Extracted

Extracted

• • Target

    obs-plugins/64bit/openvr_api.dll

  • Size

    800KB

  • MD5

    0f6839c5d77574194f8722e8b0459bb9

  • SHA1

    cb6cef06cbf67ba4f9ba994db835b818eefd270b

  • SHA256

    dbc05e13b77d34deeaa44b5a7ee425d5def3e86f7c3f81d391bbbc379a4ebefa

  • SHA512

    213987fd3436669d4e75cb48058a7f06765f0c25143cfed938b860801be44448dade4263c940f9979b67e25d34ec2cba957e214db32d0885dc7d6943cdbb99d8

  • SSDEEP

    12288:Rwzczx7qv9gnwfb9poblx/DVqPfd+i3IBNWytFKrl6oEuv4Gv:Rwix7qv9gnwfb9poP/0g0IB0yo4wv

  Score

  1^/10
  behavioral1

• • Target

    obs-plugins/64bit/win-openvr.dll

  • Size

    23KB

  • MD5

    a2fa7bc0a731f2c2c755c6d63086f125

  • SHA1

    651b0e9062b6d5ac2880721834abb5258ef0d9b9

  • SHA256

    fed97640abb2f0e246ea0f231fac234c2fc9955da2f9009f7fd975fc37feb3ee

  • SHA512

    3d1537bb1fc1a40ac716cc1e501a080fd37082b23b503e97908ea6ad2d58840d9b1ebeb683c88ee1e37d302903b4f519eb26c2da7a98e2171a58b0924aed2800

  • SSDEEP

    384:HHEptkD102P5nPfeGrX6JyW8I1BoiR0MJfu:SQnBe0WrBoiCuu

  Score

  10^/10

  infinitylockdiscoveryevasionpersistenceransomware

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock

  • Infinitylock family

    infinitylock

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Disables Task Manager via registry modification

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral2