General
-
Target
csgoTool.exe
-
Size
40.6MB
-
Sample
210810-lc8cbflq9e
-
MD5
332b5417539ee4004e426fd5733c5f9d
-
SHA1
8deb9be4acc9d8c78941dea9dfb4e7fb94f1520c
-
SHA256
352e655a36db26195f9c3027ef81ae356d3a9dfbab40f6e4a3cc6db86301fe6b
-
SHA512
aef2f7b88a918ab344583b84232e7f01349db759f5dd87a407338393b0a86c346ca8234627320e4fc564d162633d645c626c5a96f1fe3c3f39b910a2747c3144
Static task
static1
Behavioral task
behavioral1
Sample
csgoTool.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
csgoTool.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
csgoTool.exe
-
Size
40.6MB
-
MD5
332b5417539ee4004e426fd5733c5f9d
-
SHA1
8deb9be4acc9d8c78941dea9dfb4e7fb94f1520c
-
SHA256
352e655a36db26195f9c3027ef81ae356d3a9dfbab40f6e4a3cc6db86301fe6b
-
SHA512
aef2f7b88a918ab344583b84232e7f01349db759f5dd87a407338393b0a86c346ca8234627320e4fc564d162633d645c626c5a96f1fe3c3f39b910a2747c3144
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
autoit_exe
AutoIT scripts compiled to PE executables.
-