General

  • Target

    ai-aimbot-launcher-1.0.8+Setup.exe

  • Size

    790.9MB

  • Sample

    231204-p2kbwsbb4v

  • MD5

    a66097aa35ce8110bcd36ff1ffaf4721

  • SHA1

    0e4d8f73bb882aedbdfe28d574bd5f620da3173b

  • SHA256

    9b5c23fc91c3431b6bb48922523459775b93c283e3e4012b12efc1f00ac3f6d5

  • SHA512

    73ff6c243f45577e1926cb36575d2204b0caa1423b41b01e26bb364416a20d6d54ba95cd611fd555d106af249ee603d6476a7e056941b0825ddf8dd082232af0

  • SSDEEP

    12582912:oXky4bJQmLmQZ+91h8nXcPXZOXkAlSY6rHohmVZe/uMv13y4BB96AjhyknX:omJQt9H84ZGSrHH2/Lc4T968Jn

Malware Config

Targets

    • Target

      ai-aimbot-launcher-1.0.8+Setup.exe

    • Size

      790.9MB

    • MD5

      a66097aa35ce8110bcd36ff1ffaf4721

    • SHA1

      0e4d8f73bb882aedbdfe28d574bd5f620da3173b

    • SHA256

      9b5c23fc91c3431b6bb48922523459775b93c283e3e4012b12efc1f00ac3f6d5

    • SHA512

      73ff6c243f45577e1926cb36575d2204b0caa1423b41b01e26bb364416a20d6d54ba95cd611fd555d106af249ee603d6476a7e056941b0825ddf8dd082232af0

    • SSDEEP

      12582912:oXky4bJQmLmQZ+91h8nXcPXZOXkAlSY6rHohmVZe/uMv13y4BB96AjhyknX:omJQt9H84ZGSrHH2/Lc4T968Jn

    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks