General
-
Target
AimBot CSGO.exe
-
Size
715.3MB
-
Sample
211024-gakjksdbg9
-
MD5
591cee38361554eddcd1c340d567c99a
-
SHA1
d7845cd7d8b8f87f175897c20d4c87e2cd8dcc4b
-
SHA256
94fa2ee292d865aa1d8338f813c12477f353ede8d5254a69017e3b7955b74328
-
SHA512
4f3b8705b80b83a8d7cb76aeb2f063120885cfdd76c2096171abe6988552a81fe725f68048868dfb7a39e95631aedb98886d65e0d74351e72a2c26e3cea66eab
Static task
static1
Behavioral task
behavioral1
Sample
AimBot CSGO.exe
Resource
win7-ja-20210920
Behavioral task
behavioral2
Sample
AimBot CSGO.exe
Resource
win7-en-20210920
Behavioral task
behavioral3
Sample
AimBot CSGO.exe
Resource
win7-de-20210920
Behavioral task
behavioral4
Sample
AimBot CSGO.exe
Resource
win11
Behavioral task
behavioral5
Sample
AimBot CSGO.exe
Resource
win10-ja-20211014
Behavioral task
behavioral6
Sample
AimBot CSGO.exe
Resource
win10-en-20211014
Malware Config
Extracted
raccoon
Extracted
raccoon
fa70ab2170931ba30ea54d8d4a578fc7e93b5f04
-
url4cnc
http://telegka.top/vertu4iy
http://telegin.top/vertu4iy
https://t.me/vertu4iy
Targets
-
-
Target
AimBot CSGO.exe
-
Size
715.3MB
-
MD5
591cee38361554eddcd1c340d567c99a
-
SHA1
d7845cd7d8b8f87f175897c20d4c87e2cd8dcc4b
-
SHA256
94fa2ee292d865aa1d8338f813c12477f353ede8d5254a69017e3b7955b74328
-
SHA512
4f3b8705b80b83a8d7cb76aeb2f063120885cfdd76c2096171abe6988552a81fe725f68048868dfb7a39e95631aedb98886d65e0d74351e72a2c26e3cea66eab
-
BitRAT Payload
-
Modifies security service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner Payload
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-