5b2e051d2f0a8188763fc158ad1f7edfba3ae6f41ef95abd75fb03a685c56eb4

Sharing

Copy URL

Twitter E-mail

General

Target

Raft 1.09 OFME by {cFinder}.rar
Size

2321.2MB
Sample

240912-tnpfxataqf
MD5

dea9a2c1d88d3ff27a4d5dd731e9c154
SHA1

6d53f88242e2a155f5947aaff3f6e97a3a873b30
SHA256

5b2e051d2f0a8188763fc158ad1f7edfba3ae6f41ef95abd75fb03a685c56eb4
SHA512

d75ca3aa50633523fd61455d067aa6b403117a9314706d98db68081e574c4d82046deec2c2c43bffe6a2a48a05627027338146afa3ef1c3c4d629561480a9821
SSDEEP

50331648:2UgxUfOBB0SyyVCNfoqVfdnQwP+nfltghxOGuWiacloBzm6GKzT8JWCG:Fgxz0SRVCTdn/QttvWicBziKzTR1

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  Raft 1.09 OFME by {cFinder}.rar
- Size
  
  2321.2MB
- MD5
  
  dea9a2c1d88d3ff27a4d5dd731e9c154
- SHA1
  
  6d53f88242e2a155f5947aaff3f6e97a3a873b30
- SHA256
  
  5b2e051d2f0a8188763fc158ad1f7edfba3ae6f41ef95abd75fb03a685c56eb4
- SHA512
  
  d75ca3aa50633523fd61455d067aa6b403117a9314706d98db68081e574c4d82046deec2c2c43bffe6a2a48a05627027338146afa3ef1c3c4d629561480a9821
- SSDEEP
  
  50331648:2UgxUfOBB0SyyVCNfoqVfdnQwP+nfltghxOGuWiacloBzm6GKzT8JWCG:Fgxz0SRVCTdn/QttvWicBziKzTR1
Score

3^/10
behavioral1 behavioral2
- Target
  
  Raft 1.09 OFME by {cFinder}/MonoBleedingEdge/etc/mono/4.0/DefaultWsdlHelpGenerator.aspx
- Size
  
  59KB
- MD5
  
  f7be9f1841ff92f9d4040aed832e0c79
- SHA1
  
  b3e4b508aab3cf201c06892713b43ddb0c43b7ae
- SHA256
  
  751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
- SHA512
  
  380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
- SSDEEP
  
  768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  Raft 1.09 OFME by {cFinder}/MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.aspx
- Size
  
  59KB
- MD5
  
  f7be9f1841ff92f9d4040aed832e0c79
- SHA1
  
  b3e4b508aab3cf201c06892713b43ddb0c43b7ae
- SHA256
  
  751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
- SHA512
  
  380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
- SSDEEP
  
  768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Raft 1.09 OFME by {cFinder}/OnlineFix64.dll
- Size
  
  4.8MB
- MD5
  
  cb4e1a2fd111afc56f63f56f5609eb83
- SHA1
  
  e7353a28af53ff42269c81c49c36f19fcabfe91d
- SHA256
  
  155954174a6fa52ec64ca44e4d77f387e7c9f363541c81a4a7812d9c783af3ca
- SHA512
  
  b656aeab84ca75c912d86bf8cc8c88d081f561656c7c8c4062d87361519b848cd4c5e340133e29fe75695bfb219252e5b4e339f5dba62e77d3e286f8fa591019
- SSDEEP
  
  98304:9xSHrvebLMZjjTV7CXySrwgUYrqwW9Z6DijYeJ7jhtKWt7mf:9xUebLMxSRwemwW9YDijl5fKqO
Score

1^/10
behavioral7 behavioral8
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft Launcher.exe
- Size
  
  2.3MB
- MD5
  
  9512690f8bf8fae1319e2e86715a6bff
- SHA1
  
  0797390c6608e2ca09119f290f37166c72e98259
- SHA256
  
  ef1c14557d392abe0a5226e5e3444edee85513fc301c49c50275cc4b6be16fb5
- SHA512
  
  8c994946a0e2e43a1b576e5be4bb9b9335af553f17b9861740a8b0b1004b617dbe19a9689793fb9822705c911ce5f730f6ef13019a79a991cd84e4ac57e7f83f
- SSDEEP
  
  49152:jkqXfd+/9AAhanz+zPPTBbWMx6NiWVzMyijqippe+Q7hZIAeLViHTp+EnxTIlDCx:jkqXf0F3WSLY9NiWV9iGNnx9
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
behavioral10 behavioral9
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft.exe
- Size
  
  837KB
- MD5
  
  16d64ca4f6f1b8e773550390bf97fbb5
- SHA1
  
  8f196dcd7f45edeb9993d97f1395a92744e32ce7
- SHA256
  
  5438c19007ad96da0a969c0c0caaf00aa06375f1a6e85073f91a1392af94d059
- SHA512
  
  4d500528c1f6366b3732a94466dc72f0151b278116500ca0a0bba28185afc3dda75e9a26a1c152900b93a34ada3f69b74656e9559ee15493dce11d3b439e4c13
- SSDEEP
  
  24576:qScKne+Q7hZIAeLViHTp+EkxTIlDCODVND4W60RxLuYbN6KmoNgODdk:qCe+Q7hZIAeLViHTp+EkxTIlDCODVNDE
Score

6^/10

discovery
- Drops desktop.ini file(s)
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
behavioral11 behavioral12
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/Assembly-CSharp-firstpass.dll
- Size
  
  427KB
- MD5
  
  bcf9004f3888819ed09911535cad0592
- SHA1
  
  f27ba3b837a42cef642fa549d98630454879e9d2
- SHA256
  
  8437172da311557f79cd2e60c37685bd6b818614a1cfa92db38351c416a3373e
- SHA512
  
  1fdf6f615b2f834dfadd6a0e97b01f2b91c3816c123857ce1beec514231c41839c3ff5c8c9b014eedbea4cd4d90d20018a72e84839cc9727775adea47d1c4374
- SSDEEP
  
  6144:jNyrxByWx5PyGQ+8qaUv860QURc7Fvqc+GP0TwFsobIsOkYsrcw0rLZM6mpHSYjZ:jCyWx5TQFRc7FvqOV0rL4Hr/lS
Score

1^/10
behavioral13 behavioral14
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/Assembly-CSharp.dll
- Size
  
  2.6MB
- MD5
  
  08ce9f7a088558e5673310186a0ff230
- SHA1
  
  4eb72d2ba0e207a3b8168c5b84270a9e86c5fdd7
- SHA256
  
  1ac5f7b273c21522ef19b87cb8d4d91b31c45318bfddbee1ef56361f8b2b12de
- SHA512
  
  0bc0ab35b53ad75124c5a3a068b78279e4d5be3d636f8883950f42cb08956ec404493b9b817dbde87302d59c812b953b4f5e232df4ab309e4c37d0879e75c4df
- SSDEEP
  
  49152:C3mBwc/EHqsxHmD+bjQfFNb9M4iIkaGr7te1GZpTM7c:CxtqK7
Score

1^/10
behavioral15 behavioral16
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/Autodesk.Fbx.dll
- Size
  
  336KB
- MD5
  
  15951f7aa0536acf51eaca0252259809
- SHA1
  
  1ae2cb3ef333b4ed8d40a4e69c3fdef7a8eec481
- SHA256
  
  81555afcfcd1a3297f952f19341c0ed9b1595071496ba5d5fad517d8265d921c
- SHA512
  
  d39db0e617904b3ac7bfa273aa7c842c564e53a7effe0a585e74af65d64ea18d7028fb37b60b92d28121d5e31c47a07cdd28b5450c02e27b453d088caa278b03
- SSDEEP
  
  6144:FZG301V5u+/AZuWASRXck9ItuLbmebBXOwPDC:FZG301Vg3XXvbDXOwP+
Score

1^/10
behavioral17 behavioral18
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/MeshExtension.dll
- Size
  
  6KB
- MD5
  
  f23c524924f674603b88d5d6288366c2
- SHA1
  
  5609e496f82bdb5f1a0d5a1ec33ca8769344c3cc
- SHA256
  
  25c015a9f171dbb2279f32844d32ff7dd20a5f03a6ff4bcbfefea5b807f3d6a4
- SHA512
  
  e40302ec55123b40e0b5462057bd9b6508432c2c5eca13c3567a5957364f7882837921812fe599dd443178a6c4088d219e0130980d1ed7b468841fae1bad24b0
- SSDEEP
  
  96:64oBdoRJSoXcwv7oBAov7oeloOsF11C+xKh1YibNNQsIvosmMSmd06hojXcJvV:GkP9s7slOh+xKh1Yi4vvosL07jWvV
Score

1^/10
behavioral19 behavioral20
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/Mono.Posix.dll
- Size
  
  207KB
- MD5
  
  72c9ea78101c493635c0f763d1795d7a
- SHA1
  
  c04e331b6415bf566e1aa26550bf794651704c7c
- SHA256
  
  a33abceffeaa6b6d5dbd2cf77210daddfe331ed40eeae4cea3c5efb0c0db2cc0
- SHA512
  
  4dcc9495000f0cb0d93381a466f8d0553c2f9ef9521ac71979371b5eded37a25224a861ccc101a24b0b2741d30efb71d81d03fa00ca476bf8339c1786d9c46f2
- SSDEEP
  
