34de8d74752222f66c59b5ffbc617220db60462d11ac8ffcbccd230c02fe09cd

General

Target

Stake Predictor V 6.5.zip
Size

3.9MB
Sample

241120-ee8qvsvnej
MD5

b7488d17ae8e6f750fdb939814c7edb2
SHA1

f4bf3157bb90f1cfa7fcc57da0750d76f8a914d4
SHA256

34de8d74752222f66c59b5ffbc617220db60462d11ac8ffcbccd230c02fe09cd
SHA512

315d3b335c7fdfe151156d81baa3e2ec3b7ba890953238a8bfd24a54af94d4ac413336c2f41393a30ad6be35fc2e91374bf7f2f0ac9e5317ae7c17d06e459d46
SSDEEP

98304:u6LuhrX4TcY8N56BXVPjf/6m/8y0OCsIhC6nbTMvnD:u6LuhasEnrX6m0y0Qj6o

Score

8^/10

Malware Config

Targets

- Target
  
  Stake Predictor V 6.5/Stake.exe
- Size
  
  269KB
- MD5
  
  2e7aae8794e9f97694941186a3b4e81f
- SHA1
  
  cf53a59d7812c1c78d58be27cbeef6406d6b5306
- SHA256
  
  0417e8b07428e2e065ef3c368ae4ea5736e0471d3e1a25f09354ae04d0fea4fa
- SHA512
  
  49e9738b6f10aeaae4c68582699da2e9d62b64f5aaac39b263aaee136ec1dd7c3c5c2d2c05b20bfcfdd2bd133b1ff657e3893b0d0b16bf1c36a2c1e39ea41c83
- SSDEEP
  
  3072:AvC5Bs/mTfSfhFLTY6RBWsWDsvs5xgVqaQse/NXyHre:AvC5ByAn1IsbgVYselXyHr
Score

8^/10

discovery persistence privilege_escalation
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Boot or Logon Autostart Execution: Authentication Package
  Suspicious Windows Authentication Registry Modification.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1
- Target
  
  Stake Predictor V 6.5/data/Organizer.data
- Size
  
  8KB
- MD5
  
  1e1a03c1926def157aba3d0c5c116604
- SHA1
  
  d69e4a2fb990142cff4831777e3f57142a934bf0
- SHA256
  
  7c8f2a2ffbe4da5c85f2c764b988feceaed2b7fb21049196e8c014fdf9ee934c
- SHA512
  
  483fed1453f3ae455cab86ad0d4cf0cc53a6da985f89352c85b4048a52e0978255e073216c0c938faa63815e8c5ad77dd5bc8708446cc1eac6491da93c05ff31
- SSDEEP
  
  96:mpjMzQ9XSX5bPBKXcTnw7y3WNtW1jYcFKNVcz1W4oKYMsLYUa:mdMGZcTnky8stYcFwVc03KY
Score

1^/10
behavioral2
- Target
  
  Stake Predictor V 6.5/data/x64.dll
- Size
  
  5.4MB
- MD5
  
  04b62df7bc57f5f089d2b7da540f1cd4
- SHA1
  
  585f45877c422b8172c2b8acb5c2e99e2b9e71e0
- SHA256
  
  937489b1fb9ec5d89ec2515603e629dd3d0afca7b3042d6d2b748ddb31582f73
- SHA512
  
  164dbc64230f7f2824ab16ebab10ce36bfbd798493884b612186f072fae57b30c3983188caff3118e7a6224cabba1d8091edcf19b21c295aac1a9e2d934e9c65
- SSDEEP
  
  98304:tas6efPFqDexXV1lknvGDm/0yxQQ8zCAvvPIQG:IfefPFNXDkimcyRjA
Score

8^/10

discovery persistence privilege_escalation
- Sets service image path in registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Boot or Logon Autostart Execution: Authentication Package
  Suspicious Windows Authentication Registry Modification.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral3