Overview

overview

8

Static

static

csgoTool.exe

windows7_x64

8

csgoTool.exe

windows10_x64

8

Resubmissions

10-08-2021 11:02

210810-lc8cbflq9e 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    csgoTool.exe

  • Size

    40.6MB

  • Sample

    210810-lc8cbflq9e

  • MD5

    332b5417539ee4004e426fd5733c5f9d

  • SHA1

    8deb9be4acc9d8c78941dea9dfb4e7fb94f1520c

  • SHA256

    352e655a36db26195f9c3027ef81ae356d3a9dfbab40f6e4a3cc6db86301fe6b

  • SHA512

    aef2f7b88a918ab344583b84232e7f01349db759f5dd87a407338393b0a86c346ca8234627320e4fc564d162633d645c626c5a96f1fe3c3f39b910a2747c3144

Score
8/10
evasionpyinstaller

Malware Config

Targets

    • Target

      csgoTool.exe

    • Size

      40.6MB

    • MD5

      332b5417539ee4004e426fd5733c5f9d

    • SHA1

      8deb9be4acc9d8c78941dea9dfb4e7fb94f1520c

    • SHA256

      352e655a36db26195f9c3027ef81ae356d3a9dfbab40f6e4a3cc6db86301fe6b

    • SHA512

      aef2f7b88a918ab344583b84232e7f01349db759f5dd87a407338393b0a86c346ca8234627320e4fc564d162633d645c626c5a96f1fe3c3f39b910a2747c3144

    Score
    8/10
    evasionpyinstaller

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • autoit_exe

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks