cea04b7b70e782a4affd7ab3c121a33fd0dc63c727d39cc04f89327a45a612e0

Sharing

Copy URL

Twitter E-mail

General

Target

disbelief-installer.exe
Size

48.1MB
Sample

240913-z927sazclm
MD5

a95fadeef901adea7442cf8bcd70eea4
SHA1

66077f0e21db5a5d454f7654ffb7690a8eadb52a
SHA256

cea04b7b70e782a4affd7ab3c121a33fd0dc63c727d39cc04f89327a45a612e0
SHA512

f180ca3b5440f7fc183cda0a9a4d429277c60ab64821fdb1f97c37c8248182416bd97c1fb63f0057dd5e892428bafa2c12608f7e65416351ef4568a4e53690de
SSDEEP

786432:k5IIdCVQVgUqaE+dpsix3VNSIdqinOdwyEWX/teWe3AHqLgI/83F+jbmgF0bhUSh:kxUUqatdpzVA6bOjresHI/0FumK0x

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  disbelief-installer.exe
- Size
  
  48.1MB
- MD5
  
  a95fadeef901adea7442cf8bcd70eea4
- SHA1
  
  66077f0e21db5a5d454f7654ffb7690a8eadb52a
- SHA256
  
  cea04b7b70e782a4affd7ab3c121a33fd0dc63c727d39cc04f89327a45a612e0
- SHA512
  
  f180ca3b5440f7fc183cda0a9a4d429277c60ab64821fdb1f97c37c8248182416bd97c1fb63f0057dd5e892428bafa2c12608f7e65416351ef4568a4e53690de
- SSDEEP
  
  786432:k5IIdCVQVgUqaE+dpsix3VNSIdqinOdwyEWX/teWe3AHqLgI/83F+jbmgF0bhUSh:kxUUqatdpzVA6bOjresHI/0FumK0x
Score

3^/10

discovery
behavioral1
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  193B
- MD5
  
  81b9854cd40b04c3d50391ea6d28c61e
- SHA1
  
  d31ae147cac2daef64aa27dab5179334e2101da8
- SHA256
  
  4868ee046975b35282e7a613526d3c9d7b3e0b1122794238d286aa464b0b5bd1
- SHA512
  
  cdf7d0924536c3ebd58bde52617287035d481b4b07622efd6a0e37cefeffe1a6cdb42c80b2b94e9ab57006bbf981fb8a23b87cf00783cd73e5419a5c5880facf
Score

1^/10
behavioral4
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  25KB
- MD5
  
  70b1c51818fde4a6518400365d456c9a
- SHA1
  
  c0ea07f771c92b3cf8f25abe4fb4b969ac2f0d91
- SHA256
  
  9bcd25935ffd9a7e3ee3baea50b0a11bb255416ed85fd1b2a79a2ce379c6a294
- SHA512
  
  02cf4006a05ce1e50bca36ffbbccfb2a933598d76deead512f23325371a2f79e70b0b155c45d82b15baa7a525a5aa5834178c18bf7680a29e9aa1f98928c6d2a
- SSDEEP
  
  96:WWRtpHq9cIJYa4MeoEEgrEppABFdaKreTfT0e:LRbucI/exbEDAEy2L0e
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  201KB
- MD5
  
  a09a49e3cf0d12a4fb951d67a2e0668c
- SHA1
  
  ccf4cab2842fbf103ba5400425e3b1390c6b4b29
- SHA256
  
  9553097d2f4002e1994d3dcd7de070257d9fa1151db858ff5474f7c3d2c4f940
- SHA512
  
  5037062413f1980a85a63a12607f714a77c1acda9105532d157cca54ea9b690f9e53881dbb33ad1ce5df4f5e129cb08e4a876e0536a8f8536d50ef5fcd6c2819
- SSDEEP
  
  96:gchSiMgU6ToDfBniUqa577r9sZuOTCuDjvrTfdWBVlwf8foKybb/n2E6Otd1NWbh:RMguDf8U/5frFsrhWXyESb/zzDWYtg
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral6
- Target
  
  $TEMP/vcredist_x86_2015.exe
- Size
  
  13.1MB
- MD5
  
  1a15e6606bac9647e7ad3caa543377cf
- SHA1
  
  bfb74e498c44d3a103ca3aa2831763fb417134d1
- SHA256
  
  fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
- SHA512
  
  e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd
- SSDEEP
  
  393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7
- Target
  
  DISBELIEF.exe
- Size
  
  4.8MB
- MD5
  
  30e3d26970e34d24488fa01c406d29ca
- SHA1
  
  d87709f173e7002fbdb606ecdffe86d9e307967b
- SHA256
  
  79b1b6b5fc07cddad2106e3f8aac4f4f9ccd8ceb86a585a2d3f2412afd35390f
- SHA512
  
  1f02be6e8c7141a1b65e79b448ddb9b3b15f2e9764dcad5ba3ad0b6f2a4ba54163e19fe9dd19f62fd496bbcda688e7ef2dffe426c63d62be5b2f6a3670a40422
- SSDEEP
  
  98304:kvmzkMYYWS6eQSBnHNNOyVHaF6jbsFlANsLh6biozgi/6g45YMw2LVjQ:kEkRYWS6eQSBnHNNOyVHaF6jlsFeifHu
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral8
- Target
  
  ExecuteShell.dll
- Size
  
  82KB
- MD5
  
  44888e539e8073054c81f29b1ebaed92
- SHA1
  
  976f83d418078ed5ae2a04037a03d819344b469b
- SHA256
  
  0def42acf7e7a7a605c30dd0d3a37e953a8c92bceec54cbbc8f654c0ae8a8408
- SHA512
  
  7ac06904fd1f3ca4be90cae383c6679f86919bbe056cad28ee25758688467062a341652345bb01f949bf50ece85b82334979cfdd6fa623cddcf11c35421a3230
- SSDEEP
  
