becbc54754933c1ed670f50a19fbf6debab9257cbeb7a7afdca4d41d449ddfab

Sharing

Copy URL

Twitter E-mail

General

Target

release.zip
Size

63.3MB
Sample

241005-lv8jcsydmr
MD5

8534256c98a5a5396e91f0f21b4247c6
SHA1

4ce05ac24471022e15e0c93b46d56a08a86ce31a
SHA256

becbc54754933c1ed670f50a19fbf6debab9257cbeb7a7afdca4d41d449ddfab
SHA512

3b8d1671b5663f37a68b58b2ea10aabb89ddab1661bec1d59a59099a26a535c598f9fb5be03cf3ef64a8c2934b584bcc1b8c5c9507831643953b7c09a95c38b1
SSDEEP

1572864:bFhhkRv4/JGzxYjrZa0bcRPAaq9PFwH1guxTBJlc5G:pDki0OrZaVlAaq9dWJxTPlc5G

Score

9^/10

Malware Config

Targets

- Target
  
  release/BYPASS_protected.exe
- Size
  
  4.6MB
- MD5
  
  437994f469877f8542f20c60265095fb
- SHA1
  
  3131ac636069282b18d8583594956fa30d75b269
- SHA256
  
  c0c2ac68d92c52ffe60699a50cb9e9f8f782bba04d53cffa2d2e0f559bd09fa7
- SHA512
  
  e12cfe87bcefb71ce95075d3d65283aea4126c9fdd174c4a4919a5008f798a8141d45d85af53d4983dc11a65ab0e928736c3bd6182261cc4083497b33da8165d
- SSDEEP
  
  98304:TVmlzf/7Dwysx2pz/GBtN3SgIlJjqIavKI2N:TEl3JxzcI3
Score

9^/10

discovery evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  release/kill_Gameloop.bat
- Size
  
  213B
- MD5
  
  545b6b1b5147376aec1bea5b35be2d8e
- SHA1
  
  4ffe5e562a03fc9505c55d674ffb2a0d1ad8071d
- SHA256
  
  66fb3509057f34ec750b992fd9ceaf7cdb0df9704f46c8c76774d259808d6692
- SHA512
  
  2f230e67e51ff958b0c292d5ad2a823fa6c979fb32a25681bcc93506a5db34b07b55d2b164c8758cfdc99f26ed6ddf5f1d34a7204b273585ee7aa35e5b47a4c6
Score

8^/10

evasion execution
- Stops running service(s)
  evasion execution
behavioral2
- Target
  
  release/kill_browser.bat
- Size
  
  33B
- MD5
  
  8bfcf732b3b4e79bbb8793f9f5697cff
- SHA1
  
  c46ac7b39ea04fb63dffa2ea13df7e7e522f000e
- SHA256
  
  92229f0a98c6c4cd1ca2400535f1cb6415d11a8e19981de5b7f4dc25ed251f73
- SHA512
  
  77c1855486253a2b8e153c55f6f1f768a7f17308b7083d38076aa7f5856d25cf570fd8cd66eff0beadbeb0c2dfb02e2a8f322951512e398f0a427d78097bfe0e
Score

1^/10
behavioral3
- Target
  
  ui/AEngine.dll
- Size
  
  3.1MB
- MD5
  
  f422a0c7607a4045b856ff84d4e5ba8d
- SHA1
  
  3b6c3343d4103d67f2be60360ee53c1e62148ee5
- SHA256
  
  31de8c2e5ed47dfd908f81004f1b30b5789913433c7de66d92c9e36257ce0436
- SHA512
  
  cb4d93a2eac7352baa47987723db2fddb2fe240cf679c16d733e1869e41e531f60e8b8fd64608fbc35cc62fc755d4fcafdab8e97531ce93887814a2de9cb4281
- SSDEEP
  
  49152:sKkRP4XpvXPGpdgMi/JPueXblr/7wQQCLh/5NksOUhKFCEH9B5/Mlklh:vQqpydgMyPQCLh/5NkfCEHX5/J
Score

