blackguard | 9ec6a9e14339ff12fbfd5d5e9b6514e07c2aeaa01da5fb9720746180a3e9af21

Sharing

Copy URL

Twitter E-mail

General

Target

R.E.P.O.Gamdie.com.zip
Size

424.7MB
Sample

250310-gamnyavsby
MD5

4158028ed5a75dd23e6fbcb3132dcae8
SHA1

b9a4e7e7e7bac09f4a1476cb2edc723ada421f7e
SHA256

9ec6a9e14339ff12fbfd5d5e9b6514e07c2aeaa01da5fb9720746180a3e9af21
SHA512

246966a1b20998670e020a9d6d067527282d4a43c08e8a101427cfd2433f4ad18fcd11ae35548e770aad2ff6395f91cc0e971b27800f2fafefde9167635c748d
SSDEEP

12582912:NCK7Esn9B1rdghFs61AjerdQY6iXn5iZuRGKMD8r82CzxQeoI8brScQt94:NCK7EsJrdrKrOaOl2C1QeoI8brScq4

Score

10^/10

Malware Config

Targets

- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.UnityWebRequestModule.dll
- Size
  
  55KB
- MD5
  
  c353c1c7291b74cd6ede76467d116fb3
- SHA1
  
  f85c50c0b29dd31d71627ec5803341bf239f176b
- SHA256
  
  46bb5f5047b7c8949664d397db2399d5a9c5e41689cba6bc536ade115e78642d
- SHA512
  
  3e99fb044c70b1a9e414d0d6081ba3882f613df51c0aca806e72b2e7144235be736b0376df339be3b7cd626a91d5bf5b6ef6548de5f0000cdac4258e8ee5501c
- SSDEEP
  
  1536:2s1tbHHk7LagUVASZw2TzncHAhjMFSZhQ3xv7:2+EagCASZTznAN
Score

1^/10
behavioral1
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.UnityWebRequestTextureModule.dll
- Size
  
  19KB
- MD5
  
  55c42c4e590de609819f92f82a4a05ec
- SHA1
  
  4c98e65f40d26be0c243fcf2fd5c4970c3919f40
- SHA256
  
  44ec70ab498574beef271b0ef0ffa222a08853ca6af2fbde84de97315d777b12
- SHA512
  
  8d63122945d2a55da747cbf20d4f539337edffe5a469bc1e2deedb6ed7634939094c2266dc880369c1496ab2aae27ed70e21be0d3d9fb7bddbd9b23b0964495c
- SSDEEP
  
  384:V/bm16QKSzncH5z2hjMFSZcjO4oHqC1KZLAM+o/8E9VF0NyyU:VTm163SzncHAhjMFSZhHKlLAMxkEh
Score

1^/10
behavioral2
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.UnityWebRequestWWWModule.dll
- Size
  
  29KB
- MD5
  
  e49afb92c15c9f5e1e079a40d037185c
- SHA1
  
  9225279e6ae816f60a74fb3be593287ce38e5766
- SHA256
  
  ccaeb6c020f77115f6f0c8c2b849f633d48108ecddf44d4cc1ba8a84df79c0cb
- SHA512
  
  3b08d0d4d91164da89aa62d9bd86c2a20e78932a9ceb77694363da8304b324ee39ca21f498a136edb003aa68526235f51c77db5388e0045847f4ea9583f5f173
- SSDEEP
  
  768:s5JNNcjVkzY8v0VPc1TbzncHAhjMFSZhkIAMxkEm:s7NqjVk8Y0dc1TbzncHAhjMFSZhkWx6
Score

1^/10
behavioral3
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.VFXModule.dll
- Size
  
  55KB
- MD5
  
  41288907c39e3930cdd0acfd17d463da
- SHA1
  
  727b771a249c1c214ae3fced21a07f53188a9c6c
- SHA256
  
  ed634c70adc1e21dac845f519fc8696726f24900f3ab5c5b409617435435c1d3
- SHA512
  
  73210a75f0b12202c99b59c06219dd17c46fd225389d0221336e838bc8c5da5056a6f7f79aaaceecfd1ad003bb3913f0738f3ae37e4b2bd0130b66df709f67f2
- SSDEEP
  
  1536:59vTjDlllllllilllllll3lllllllllllC5lllllllllllllllellllllllllll0:vvrlllllllilllllll3lllllllllllCn
Score

1^/10
behavioral4
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.VRModule.dll
- Size
  
  24KB
- MD5
  
  585925f99f7dce09ca61b9214ce1a511
- SHA1
  
  e32fd993495ab316dfa3aad200d70de471956ac1
- SHA256
  
  da2fdd6282d3a73a7ea389c096a0af528a3eacec9b2473bc059d3844ecc11f88
- SHA512
  
  1b1d5e3da780ab90786c4c9877df4d3dbb5a7fb313752766d2f4e9a6f5afb959e307aae6e92d57fd6552bb4fd558b37374e429c784ec12ce7beb33fe8fb1a754
- SSDEEP
  
  768:a8i0Rnu4EphVRBS8wg4ODzncHAhjMFSZhtzAMxkEl:amRnu4wVRBS8wg4ODzncHAhjMFSZhtzn
Score

1^/10
behavioral5
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.VehiclesModule.dll
- Size
  
  22KB
- MD5
  
  95667480952abc52f2e25d859fbf9940
- SHA1
  
  e63c44c6c8d73bf28455dd61e6e64c416a375cf1
- SHA256
  
  9f72596d61c9451820feb1a4fb9cff1b326237cf7db9115f8748c6977201a08e
- SHA512
  
  38bc8926d5e3f40ac59d11e2414f3a3b4a92d52e8483e592468107d5feca4a53344d54ee12415dfa4dc246c410d621d44924ddf326051273eea50c8727601b9b
- SSDEEP
  
  384:Eww39ngu62gh2Hl7zncH5z2hjMFSZcjOzxs7/AM+o/8E9VF0NyUvR:EfYYl7zncHAhjMFSZhzeAMxkEWR
Score

1^/10
behavioral6
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.VideoModule.dll
- Size
  
  38KB
- MD5
  
  81542589451da6943de45449bd887b2e
- SHA1
  
  e316802286b1f0b3bbe85e78ad8e0d658e849aec
- SHA256
  
  cd43f0487a884d3b995fbae575d1ce336840ac380c7f57337e23405eb2bc8988
- SHA512
  
  4c26f2c1860a569fa9118cf41131be925deace34d41b3326bd2c65391d460af7da400e6ea21b1a1e78373bb464e68bc476d85b21d963e2611faf62f12578d7b8
- SSDEEP
  
  768:kGGm0cBkFFI2eJfb4zDQDjzncHAhjMFSZhvJAMxkEA:+IOoJzNDjzncHAhjMFSZhvRx8
Score

1^/10
behavioral7
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.VirtualTexturingModule.dll
- Size
  
  33KB
- MD5
  
  04cf118769c879200d985db6db188579
- SHA1
  
  f226a1f1b3b20bd087788d2a071eda4e14e2f553
- SHA256
  
  bc5aad8d7ff2a9f6847fa10fa02588bd5bc665a8bbf19b34b68cbe6c46fb18fc
- SHA512
  
  a57cf031e4a1c00960bce54612122a0641bfd9bff862f1fc00c664c41c8b6dd6ed2012d3c7ca4087c7556e3ac34d9da609852429113d0c78d57d176a6b1c4ce7
- SSDEEP
  
  768:oDtpEPFNnjozMRSPSzncHAhjMFSZhFieAMxkEoRC:oDfEDnj4mPzncHAhjMFSZhFfxkM
Score

1^/10
behavioral8
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.WindModule.dll
- Size
  
  19KB
- MD5
  
  b7425ea44f2bf86108e86346057aac23
- SHA1
  
  ab6168c3e130eed81c3327317aaba5ec71fd8109
- SHA256
  
  e3ceca138da0ad56a971b8c73ca1b369267361b46bce6a9028f9f02c221736a2
- SHA512
  
  04a2bef34619eb538502337aad9eeeac4c37c796ad90603811f41d1234265536e9e4698dbcfb1ba2ac291de3918d18a5f74f5481e6be6870edd46324e80a1279
- SSDEEP
  
  384:CKopBzncH5z2hjMFSZcjOrBOAAM+o/8E9VF0NytT:CKYzncHAhjMFSZhrNAMxkEr
Score

1^/10
behavioral9
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.XRModule.dll
- Size
  
  67KB
- MD5
  
  539da23ff25072a2425848a0e9a8dac4
- SHA1
  
  a40fdbaf67d24abec75806a41d891fb8b371b666
- SHA256
  
  db8bdaa2dd15f0dc0ddb22e511b0acebf70f18420ba153a67ce9f7f8a67d19d3
- SHA512
  
  55dd652edd596e2ed1b91c002694d8af0c03fb365488154fdd82efb809370444d63e107883e660cb217bfdb941a3ad524f577911bfb4d5646fa3d1be97cd2d67
- SSDEEP
  
  1536:YJMyAvGaUUUUUU1q1YB08bQSXB4hKrizncHAhjMFSZh3oxVc:YQ9RQrrznHEc
Score

1^/10
behavioral10
- Target
  
  R.E.P.O/REPO_Data/Managed/UnityEngine.dll
- Size
  
  121KB
- MD5
  
  8bf5e92be760bec153023e3337e6f4ba
- SHA1
  
  427f906b72ad7d1e99c8e259f1889bb869612fa8
- SHA256
  
  681568b3ba2c5ef8981d2b1ef30dbe62e44f84f22faafb0dbf8a70f5df3d20c5
- SHA512
  
  2c6125b43b8952664ed72ff57ac902d6ccc17e2f53bce6039bb1f08d6082c5c37fef0067702896f5440d2b367fbe06ffbdd6830257709479779a77202a016ee8
- SSDEEP
  
  1536:1WbxApRfSTeVceGkvdFrfFBcZmLSst+YCUhJ0EXjYX85GPIj76Ae9iSEKwn1cFps:1WlApRfSMco8K3+E0n/x/S
Score

1^/10
behavioral11
- Target
  
  R.E.P.O/REPO_Data/Managed/mscorlib.dll
- Size
  
  4.4MB
- MD5
  
  bc6afe10bf52c15f5abacbc85428e98b
- SHA1
  
  9f62a1829f93fd71443c5d72e3743eab93d0028b
- SHA256
  
  676d40ae275f8f8ea581baf9a84a748eb41aaaa2c68845a29fdc4b797429fecf
- SHA512
  
  40ee695254fb0ed1fb8a0ac96e73710cdd278997041480a38f943f4a02d5c1708eb8794b66f2f668d67f802fd5c5b590e9adfdb6bf7d6c8aa694ae348d4ff5e6
- SSDEEP
  
  98304:SvIAbMst0AH/NNAzzg/IwACSykimYAlDWUndZBlKj4Xl59xWIKWBCFzXjg1WUqSv:S5Yst0AH/NNAzzg/IwACSi4p
Score

1^/10
behavioral12
- Target
  
  R.E.P.O/REPO_Data/Managed/netstandard.dll
- Size
  
  88KB
- MD5
  
  c61967ebe7f07f6a5a1b3f91842bbc3c
- SHA1
  
  c2db6e7376977c5c7f17d816406ca70f95d8e1ef
- SHA256
  
  6ae62e082dc494a2433984177f60ca4db5fae69b1f360a8b33754172b310b8c5
- SHA512
  
  5e63289f67a2b5d436d192a6354444327c4939e854cdae82614950885265fcc76739219138f22c55171362b735169ed77e0699958b4960a909f6ec919ce3aa49
- SSDEEP
  
  1536:zsYKt7WAMU9UYk5f4bJUHGPdghpuSX5qUE7cLh9z+:3K4AMaUYm4bJUiIBh1+
Score

1^/10
behavioral13
- Target
  
  R.E.P.O/REPO_Data/Managed/websocket-sharp.dll
- Size
  
  239KB
- MD5
  
  9a493eae8b5d8c7b8e08cbbd6bf5d22d
- SHA1
  
  fad4ddd3abc55403440bb53f7f1b6b5bfcf15bd5
- SHA256
  
  e57b964eeb264945c4c133912a61fbbbb793d697b5cf76a5c4ac97341a2659b2
- SHA512
  
  04d1a73f08154d74e708705270cf933bf3d0633963775979fe14b826bf9ce2c7dbc08ab5bca773d56c8f754063238ac63e92a4caf686c7abab019de9d48b09ee
- SSDEEP
  
  6144:6dVbusKO+i3yaead2FB8hXgf+OuON/s5fPK5U:6dQsKOV3yaeaA8hXUN/U
Score

1^/10
behavioral14
- Target
  
  R.E.P.O/REPO_Data/Plugins/x86_64/AudioIn.dll
- Size
  
  142KB
- MD5
  
  c761d504977ccb55c1b98b3d171c3620
- SHA1
  
  88c98ff7224b267bfa7a3b06f9186ee2c78dde7c
- SHA256
  
  50f8407d6cd5625d2a8811885a1917989c92186e8106b1dad8e39cc4f7f9a62e
- SHA512
  
  9ff3e033e1505f1e9926e254296fb7ca82c298b6cf3e307408a09ba6b2d884abc8646e2ae64ddea1c5ffe1b329fc2d2f9a5998fcaeef464bacf1d12ae7d909a4
- SSDEEP
  
  3072:PYjZNWehiHilHJfqE+9Qcm58uqiWFfdVGLMwVF:igHeJSEqQcmjZxF
Score

1^/10
behavioral15
- Target
  
  R.E.P.O/REPO_Data/Plugins/x86_64/opus_egpv.dll
- Size
  
  430KB
- MD5
  
  8b45c7ec84adc6a071bf5837f1038cf5
- SHA1
  
  6bf74519b96558dabaaa219a83e7ebb97b59ba8d
- SHA256
  
  4f74f4a21512f4cc13bee08c043cf98e0a4c92c02d265283058a19f7c70d7ee7
- SHA512
  
  f960fb5ac6cb50e1dc17f9e2553c4c6fe305c7eaeb83f3d4a742854bbeefb029f2b8c9e4e813fc47eaa6f5a928ac612c48d893841aa3d0c7dc4f6f19fb2ba403
- SSDEEP
  
  6144:YdcYMYMqHpMAAv8ukEacI/fbPiKvF3Yo5CSiHxqLeLtMdA8jotLvznklujtyFoAg:WFVJ3df7wP58AVy9GvIbYoFo
Score

1^/10
behavioral16
- Target
  
  R.E.P.O/REPO_Data/Plugins/x86_64/overtone.dll
- Size
  
  17.5MB
- MD5
  
  3f98bbaa0c5e2380cbf6170d5214e3e8
- SHA1
  
  82d1ed155198dea35d683f00fa58c9b85203ccb6
- SHA256
  
  edcb57be5ff410bbd847e4fc2417401a4b2ba08932a1aed88217f72421a4ee13
- SHA512
  
  47e0bbe99ac29537bf653cc226f16e322e0889a0fb88bac0e6c1beb8f9d7e8ce60f9fcaeff33d84a4c5f45d26b2318eddef190184de8e1efd5834e04920e730b
- SSDEEP
  
  98304:EplPjrvfjlt3+mZoU45yCUHH0sRupp5+6+1N03Sr2ns7/jn11olkObA2yobaokov:C35pymHHJu+6+I3Sr2ns7KH8
Score

1^/10
behavioral17
- Target
  
  R.E.P.O/REPO_Data/Plugins/x86_64/overtoneruntime.dll
- Size
  
  8.8MB
- MD5
  
  0ad5cd502c78dd8c76821145cc2bb0e4
- SHA1
  
  6df40e952f1643837134873c8ca846a936a53472
- SHA256
  
  a630f67f4a82b6689e4178bf81d362d945522dd907b2a92cb43cebf72c83a06f
- SHA512
  
  39c4a37f18ea1fd9fb94a355afc3a33a8c8a901222a134fe447d03864830923a5d58165652feacac2c173bf59e7aa562ef1b2ac8655d73f2965567cb85ff6478
- SSDEEP
  
  98304:eae4eNAR5m5hKiKydHvb07GeDbSZpVVV:Be4eJ28Hvb3
Score

1^/10
behavioral18
- Target
  
  R.E.P.O/REPO_Data/Plugins/x86_64/steam_api64.dll
- Size
  
  256KB
- MD5
  
  8afde2d19c89d0bf1a9f6ec475aa0ebb
- SHA1
  
  7d1453b841dfb1101ab45f63d3b4294b6c5d0cb6
- SHA256
  
  473f5a312b56519f347741b63f3dea590946b96ea40ef3803d5f452c39af2f1e
- SHA512
  
  4166361eead938b1a01f110ae3acd3660f5123ccf97b4504ed0577b3eedbe57cee5222aef037524de6051a6727c88161a4aa250b4ae60fd84ccfb2591d1b2090
- SSDEEP
  
  3072:NfpmprkbwQzAVsCeOTdmTxMezfOLgSbew/N65lhTbC66rpFvwLdyN+Qe2UvMxCbh:mprksQUVsCeOTdmTxDSLGnpynxCbmyx
Score

1^/10
behavioral19
- Target
  
  R.E.P.O/REPO_Data/Plugins/x86_64/webrtc-audio.dll
- Size
  
  811KB
- MD5
  
  8f2df82b4285d5824dd9a46570b9e5da
- SHA1
  
  ca96ebf7c5a6cda3693ca565b8b09cf9aeb4b7c4
- SHA256
  
  589ce036d3e426597a785b9632dc08c1299e4d4455eb1d498787418ccb78687d
- SHA512
  
  0bad1649cab5b4bb5abd6ad667e2631e2e37d15f091de6541e7ea842f3a9347058c4f5e9368a7b3b5e47bdb7ffa9b093059cb70ffa35262b656fe646a5138a5a
- SSDEEP
  
  12288:0G3eyUE5galX3cvt2VUJb0kmKniTk13IR6bEqVG2oQhf:Dey33lXSCOPDqk13C6RG2D
Score

1^/10
behavioral20
- Target
  
  R.E.P.O/SteamOverlay64.dll
- Size
  
  114KB
- MD5
  
  0a5429b888c75f6525e1100e32dd2b69
- SHA1
  
  8ae224580aa0838a7b1570c79d4d8f27a1b46d19
- SHA256
  
  f784b4b85b627c7ea541bd2a90c9fc6e9736a0731707c31265aa86fe684dc2df
- SHA512
  
  5f77ac9619ccb5baebabb2e406ce265148ad18c6e1162c7d4c3a5656f38abedf90f756a829da856312689a738a3258382f37a279843bf7db0c14ac953c6992ef
- SSDEEP
  
  1536:h1iaPnCtV4+1/IGiaA7bSMhP3rOy843NxnpWJtRsWkd09dl38s6BtcBRXh4:h1iaPn5+uGi/7bpxaX43Ni3aMLJB1h
Score

1^/10
behavioral21
- Target
  
  R.E.P.O/UnityCrashHandler64.exe
- Size
  
  1.1MB
- MD5
  
  9fbd5305c2c2fc8458c9774d3dd815e4
- SHA1
  
  4bb449696116301c686f51135699302d62770a0c
- SHA256
  
  670e0fe0d0b8e5d42109b0b4dec606c6f8252b8c98af807e36b40117c07f269f
- SHA512
  
  2ea7aecd995bbb102d03766ffc4a5419a784fc69cdee263afebcde70d2db795f88b9c39f591c0b1fcee7ab52334766b50e8827204b39b9f9cc497dc6f854684e
- SSDEEP
  
  12288:wdQguUWSv0LZ0dkXepg517sB0I5NTBpoEfHfR2o/EoK//60pJgQfz2fzAi:wdlupSMLag1700IAiw1/TJdz+zAi
Score

1^/10
behavioral22
- Target
  
  R.E.P.O/UnityPlayer.dll
- Size
  
  29.5MB
- MD5
  
  b33d91200048e718c7207367f49d60fe
- SHA1
  
  cc95b2632f33ec9a533852df3402c58ef3faf0c1
- SHA256
  
  4b34672318371b54be9d89c9482a91ab3d26ae5d209935b8ad5919e00ec4f1d9
- SHA512
  
  edc94d2deab48e3aa57566904ebafc7082d63f14901c36067783deb10538e74124cdbadc72d40ec3c9db09c9e1cd27b18bdfd1969545e2607d34d5d12ec1d220
- SSDEEP
  
  393216:1noDihsvwMWJaKAjn2lOJwaS+EzxWGjN4QBqro+dhNr5G:1oxNju2tdHlG
Score

1^/10
behavioral23
- Target
  
  R.E.P.O/winmm.dll
- Size
  
  512KB
- MD5
  
  e59aac558d9f9c5d1312ac24d09c51d5
- SHA1
  
  2f11c4b00f5f92d4466348f9501aa657c9bf6fa7
- SHA256
  
  ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3
- SHA512
  
  1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0
- SSDEEP
  
  12288:XQxOD9ZC0WKOy8zMtJKpBmpMgBNwQuQmMzWq0hNwnoAZwl:XQxOD9ZFKpB+N7JmMzWq0hNwnBZ
Score

1^/10
behavioral24
- Target
  
  _Redist/dotNetFx40_Full_setup.exe
- Size
  
  868KB
- MD5
  
  53406e9988306cbd4537677c5336aba4
- SHA1
  
  06becadb92a5fcca2529c0b93687c2a0c6d0d610
- SHA256
  
  fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
- SHA512
  
  4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99
- SSDEEP
  
  24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral25
- Target
  
  _Redist/dxwebsetup.exe
- Size
  
  281KB
- MD5
  
  fd6057b33e15a553ddc5d9873723ce8f
- SHA1
  
  f90efb623b5abea70af63c470daa8674444fb1df
- SHA256
  
  111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288
- SHA512
  
  d894630c9a4bdb767e9f16d1b701acbdf011e721768ba0dc7a24e6d82a4d062a7ca253b1b334edba38c06187104351203a92c017838bdd9f13905cde30f7d94d
- SSDEEP
  
  6144:pWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSc:JGvjp5cj35kDB9hrs3zARBSaJSc
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral26
- Target
  
  _Redist/oalinst.exe
- Size
  
  790KB
- MD5
  
  694f54bd227916b89fc3eb1db53f0685
- SHA1
  
  21fdc367291bbef14dac27925cae698d3928eead
- SHA256
  
  b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd
- SHA512
  
  55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5
- SSDEEP
  
  12288:0s1yfEcpPzdv+t4cRIy3ze3SUN0PXGTjiqRy2p3kwzjGHTkV:NwfLrvi4cRIyDe3SUNaXy+WypoGHgV
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral27
- Target
  
  _Redist/vcredist_2015-2019_x64.exe
- Size
  
  14.3MB
- MD5
  
  f0248d477e74687c5619ae16498b13d4
- SHA1
  
  9ed4b091148c9b53f66b3f2c69be7e60e74c486a
- SHA256
  
  b6c82087a2c443db859fdbeaae7f46244d06c3f2a7f71c35e50358066253de52
- SHA512
  
  0c373b06ffe84f3e803831e90f22d7d73304e47a47839db614f63399ff1b7fcf33153bf3d23998877c96d2a75e316291a219fdd12358ca48928526284b802591
- SSDEEP
  
  393216:q5lptVYmfr7yBG/4WoI+j6LTinXKSf0fzTDv8:q7pttD7yBG/uljIinXj0fQ
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral28
- Target
  
  _Redist/vcredist_2015-2019_x86.exe
- Size
  
  13.7MB
- MD5
  
  de34b1c517e0463602624bbc8294c08d
- SHA1
  
  5ce7923ffea712468c05e7ac376dd9c29ea9f6be
- SHA256
  
  ac96016f1511ae3eb5ec9de04551146fe351b7f97858dcd67163912e2302f5d6
- SHA512
  
  114bca1ecd17e419ad617a1a4341e607250bcb02626cdc0670eb60be734bbad1f3c84e38f077af9a32a6b1607b8ce6e4b3641c0faefaa779c0fec0d3ac022dac
- SSDEEP
  
  393216:/d/FlptVYmfr7yBG/4JU4TRjtjUMy4i6kgsY7i:/1PpttD7yBG/QHTJtYMyke9
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral29
- Target
  
  _Redist/vcredist_x64.exe
- Size
  
  5.5MB
- MD5
  
  630d75210b325a280c3352f879297ed5
- SHA1
  
  b330b760a8f16d5a31c2dc815627f5eb40861008
- SHA256
  
  b06546ddc8ca1e3d532f3f2593e88a6f49e81b66a9c2051d58508cc97b6a2023
- SHA512
  
  b6e107fa34764d336c9b59802c858845df9f8661a1beb41436fd638a044580557921e69883ed32737f853e203f0083358f642f3efe0a80fae7932c5e6137331f
- SSDEEP
  
  98304:EuLgywiNHBeSLxYK/bxE3q/BlZkWMGPQflVJ/EK1sLyzs2T2Q1mOjq4/:V7wqheSVYK/bua/BlWWnuVhsus8nm+qi
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral30
- Target
  
  _Redist/vcredist_x86.exe
- Size
  
  4.8MB
- MD5
  
  b88228d5fef4b6dc019d69d4471f23ec
- SHA1
  
  372d9c1670343d3fb252209ba210d4dc4d67d358
- SHA256
  
  8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8
- SHA512
  
  cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8
- SSDEEP
  
  98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral31
- Target
  
  _Redist/xnafx40_redist.msi
- Size
  
  6.7MB
- MD5
  
  97c2eebb30c5a88c68c8f24f37183f1d
- SHA1
  
  49efdc29f65fc8263c196338552c7009fc96c5de
- SHA256
  
  e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7
- SHA512
  
  c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da
- SSDEEP
  
  98304:wynfL329J1XswfXO6wiBB+4RZg6aENaCZAU5PMO0MntfERyJGH2YPq/:wYD3C1XXfzH+4cLHU5PM/Mnt+YGlq
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Checks installed software on the system

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32