  1536:huS3aTllJqIEXzhiS82WPPMbvZK9osWvcdb4ZsOBnNUN8:P3oljEXzhS2WPGo9b4ZsOVNUG
Score

3^/10

discovery
behavioral9
- Target
  
  Uninstall.exe
- Size
  
  157KB
- MD5
  
  1024712976464900cedcaf6eeee10d2d
- SHA1
  
  7a32cfb3da4f9f381274ca867f5d5134d30b982b
- SHA256
  
  98053320c09e50672d19be20526a12eeb42543b5d9341e2824e672fb494aba40
- SHA512
  
  923af4b868ea2f838add7e16f6bc4d12b0cd45eda6bc6058edac0b1d0257703d0c44cf229195112f635890ff5aeabfcdf52e1e605dd7d0dd3ad0f554443aa669
- SSDEEP
  
  1536:PpgpHzb9dZVX9fHMvG0D3XJBgBLIAIKS/x3UVIuQnLf2/:xgXdZt9P6D3XJBIIAqx3yI7O/
Score

7^/10

discovery
- Executes dropped EXE
behavioral10
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral11
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral12
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  193B
- MD5
  
  81b9854cd40b04c3d50391ea6d28c61e
- SHA1
  
  d31ae147cac2daef64aa27dab5179334e2101da8
- SHA256
  
  4868ee046975b35282e7a613526d3c9d7b3e0b1122794238d286aa464b0b5bd1
- SHA512
  
  cdf7d0924536c3ebd58bde52617287035d481b4b07622efd6a0e37cefeffe1a6cdb42c80b2b94e9ab57006bbf981fb8a23b87cf00783cd73e5419a5c5880facf
Score

1^/10
behavioral13
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  25KB
- MD5
  
  70b1c51818fde4a6518400365d456c9a
- SHA1
  
  c0ea07f771c92b3cf8f25abe4fb4b969ac2f0d91
- SHA256
  
  9bcd25935ffd9a7e3ee3baea50b0a11bb255416ed85fd1b2a79a2ce379c6a294
- SHA512
  
  02cf4006a05ce1e50bca36ffbbccfb2a933598d76deead512f23325371a2f79e70b0b155c45d82b15baa7a525a5aa5834178c18bf7680a29e9aa1f98928c6d2a
- SSDEEP
  
  96:WWRtpHq9cIJYa4MeoEEgrEppABFdaKreTfT0e:LRbucI/exbEDAEy2L0e
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral14
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15
- Target
  
  data.win
- Size
  
  39.3MB
- MD5
  
  734447fa1f3eec41c11bdb5bee0a4f46
- SHA1
  
  3c536c62ac0ca39fabdda38e18dce2fd12a5a150
- SHA256
  
  1a052bfab0c5fd02f24c3b857c90448c5a729fe1b5b887137d180f025de1f7c7
- SHA512
  
  8da8d62a6ab41c2aa67701b5e412b5b14ec39a4b620750bf28811780b707acf9a58e4caedd89052b1cde852fc5d88f304a017830b10ae7bd1f6535b481ed752a
- SSDEEP
  
  786432:JX6e/JnicFIXzKDk8y4dJqyloxIcI69rHacouXxld0trelB:JXL/JiYIgE4Zl4Ilc3gtylB
Score

3^/10
behavioral16
- Target
  
  discord_rich_presence.dll
- Size
  
  85KB
- MD5
  
  631abcdbff360f1dc0e353abf58a1a63
- SHA1
  
  a63e2bf734513273da0662f31f5d46022090b9ec
- SHA256
  
  dc1f3d1a0ec37698535bab005f1f51538b22b6ef589b45d16f28794c31507cd8
- SHA512
  
  7ef12d84af299b2c9f72b2a4fee423c975356b42f76ae9bfc6a1a0f2c09b836414ec48d5deb607328495ba39cf38ebe76d493cda70e2ab629256f8158e748462
- SSDEEP
  
  1536:XcHXScMXZXgXg6LPBmPQX+fpXG0Yu5BiDU2KRuTIRusfW7:sHCcMXZZ68QNhK4nsfW7
Score

3^/10

discovery
behavioral17
- Target
  
  license.txt
- Size
  
  2KB
- MD5
  
  916c4589c406f7c0524e12ba8bb46373
- SHA1
  
  3dde8d42028ed22173d2801adc742e996c396504
- SHA256
  
  2c88d719c0e7ee8aafd407571ac6f1a374bd8c431ed22ea4520dd543cce29ea3
- SHA512
  
  6cb08f79586468c9181531071acf7cc1cf5d92d1bbe96b784e6641a28ca6301b420db3fb9172a256ef1610f04930ecd283a13e1dffa5907e8de4222c9c0156d8
Score

1^/10
behavioral18
- Target
  
  options.ini
- Size
  
  107B
- MD5
  
  a0b3f226abbb05d7d79d1e5934385174
- SHA1
  
  747ac8dada155f3b15580e3ce7d09fbbea78fdef
- SHA256
  
  b85dc03e952f9a4ab4f2cf8321767749122d6658f07e097e509535924ffab937
- SHA512
  
  f93d96933674a00dd4776013a82a955139819580dc2f25649b94376cbf182e25d624dfe2750d4d7661827163dbabd8154d5927904d5fd5c81149d9e2569aa449
Score

1^/10
behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Executes dropped EXE

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19