a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
- SHA512
  
  f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
- SSDEEP
  
  192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  eac1c3707970fe7c71b2d760c34763fa
- SHA1
  
  f275e659ad7798994361f6ccb1481050aba30ff8
- SHA256
  
  062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3
- SHA512
  
  3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09
- SSDEEP
  
  96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Qt5Concurrent.dll
- Size
  
  32KB
- MD5
  
  1448b511e992ec0566a5ff1621d9feea
- SHA1
  
  3527a082a262325a7d5209fe21456ba31e015aaa
- SHA256
  
  9db7db876d8f82a76e7a738b06436d5f8d1cf8a8d2444722ba69d9d8fac830ee
- SHA512
  
  034e03753a6b8b8f3340a44e5d9b22bb6ebe90c2fd72637461eb897f3a19b45b4e03fd88b744ded4e71b6cd2de72c40fd83db6a330e5a2b9ffdcaa819b372187
- SSDEEP
  
  768:JuTIKOkbHiCz9BCYIo8yeVPZArCYi5PPxWEvK:JuT9HiCpZIyeVPZArC7lPx0
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Qt5Core.dll
- Size
  
  7.3MB
- MD5
  
  8923198a05d9233203e5dbe4b4f9947f
- SHA1
  
  8878aeaf14d75f326e2d53c57a366321705bc6da
- SHA256
  
  b9bb14b87cdcf9292f11948f35e0079bc3b1294b70a1d7f7beea0cd05a3c4cb9
- SHA512
  
  9629fbae2675d9efb3e14d70c2fa8682f41527ea60a79467a323a185346b023ba7280bf4c6b2fa2ceee1b38ccdfd0060c68fdd911e82970d66f3a6acd4e69966
- SSDEEP
  
  196608:VY0A7nAQGfcWd7tTkzVSyserQQLbIb8rEDIb8ZSnfonfrUkk5vut7bVyoV/sJsvj:vsJsv6tWKFdu9CGvoS
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Qt5Gui.dll
- Size
  
  5.8MB
- MD5
  
  9ff2a60082ec4801a1d996eb81b74317
- SHA1
  
  f6e6301a95717377f0ba7af3c55f81e4567dee73
- SHA256
  
  4a758347a63fe37770dc397c2947331839dbd51bbec52015cd5cbef6a25755fe
- SHA512
  
  6f8aad10b7585b248bfb3c79679c5db10678a4ae928b529b924bd5595362910fd6879286b387847002ceea6f80901a32770693edd3542526c984d81aa9f7fcdd
- SSDEEP
  
  49152:IgXM05s1/+4IoFSRLH5rpM3LLvpXO9zNgjZanUYPIz3t4L75LZlFpGsAWvjkPhru:p7aLg3SXvp+tpnUYV75OGjk3m
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Qt5Network.dll
- Size
  
  1.0MB
- MD5
  
  68f3cc58a16f5e2706909fb54004d9cc
- SHA1
  
  be3778a446b4bb294955a8ce10f2064c51652d3b
- SHA256
  
  6d544be49f026e26c1b766f3beb39e0e167e4da7fdcc6c1106ef1e2d21b8c318
- SHA512
  
  5d371464e0e04db180f1f809073cef3e4b00cff0d80e015506067ede74d59a4126a5cad921704dc14cd90acf55206744ca31a14512ea67f1736699f802d8d2e2
- SSDEEP
  
  24576:/gofAdZ2UCZkQxe3L+6ymgdvqht3USCRuidwUoTbwgTyQlvMMlw:/gGpkQxX6ht3USCRuP7ykM2w
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Qt5Widgets.dll
- Size
  
  4.4MB
- MD5
  
  97d16dfa4188d32bf903ccde151bce11
- SHA1
  
  1aeaeed2ed5fc2511cc667e6aec99823387f40a2
- SHA256
  
  7c9bf02af7c9d901f8e33f6a286d1282fa8eec8b3630f35de461fdd638a2bcfc
- SHA512
  
  f021d42a1eaede7b1cfe409c0d57a7504e76a426faa645c8702d09b75f1a21605fc346188c72baab348066c8564403159e5ddc09c9a2a55acd18162ed5ce1b34
- SSDEEP
  
  49152:34ccLCjxo6SJSRBt2PmzH/6shF3kYFKLzagLxg96qa2qmXnf+hH5:3CB6suzyi35K3hm94m3fIH5
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Tibia.exe
- Size
  
  1.1MB
- MD5
  
  fb8153cbd14cd6cfb0ed21f7977b67d1
- SHA1
  
  62610d29dcc5fe15182cc856dc0d193fb24ecbd9
- SHA256
  
  8948564045b6b087c1accc950f08f15067f730bf4935761e62746148286641c5
- SHA512
  
  322dda1f587de85846920c972cfaf76af1900d4a6ffff63036a2e3feccdc8c171f1ccaa885f5f3af7672fdde293be07212edba7f2224d2b061292bb223ed7ed6
- SSDEEP
  
  24576:0IV7wY5GaSMLPexHraf/v+m9NBJVEpr7Mn:00cTxHreT/VifMn
Score

6^/10

discovery
- Drops desktop.ini file(s)
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
behavioral21 behavioral22
- Target
  
  imageformats/qgif.dll
- Size
  
  36KB
- MD5
  
  d46a94990ef205ce91720924e9825498
- SHA1
  
  709016f760fbff9e49cb4236487397a702be09b8
- SHA256
  
  081299a41cf833ee10db061357b0c061b67fc15aec925b403e931b7fc1ecc330
- SHA512
  
  a2155617bb2c12f43a0f04d08ab5380694185f7b1b459fb974b7c1a8702972089b1cb0b0a978c670028fac2c5ad36fe47ad0d547baecd2b81aa25e4f8e5f81eb
- SSDEEP
  
  768:h5tXpR/Qc+97XUy99Z9QQTsBl/Rafh/68FhpUkYihPxWEwgU:3tXnQD97BZVTsBl/cfh/68FhpUk7hPxA
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  imageformats/qjpeg.dll
- Size
  
  376KB
- MD5
  
  b120d7be4eef3c363d51c8edaa943583
- SHA1
  
  bbbe0707efe4d9d723c86fb1f078fae3d5f317ea
- SHA256
  
  2ec569b087f6218b9fbdc19315660b9c7e3cff4a11f72ec9b1c0cd5f3344e71a
- SHA512
  
  e0db54fe5ac9b6b525c86d93e85d96d0cf16cc4d348f6971d3af83fd85d134b6ac69785ca6a39fafe55bab9637c09da73f898cb2880889e8b5f769b303faabe8
- SSDEEP
  
  6144:cbESDkfH837QyDym9tNn32t9yNAD4yMve2rk56SOrRbDJM:nHP0tN32TfehM
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  libcrypto-1_1.dll
- Size
  
  2.4MB
- MD5
  
  5edf3d7bfc0330faf3d342ee76acd11b
- SHA1
  
  58d571f94fb7932b38bbad7e95ce5f830bcc3b4a
- SHA256
  
  f670ae0edf0df35696158c19bd21041950f27ad349ad08699735c288a930e2aa
- SHA512
  
  f453413675a4d683096c4202f390bfe88b41eb855cc7f8662bbc6341263c8d0d614d19c3106d5231f78943673ec606ed9e3d6076c39d95ee533c8fd96f542fc3
- SSDEEP
  
  49152:6OP5ENi8AzyZtvgH98ei1CPwDv3uFfJqTyQ:6OPaZZ6H98Z1CPwDv3uFfJ
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  libssl-1_1.dll
- Size
  
  532KB
- MD5
  
  5e8c9a9bf8ed5c13c14908a94cb03217
- SHA1
  
  8c33b376c266f3b11c12c7d561bf989ec7eb0cc1
- SHA256
  
  092ee1480768a92eaacd920bc7dd0cd2f0a11619ecf8867869545f3a4dff3d09
- SHA512
  
  24695e0d669736053d5916071ab3d3e2850b8ff27151ca00cfdacd594eff3c3ebce91e4e37d1db280a42f7feff52d9e90508c014325d2ea6008f1cbadcd458d0
- SSDEEP
  
  12288:kncmTon8ymkzeQqjkU9TqDwrHt2F4iU2lvzu2:7mTjwm2eHsF9U2lvzu2
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  msvcp140.dll
- Size
  
  426KB
- MD5
  
  8ff1898897f3f4391803c7253366a87b
- SHA1
  
  9bdbeed8f75a892b6b630ef9e634667f4c620fa0
- SHA256
  
  51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad
- SHA512
  
  cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03
- SSDEEP
  
  12288:/gO0BGzePo6+J+4P0xYv7IQgnhUgiW6QR7t5s03Ooc8dHkC2esKcWKe0:701Po6+J+dxYv7IQgk03Ooc8dHkC2ezc
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32