General
-
Target
5759412d60274d5f413c54afe2f7c0ee
-
Size
495KB
-
Sample
240112-yhszcsedam
-
MD5
5759412d60274d5f413c54afe2f7c0ee
-
SHA1
f0b8ab6840034cdcbf3a8f72f40483dbf7dc7a0f
-
SHA256
35e6db625e5143f7506e27153776623aa36e32bd8df2c8efabf053aa7aff3d1b
-
SHA512
66af88344f2a7654efaa892e2ef923be4d21f5e2186bbf7ad7e03284d7d686927507c4165e5ec6d4f4dec3f6aac3c46a238243be2c75b935b8a1caecf68726f2
-
SSDEEP
12288:qALeh1Besa9OaEVOfE/AcK5Tn/WA8fL4eaB:Z+asaX1E/G/Wt8v
Static task
static1
Behavioral task
behavioral1
Sample
Battlefield 3 Aimbot/FaceBotFixed.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Battlefield 3 Aimbot/FaceBotFixed.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Battlefield 3 Aimbot/WinJect.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Battlefield 3 Aimbot/WinJect.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Battlefield 3 Aimbot/FaceBotFixed.dll
-
Size
225KB
-
MD5
e3eb7a71e05d57bb30bc89c18afcf933
-
SHA1
d423cd66d75910b2515cb7bbd0d9ed01ab04ab92
-
SHA256
2453ed6ac4022afc8d000ba54c8ba69c48b5ceab4c43b56ad00c9867c5b5374a
-
SHA512
f8f9baa1477b18c511ec06f8bc11b4e65f2871603cd574cecbe0bb7d40e14bc964fa927ef3fd3edd1a25e0a768ab35f1ca7c1785c44d949651064ca9f67a939e
-
SSDEEP
6144:1I+GTKQHSdMKmTLKzol3HXT7JUZoiOt8:14TKQHSdMKmTLKS3XT7JUJ
Score1/10 -
-
-
Target
Battlefield 3 Aimbot/WinJect.exe
-
Size
540KB
-
MD5
6abce2783394bf829a97599d04a8def3
-
SHA1
2a7864232650cf6528c903ec505e4fc1cc59517c
-
SHA256
29ab5fe35a0f48c4683adf37e978abbfff23c0b2f8b416d58b18690ebf41a66a
-
SHA512
8c07c4b105296747f6224f161b00250e5fa54c4f7b2ad33313b91f4116917064f4acc315f664688346d0272bc77953c338fe40d4ed6e0fd5e5ad507f12cdf7b4
-
SSDEEP
6144:dHEUWvcNBG1R741QrIJvnjqHByUkz/urMkHug25ijoBFQi7f0u1WeJiXpH4raGpt:pFG1d4gIJLqcU9OgiioSOLKR4rFMgn
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-