  6144:9c9wE0Q11JQ1S+OWMYU7nUXxOwblnsAPe+Eg:9c9wE0Q11JQE+kY1SA1
Score

1^/10
behavioral21 behavioral22
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/Mono.Security.dll
- Size
  
  302KB
- MD5
  
  d1b792d07b0e08ef190eb6ef5361e6f3
- SHA1
  
  36890188d80598132d63561ded707e641282f2a1
- SHA256
  
  2b7651b398dc63af0dbc0038758981c29238a495681a7ed487357a464ad4de15
- SHA512
  
  1229d49068401a078b81ee398524327ccdebcd2fb6134c980d643b76f075244f2670d0773aa35027aa8b8d40ad6c29f16a223b142f3a6595c3641c32c8c31215
- SSDEEP
  
  6144:+JvWNTGENjTzSQfGFzPTzcyaksosrNn95tq:fmFz9mN
Score

1^/10
behavioral23 behavioral24
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/NavMeshComponents.dll
- Size
  
  16KB
- MD5
  
  81ff9b47b0638fa6ac818cb101da6cf5
- SHA1
  
  2afc2976f16d44f7c899cbabb066161da99bd361
- SHA256
  
  089d81265106bd6891dbe79944dd531ec9cc2cb3630a4a7a60af88f84a1394f4
- SHA512
  
  660be2b7ade99dca77045ff95ffac4730d57a12d05833e449af6f649c92e58ec58d8d552b40047fc186fafa6708be8aab5c877a34b4cf9e8c8bcb306dec578ca
- SSDEEP
  
  384:K2JyfC0mbz73tM0p4xXj3NddE7rtRX8j:K+bf9Mjxz7dE0j
Score

1^/10
behavioral25 behavioral26
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/PathCreator.dll
- Size
  
  30KB
- MD5
  
  51cddda32082ed077834b7164bbe0b48
- SHA1
  
  d1b6e25a4a0738b01cd9f12f123bae170e8d8c30
- SHA256
  
  a13778f973bf346d023f345c7642d38467fd8a2d6e8e19180b2d156c5104d886
- SHA512
  
  969ee018aa30c9d8b69b6bba02e64cfbf163e61db61ff3945fd2a35a341d1fb970f520bacd3f881e12d354d158901560732bb3bcea48d951d7e47cd8e55bbd98
- SSDEEP
  
  768:DJs8IHbsz7g+v5pcSblOpMJ+Z440BNEU+sSiu:DJs8IHb/klO6JQ440BM
Score

1^/10
behavioral27 behavioral28
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/Sirenix.OdinInspector.Attributes.dll
- Size
  
  32KB
- MD5
  
  e82a396ce5c7792379dc95eca8d11334
- SHA1
  
  522a7590453a53b9e66ed134c90fd207ceca4d5c
- SHA256
  
  1d19cb026621b4cc244ab46077a2a7c2ec3278e9880073ceb6fdbb50cbad4030
- SHA512
  
  74ec4c82193de0db7becf65b416bed44ec9ba9a21a1006c1b9d7bde1c80465427c196c0a631e4a58aec717d3dafba8c76e38167654c4bb704fbcd7f765f51607
- SSDEEP
  
  768:hoHHPtkA0fRwi4tvS2OIXaDK7GtHNIpJxH0YTKtVLO:PAWwi0S4OoGtHNIpJxH1TKTO
Score

1^/10
behavioral29 behavioral30
- Target
  
  Raft 1.09 OFME by {cFinder}/Raft_Data/Managed/Sirenix.OdinInspector.CompatibilityLayer.dll
- Size
  
  5KB
- MD5
  
  d5ff04100ea8e697d3325a7411bb9ce3
- SHA1
  
  12cc1a85eae949ffeb149e1d4a0b1b746c9df4dc
- SHA256
  
  155f8ef73cc7a1b109b6ee07de2194ca303ecea1041d575ffc092cbeaed3e200
- SHA512
  
  e3d679fc0a2645672cd125b88ab6276192967ef837f2c53884c0e399dd0d25becedf3b595bda0b09f2cae811fc725a41bd1e777c7b7cf185eb879173b3094c52
- SSDEEP
  
  96:YqpW3IV1eJTxwmMSZzNkW5t8Q5wjopSG:Yq4ISZKFQ5+XG
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops desktop.ini file(s)

Network Service Discovery

Drops desktop.ini file(s)

Network Service Discovery

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32