5e37b3289054d5e774c02a6ec4915a60156d715f3a02aaceb7256cc3ebdc6610 | Triage

Submit
Reports

Overview

overview

Static

static

1

Cheat Lab 2.7.2.msi

windows7-x64

6

Cheat Lab 2.7.2.msi

windows10-1703-x64

6

Cheat Lab 2.7.2.msi

windows10-2004-x64

6

Cheat Lab 2.7.2.msi

windows11-21h2-x64

Resubmissions

12-02-2024 18:22

240212-wz1pesce63 10

12-02-2024 18:09

240212-wrnd5aah2t 6

Sharing

General

Target

Cheat.Lab.2.7.2.zip
Size

1.4MB
Sample

240212-wz1pesce63
MD5

ecf943bf12019c1fd2a948b33d739657
SHA1

e1eab61b64b46d27746c969d1bfb65c24c49a57e
SHA256

5e37b3289054d5e774c02a6ec4915a60156d715f3a02aaceb7256cc3ebdc6610
SHA512

7468a4e1a83bad98f19b5f4a031dad352bea5eac17a42c5e53c41b247a3653dbfc141358dafe43ad22207cbe78f4205c54c78aba6bf6e76c222c36a3590057ba
SSDEEP

24576:ASzOD/NZMqchG4aFkcC+0nyRZPq7ezHjmGGLZnmwdFt/UJ9scr9TauSfc:yMqcLnc90nyTkUmGeZnX3t/ULzrJauSE

Score

10^/10

discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Cheat Lab 2.7.2.msi

Resource

win7-20231215-en

windows7-x64

11 signatures

1200 seconds

Behavioral task

behavioral2

Sample

Cheat Lab 2.7.2.msi

Resource

win10-20231215-en

windows10-1703-x64

13 signatures

1200 seconds

Behavioral task

behavioral3

Sample

Cheat Lab 2.7.2.msi

Resource

win10v2004-20231215-en

windows10-2004-x64

13 signatures

1200 seconds

Behavioral task

behavioral4

Sample

Cheat Lab 2.7.2.msi

Resource

win11-20231215-en

discovery spyware stealer

windows11-21h2-x64

22 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Cheat Lab 2.7.2.msi
- Size
  
  2.4MB
- MD5
  
  f97903fac84172871545926d6e553eb9
- SHA1
  
  e6e027b77df4823f4ff37656867e8f40d4ebd732
- SHA256
  
  35cee7837f460d9e1141e375af8438e868a9e6b8d923ed2673a980fcadfd4774
- SHA512
  
  5d82d62399079a10d36f5c32b091592cff640c40f593140138a1c741fbc92c579925186a2dd40820cef9bb04a5a7680486508896e6032caa4909d49a95e3fd75
- SSDEEP
  
  49152:zjfedtZKumZrEq4Fb6HXr1iWnYs4ntHurpllQ6aduxtZB6DXDNvu8S:+VKwFnWnwux567DNG8S
Score

10^/10

discovery spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

discoveryspywarestealer

© 2018-2024

Terms | Privacy