Overview

overview

10

Static

static

Cheto Updated.exe

windows7-x64

10

Cheto Updated.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cheto Updated.exe

  • Size

    4.8MB

  • Sample

    230201-w92pgadb5w

  • MD5

    dd6c66d5250437db33b821f5d2c90aa2

  • SHA1

    b3be3c2a7455d89cfec2fdbaf93a9f8ebcf4a406

  • SHA256

    2e0f2a82868cc31985e9b8c022f852919033c666382aaa3026c456b9c449db3d

  • SHA512

    98583056619c30c732889959a69a50e43553f745193e9da5ac8b8c84b1457d7019868dd62f64060bada9392b60cbd3a4e09af54ae8380fa8388a7e561a4625da

  • SSDEEP

    98304:Kmz0W3de75qz67ThdyKBj/rhLdaH+Cn5S4YztVm5BppzAaWMr:dzz3detq23hIKBzVxGA4Y3sBTzWMr

Score
10/10
evasion

Malware Config

Targets

    • Target

      Cheto Updated.exe

    • Size

      4.8MB

    • MD5

      dd6c66d5250437db33b821f5d2c90aa2

    • SHA1

      b3be3c2a7455d89cfec2fdbaf93a9f8ebcf4a406

    • SHA256

      2e0f2a82868cc31985e9b8c022f852919033c666382aaa3026c456b9c449db3d

    • SHA512

      98583056619c30c732889959a69a50e43553f745193e9da5ac8b8c84b1457d7019868dd62f64060bada9392b60cbd3a4e09af54ae8380fa8388a7e561a4625da

    • SSDEEP

      98304:Kmz0W3de75qz67ThdyKBj/rhLdaH+Cn5S4YztVm5BppzAaWMr:dzz3detq23hIKBzVxGA4Y3sBTzWMr

    Score
    10/10
    evasion

    • Modifies security service

      evasion

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks