General
-
Target
OblivionCheatVIP 2.1.rar
-
Size
45.5MB
-
Sample
250114-z3d7dazpaz
-
MD5
e1bdb1bb87c0e037710f6305c54c969a
-
SHA1
9b9f9848036fb35395e50b515ed45169d6883436
-
SHA256
f139ed18bca38e4e61fa88f94f0a070d217df1c1f647191510253352724ea1b5
-
SHA512
d839d93fbf3547f84ea465f6e9423b5d70b70e840c9f2e0df906cb8f483ea58524c5c79f6badb1f9b2df7a0e7b640904ebca488e36a07dc2dd62edf0f74ccc13
-
SSDEEP
786432:u5r8IfJQOhn0irjgZzaSiI5RTbhVRaqm9hrb/CU0ItR8uZQouD:gRJhhnPruJXByqgPtR8uSD
Malware Config
Targets
-
-
Target
OblivionCheatVIP 2.1/Addons/Macro/MapRouter.dll
-
Size
2.7MB
-
MD5
4366cb8668bbe3a0a02aeb30a2cdbeb3
-
SHA1
875a9b1d24a14fa05d3e38ba4c8799f557134f6d
-
SHA256
2761afb16eaa9f2dbe824e07dd0156bf2d48756233340429fb7aacc67e50e299
-
SHA512
5183c369c27b53edeb4571f9686ebe004ad66419be9d841ce847dd86fad2aa476d9974348817a06ab9f647417ca77a34cbff3c3d0779052a600ded61de332a5e
-
SSDEEP
49152:7WUoErwRmgXJ68as8HyiPeSLQtZrl2AQXdf8xcAplj2dRhYNPzz2RHl9al:QaBW2dRm
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Macro/MapsBtSvc.dll
-
Size
140KB
-
MD5
6a23239643350bb9472856d657bef7ed
-
SHA1
449b4e6e9d75e448acb5786575e7b6b66689af63
-
SHA256
323ebdb767a60ef3d15b936c9d4beebd8d16416468423fc5e3e6525ccbe0f9db
-
SHA512
3297c141aa24ed0a3cc7dd61bdc56af2041f991e677c43e3fced4e0e3094b3d8945f04546ea9979fa706974da930146eda29a5205df65f9cd798020c3b5b2648
-
SSDEEP
3072:eq9mPzBuLp149loMILDsX7U8JL7NKiUK1f6:TsBuLp149q5Lm7l1AiUK1
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Macro/MapsBtSvcProxy.dll
-
Size
40KB
-
MD5
ae54de5d281d6cabf82cf88bc0e5011f
-
SHA1
2b27d48630a1b9e7a82ae32459c18f337eb5c50e
-
SHA256
a94fdfed0e3cb0aaaa9a727d150157fd0179ffcbe03adec5fdcd3e186c1a457f
-
SHA512
cbc541b4f40d8e3ba452f35b31cafedb492be6981f425b333d8ae397e01247cba0ada80c6313b99a00f6e4307ff889944d6e4190e953f832fe0218227c4db24a
-
SSDEEP
192:G2obK6DtPHd5Qk1tRSmmmDVwaQ9jdg7QA/eQ9cQ7p97vE1VzkdHWR6Wk:Gjbfd5jzIa37rehQn7WVzsHWR6Wk
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
OblivionCheatVIP 2.1/Addons/Macro/MapsCSP.dll
-
Size
120KB
-
MD5
f5e3ccfcb1e13c9a716e684f4e1c891d
-
SHA1
7da679e3fdc8c7e56c06f94fdc9fbefe53c2c75f
-
SHA256
7469b3e3e03ba70d7ee7a892c8dba89d01112557129003c64225b930d2166e04
-
SHA512
0d6415e648d5f102114fd386b49afe4e318632236f56d8c5af0b55e08c01978675df76798d097df2e4685b83a8c76f00619e41ca1b1e607882f89ef2fc1657c6
-
SSDEEP
1536:KtkxAidhEjArCyte9X0W1knAfcUX+eTeZw5ssOdclRqH4jr7QZTaVDho5xF6WWQm:4kxAOAgt7LUOeTadcl1J65xF6vQgj
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Macro/MapsStore.dll
-
Size
1.0MB
-
MD5
41fac1ed56826d8850a339783ab4c4f5
-
SHA1
a63d40449e7fa3d2367a92aa0d4ad58ac0fe5768
-
SHA256
6a4f5f8226f970d8ebec785844fa1ccd7e0952db0c5f271937122c0c5497ef48
-
SHA512
4ba6f5ffd8e442ef9cc7f25bd97d7f42c3456fd581aa864b3b2165527128c5a58f932c3dd2bdb13fe82115d08c5a94ffc8a09ef34c628234c649c5aa1cfd4307
-
SSDEEP
24576:0HklUYiAnQV7IjPK9a+JeGnyN4Y3fPUJi0TlE3YVTaHxq/g:0HklUYiAnQV7Iji9ZwNNHfPUJi0TlE37
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/MapControlCore.dll
-
Size
232KB
-
MD5
5df0f86d6d18b1af51399c733c63c741
-
SHA1
aee5b01e80293d74436440650c874e2e43009531
-
SHA256
98bafe55d348b807425e90a7eef93958a7a1dbf9336e3b4f1bd0162729d76d3c
-
SHA512
d9012d689a84a6134471d269065fa31a747d64537746cfb1e4ed17744df0cfb62d09141833f3df20181219019386d421ce9fef1b44b4e09dcf41f11ec7ce3bc3
-
SSDEEP
6144:aMSW0M385jr7NWbkonUCiPghZlmghUPxrnD0TA/5:avM3gXciP0ZfUus
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/MapControlStringsRes.dll
-
Size
12KB
-
MD5
93857a7c4d1cb7d3eaa1572083a6a0c4
-
SHA1
ce35abb6b50a6396b6eb75c802508bcdb6438155
-
SHA256
f5340caae0523b2bb8d38c67fe21d4402246e1f0903162b894a4311ae56b194a
-
SHA512
cb4c305a002e5e48535f8f6cf689cffcf7c6ad23c0b7cae8a15fcaa3f32925f7f0c338d81205ee7accfa48af2daa8ee72137f553654fee395c9ca78a60fc764f
-
SSDEEP
24:e9GSHQzwEYu79RCcDT5IZW0oP7NwycN4t51NK5L35WWdPfPNs3/ys:KHQkEzGmVIZWbTG4t5HK5T5Ww1yqs
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/MapGeocoder.dll
-
Size
2.2MB
-
MD5
8a7264c511daa51ef711d694cf8a553a
-
SHA1
87b9e137c1d57617f8ec4b027e5ac08622b77333
-
SHA256
851f6d0072a90b75d157c8549d6d3d089661caf4e05221ed453e8b63ce8fba72
-
SHA512
f981117c1786cb7a2c1a5205f696ab46017d339898949284771d339c82910e134258c8413da1df8ccf707849318553b5866d7b617414483961381e2230b8db4f
-
SSDEEP
49152:m37Ga80ovmsXqfnznKPknfvGx5K2K2FG60vdKN7ehG/5JVi2jDqNgMD6nVfR:rsThSf/
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Mfs/JpMapControl.dll
-
Size
616KB
-
MD5
bd988ed7ca9ea4e80baaa857e7b8b651
-
SHA1
c8ea1373860c9b85903e45b3a12d8c101d088491
-
SHA256
4132be699e81d24803beeae67eeacde1fcfa68c7779d5ec6c101699d2ec7a7c2
-
SHA512
f5894f815f67f07b6d09e69eb7f71ed7c44c6e6d33a31b1fa047f57ed78112ef8a3b26fd3a9ded7a152cf69e330fdac340c5c3b14432092889c76d5d4c3a121e
-
SSDEEP
12288:exYVeFMT3Gas0IlHqlXnqLqFuB8NbKbCLgNX3JTzNsqwCGodKfPKYcTCg0v0ch0Q:bem3Gas0IlKlXnqLqFuB8NbKuLgNX3JK
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Mfs/MapConfiguration.dll
-
Size
532KB
-
MD5
43574e31453d45cd31d14a2a424c21c2
-
SHA1
1bf3b4c625d243e322b10146598dc797b3487d71
-
SHA256
31ea9421cb0df093cf04bcdf33607f57f65f7fceeb6ddb4b8289db52bbb7a4f4
-
SHA512
c81fe7f060a24939eb7a0ad0c4d8ec66e8521de7a76a2302fc8d100808c09d649a5c34716c74e55fe0e741f5bdf21cd5dc994f637dec890c4d6454447b335861
-
SSDEEP
6144:RmMNmRE+cLqprmplEoPJUNHACvP7ktPrWQVq7IN0Z03fcnclJ8sdoqDbwQ2Aj:gMNmRVcLaaBJkACvjg94MN7f78s3wKj
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/Microsoft-Windows-MapControls.dll
-
Size
24KB
-
MD5
bca2c45159ed628d8bcf79a28d3f3ddf
-
SHA1
73c92f6901554573f2dc81f7a769e0e2438cb982
-
SHA256
b755809b0906e9931ae0af2f32b2bd932db1e53b7afcf23aa31be4be566af438
-
SHA512
89623e30b5c58f6bec4407b653796e0ca9ce7b32c3806095cc46ab04f6985d596eca9b0f08ecde303818a2628447b6dd351129fee5894daa8b14c3a196c88df6
-
SSDEEP
384:zWEHVwWg80Jtvlvs5fqlSaVMaTfOS4ecN9dbeYbP1sNsNaN5:LE8mtvlvsdqlSFMOqkvbeYbP1sNsNaN
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/Microsoft-Windows-MosHost.dll
-
Size
16KB
-
MD5
6b81581ce06104184759fa3dac05fb20
-
SHA1
459b01a8ae4a11e5dce891856753e08807c95a7a
-
SHA256
2b978270bc30ba0739e59647f8d4b845d273e0a12ddb1d4068dd9916fe7405aa
-
SHA512
27cfbd254ae935cf16670e57d4d608498d9af1763b06a5e7a441f00303350dabfc7c3610b6ca686a6d8b53927ecf1d09d95df067660fde250cadd168aeab4bbf
-
SSDEEP
96:YcvEWz4VJWwFwSKR+rEDLULpa1EuythWSySlZSzflYCjc5k:eWz4VJWArLpa1EjtDySlZSL3c5
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/MosHostClient.dll
-
Size
140KB
-
MD5
aeec5b35b162e5c3670e4d9e7d7cf190
-
SHA1
20d8a7e5ace509ab3dcf6a8e7fe480873154f80f
-
SHA256
158f5a6db15be8e6ecd239c6edc36625d0f0ab84af07c62ab22d3299a09bf123
-
SHA512
da54da962ff35c7b7c88a95fab05c049741ff5564dc2f752e87bf23c789463bc9eb3188c510a39780fcfb88cce25c972c6b9ee441dfa91f3b5597ebf26700cba
-
SSDEEP
1536:qF0LMVYU4+O/a9hT/zcR7uUKVOURWWdaXkkP5YtvRuKJl0jW3HPk1La:qeL6K/uhkP5Y2ul0C3c1L
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/MosStorage.dll
-
Size
144KB
-
MD5
85a784e7e01c77dd4f3f9531c7d8d792
-
SHA1
46a4e3460ba7ecab0c87a5543d1ba84c01daca4b
-
SHA256
a59eb3cc923ca4281446efeb8d46f990852efdbfed6b6b149ecee8f32b7774cd
-
SHA512
532bfdb80b3a5dcb26bfe3024e3ee786cc8fbf63931c6b3be0f6a57f60ecb667ee34bbaa4c7f173f108b539088115c651561ec3aac4f3d83eee9ddcff7ead5e5
-
SSDEEP
3072:fO1u/0QCDymMKJ/G3oyX0415JbalJBrk/lM72yUUYo8Hx/S:W1ucQCOV9X0+5JbalXkdsuUYo8Hx
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/NmaDirect.dll
-
Size
224KB
-
MD5
46269bb59c8585e7ac06472eb9e0d36c
-
SHA1
f15b9b9b763f3b83343b150e6a3d16cf2fe56d27
-
SHA256
fa8676028033f3a3f59f3cef89a9f00a95a351214cc741161742e911a3cad668
-
SHA512
58ce06dd354845c761e9eda673cb8bb047b60fc3fc5c41cf0fad397ed973df286e7523a8c986f6ea970f15c85543c627b73a060a4409439a1c67f6bfb77c7320
-
SSDEEP
3072:2xDQGz9kl5M1KfMbtWdL4ruEdbRrSsSI4R5QoHJmWSIv:2RTkl5M1KQtWOru84R5FHU
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/mapstoasttask.dll
-
Size
80KB
-
MD5
5bf40cb956b359c5cd363f8845f6d7de
-
SHA1
a5e4e6874138e46a7c8067287f2a1219b907d6ad
-
SHA256
a5f82eb9852ff88c96dc972bfdc1a7114bc7c1435a312588f4a6a01ce4ef68f5
-
SHA512
1ef8cf2e9db47e64826b64779c4bc762a5ad3c24727448f74b36cae6dfac817a7ed553a195f6f49649f84d54938222bc8c34ad8e89373a922e8f8b52a7aca8c3
-
SSDEEP
1536:ape4CgnUFqhTwhgasW0Vxkzbi5fn7ZLrT:gewUw2gObkndLrT
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/mapsupdatetask.dll
-
Size
76KB
-
MD5
ec4a9e9e6eae6b38a0521606f6050e2f
-
SHA1
dfec06f103e3e427195c4b01bfd8f80457c46414
-
SHA256
14fb2ebfe2630645a4ec1eff9be74e34113c5440d25b8bc28fa52006b57d041e
-
SHA512
425e93e36b4fc9bdbca4c836547cc879ad94181c116c1240fdfefea6ec41200084c98e70c63a00f807613700ec20b6076a59dbae3180aa503852ba04ab93012e
-
SSDEEP
768:C1pMfm1Hbm7db4Qv5ovF24h9YCxasWT5To3rBYfXMqZNDrKEDWTK/:qXhbmJvv6s4h9Y6RIClyXM6DrnDWm/
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/moshost.dll
-
Size
120KB
-
MD5
8c912febd066131a0353e7e177fb513a
-
SHA1
2649c0b3e154521e494fc3d2136ee4cce284fd75
-
SHA256
101bda1a9f1f19ba8b87f6d39b40030391d2a74e981711830ae332a79e86d45a
-
SHA512
eeb7b5aa14c9e275c1cf36858254a6b9498c8f5234a02d65d074e1d9313fa0fa4400fc6a2c16903bb61db483ce3dcf40f5db10753b0cf34bf2a4408bc790c4b7
-
SSDEEP
1536:SMTYcO9uuhXo1uT1ApUrxtffhZDNN4OydeFAJViv6EhPU6u:S86USwWxJfnDNN/8psphcp
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/moshostcore.dll
-
Size
257KB
-
MD5
e2d4df4ffdbbfbe4462080f727706c34
-
SHA1
42e466b9f89d4d995e02b1be8324854c0e87332a
-
SHA256
16a8cdcfe5b08872938318f99f98d76cebeedfc7dc71562bada55364e25f116a
-
SHA512
8e0d9e1616d115395290d571e28c4f0d2d12277f9d40386ef6bfd92d9987da2739b4de88c36550e4a9ce73fdfd098f2c0d3049e1b2abcfbe24c120a37d4181e7
-
SSDEEP
6144:8vp+QHhuGP5An9Qs8QsU1ZGBWujJNjVkCgqWqciCN:8B+QH8NnzGa8VktHv
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Microsoft/ztrace_maps.dll
-
Size
52KB
-
MD5
095621a692c9430999aeaa7500e34547
-
SHA1
89ddb328ee5ab4c7645cd65c9a9d7c02285c3f57
-
SHA256
a0d77484ce51037be9e16d3f0edbdc46756e9f57ec51950a14338cebe6c61aea
-
SHA512
4fdde8f906c8d01adcd7615edd457f706128f0ad0e69e7f4ea39be8a2afd83079c8b1589786ebad0c34b1163d82ceebb56a4d8e63ec6313b2454d809090f0a29
-
SSDEEP
768:shCezbTkVmI3WM79AY2ApgYs08m1+e8C:sTT0qY2ApgMUC
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Server/BingMaps.dll
-
Size
7.7MB
-
MD5
40a9943ca44263115b2644f691f62a64
-
SHA1
660b8037ca5325f87f39272bb76ec8aa2762bc9d
-
SHA256
559a7b0c49acec59e28a3dabb32d5c31d94b5ef98d4d54909c55b5ee95ea6c9e
-
SHA512
cd4f5667cd1bfa4e9dccfc489fc40ef731afa87ea8e147d366d415d5c7d43166627c2590a95075a22544cc207334adc77deeb242c5a735ad75098c2296baa137
-
SSDEEP
49152:WNkteBgnsgHZs0J3i5xEkCXqzUPmeSVydpt+Kvvc0B1K0cO9KJEmNcUowPrigI4W:0wHJUSCqc0BwN6tHUs1WrUwuB6BdUnH
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Server/BingMaps.dll.mun
-
Size
111KB
-
MD5
7ad439fc6dbcc2e1d6ef14609b054c89
-
SHA1
dfccb8201bdf699d4565a7cb1297a18ef4f9a19e
-
SHA256
e2f198f80c7e604a64371be8bf9f6a275ef82308f4bbfc5393c1194740788ec5
-
SHA512
bd3c839ecebc6818ff4ea6414bfcf5c95982cb2a6073f85baeb1e68bc2ab31ebabecdeaf18097a2e2cac0fff9c951584e8e625a82bd18e02ba040b16581a0677
-
SSDEEP
3072:3MdFvqxw/zPDwPebIePjSqZDj9iRDvXljQIgGjZuRJBW:cdFixwXwPecIjVZDJyD9xgGj85W
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Server/BingOnlineServices.dll
-
Size
672KB
-
MD5
039dd64af30c740d91e4d7063e5429fe
-
SHA1
c7836b03c06ce453061602efeb15b85aef57871d
-
SHA256
1eafbba1004af9dbd13aeb94155b25125a1b994defa88b56a9528786aa50ef5c
-
SHA512
c68c46b4636b1cdbb17d1f4c265cd70b92e839e21d232ddab2dde05ee3594d7abcb563ff66a7eb09661301b4ebd61b9ee2cafc77261651d842c67d0475e000d9
-
SSDEEP
12288:jHEtyWj/uQpWm/XhtCZmkcyDVIUVC0Wa:jHEtyWj/uQZ2mkcyDVIUVC0Wa
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Zlib/2.5/MapControlCore.dll
-
Size
232KB
-
MD5
5df0f86d6d18b1af51399c733c63c741
-
SHA1
aee5b01e80293d74436440650c874e2e43009531
-
SHA256
98bafe55d348b807425e90a7eef93958a7a1dbf9336e3b4f1bd0162729d76d3c
-
SHA512
d9012d689a84a6134471d269065fa31a747d64537746cfb1e4ed17744df0cfb62d09141833f3df20181219019386d421ce9fef1b44b4e09dcf41f11ec7ce3bc3
-
SSDEEP
6144:aMSW0M385jr7NWbkonUCiPghZlmghUPxrnD0TA/5:avM3gXciP0ZfUus
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Zlib/6.5/MapGeocoder.dll
-
Size
2.2MB
-
MD5
8a7264c511daa51ef711d694cf8a553a
-
SHA1
87b9e137c1d57617f8ec4b027e5ac08622b77333
-
SHA256
851f6d0072a90b75d157c8549d6d3d089661caf4e05221ed453e8b63ce8fba72
-
SHA512
f981117c1786cb7a2c1a5205f696ab46017d339898949284771d339c82910e134258c8413da1df8ccf707849318553b5866d7b617414483961381e2230b8db4f
-
SSDEEP
49152:m37Ga80ovmsXqfnznKPknfvGx5K2K2FG60vdKN7ehG/5JVi2jDqNgMD6nVfR:rsThSf/
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Zlib/6.5/TestingServer.exe
-
Size
3.7MB
-
MD5
54980c00c99dd31da947a704034250e4
-
SHA1
0388dcb527b4df85048593fb1fe324461ac2539b
-
SHA256
efe6e5da039480336cc51d61970eb7ca5b0c10bc315c083f3cd08f81fb5fa7e6
-
SHA512
3e2202658a8a44d994a34dfa5ae2b7de4d539713424f6e9047401847e003df6daf06848c405584e2c0ac7f80c421d708caf0b82f6995e720060a2662c18fd20c
-
SSDEEP
98304:T/EH6OVb5MRk/Ipfc+SajVqxdAGTZ10tG:TwVb5MRk/Ipff1VGdAGr+G
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Addons/Zlib/7.1/MapControlStringsRes.dll
-
Size
12KB
-
MD5
93857a7c4d1cb7d3eaa1572083a6a0c4
-
SHA1
ce35abb6b50a6396b6eb75c802508bcdb6438155
-
SHA256
f5340caae0523b2bb8d38c67fe21d4402246e1f0903162b894a4311ae56b194a
-
SHA512
cb4c305a002e5e48535f8f6cf689cffcf7c6ad23c0b7cae8a15fcaa3f32925f7f0c338d81205ee7accfa48af2daa8ee72137f553654fee395c9ca78a60fc764f
-
SSDEEP
24:e9GSHQzwEYu79RCcDT5IZW0oP7NwycN4t51NK5L35WWdPfPNs3/ys:KHQkEzGmVIZWbTG4t5HK5T5Ww1yqs
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Compilers/MinGW64/bin/gcc.exe
-
Size
789KB
-
MD5
43acaac9b437bd941c793ca6d9e776f7
-
SHA1
c7de884538ea84e50127331fde9642c4b99fa966
-
SHA256
27d8ea1223c1cf411773a39e8ef406d1f1d5d8956a0351ba8c74cc6c87978258
-
SHA512
6587acc6c03afdfb7ac5e48f01978832dac491f9cdd86d1bc68f997e85000056cbfe6c27462ec3713c4bfad139f7a4937a0258eed98cede48dddacc2f17cac2d
-
SSDEEP
12288:TS1H1JPxbIyLdAKqchyKHxWSwbq7/8c841yZR1af23HPfANwe:TS1rxb/LfvyKHxWSsq7/8c8K0kNwe
Score3/10 -
-
-
Target
OblivionCheatVIP 2.1/Compilers/tinycc/libtcc.dll
-
Size
221KB
-
MD5
018d32ce36c442b94c89a112282106ba
-
SHA1
d64c9b5ade44b0c766790581d31d2925f80c8fe8
-
SHA256
5673e555abaf7adc8856c04e2ecb63fee657aca2c1cf538f7bf4ddcfba8b78fd
-
SHA512
cc77978a01379cbae0c45447bb8dcbc3bee99d6fce5eecbf0b5128ca965ecc71a1b86f6ec8eef79eeb4b79af1a2f9f436eecbac2ec5880f2c10e3a5cb2cbede7
-
SSDEEP
3072:Uo/H0rj173sxwQYsZjqwVFg49F3UaEX6FJtdHUaXnuBRbsWJwPNAzvSEw6/wwRkI:F/H0v1oxw+9bnERbLJeE//wakI
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Compilers/tinycc/tcc.exe
-
Size
53KB
-
MD5
08c121c2147e21032d5212f3d430660a
-
SHA1
e93e7cca5c3ba779a36fb14e5fdb3182d745279a
-
SHA256
54f013a8811498a3bd20d8440a497698de96b659930001874f7c7f638f887d1d
-
SHA512
7b4eddb5e77d78640b56c4b970f96070bd7ed6d281f9a2d5895e7a1b4361cb5edb027068b087d71363ad617609109e6c42795022ec46b16a48cd2b468f711d27
-
SSDEEP
768:S5lhh+VJ2AgP4Z1sFo1DSrsXitHcidyRPDG+VpHVZvnaIOyPCFW:YhCJ2jP4Z+mDS4XoHcidGzp19iGCFW
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/Compilers/tinycc/x86_64-win32-tcc.exe
-
Size
247KB
-
MD5
0317013fd9ea6e7865c09a37a201b183
-
SHA1
ffea3f9c19f8ea5f1c54ba9eb624a84dd0f1ae94
-
SHA256
8daaad81845f30e6e09615555f96219ce8dbb281c1497a2ccbdad8e42c79b718
-
SHA512
da23ad806d71537aa746f990ed36069848fbec64553ee7748b992d38144b5c8fe98a9056bccfacc31981f9d082ebdcedb677fe47a47babd67a8f649a750a2cb4
-
SSDEEP
3072:XFD5/M9pRIaD0oEjMCLxeLHjQJPJ2yWPWAAsQfFcGBzn8wEfTEL3QpfbJKJuPfMl:r09ZkJP5WhrELApd3PMM7Cpl
Score1/10 -
-
-
Target
OblivionCheatVIP 2.1/OblivionClient.exe
-
Size
41.8MB
-
MD5
95a3e8c1d4a5c7bd87a123b5cccb9f67
-
SHA1
152bca2603e39111cc446692d8a29501d980def9
-
SHA256
aa3765a7cfa4a5430c350c0d44252216c215c3fb3ffdf793cbef71dea633bdd8
-
SHA512
8c9663f0f7700dd71475e9bad481e38a1131c636181ca768c4b9016c5e6e233131a37ab5e100b6c071459ef4ee6a7ace6eb22bd671cf5b0c8ded61e6ac8387d1
-
SSDEEP
786432:/ogRer1/vUMrlxwEnk9T5diXo80MVzyj41wt/B3FVB4idWQb9QqMbJVaGeSWj:/ogRA1/3l1nkZ5diXo80MVu82TrXQqk4
Score10/10-
Detect Umbral payload
-
UAC bypass
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Umbral family
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Peripheral Device Discovery
1Process Discovery
1Query Registry
2Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1