194bbbe678f8f36fd11a7fe6053c8dfc8f4d304cc5c7097c03ff6ca301d052a9

Resubmissions

12-10-2024 06:10

241012-gxb6qaxekf 7

12-10-2024 06:05

241012-gtlkzs1hpk 7

12-10-2024 06:01

241012-gqwlsa1gnr 7

Sharing

Copy URL

Twitter E-mail

General

Target

Lossless-Scaling-SteamRIP.com[1].rar
Size

44.4MB
Sample

241012-gqwlsa1gnr
MD5

d385a7c53e65b104d6619f14ff0b020c
SHA1

3274c0758ef45de6cd70eefd5a418e6780cd20d2
SHA256

194bbbe678f8f36fd11a7fe6053c8dfc8f4d304cc5c7097c03ff6ca301d052a9
SHA512

ebbc735a30c340d7e72b8fc0d2424d394eee84ba0f9324860210161f498c1956c71943c22324e4df62d59097893d71d62d3aa774130802e85832478f309b386e
SSDEEP

786432:4/pSQ2FZqm6cmyzKLkEzwHj8JrMSvddgDJulQCBX157WNxlSLG7aNwbdwO4pfPzs:4UjZqYmtJUD8JoSMJoNv7WQLQSwbqhI

Score

7^/10

Malware Config

Targets

- Target
  
  Lossless-Scaling-SteamRIP.com[1].rar
- Size
  
  44.4MB
- MD5
  
  d385a7c53e65b104d6619f14ff0b020c
- SHA1
  
  3274c0758ef45de6cd70eefd5a418e6780cd20d2
- SHA256
  
  194bbbe678f8f36fd11a7fe6053c8dfc8f4d304cc5c7097c03ff6ca301d052a9
- SHA512
  
  ebbc735a30c340d7e72b8fc0d2424d394eee84ba0f9324860210161f498c1956c71943c22324e4df62d59097893d71d62d3aa774130802e85832478f309b386e
- SSDEEP
  
  786432:4/pSQ2FZqm6cmyzKLkEzwHj8JrMSvddgDJulQCBX157WNxlSLG7aNwbdwO4pfPzs:4UjZqYmtJUD8JoSMJoNv7WQLQSwbqhI
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Lossless Scaling/Lossless.dll
- Size
  
  279KB
- MD5
  
  7fbc0ab62cdb16cc5852a6d57590f2a1
- SHA1
  
  c5c70f574c2a75deb8e830947cc8f85e85817195
- SHA256
  
  44e8da2af39c6a8de828ee12ab53cbb38df210be59e6a99af0cedd031bcf4d3a
- SHA512
  
  c308457f5f50ce7fc305515da6b11885e6e33297e972921c23cb13fcbbe058e3d6f34ad8e04aef2008d9cb6a783949da3f54097533994913051901b5dae3ae75
- SSDEEP
  
  6144:rqbLEgJejmj1DjG905X98hJQtB9e2eDzN/SbMSIw5Tc4l8Us:U3kNSswD
Score

1^/10
behavioral3 behavioral4
- Target
  
  Lossless Scaling/LosslessScaling.exe
- Size
  
  964KB
- MD5
  
  9cfb9984a53f41ebdf00f8f0633fde26
- SHA1
  
  a13985c15c6402d25c9e9c64f4e9947fd685635f
- SHA256
  
  4b07ba9c32b61773cfb0e2d7b13689c26a13a6dc463b9294aeb1d5e8e4159e8d
- SHA512
  
  2a768a77151353e693fb15abc4f72842c002043dece1920e8bddef04c2d620c7345650d369ccab463a72a55939ad7b3bf8fc8e9c3a6f55d8e7ab76ad331b5eea
- SSDEEP
  
  12288:pDooEuEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sD+:1oP3tMCLPf1Oi32OvzTo4ZiRlT/MLz
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Lossless Scaling/de/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  d10e6436610f42c58e3f8a0d92abebd0
- SHA1
  
  3f6453acc81975c22c5ce25b15246ca4f34dfd66
- SHA256
  
  970df6669040e945010656646fd8d8350c228a73e0237b9da68e1938ff1809ee
- SHA512
  
  8244fde534740fae54242f847d423195d4daf515d70c88d2e12c0e63c5c68681903e7d87206693fc5c924ff4c16c6e3294852179c8979afbe64ba053a6bdbe74
- SSDEEP
  
  192:3Xcbmf+pRpXYCyfv+3L+Xk7S1lVN0gGgPGqMyXsmFCOY/VRiiCEaLKWrYkQ8y1hz:ncnXYxWL+Xk7OiqhszOs7T6LQy8Bj
Score

1^/10
behavioral7 behavioral8
- Target
  
  Lossless Scaling/es-ES/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  2c1977277e30065061872f86e78f3c95
- SHA1
  
