Overview
overview
7Static
static
32c3ae0927f...4b.exe
windows7-x64
42c3ae0927f...4b.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3CurseForge.exe
windows7-x64
1CurseForge.exe
windows10-2004-x64
5LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1owutility.dll
windows7-x64
1owutility.dll
windows10-2004-x64
1resources/...st.exe
windows7-x64
1resources/...st.exe
windows10-2004-x64
1resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...ec.dll
windows7-x64
3General
-
Target
2c3ae0927ff4e21bdff76aeb7370294b.bin
-
Size
86.0MB
-
Sample
240701-bvqy7svgrk
-
MD5
2c3ae0927ff4e21bdff76aeb7370294b
-
SHA1
1a14c5ac525ae926ddb7d9fbcd4941ef16e4b34d
-
SHA256
45ca1d26646fed29fa545ca768dc55bc85b650ce12e09995b74678c4d94c34e2
-
SHA512
348419ca6a7f64057d954e450b602288b89610162b137da3f3e7efe30cb6664f00464504b18088870ba3efc718c19c727a8c030ddcf16420329ec9da80afee10
-
SSDEEP
1572864:yDTCzy+GAJXD7kBWjOkx8eAjRgY9ywN/GJpmdPhjReKwjzavqepsm:yPf0JXcyIRgX3JpmFy4vb
Static task
static1
Behavioral task
behavioral1
Sample
2c3ae0927ff4e21bdff76aeb7370294b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2c3ae0927ff4e21bdff76aeb7370294b.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
CurseForge.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
CurseForge.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
LICENSES.chromium.html
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
LICENSES.chromium.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral16
Sample
ffmpeg.dll
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
ffmpeg.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
libEGL.dll
Resource
win7-20240508-en
Behavioral task
behavioral19
Sample
libEGL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral20
Sample
libGLESv2.dll
Resource
win7-20240611-en
Behavioral task
behavioral21
Sample
libGLESv2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral22
Sample
owutility.dll
Resource
win7-20240611-en
Behavioral task
behavioral23
Sample
owutility.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/plugins/curse/win/Curse.Agent.Host.exe
Resource
win7-20240611-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/plugins/curse/win/Curse.Agent.Host.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
resources/elevate.exe
Resource
win7-20231129-en
Behavioral task
behavioral27
Sample
resources/elevate.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral28
Sample
vk_swiftshader.dll
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
vk_swiftshader.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
vulkan-1.dll
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
vulkan-1.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
2c3ae0927ff4e21bdff76aeb7370294b.bin
-
Size
86.0MB
-
MD5
2c3ae0927ff4e21bdff76aeb7370294b
-
SHA1
1a14c5ac525ae926ddb7d9fbcd4941ef16e4b34d
-
SHA256
45ca1d26646fed29fa545ca768dc55bc85b650ce12e09995b74678c4d94c34e2
-
SHA512
348419ca6a7f64057d954e450b602288b89610162b137da3f3e7efe30cb6664f00464504b18088870ba3efc718c19c727a8c030ddcf16420329ec9da80afee10
-
SSDEEP
1572864:yDTCzy+GAJXD7kBWjOkx8eAjRgY9ywN/GJpmdPhjReKwjzavqepsm:yPf0JXcyIRgX3JpmFy4vb
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/SpiderBanner.dll
-
Size
9KB
-
MD5
17309e33b596ba3a5693b4d3e85cf8d7
-
SHA1
7d361836cf53df42021c7f2b148aec9458818c01
-
SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
-
SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
SSDEEP
192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score1/10 -
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
CurseForge.exe
-
Size
169.9MB
-
MD5
81dd28ccc4e6a3d48a490f2d1ea6d690
-
SHA1
19f6e4802595d19bfb085650051852bcf2246c6f
-
SHA256
d0ab6f123602ccec7341a39393894a1998104b600347bf7c5d5f7d1e5e81c658
-
SHA512
df4930feb6c5d10418eb40110efa2dc396bcc166db9fe642179942dfed1e7d45ac50e7e6aa19df45c689aefef1542ea4e2a614d4ed58c9279643d4be60769d21
-
SSDEEP
1572864:Os+fxQiW1vVzbHpUcEtmLd7cF3PPHNzLuTe7ulsxM/Gyr/w7VoB4X+x2CFRXQQS7:De8BWNg3DFxfQ
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
LICENSES.chromium.html
-
Size
8.7MB
-
MD5
fcb299831276a7c8bdeb036142da1c25
-
SHA1
bf6990abb92ab627b7f2e7aecbd5a58b86d2e09a
-
SHA256
6daa3cd398e5380222c6b6bdb4d66a4b4273d4bb74d6bf53495a5722f03ac0dc
-
SHA512
1e31ac0b6836d24488e32d04b5028ac2a9e00ebd8e29aaf742d9e0cdb50d5a9d4f7bcc3919b22a793552d31aaed2104415268f14e903754bf25a86510fbc98c9
-
SSDEEP
24576:RQQa6NA6P5dWWSmwRFXe1vmfpV6k626D6b62vCuApj:RWfTF0
Score1/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
2191e768cc2e19009dad20dc999135a3
-
SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a
-
SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
-
SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
-
SSDEEP
49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.7MB
-
MD5
8115c354d8a81017e07203982eb46196
-
SHA1
269657a609411d7b300f8a5c7014eab7d73c456b
-
SHA256
98cd2b3c5bb3f69f94465b9df58ce37ac3d8dccc1320adbb529fc197c0f8f7ff
-
SHA512
0df8621f256000057bf2aedf43f723053aebc025dc4cf97a878161e0f9b5a8566ed27fc96473dbdf34a6e13f530d2beea640849556bc85cf144cfbb0afeda869
-
SSDEEP
49152:yPDtyvMYqXiOamQ7NyjmnMDbG7OUx7n6mfu/oB7pweIcgsxqeUsn/u:YSOqNIoQG7OUrd/xKsn/u
Score1/10 -
-
-
Target
libEGL.dll
-
Size
467KB
-
MD5
518d64cb93e228d5ebe864fc45ce3c70
-
SHA1
6c2a29e02f1fdb67f95f928dda1db9549034f9d7
-
SHA256
6bf8e9b0db8263bb69abbbc20df7d629439e0f16e6dd64a4b57be3457a9ad07a
-
SHA512
38ffd18470a7dba52aad265fb4cda7c209b6c61198ff9e482e60062a66ebd1b7884ac665dee065f8c7f3bd4a534fc5a768ab215e33f5bb30aa702f9fd18e9de9
-
SSDEEP
6144:2uF2DwTNCKxOUxcfDVTyKH/VbPGtWQAOWIBtuKYbu7DB:dDCKsAcfDVjktWQAOWIubg
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
7.4MB
-
MD5
cbc82cab8fb2d60211dbb83fd3a36238
-
SHA1
c45b0181eb7f53e9965d7d17b360c9243114817a
-
SHA256
37c532a9032a129088bfde96d68d90a5c6f81c0d5cdc1421f441bd5b738b88f6
-
SHA512
72e3a609d64c4e5c22209ac7c76ef6b25b8bdcd10de4e389ab10abd126fc01c99d32a073265aff2d6347703cb30f05f97a8a3a02784f824383df47f5b700282c
-
SSDEEP
98304:3YM1bKnyhXV3X4Nf/eW74heor1up6sDCpaXm3TV:3L1jlX4F7ivuyUCTV
Score1/10 -
-
-
Target
owutility.dll
-
Size
1.5MB
-
MD5
46c232a0b5d0a102a92aad607aaa026c
-
SHA1
dbdd16bb6d1bf0b4f102f891ed682b660c006e26
-
SHA256
3802dd5e8001c63955475b3b062117367b94a0d59978a24ed6a6602a55fe27c6
-
SHA512
cbfa92e6cdceb6f67d701efcdcae333bbff533fb20ad090825df4d7af5593fe36acb14144e20dbf563d565af73941ad97558287210ac29b518e4481ed3f456d1
-
SSDEEP
24576:GjjAyN7CbTB3Iu2VIMiFryCF9fLp34G5cdHSdslQ3m3oGch+XaxLaXp:GjcyNeR3IuUIMiFLFpLp3z5cdgsvYFha
Score1/10 -
-
-
Target
resources/app.asar.unpacked/plugins/curse/win/Curse.Agent.Host.exe
-
Size
24.5MB
-
MD5
d8191b04e3ef98cf77ff11fee2d7869b
-
SHA1
0a734ec55c7ccfe39b203bc048836e24c02d8454
-
SHA256
c7bcc26e226f19a4836a07faf9767754ca9428bceab27a446b08703312d21ed5
-
SHA512
734f19f9da8001868b86939761b6c5097586b3131052911ac455ec9ca78c30f4a68ce832d45a259b3bde92dae09f0e9632cc401772497f6d0c632bee934c255b
-
SSDEEP
196608:OXQ5X4ZCMhUyhtTbGynHR8hY8QfraSUqshfcIH36Hsso3TFziM3D0:OsKCMhUyhpaynjocIqHssCT70
Score1/10 -
-
-
Target
resources/elevate.exe
-
Size
127KB
-
MD5
10be0f05261c54a7e20c6cfd904ee692
-
SHA1
36a3339c3f3878456565d10b983d09889e78b2cf
-
SHA256
5d7b354feca86ae5c80606b30116b9f88d7ade804b9a0f7b29f4abe9aeead8af
-
SHA512
2b0595613a6a2f8be83a1aa0a79053b0f5ca866e1d0712480e76ac02857a4a517ce2f4352ad4d9a422ea008625afd50309011c26aa8a74ac2e74b0cf73d56337
-
SSDEEP
3072:wPbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlEgd:uPrwRhte1XsE1lx
Score1/10 -
-
-
Target
vk_swiftshader.dll
-
Size
5.0MB
-
MD5
fb65e5828c023420da9e487c4d44c17c
-
SHA1
282586af18cc97ed99ce58d33d1aae48ca968f58
-
SHA256
30cce7a4619a5b84c041c28d8ea857ac142ac58d9b076009ad45dc4fa858d455
-
SHA512
28b82e2e8fc05941dcf5edc64deb65a288a2300697e2401690c5f11dc9714ef287744a858e917d561612a89f9f6a1e15ed6d27e63626b86dce04b7be08a1478d
-
SSDEEP
49152:fO6ftEjL3Zdon2+a/EgBqB1y91lxfAV7xWV9cO6NZ8m8xg1drRXmVEZvMUn0Hjy/:fLftlUSot6EmXxZdIOl5bzLB3dIW
Score1/10 -
-
-
Target
vulkan-1.dll
-
Size
925KB
-
MD5
f2db4b04c7a837aab50bf8ae2e826a6e
-
SHA1
ddcfe018968fcbb5c732946292268deae83f52f2
-
SHA256
a56d0bb4d066d653941fdaae760b3050d9a1094d748c4e407ee77e18c70a5d69
-
SHA512
a6ac64f6f8c2e8691c19db3dd40c3e1be91f841669660511aff2166d2ad8c2c9bade15de9545610d3f683945f47c8d87534ede6938e449e62f515bbd411e95db
-
SSDEEP
24576:iy+lCO+5ian96u6WbEJXay6Z5WdDYsH26g3P0zAk7o3u:iymViaWbYT6Z5WdDYsH26g3P0zAk7o
Score1/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
ec0504e6b8a11d5aad43b296beeb84b2
-
SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c
-
SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
-
SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
SSDEEP
96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score3/10 -