3^/10

discovery
behavioral4
- Target
  
  ui/AndroidEmulatorEn.exe
- Size
  
  6.5MB
- MD5
  
  9ccd45435110a471b90961a02875b823
- SHA1
  
  b02de833569c3295f571beffb71dd3c5d6dd2b29
- SHA256
  
  715c544e2448a0ac4d0ab871e22136308368473d5b867e6a11fcff7893f424ef
- SHA512
  
  56110464693e4752b2083c13684c2305903fa04c832ee246717c6c1500f4ab8859a4bdf3b012ca1a87c6858fed096c6b354b6b432bec8548ab5c7f80e5ae5075
- SSDEEP
  
  196608:/TRDunx64owBgaKJQwjzqeNpPHzKawrQvD5OkK//En3:punx+KgaKJzjzqeNpPHzKasQvFOkK3+
Score

7^/10

discovery
- Executes dropped EXE
behavioral5
- Target
  
  ui/Start_G_En.bat
- Size
  
  103B
- MD5
  
  d06a07e37940fb16d135c6a082e24b04
- SHA1
  
  c0350a4aff54f7a1b4949c58f86e2414b27b53e2
- SHA256
  
  256015049d786a64cb4f55232b563d5b6c47bfa9ea8801c5b00d8b93887791fc
- SHA512
  
  003914544b31b9de527fa2687ef253dcea768417b8e39ee5a4ab199e8bb16a6476c32272a2f658bf06e9cc3266d26b081ce0c3c1d00637b63220890dceee1c65
Score

7^/10

discovery
- Executes dropped EXE
behavioral6
- Target
  
  ui/aow_drv.sys
- Size
  
  902KB
- MD5
  
  930a2a358b98c8744077c52e4cc4bafe
- SHA1
  
  4d6496663fbd7c2bc405fa0a61ee0bf325ebb24b
- SHA256
  
  9aa5d4e8606c702d39725a98d4f3284333d97e83ab1585c3903d96a6348168e0
- SHA512
  
  67f6fd91370e7b09921368c96ba8a01854842cf973195ccb537a0f5a8965dc1032ea08f8ae2f7265f0120ff644397a039abe95dd0ae2a9a4d537de7faea6705c
- SSDEEP
  
  12288:dp4ZjFWYwuWtj7FblYGyX16+zrqIapI3k12GRrlHmvohemW3sB4kRe0ug64k63uN:dIFWYTWt9gXqF63ARrlyoheHczOseco
Score

1^/10
behavioral7
- Target
  
  ui/aow_drv_x64.sys
- Size
  
  1.3MB
- MD5
  
  4d72255396e25ea7f4a8d371a2d67ef2
- SHA1
  
  5504c08f11fe433b3ea9e34a5533ffb8c00d3d75
- SHA256
  
  f66727a794846f49a1b93faa7a1293a8a0cc22d328775bce9f56bd6da24e28cb
- SHA512
  
  7beaa86290a63dc4e88282885bf1afeb9ea200774f81ce1c2bbbb71f241c3f870394f2ff3b4b2cff68665806689660f4524b6c2d334fb8df8f622ed49b161089
- SSDEEP
  
  12288:xgVTpaToyb7baUw7v191/ipifvo1o5jJHI9k5uZ0FU7EPno7g5vvC3uEm1AzfMS:voyzhAd91/ipmIgU7EPo7gRvCU1YfMS
Score

1^/10
behavioral8
- Target
  
  ui/aow_drv_x64_ev.sys
- Size
  
  1.3MB
- MD5
  
  d740e810bebfab89a94c7e91c5f349dc
- SHA1
  
  e16a59eda8c75a3e5194867beed1067201fabab7
- SHA256
  
  c901a8649048537d45e71dbfb12e4df43539c168077e337fbf1ca350517b8474
- SHA512
  
  6f08894d9fec1ce315524c7c0ddd4bcaac9c881f9c9680898653f3501b61e09144caf3d65c951b16737267b39603d45cd183536d6b0a698c54fadddbb309dd60
- SSDEEP
  
  12288:egVTpaToyb7baUw7v191/ipifvo1o5jJHI9k5uZ0FU7EPno7g5vvC3uEm1AzfG:woyzhAd91/ipmIgU7EPo7gRvCU1YfG
Score

1^/10
behavioral9
- Target
  
  ui/libaow.dll
- Size
  
  352KB
- MD5
  
  001efac11d051aba03af665e8e2c21a4
- SHA1
  
  8dec162db90063feb89b6541aeea181ef8b92701
- SHA256
  
  a84b925906c0ee80abadb76d7bdc60014a104bc75eff9ffa718f2ad048c0d5e2
- SHA512
  
  70acbc1ccc8c3e1b54b746824880219ac803854cd9e8e91db8b9af0de9bd8e51e19da5175a8aacb85646165065d34d1edc7b14339636ad36e6a985748efe013b
- SSDEEP
  
  6144:HLVOVVoEWdZwOAP109kFSScCt/qF82UtKVrVVwiUOPXxXZQTjvJUb+YyzLyTXq57:HLVEVRWdbg09kIScCdqF8RI9ZQTj8yCI
Score

5^/10

discovery
- Drops file in System32 directory
behavioral10
- Target
  
  ui/libx264-148.dll
- Size
  
  1.4MB
- MD5
  
  f9a920d0fdb5546ce4bdae2af922fe6f
- SHA1
  
  ce5dcd7a55bb7d6cc9d6ca205b1ca703a3827c12
- SHA256
  
  0196e24dbb3de7f2d7c85c7f3b94e04c74e6cb06c638b03420754bc1707a621a
- SHA512
  
  d9b17c3468b7fa0c6909df14d8810364809b1dba91a1ea7cd4b24995c1691d9d047d1a4201dca7dceba8d20aa38ed6836975d38af4d944001e2df20ee883d0eb
- SSDEEP
  
  24576:bil9sQCjC1kxtJnn6kpnSY/XA8jPxl+9zYaDnOqGQ/88ve:bibmTSY/pPxwM/Y88G
Score

3^/10

discovery
behavioral11
- Target
  
  ui/plugins/GameService.dll
- Size
  
  23.2MB
- MD5
  
  cf75b484563e598144205a0f0709d0f2
- SHA1
  
  a33c0b847c5a45a1cc3bcfddf5b4720304ddcb92
- SHA256
  
  b83cfd2e75a5d91fb07127f36e3a0fb0adc8978bc5298cfe2f1bdad647559da9
- SHA512
  
  1a19eb516f7e378d13b5b06de9a1c78865cbea5538ccb47807cab7973d0df040ccd29afcceb884a09557564638219cbb0acee1ce19c8e2ee026332e8b369d3fc
- SSDEEP
  
  196608:M11Yk9ulcwmE8d8cnNiIiTnx1G+ueQEorIFaMgwimn7dsheQ9fNpv/1p4kl88U0C:U+mhATnnorIFaMgwimn7dst1pJjU0S71
Score

3^/10

discovery
behavioral12
- Target
  
  ui/plugins/TP3Helper.exe
- Size
  
  1.2MB
- MD5
  
  7069a7a0f405cd6f7ae72a775d925e25
- SHA1
  
  e36a72842ba806362495772ceedd36292598a98e
- SHA256
  
  bfd66667deb991b44d2a3e696e899460c13045b3133d4317917ad26e335121c2
- SHA512
  
  b298edceae02058c123b0a397a59f409e2b8b33efa098bc330dc46bffe26622f5b4a3b85d5f8b0990acbc6115913989fb925a605141aaa1556dc63d3f44bf1a8
- SSDEEP
  
  6144:SyH7xOc6H5c6HcT66vlmpSTG0PSLQdRC2BRalTARZQRMBLkK4CjOPCY5zIxHYrAp:Sa5xiQaZARZIMBLkK4CjOq82HKAzQJ6
Score

7^/10

discovery
- Executes dropped EXE
behavioral13
- Target
  
  ui/plugins/TSSCom.dll
- Size
  
  1.1MB
- MD5
  
  add5d6fc3b1056e031f4af8880a8b662
- SHA1
  
  48127f10bf7584bc4bca32945f9f6dd7ccdbb1d2
- SHA256
  
  71994833010f78320987754dc469171496e865aa7c6075772382381a120e1aa4
- SHA512
  
  3d6641466276bf24e44a7cc81eba6f741085130a8f641d6c603817f205307dde8c4bc4ffa5d8a5d654708ba505b00fe828361070769b739c44348bd14ef332ad
- SSDEEP
  
  12288:zG8yI7hy4Zwe+85uuB8HVW7SS8vcedzEDaRhwjF0EfL6od3e4PxR8xjVlWLuWXtN:zG8yIyet5uyOW2dy9PtQs4GK36aeR5
Score

3^/10

discovery
behavioral14
- Target
  
  ui/plugins/TStats.dll
- Size
  
  2.1MB
- MD5
  
  358e3f21ba0e35ae8fe40a53ca98afd9
- SHA1
  
  153c0b61c3bf4030f17a86a0d0722f7b7d00e0fc
- SHA256
  
  4aa38d2bcc329eba4046827ac2ea1e3a1fa3190db258648612d516d34bc02658
- SHA512
  
  e3d8f5e9dad298d2d4fc20ea25084114cbf0e49953f1ce0459b28171232bb849161c1a65aa014a833c6eeaa7b2a3822839f8b38b10160e82392240b12acc0623
- SSDEEP
  
  49152:hGV1C+oX9F6L99XgT07a1JI1TU733Th7eoF:hGV1C+oX9ILTwT0uUYTh
Score

3^/10

discovery
behavioral15
- Target
  
  ui/plugins/TesMonDrvDll.dll
- Size
  
  10.9MB
- MD5
  
  697fae3a274f2b2b4a2200b8b97be91e
- SHA1
  
  5b8f32a2022c5a89f13ed0ad0932464862273407
- SHA256
  
  88bfa3b96d30b2ed9a6e8110654152787bef65a146b6e0ca6ac7cb69a3a5bcce
- SHA512
  
  2abc4ec85456e46f884bd402f75f1bcd6b86e84a20034480651f56f815da40fcdb23c4cf042ca3759d3d284ea02986ff835d47c437726e3f1173ab95fdf98ac3
- SSDEEP
  
  196608:BXTuuTIJnneCS0sgOQ13hh3e0vECQ13hh3e0vEXGksuNS:VuBeCps7A37e0vdA37e0v0HsuNS
Score

3^/10

discovery
behavioral16
- Target
  
  ui/plugins/UniSecDistDll_x86.dll
- Size
  
  31.2MB
- MD5
  
  41fdff8ae2b66a7a3c3ccc90d99299b3
- SHA1
  
  ac6d972ee0f1171cd743ae1f8d5234c59441b2cc
- SHA256
  
  e5c1f7939816af202abed2cb8178c2493215be80966de807568f497c89726d0c
- SHA512
  
  0efe43797553f5fcc08987d5b8e7d1ab16f45775253c8f902d51abb08b60dd9ed67ca471230781833b80ac8857eb033dcc0b2cd3589fdd4b90b2191ee713bb0b
- SSDEEP
  
  393216:A3e6u/EL6u/EyXaslT7dWrMauni9Wl6E9HgibRi:A3u/Bu/JXn6WEE9HgibRi
Score

3^/10

discovery
behavioral17
- Target
  
  ui/plugins/Updater32.exe
- Size
  
  1.9MB
- MD5
  
  a21ae4125d742ca19f041516c327afa6
- SHA1
  
  4e1d0ddba071e98059a6614952718f12fdf7530c
- SHA256
  
  d735404351b5128c918dc88bd78c349c1a4d73b76674878596b94fbd9d764628
- SHA512
  
  1917b988028b90a31a1724cb9bb213b638cee32178e38886c7398aa8bebd4b32eab7aefb69590170ed1abcd3727f6d4142c89670d5e7ff852db5f1ce061f2ec2
- SSDEEP
  
  24576:9aUZCYGUcAMNk391+quwn1AfLgd5FrZ1Yj2bFtLuz4oqqRgSTAIogyZuKPcmCPcC:bZwURNuby88IyuKPcmOcSQM9eCF
Score

7^/10

discovery
- Executes dropped EXE
behavioral18
- Target
  
  ui/plugins/ace-trace.dll
- Size
  
  1.7MB
- MD5
  
  d3750c477d545d6cf389aa22ac82d3bc
- SHA1
  
  29adfd0d9a812be65d7c7f8314886f28a64a55b2
- SHA256
  
  d58f7ad360d1bbdc983c82063287eef928a857a44d358ce5e100e3461189b337
- SHA512
  
  50e0c961f72fdc59d71acb5007d45877f8d78d8ad17e0c7a062316646a507b114e098404574d431991d715d30e7859d324bf5ce37cd46c9b0a336f4ca5b6d312
- SSDEEP
  
  49152:i0pvr1oGA0sRWdzn/lsbpmPxr7g9tssUhO:/NYREndsqrcZ
Score

3^/10

discovery
behavioral19
- Target
  
  ui/pluginsen/GameService.dll
- Size
  
  27.2MB
- MD5
  
  540ab2dea462c4c1a87d9a2b5b64de8c
- SHA1
  
  920ec114d8b1c4e8cc273d1236a2511856386f5f
- SHA256
  
  096e5c155b1c2f85a20b06c764df43c336e177a3830d0f731a8c2d1eac39ee3d
- SHA512
  
  f51d183d19cc679b60e9fea11e5fb2594261fdb16cdcc7aaf07e95af3564630f2590aeb184b6f5791f05d75c3a973eb06e294425556f8e5197003f3df4b4547b
- SSDEEP
  
  393216:wWOnW8nBorIFbMgwimn7dsfX0ElgQp9XkEDuL:w/WibSeWqZDuL
Score

3^/10

discovery
behavioral20
- Target
  
  ui/pluginsen/TP3Helper.exe
- Size
  
  3.9MB
- MD5
  
  71bbb655bfa9647aea44fad680b06dda
- SHA1
  
  b0f843a2953b9b4f13f9d24c8383b60b12706469
- SHA256
  
  0bcf2c8f873258427d71808742bf58adaffe73dad091ed94fffd3cbe52ece3f0
- SHA512
  
  076b8498db7ab13bf131f3aed38a4d2d52a2c7af0354d12cc9acddcdb517c45a3642fecc2ebc485269e104cbe3dbc6462e601d78a452e5d8909c0795d1f0e672
- SSDEEP
  
  98304:tgGQ//aHLW6vH+os3oj9ghi1RebMIg9Cbk/V4VuARZjMB:tgGQikojDIg9Cbk/V4Vp4
Score

3^/10

discovery
behavioral21
- Target
  
  ui/pluginsen/TSSCom.dll
- Size
  
  744KB
- MD5
  
  662062168f4374ed59d7a59715f9f80d
- SHA1
  
  a7a1b84a274e5ae5c8404cffabd3289d5785253d
- SHA256
  
  fd260e73a0dd33138e71f61e4b5f1acec0543c09549c6cd79edb50adf36e2db6
- SHA512
  
  f97d2e479ef84062ce1a7964bcee48a9660e01efbfefa00bf5e82f55d106b65eaa07c51fa8ed10daf839a83fd000d9fc0a0f1e52bbc91d22d690f2c84cbd6e61
- SSDEEP
  
  12288:dr49fZO84mTQMjDyudB4W7SqFdp4r+/EBu/q:F4pZBQYDyuz4W2qFdp24EBu/q
Score

3^/10

discovery
behavioral22
- Target
  
  ui/pluginsen/UniSecDistDll_x86.dll
- Size
  
  18.9MB
- MD5
  
  1893d23a711015931f41f69aaac2c901
- SHA1
  
  6d6ce0536264f572e127a33356d54fbb1b54241f
- SHA256
  
  53d32d872fea23e4a90444850ff8fac838a892539dbbf83e21e38de74d99bf55
- SHA512
  
  24d115fad9c502f3f400b0803e7843f1a20526cdf4bfd17151d02ba2b49b1770011d2daee07e6e191a7f4c4ffac8e37117809a690cbc6736b77b69f9ff8b654a
- SSDEEP
  
  196608:b3lWHNYaY9Tw9h1pYNhaY9TN9EjcHTzbcVYdwdc0P3fP:hW58cJpx8hIUJdwdX
Score

3^/10

discovery
behavioral23
- Target
  
  ui/pluginsen/Updater32.exe
- Size
  
  1.9MB
- MD5
  
  7530383e35fb5d3943c7f6bfbd874f3f
- SHA1
  
  420eba78d08811132420ca0e79f69480dc3887e8
- SHA256
  
  40e898b5ac384a550b25c3fe2e862dbe44e638d97d8550d211c4631b35963a66
- SHA512
  
  febf29ea54fa0e41cb43f8f85b6ea06622a28f6292d4cbfc8939e486c3b673ae5c0dbf05dc197b47430ec70b7b3c874fde4b9bef07bd2f00781873d972306fbd
- SSDEEP
  
  49152:7Zs0L/gguUamCBVIjoKPcmtw+saWWM9eCD/w:7Zs0MeamCBVIsrmKJaH
Score

7^/10

discovery
- Executes dropped EXE
behavioral24
- Target
  
  ui/pluginsen/ace-trace.dll
- Size
  
  1.6MB
- MD5
  
  34eee8590acf1c103bea52a591154bda
- SHA1
  
  f436cb38c835751269cc17517e5588eaaba18cf3
- SHA256
  
  9d31405d58cde7175137515f157bdc265123843476cc2c76e52f19bc2cb94f9d
- SHA512
  
  ad27e276c9d766b3b53066d2c55dccfa964cee8083694eadaede4f8c212ff16a9e0591fdb9a80eb46262b9aa3eddca58253eead8785ecb63e46a4f0146bd3cd6
- SSDEEP
  
  24576:NUxdD3otPkzmHSRbmsWPzwSpYs3gpkAkZ03XvMoO9Jpq1i/W2MdT5IsME2u:NUdLotKmo3U0SCp+ivNGJpq1NpIsMEf
Score

3^/10

discovery
behavioral25
- Target
  
  ui/tx_lsp/QMProxyAccLsp.dll
- Size
  
  141KB
- MD5
  
  5027a0e799f67381ab542cc607b40d8b
- SHA1
  
  a52cc2bf5e5e92c0a88d9fde06ce1afcafa31151
- SHA256
  
  092e06d3ce543ffb5fa5604a6633252d1a8650a930968b9a0642ec848644a477
- SHA512
  
  fd42f4681f9833b596ffb118cad7a544c344893dcd9f015968dd586bb8c2b1727700245df53125a7fa20aca450a238eef4d302e9981c0992f3ec2d705b315f72
- SSDEEP
  
  3072:SISLW2g3L4JZUxhdnuwYZzLisK6k7dVZgm/:SIn28YZAhk9E7zZH/
Score

3^/10

discovery
behavioral26
- Target
  
  ui/tx_lsp/QMProxyAccLsp4.dll
- Size
  
  582KB
- MD5
  
  9ef1217ecf2fedf2a97b07b9e55a84b7
- SHA1
  
  63e939357f089f4a05414fa30ccd59ca490c4e9f
- SHA256
  
  361c454e204efbf3035c61158c60313889667639f5dace3fb204e0ef92ced701
- SHA512
  
  7dae6d3a66cfbe979224615e42df77aae7d5e28bd03d7be5f3f832411c4e36ba353162915def8a02a8d91c2647d2e426f4023017f5b5216aa7a242d0eaa3df24
- SSDEEP
  
  12288:NBFlwASFlXFvWD5yI78hXFy6JqdYYfBVCYHqq7mYnxNFlFdNwFXm6CoG:NBFlw3LtWwtXFy6Jb4rdnnxNnNL6CoG
Score

3^/10

discovery
behavioral27
- Target
  
  ui/tx_lsp/TGBAssistPlugin.dll
- Size
  
  867KB
- MD5
  
  1e8410d50c2dc15c965dd97fe09b8b64
- SHA1
  
  95913fa476d129c217e9f56619127ce7a5280a8f
- SHA256
  
  a8e83b885999db38f4dd5340ed65d7bb5339b703ae797a816073dcbb2f31ec10
- SHA512
  
  f8242ea21177e3005d87bebb6558af0ca07f0650146e857c2e365b51e4b5afbdf9e6ea95767d3f521a182ca399fd9728e15ae678bc5090ef47c8e1a942221e39
- SSDEEP
  
  12288:1eiLUYit1nKAu+/RSrg9EnlnhS/bBq3G9PoMHHJ6Lxhwoo9fT2V4yAjEkK0:lFo9KeI+4KBNHpEvwbfT2VywkK0
Score

3^/10

discovery
behavioral28