General
-
Target
Feral Depths.7z
-
Size
97.6MB
-
Sample
250328-1dyp6a1yhz
-
MD5
45cdefe8f307a7b1de3cbb8d260034d0
-
SHA1
42daa574352d3349d999b0ce4f781780cc64868f
-
SHA256
48e87793724ddaf0bda810e4a1d9859f9123dc753d78198af9c5f813e612c445
-
SHA512
f322b5a01d14da4f3efafbff7a08da94d51d9a23400d85f30d8b264e455b870da88aef60e6a2c2fff42d1b981f38c20570c7e4654abf9426d878d862b9f8e469
-
SSDEEP
1572864:tgcsQkUe1TdK5VTWzZTq/J04pYJ7cFqe4Y+0yDaGGXgQN2YE0h+XvOp+gRg8:tgPQk1cMm/i4i7cd4Ymt62YVgS+V8
Static task
static1
Behavioral task
behavioral1
Sample
Feral Depths.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral2
Sample
Feral Depths.exe
Resource
win11-20250314-en
Behavioral task
behavioral3
Sample
SetupGame.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral4
Sample
SetupGame.exe
Resource
win11-20250313-en
Malware Config
Targets
-
-
Target
Feral Depths.exe
-
Size
98.1MB
-
MD5
1f9e29546de030dddbbb222dd4cc3a3b
-
SHA1
b3098ec3e12fc880dfd65e8365b68ebc76004422
-
SHA256
722f7cf2ab16009ee0907fa887034ca8f88fac0b8067f3c54e69587335a94369
-
SHA512
a0839a1de2c578b49889a018c782718bf53e239bb6dc951c684966a3d9f46f030761d4379fa29be3e9334471e7dc9ec4b69a5d88751ca922dc6c2864e560f2be
-
SSDEEP
1572864:FXaHmwSnUuNZO/KHqpbp5K6dkePuqKQZaRrwLguql2ssjVo7EkwhvHCFjVs:FXKmDUEYVpE6jPu6ZaSTjjVUOdCPs
-
Renames multiple (109) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Enumerates processes with tasklist
-
-
-
Target
SetupGame.exe
-
Size
191.0MB
-
MD5
a4f1551abd8f6d3a94061c8c21b1c8c7
-
SHA1
182e448ba0b9ef1405232d8fafa0da8f735b7e8b
-
SHA256
be5cf24e8c40828552780368515d428ebacb35ded4034a7297d4e5abd214cff6
-
SHA512
b11c849e1eeb9fd3efd8fdf9a72598b51dae5906d64959b266190dc5518fdcdd892b2d84ffb37d39639fe8644f397947fc6a45aec3c534db4a325a3766798dbe
-
SSDEEP
1572864:JpnoNjghwW/8lxj9UNia0SUp6esGCA/Ys92JDSN01TCwaMWPwVdWeKtT4ZuBF/Ak:kiryLxW
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Modify Authentication Process
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1