General
-
Target
CurseForge - Installer.exe
-
Size
2.1MB
-
Sample
241121-xa5gravles
-
MD5
afb3a25705d6a0fc8c7f576a67576de8
-
SHA1
f88f3b115d039fa390069caa70f81859a0de71b8
-
SHA256
563447dc5e79ab2311f2d59498f791d6515cc97c2cecc47c6cec51f9089ed0b9
-
SHA512
02e9994a48b45250840e712e18a413aa60837373d1d13d33940c4d3b1d855573198e82c9e6975d3073279bd5f763ffd8311392e7b57fb56becaf6d6466f83a1d
-
SSDEEP
49152:tvLU43exE87vxpsrFpIvFbJo+McPe38sD9YOcNHxicbx:tzU43QPN+TIvFby0eM6iODk
Malware Config
Targets
-
-
Target
CurseForge - Installer.exe
-
Size
2.1MB
-
MD5
afb3a25705d6a0fc8c7f576a67576de8
-
SHA1
f88f3b115d039fa390069caa70f81859a0de71b8
-
SHA256
563447dc5e79ab2311f2d59498f791d6515cc97c2cecc47c6cec51f9089ed0b9
-
SHA512
02e9994a48b45250840e712e18a413aa60837373d1d13d33940c4d3b1d855573198e82c9e6975d3073279bd5f763ffd8311392e7b57fb56becaf6d6466f83a1d
-
SSDEEP
49152:tvLU43exE87vxpsrFpIvFbJo+McPe38sD9YOcNHxicbx:tzU43QPN+TIvFby0eM6iODk
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$PLUGINSDIR/app/cmp.html
-
Size
5KB
-
MD5
d7b8b31b190e552677589cfd4cbb5d8e
-
SHA1
09ffb3c63991d5c932c819393de489268bd3ab88
-
SHA256
6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f
-
SHA512
32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310
-
SSDEEP
48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG
Score3/10 -
-
-
Target
$PLUGINSDIR/app/index.html
-
Size
20KB
-
MD5
c7b752acf6d1e10f3aca2c67b1ccf4d3
-
SHA1
ab793cb43e0c2b5af0fdcbf90d0d29d5d3e164f7
-
SHA256
69b9f99f6611f953d94984ac35bdaf9e9817f689e1e3614976bebe3465c613fc
-
SHA512
120addd79b7ade4f35b426c02631c8167d81080fde30a01b989453113f7547784e525d53bede41ede0c9b3caca8513060753ba51f75bf6936d32ee597d642576
-
SSDEEP
192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8D:+WNaM8UnbjPk89+mppHL
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/app.js
-
Size
21KB
-
MD5
de88fce9253d26e0c61daa1783baa775
-
SHA1
07c5848354a247056baad369059aac9d3c940ecc
-
SHA256
993f140f9f4e5cdbdcc657a3c159328bf58b3483dbc27c451516a556763a79ba
-
SHA512
71ddd47ef7ed7c02fb31e8ffa2ea6d1b5178dbda2ab37bac208e088c8ba2127e0cf5eaa74ee7ad5809fa69e534853312c6c8775c68aeda63bf0e4a5caefa39b7
-
SSDEEP
384:4X+ycDQrcljKdZGb9plmt902wjI3A4nzwF52xxYRifG6wBEoR3FGHWdeLj8T:0+ycDQYlOdEbdmXH3A4nzIAnGifG11RL
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/block_inputs.js
-
Size
789B
-
MD5
b5b52c92b90f4283a761cb8a40860c75
-
SHA1
7212e7e566795017e179e7b9c9bf223b0cdb9ec2
-
SHA256
f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
-
SHA512
16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/libs/cmp.bundle.js
-
Size
347KB
-
MD5
deb60b40df89edecd35ea3d1410ef7a6
-
SHA1
9899f48d1b29c6a51e4b80ce0579ec4f51b72c74
-
SHA256
2eed337a035bfcba83bdf00686f236319bfdcdc5c5b4d57541cf855bfe4fd67a
-
SHA512
484daa9e6423c4aa90b310f7c957f850109afd4ef30ff0dc57e05d7ea30f9ae12dbed862197ac9f1ee99b26a7204ba14d1a95d8a8a6f5064a825e5d861fb8705
-
SSDEEP
3072:vSDSLzJgixPFNRISHo2ZDkNOqTOqSP88uGtkLxrtQ8OaxPyf:bxgixP+29kNUuGtspi
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
-
Size
90KB
-
MD5
44e3f0db3e4ab6fedc5758c05cf27591
-
SHA1
2d408aa1d35661019c95adcc60b78c0727ed25b4
-
SHA256
bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144
-
SHA512
4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc
-
SSDEEP
1536:O4mCgi8DyCuXXFiJ+L0kJQsJVPEKuQRZdC/RAfDknv+p0WzH/Io9Z7qABZnu0JFV:OGsKYAI2p0WP9bDrJ7fak
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/models/notifications.js
-
Size
5KB
-
MD5
911451f65b2503d23bc27c6a6aa6af72
-
SHA1
01d3654b23ef7f5adeb4097bd851e8c100a7b2ab
-
SHA256
c32495d55eed52f47dc7268eeccb90fb6bdc5686135ed089416c6bb8f703a578
-
SHA512
06edaebb0bb2980a7b6d6baa31a9c0894a9bb5f14a91468ffb8f182d98f04bb811df2a4c37f0b56d612603528aa21f390eaa7cf885874ae770a24dce2f9b249c
-
SSDEEP
96:sOr8u1s9FHYYdfHsW/GZwzpJGf8mui+U8QrGjqTxoOxoYsdfHsW/GZwvpZGNjINU:sGu9GYl3rNQ8K+JQC+N5Rsl3rxeEYIo
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/utils/analytics.js
-
Size
4KB
-
MD5
525281e9959af4c1c0d11b9243c798a1
-
SHA1
237a84c5b57bd132f48446d718b20640cb28c263
-
SHA256
c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d
-
SHA512
fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4
-
SSDEEP
96:LlYkmHqqVHlnZ4JGvt+QP2EvVVko3sO2LCgObNS1Tgzalh:AHq1GV+kcRObNSGza3
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/utils/commands.js
-
Size
13KB
-
MD5
186f2a801c3d12b8b53e4b8f0510bd35
-
SHA1
567932df79e60d27d62752b1a1d72d6bf386c6b0
-
SHA256
bd6e86d0e6b33a44a1617458f0adff34a5cb0fc52568e03e5d74b8c72b5f379e
-
SHA512
eb87666e8fb40f81d9f14f61a6cffdba57edce1ab9b62c1df3ea3ffb0f96747f90465b2bee956c096f3762d25e90f5f130537046d8deba388d183cee1cc473c3
-
SSDEEP
384:PUr5HB8c31uUvJQ006W8tusv5qEWOdvAUd:PVhsj
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/utils/cookies.js
-
Size
1KB
-
MD5
6c60e675f8c8c68c0174b644d3a63a2a
-
SHA1
3635a3fe07ccc4a6f33a986ddb690522d0611abb
-
SHA256
9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287
-
SHA512
1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
-
Size
1KB
-
MD5
117e4fdbdb0ecf211c8bd909efd337d1
-
SHA1
9f8684d856b7c95bdffb139217dfd89f41373187
-
SHA256
267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857
-
SHA512
f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/utils/strings-loader.js
-
Size
5KB
-
MD5
9c94eb933d8a43dd3825e67a7e30c980
-
SHA1
7ec7b16af6f399219209ba5967d377040486a11b
-
SHA256
96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf
-
SHA512
a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5
-
SSDEEP
96:FXS/WSBWlbBtDhWFTnTeWsNkEj1I/6WfwkUlx416moPdXDKP8j8yZrME6:FXSuQwBBh0nTevNkEj1O6Wme0muXDK0W
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/utils/utils.js
-
Size
118B
-
MD5
a0952ebeab701c05c75710c33d725e7e
-
SHA1
1da8a2e889f1213d481ae3cd5571670c01e64adc
-
SHA256
b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246
-
SHA512
5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
-
Size
3KB
-
MD5
4e4b4a9e2d86ae3c108105078db6d730
-
SHA1
826946be793c999316af6c1db10523950b18ea2c
-
SHA256
cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7
-
SHA512
1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/windows/cri/template.js
-
Size
1KB
-
MD5
76c1ef0cb437db144c2bed53a5a8a5d7
-
SHA1
aaab8fff649f8e46d1e9510018118ee9abe01498
-
SHA256
505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e
-
SHA512
822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e
Score3/10 -