  47ccaf0eae9ddbf03f8a69fd0a611820a5875614
- SHA256
  
  84353c9e076e3aa0abd35770cc0bad34bca1b7e67826d3e9ca37bfac1c3fcfa0
- SHA512
  
  3960b62679928127d653cc1f41532923d8bfddecd5ef6dcc7844ccfdb4a6246bcf405a3262c042723f6d825760884259b27a6d5aa5a0b74acc7d44d985360bbd
- SSDEEP
  
  192:anpkISBQNsZ7giYX4sre4ykNqMmANXBRRm6pIABmwB93Mi7UB+ecj4UBd1e7YUYj:iAKsgjyYqOXvRm6jz8i7ohcjFRMYj
Score

1^/10
behavioral10 behavioral9
- Target
  
  Lossless Scaling/fr/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  cbd5fb664a4e0fcde2a8a5ad8c789914
- SHA1
  
  ee2c984aa1a513a68a6ac095c7f08ced60cb5f9c
- SHA256
  
  4562730979c2178e64e29a019e118a55bf7da41ae122693c7c358deb801674a4
- SHA512
  
  877947867f2c903c038576c6403cc27441bf6355fef56fff20d1aca8320fdca6151856e6b0ec73d0e30fda3ca51617a7fa4fd113e361175a3082edb2a49a43f4
- SSDEEP
  
  384:pslId2RS0Box2z1G7K0erPLpoulBcfn/VQChF/Ox8fMiNhEH95pj:GId2ZpZLVqnpT/u8HNWTd
Score

1^/10
behavioral11 behavioral12
- Target
  
  Lossless Scaling/hr/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  d34121f703ee99eb98f48515a3d5206c
- SHA1
  
  1da5bec8615aad3f0e04ab6d85fda28b0ffd5699
- SHA256
  
  548b2686b2eb056abce2dbd6643b8593dd40291a22beb433249b77a178177d93
- SHA512
  
  1139768508e86e5971fcc6035ae8950cf7dae2c6757e915e71c7ba643db950a3b52f97e3e4d54a7c0d11dbd7f52ba8acf37445009b190b523be23def04a9bc8a
- SSDEEP
  
  384:0aAHrM4Hh6RIlWdLzCL2fr/lD+qlVLB076j:8LM4YKlWdHCLub5pB07Y
Score

1^/10
behavioral13 behavioral14
- Target
  
  Lossless Scaling/it/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  0f97479ed9540caad166b7bb949ae8e4
- SHA1
  
  8591655eb1cf7a6fa57c8799631bb2bbaad076f5
- SHA256
  
  2d6fd0acb42b2f91b289cfd2b5058fe58e19ba1266290a6b70777fe889c56f73
- SHA512
  
  2d5d8c1a669458f8fbcf47a49df5672d082bfea12eb33574f0ceed1d30a4be337fed16c2234b6a8c8264c994634fab1af7c4b8a9f4e403b62d11d53c669a63d0
- SSDEEP
  
  192:/rqjVsuVXA0hb149rFMxoZOP3HEnPWspwLNjs3SRka4xOGRVuHXj9FAEHctRyy+X:TsTA8xlP3EPWPZ2Et3Ak6cM6zPj
Score

1^/10
behavioral15 behavioral16
- Target
  
  Lossless Scaling/ja/LosslessScaling.resources.dll
- Size
  
  22KB
- MD5
  
  5baa5690bf2be5c2ebbdf6996a5c5d13
- SHA1
  
  6756a49ea3798c0af8ad3bcee5b24fce2a4e6c29
- SHA256
  
  2e24afb095854e0a20a4011788e6d7d58bad1816170238d4a7fe22542d4b78ff
- SHA512
  
  c4e60c1fcc7e105f1f0239f5df4ad7345aca3762a9e459ba4664d04877df2db016f718fda3ac8528451b6048c4d36eac9a02e75eb7c7c85bf716d58619e88168
- SSDEEP
  
  192:vZquqjVsuV0r3K1hzGkJgClltgyLS2jdQzgwXOCEVFVtkFvJQrReXAMVcvnssRYv:4usMCrtLS2atSta39WssRagahBBbzj
Score

1^/10
behavioral17 behavioral18
- Target
  
  Lossless Scaling/ko/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  75851480e8a614345ffd17a9d739fa4d
- SHA1
  
  c869c62ed6a751dacbbf30c7e87b25f3ab48159a
- SHA256
  
  5c461b672589b65792f75785769247f872d0e552c53f0c487203090c6c90aa3f
- SHA512
  
  1e66c511ac74ffe0672da88a82f88bfc8689123730e9d14721d6f5ddad1bbb1194d63702bf37a18bfc44a8e2b9974791da6119d83a5da737db7ca4cd0b3b8220
- SSDEEP
  
  384:OAna/Rvf442qtNKR1LW1tJ3gTt7zO/pk2ojPwQLCUj:Xna/S5IKRliJQTt7zOW2c+S
Score

1^/10
behavioral19 behavioral20
- Target
  
  Lossless Scaling/lt/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  62af5f364b5bd3131fcca2cf7a73d6f1
- SHA1
  
  023b34c2da16df264bc459f3823efeffa2f41378
- SHA256
  
  678299ca4840a315ae98a00bc840169601f8f9732a88a5aea29b71c6e972d36b
- SHA512
  
  ac00a4d3351d54ffeb356707e2dd09f3f63acd2fc9979c3f3ff435b0b0d072f8f3a6ece8560876162900b5fa4d0ba28352202abdd77690234392053e4291eeb9
- SSDEEP
  
  384:hsHemLquMLkLY6bo7K5GrdZIHUVU6rzK+H1uvQhj:MemLquMLoo7LBf1vzF
Score

1^/10
behavioral21 behavioral22
- Target
  
  Lossless Scaling/pl/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  8fcef65bba9765373b4c8ae301dfa394
- SHA1
  
  ae2742cd698acb2e2197dd0c4e1a926189360232
- SHA256
  
  b2c3cc5f239fc8db54a73ea6de062024d94a232e1ff6ac143a70885fc3f85405
- SHA512
  
  2166892b5b61d05438751779b6176ff5465005d56b2bdb0c3041facbff64bfcac2c2088f14e3e48ee42bc274e201ff84ad91dafaa19d8001637bdddb1b298514
- SSDEEP
  
  384:CAJ9Ay04vlM0VN4PmM7TxdJlbHDnkJ5mj:rXAb4CFHy8
Score

1^/10
behavioral23 behavioral24
- Target
  
  Lossless Scaling/pt-BR/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  4ae099c14cfae39b8d8dfbabebaf527a
- SHA1
  
  bd8caa4f428f82df4e3c113b48405b6b73b65ab5
- SHA256
  
  5d6d1ee2549f0763e113dfdb3d6151e390d5783bddcdd16a86196eb75d6c2004
- SHA512
  
  770d8a2de5dd4d9eb3978a3fb6bb5f967bdea29aa81927d9a32ba56c63f18f1af8870e8334741d7e6e4765d2a7e1075cdb7397ad1c72c49878311684f57d6b0b
- SSDEEP
  
  384:/vAu87GhGm1TA9Xzl5HCcfnRhI+/luZn2QM7j:wu87YAb5HCcfRhpluZnW/
Score

1^/10
behavioral25 behavioral26
- Target
  
  Lossless Scaling/pt-PT/LosslessScaling.resources.dll
- Size
  
  20KB
- MD5
  
  e5b1d6c9145b6d3614b65c11d244a5d1
- SHA1
  
  904a6f2eee3340a4aa5dde3c13f31c0ce347d71f
- SHA256
  
  b0d2b56af1e3c7d1e66412ad898176287688b1ab5c726c2186fe2c2be9091dde
- SHA512
  
  e5b73ae8df947c885f67b499b31355f3681807fbb7ba9ef65e10cc3b5319c36fec882d60bdce1c0eafb541485bad17bcd4b3b108936cfa5a5a837f0b0f469784
- SSDEEP
  
  384:7A0oR1wwNIMTbUJh+8i/DriIJho5I0nILdbj:E0oRA0i+7riqho5I0ncf
Score

1^/10
behavioral27 behavioral28
- Target
  
  Lossless Scaling/ro/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  0b319dbc9964f4802546b390f5fa8387
- SHA1
  
  38bbcaf63a1a12b5405b5dac543bd47df51b4bf1
- SHA256
  
  c3765c480dc0881cd5a0d6d66531060b1b44fbef85342cf5c1cdb435288d20de
- SHA512
  
  cbc7f4bec1ae233b462ab254eceba0dd2756c37de8cb4f1ea2f33275698fb35964b6b46dfd17e10866dd31f154f120d7e31f9838a68c62cbc62ae0215d09786a
- SSDEEP
  
  192:knqjVsuVrnr1ndk8EgpXYP4r4lkwiyltAHUyd5BDycNnqw53wUXgNscIYR2NMO6:Os5xpc4UjiyltwT7JzNqwJFgNsZYwMj
Score

1^/10
behavioral29 behavioral30
- Target
  
  Lossless Scaling/sr-Latn/LosslessScaling.resources.dll
- Size
  
  19KB
- MD5
  
  314eda2591030dbb8f437e65d58b4f97
- SHA1
  
  2629642d47e131a968ee1cfb86089f1413564599
- SHA256
  
  8f7b151a36f4ee98ceb7bf16bb51207c12650d66c0c629bc751718bc2264c50a
- SHA512
  
  d88e262f978b33ffa4b9e67c94e760f17eb750be36603e6196b8fdbfd2321a9c49344a5818a9ff4bdbe1a8ea4614a5d8983c6c2780a7fc238fc6f785d4f9d770
- SSDEEP
  
  192:xpkISBQeQP23ApVGZRdrmM+kAJKfZYGCbT+V4UvlSDBaD6A41Va6Sm+t7Bpu3ZE4:xAGt0rNXxY9+V4hDwo1Va6qtHu3usNj
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops desktop.ini file(s)

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32