48e87793724ddaf0bda810e4a1d9859f9123dc753d78198af9c5f813e612c445

General

Target

Feral Depths.7z
Size

97.6MB
Sample

250328-1dyp6a1yhz
MD5

45cdefe8f307a7b1de3cbb8d260034d0
SHA1

42daa574352d3349d999b0ce4f781780cc64868f
SHA256

48e87793724ddaf0bda810e4a1d9859f9123dc753d78198af9c5f813e612c445
SHA512

f322b5a01d14da4f3efafbff7a08da94d51d9a23400d85f30d8b264e455b870da88aef60e6a2c2fff42d1b981f38c20570c7e4654abf9426d878d862b9f8e469
SSDEEP

1572864:tgcsQkUe1TdK5VTWzZTq/J04pYJ7cFqe4Y+0yDaGGXgQN2YE0h+XvOp+gRg8:tgPQk1cMm/i4i7cd4Ymt62YVgS+V8

Score

9^/10

Malware Config

Targets

- Target
  
  Feral Depths.exe
- Size
  
  98.1MB
- MD5
  
  1f9e29546de030dddbbb222dd4cc3a3b
- SHA1
  
  b3098ec3e12fc880dfd65e8365b68ebc76004422
- SHA256
  
  722f7cf2ab16009ee0907fa887034ca8f88fac0b8067f3c54e69587335a94369
- SHA512
  
  a0839a1de2c578b49889a018c782718bf53e239bb6dc951c684966a3d9f46f030761d4379fa29be3e9334471e7dc9ec4b69a5d88751ca922dc6c2864e560f2be
- SSDEEP
  
  1572864:FXaHmwSnUuNZO/KHqpbp5K6dkePuqKQZaRrwLguql2ssjVo7EkwhvHCFjVs:FXKmDUEYVpE6jPu6ZaSTjjVUOdCPs
Score

9^/10

credential_access discovery ransomware stealer persistence spyware
- Renames multiple (109) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  SetupGame.exe
- Size
  
  191.0MB
- MD5
  
  a4f1551abd8f6d3a94061c8c21b1c8c7
- SHA1
  
  182e448ba0b9ef1405232d8fafa0da8f735b7e8b
- SHA256
  
  be5cf24e8c40828552780368515d428ebacb35ded4034a7297d4e5abd214cff6
- SHA512
  
  b11c849e1eeb9fd3efd8fdf9a72598b51dae5906d64959b266190dc5518fdcdd892b2d84ffb37d39639fe8644f397947fc6a45aec3c534db4a325a3766798dbe
- SSDEEP
  
  1572864:JpnoNjghwW/8lxj9UNia0SUp6esGCA/Ys92JDSN01TCwaMWPwVdWeKtT4ZuBF/Ak:kiryLxW
Score

8^/10

credential_access discovery execution persistence spyware stealer
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral3 behavioral4