General
-
Target
TSMA.zip
-
Size
333.2MB
-
Sample
241103-j3524aslbk
-
MD5
27b0cb5b1d976a4531e140c3d4607bc5
-
SHA1
2d1a65b7b5377f540fbd9dcab1102ce5b0f7dda1
-
SHA256
02075d6de1fda7331022cf61c38be386258b1f43a5777083ca615cd8fa4c315f
-
SHA512
74ea09750397746710e9dc5560335cf1b4fd428415ef263314d7902c9901b1ad80574fba791b281a9a2dbe7f3c60e494c3557fb5aa86f7df98af480fed583e8e
-
SSDEEP
6291456:hFGtbwP/+dlt+SiM4BVX5CSt3goBJU9ygQpu2/K2FE8dMwO/O7z:SwP/M8ljXwStZzQygQp3lWwd/
Behavioral task
behavioral1
Sample
RPGVXAce_RTP/RTP100/Setup.exe
Resource
win11-20241023-en
Behavioral task
behavioral2
Sample
The_Moral_Sword_of_Asagi/Audio/SE/!$02_actor002_kiss02.ps1
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
The_Moral_Sword_of_Asagi/Game.exe
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
The_Moral_Sword_of_Asagi/System/RGSS301.dll
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
The_Moral_Sword_of_Asagi/WFExit.dll
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
RPGVXAce_RTP/RTP100/Setup.exe
-
Size
571KB
-
MD5
f3a1050bac829eebf38a553db08c02e1
-
SHA1
8a6a2a4e825b1b9de88791c03d7404e181fb0241
-
SHA256
3b178f718655dab3c444857b5e6fd755dc611de72dc229de486b3e06d8548fd2
-
SHA512
9e52b8e46192f72eb06971ee06bad397304db7714df4fd0b8397e2bd9d23c1aacdb10667ec1dfeb3b03b600875656f2a60e3b8582ccb6e86aefcae4a38a895f7
-
SSDEEP
12288:Z3Mjhv8888888888888W88888888888H09+kjn3bVNyRvh6QoqJh5+B+98LApiag:dMjhQ09+miWQpJh5n98LAoa58h5j
Score7/10-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
The_Moral_Sword_of_Asagi/Audio/SE/!$02_actor002_kiss02.ogg
-
Size
279KB
-
MD5
f50ceab119eaac8888958cf686952998
-
SHA1
2bc296af251e7d26ae409a4032bf076faecd5ee9
-
SHA256
6db8eb45388933d2d2047726cf36a56d82a720ae5bea887800601f7ff5ceda60
-
SHA512
2a039f546e2cccc7a5462cc84ec4a84feb2ef33c9729178885039179362aab840ab2a6ac79e6cf7338e58719f4a16ca5db11c240d36242ec90a72785c20232b0
-
SSDEEP
6144:OHz8sQv7aWnvPSrpyeemuCFvwVhGL66AcHKhoYlS8yZqktYGAFr:OH2a2ir8m5yVhGL66Acq2SUqkWZ9
Score3/10 -
-
-
Target
The_Moral_Sword_of_Asagi/Game.exe
-
Size
137KB
-
MD5
bd9ebb7d09f9111a9f0a0ba2238eaf80
-
SHA1
28c753124d845f61373be87d392ab839914ebdc5
-
SHA256
e5435c0e86a8181a3d88206d5dd47145f2aa768afcae6d8c2ae449f8601a8724
-
SHA512
f2dcdc9a1e64af74eeded730112d87d97ca2e5d894f25324b27c5f1b0680c948e3bcc73136615a4822ac6a75ac43c3b21fb8dcd031ae4203c2798bc6f9773231
-
SSDEEP
3072:fWK+I+/wslzo5lwTU6gixJpLOaHIYsrIjPW4:fWK+xZSixJEaoYsM+4
Score3/10 -
-
-
Target
The_Moral_Sword_of_Asagi/System/RGSS301.dll
-
Size
1.0MB
-
MD5
dd25855ac39d32da033902fc58fa210b
-
SHA1
0ffa23a4d0b81438a329258f5c8d3b3403f4aa94
-
SHA256
27647690ed16218cd988dd71069fdca67207515b2a2df775be361f0198ab6876
-
SHA512
07f7f7cb4eda2165b4b28456fb01d4edea6e3d5f305dde19256865777905a0d0bb1d13ce1194a8639d740f633ccf1507a1b87530644d5e2d512a86829195ae60
-
SSDEEP
24576:+pc8WbPqpzFwdPhet279ae3P7zqP2JzCNkX67Flr1nH0F3ia:+pc8W7qEdPhet2hae3HfJR2Uf
Score3/10 -
-
-
Target
The_Moral_Sword_of_Asagi/WFExit.dll
-
Size
42KB
-
MD5
bb0d332a65b2a3eefb6a8734ee37a699
-
SHA1
98fff9d24e4db5da63bb33d490eb4908292895cc
-
SHA256
99234d8f4ac85c698fc1c57c2308a8b5d41e6c2b9ee3f9c029df083861c5450e
-
SHA512
233de12240a5dfc97385b21cc129987ca5064dab2040f2ae393cf9da3876691f4a69994219c301d2cb7e803f1dfec8e7d624d1d0068297fb5725727cee5f8bd9
-
SSDEEP
768:Nlb+JkEIkp2NBwVUGvvFLVSb01ugHoMRrlifh:Ha1qBAvvqittRr4fh
Score3/10 -
-
-
Target
The_Moral_Sword_of_Asagi/wfAudio.dll
-
Size
1.3MB
-
MD5
e8ef96133fe3f49c5d13c94cb057ceee
-
SHA1
20afa582538ba1c3ec67947e5e34f31ec2ae83fa
-
SHA256
9df651fbd67e43aa6b894f35d5b30b260fefce730ec273c4f30694ca4ce9a4e1
-
SHA512
e60fb592e7330bf50265bd0180dcb3a0a0ee2016d0821604ffc70c4b7051c4cf218b859f46c045221cadeed37e7b33a7f2e9d308b2dd740958f7ab51c38fa5e6
-
SSDEEP
24576:H75/Pr3be36e1/GmidV2zggzoUCXFyMG+Nk9ZHUVguEVo:HRXo+rdV2zzzoUCbVkLiWo
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-