Overview
overview
10Static
static
3Launcher.dll
windows7-x64
1Launcher.dll
windows10-2004-x64
1Launcher.exe
windows7-x64
10Launcher.exe
windows10-2004-x64
10data/AppIn...Ep.ps1
windows7-x64
1data/AppIn...Ep.ps1
windows10-2004-x64
1data/AppIn...lm.ps1
windows7-x64
1data/AppIn...lm.ps1
windows10-2004-x64
1data/AppIn...1k.ps1
windows7-x64
1data/AppIn...1k.ps1
windows10-2004-x64
1data/AppIn...jT.ps1
windows7-x64
1data/AppIn...jT.ps1
windows10-2004-x64
1data/AppIn...G1.ps1
windows7-x64
1data/AppIn...G1.ps1
windows10-2004-x64
1data/AppIn...Yy.ps1
windows7-x64
1data/AppIn...Yy.ps1
windows10-2004-x64
1data/AppIn...er.dll
windows7-x64
1data/AppIn...er.dll
windows10-2004-x64
1data/AppIn...er.exe
windows7-x64
3data/AppIn...er.exe
windows10-2004-x64
5data/AppIn...AR.exe
windows7-x64
4data/AppIn...AR.exe
windows10-2004-x64
4data/AppIn...er.dll
windows7-x64
1data/AppIn...er.dll
windows10-2004-x64
1data/AppIn...er.exe
windows7-x64
3data/AppIn...er.exe
windows10-2004-x64
5data/AppIn...et.exe
windows7-x64
1data/AppIn...et.exe
windows10-2004-x64
1data/AppIn...PS.ps1
windows7-x64
1data/AppIn...PS.ps1
windows10-2004-x64
1data/BLAKEX64.dll
windows7-x64
1data/BLAKEX64.dll
windows10-2004-x64
1General
-
Target
CSGO_Hack.zip
-
Size
206.7MB
-
Sample
240229-cpakpsbc64
-
MD5
93180dd5a15bf6ccb5eea63bd0d7ffef
-
SHA1
98a51f8a9fa1989fdb6ab1a390632216bddfb2fe
-
SHA256
37ffba131c763e2630433b2865a8149508af32f387fb5808cfaf539815bb5077
-
SHA512
ee0d033c0fc14ae56742a13e3ba69da429767ebf39a6232636f1fe8234aa019ad6db95b888aba6cc256b5e29d3769084205db5f7e422e8cf9ca8eb3dc4d6d442
-
SSDEEP
3145728:QTAd+isFgs4dRrSN2FCEDK92BdwEKfAlEUuB35rJvIybESkDFLNJnAOjhg2:QGQe9dR40iAzwU7uR51IcERFLwOS2
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Launcher.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Launcher.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Launcher.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
data/AppInfo/RIBTwoUATqEp.ps1
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
data/AppInfo/RIBTwoUATqEp.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
data/AppInfo/VO1DaL46eflm.ps1
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
data/AppInfo/VO1DaL46eflm.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
data/AppInfo/WtFlkRqeJ61k.ps1
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
data/AppInfo/WtFlkRqeJ61k.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
data/AppInfo/Xfh5GWnGPMjT.ps1
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
data/AppInfo/Xfh5GWnGPMjT.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
data/AppInfo/YwTGpGD7UtG1.ps1
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
data/AppInfo/YwTGpGD7UtG1.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
data/AppInfo/kGCFZO6TPVYy.ps1
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
data/AppInfo/kGCFZO6TPVYy.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
data/AppInfo/services/Launhcer.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
data/AppInfo/services/Launhcer.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
data/AppInfo/services/Launhcer.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
data/AppInfo/services/Launhcer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
data/AppInfo/services/WinRAR.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
data/AppInfo/services/WinRAR.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
data/AppInfo/services/data/Launcher.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
data/AppInfo/services/data/Launcher.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
data/AppInfo/services/data/Launcher.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
data/AppInfo/services/data/Launcher.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
data/AppInfo/services/wget.exe
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
data/AppInfo/services/wget.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
data/AppInfo/vhXDYuQByxPS.ps1
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
data/AppInfo/vhXDYuQByxPS.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
data/BLAKEX64.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
data/BLAKEX64.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
4.18
http://185.196.10.188
http://45.159.189.140
http://89.23.103.42
-
install_dir
551e5e2908
-
install_file
Dctooux.exe
-
strings_key
40bfc938b9af6a10b5f8b3b4398e4941
-
url_paths
/hb9IvshS/index.php
Targets
-
-
Target
Launcher.dll
-
Size
2KB
-
MD5
32e7556ff4f5256d15e1fc843cee5e3d
-
SHA1
b7283061428e9ca741c26dcfc3e869e2fc699f0b
-
SHA256
b2f5dfcba2018e9b4314c245f6391783bd3717fe02fec3e6edf1b9d1a3801278
-
SHA512
d39ca3fd8edb7db7e19655ea3aa69d8b0a4008514ed356808b59f7cdf4c109b7efd0ed54f6ea099d37b33f107f234adc4f01a178c90961e88d3c9ed7a8ebe40e
Score1/10 -
-
-
Target
Launcher.exe
-
Size
364KB
-
MD5
fea10d11d84919cb9a0a0752d61c0a66
-
SHA1
aea3c65e2b62851b2dd112597f28379b49c58a0a
-
SHA256
2786febdd57874118eaf5e257382cf4467d43f9ca189ac48ff6d45494f1cbab7
-
SHA512
e382f79ec1f1c370cd0053cccc7a0db8f3dc28b22f9dacd5f425c60adfb21e4a6eed3e119a7f9bbf135839e22d46511ca793cf8b5118d0e6256ebbbe749fc508
-
SSDEEP
6144:LpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrZR5lJWPkOD:Lp8KLBzQ7Lcf3SiQs2FTTql9unNrkvzw
-
XMRig Miner payload
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
data/AppInfo/RIBTwoUATqEp
-
Size
50KB
-
MD5
8618603555e100c4d43a2df960daf2c3
-
SHA1
65ccc35d4362f7889d44da6df8f769aafa198c16
-
SHA256
d88ecb816adc565e3f81cc7e66768f18f30d88c67cad231b7dca7516083964d0
-
SHA512
10895c4058a8ea1a22f054b08dd67c826b8aba441d3ee1f64c2723b51e87edb4f22912f33b883c98fda940c007c9d90441f19dd296cdd2dd80cc7c71e147b1b0
-
SSDEEP
1536:bmwLrmODq0OorurbxO9Pshw0IMCxbh/Tto:ywndDqjo3Wyhpo
Score1/10 -
-
-
Target
data/AppInfo/VO1DaL46eflm
-
Size
50KB
-
MD5
1d0cedfad1b3559078ffb9772981415b
-
SHA1
c7220efab0b1dc37b6b1717d7382ebc919253c06
-
SHA256
c0ae8f2a566240fdcdc8ba416f99e27247214b64a648f732eea84b5ef6978fee
-
SHA512
a12928a9fd53fc2718ac4fd872569e9088b1242640a2d37cd13f21f6cc6e8ea3906b4ffccc77f3fdd4896ff816799ebbd07c6de7096d78a7cdf66057f770ceae
-
SSDEEP
1536:SaJ9buo03tki4A5wotvNiPVX1d06y42SxsJWW:tJTEuq5wotVitld0vSxsZ
Score1/10 -
-
-
Target
data/AppInfo/WtFlkRqeJ61k
-
Size
50KB
-
MD5
a239a256cd1644ab6b0fc27737abfe7e
-
SHA1
fc2af8211c890dd60c54f036990f39fa017924bc
-
SHA256
1ef1b461ebda6c768d2f891f349a43321fc9cdc730195149ee8af6891cb694b9
-
SHA512
29eeec13bdf152c5c71d312a446b31019eed05f6db5b4e3f40796c458a47f6de9090b344f6d2ff0eee0e32fd2f083a6ed872e85d1d5b998aef1a0008a240378a
-
SSDEEP
768:/ieNH/5zS/QV+fMVg59utzeXcsWUR60mwms/6pet2sh/NGFCtSqyyJ+bBSpfE+f+:a+H/lqgWMVw01sWaZipetNWbBSW+L/+r
Score1/10 -
-
-
Target
data/AppInfo/Xfh5GWnGPMjT
-
Size
55KB
-
MD5
71692e4937b32add8bd824bffa117b5e
-
SHA1
06f9bd0cda232b6754e92b9cbde72464238c6d09
-
SHA256
15332ba0f7c566797841dc56aa476cec090fd1d56608b74c85e4b6a73d253cdc
-
SHA512
a41e6c26299fc419461039fd485632e143a6f2799ec9ddbe30845e8069effbc0da0e56fe8ade5782f97a78a83aed8ae2e2eec4c160cb85c47a97ec3f6a7ec040
-
SSDEEP
768:jFV6uGx/pnoebIbnz+iXirJrbjwFFnSCSN0o7YJliHHhPx3kDDDxLv6DnKUreNVz:jzsXf0/++iCnSCSN+J8HJx3WLSTXrEJ
Score1/10 -
-
-
Target
data/AppInfo/YwTGpGD7UtG1
-
Size
55KB
-
MD5
2efcd934a4050107952a971251a2ce23
-
SHA1
33c67ae46d1ddbbbacb14d86e03299e0914dc7db
-
SHA256
91b03b137bbb69b7ceec1ea4208ff02e24198b7b7623851b487e8ad11c251610
-
SHA512
ca0e835d9999ad7048a80432e0aa0293ceabd1581709610ec4776176e2fca3fc89ebe564bfc4156dbf0d165ad30e08f40448e0b42c984cadc264934590cfb813
-
SSDEEP
1536:5DzX3qUDEBlQV6/Pea1yibFYKxZ32EikLKa+i42:5DD6UDCQI3eiynKxxj+il
Score1/10 -
-
-
Target
data/AppInfo/kGCFZO6TPVYy
-
Size
50KB
-
MD5
e02895cc5c57887976c2695a9864411c
-
SHA1
eeba3ddf36c87490d0286fb19e427d32c0334500
-
SHA256
35ccaf21b1b4140a76542355264f6c310464bd3949b8bc0141f8c373e08e104e
-
SHA512
60b08dc70d134a678b3b251b3edaa26482f0aacb57c3bd167772cd3154984ce5db13e697adfefdb3ed2ad00658e95d0f0239c1309c65684558c5f3ff335baaf2
-
SSDEEP
768:Z2YnUceD3G+WsCv8XYs2N9+st8mi4UPU58APxhDeJekFfgWXPn:kYnUNtWUYsG9DGmP+UiYx+eAPn
Score1/10 -
-
-
Target
data/AppInfo/services/Launhcer.dll
-
Size
2KB
-
MD5
7de0541eb96ba31067b4c58d9399693b
-
SHA1
a105216391bd53fa0c8f6aa23953030d0c0f9244
-
SHA256
934f75c8443d6379abdc380477a87ef6531d0429de8d8f31cd6b62f55a978f6e
-
SHA512
e5ffa3bfd19b4d69c8b4db0aabaf835810b8b8cccd7bc400c7ba90ef5f5ebd745c2619c9a3e83aa6b628d9cf765510c471a2ff8cb6aa5ad4cf3f7826f6ae84a3
Score1/10 -
-
-
Target
data/AppInfo/services/Launhcer.exe
-
Size
364KB
-
MD5
e5c00b0bc45281666afd14eef04252b2
-
SHA1
3b6eecf8250e88169976a5f866d15c60ee66b758
-
SHA256
542e2ebbded3ef0c43551fb56ce44d4dbb36a507c2a801c0815c79d9f5e0f903
-
SHA512
2bacd4e1c584565dfd5e06e492b0122860bfc3b0cc1543e6baded490535309834e0d5bb760f65dbfb19a9bb0beddb27a216c605bbed828810a480c8cd1fba387
-
SSDEEP
6144:+pS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYql6wrEJWPYg:+p8KLBzQ7Lcf3SiQs2FTTql9unNrkv75
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
data/AppInfo/services/WinRAR.exe
-
Size
2.1MB
-
MD5
f59f4f7bea12dd7c8d44f0a717c21c8e
-
SHA1
17629ccb3bd555b72a4432876145707613100b3e
-
SHA256
f150b01c1cbc540c880dc00d812bcca1a8abe1166233227d621408f3e75b57d4
-
SHA512
44811f9a5f2917ccd56a7f894157fa305b749ca04903eeaeca493864742e459e0ce640c01c804c266283ce8c3e147c8e6b6cfd6c5cb717e2a374e92c32a63b2c
-
SSDEEP
49152:2oJAPtSHWxwJWzkDVkwg5NYUzNjteyUHBdH3y005:2ZAHWSxkfNNte9BpCN
Score4/10 -
-
-
Target
data/AppInfo/services/data/Launcher.dll
-
Size
6KB
-
MD5
f58866e5a48d89c883f3932c279004db
-
SHA1
e72182e9ee4738577b01359f5acbfbbe8daa2b7f
-
SHA256
d6f3e13dfff0a116190504efbfcbcd68f5d2183e6f89fd4c860360fba0ec8c12
-
SHA512
7e76555e62281d355c2346177f60bfe2dc433145037a34cfc2f5848509401768b4db3a9fd2f6e1a1d69c5341db6a0b956abf4d975f28ee4262f1443b192fe177
-
SSDEEP
96:b0bb/xXjs8XNeWeQUjCq61hl+L08Nuz+570phTlA8cP:bC/xXo89eWidohls7wK70vTlPcP
Score1/10 -
-
-
Target
data/AppInfo/services/data/Launcher.exe
-
Size
364KB
-
MD5
fea10d11d84919cb9a0a0752d61c0a66
-
SHA1
aea3c65e2b62851b2dd112597f28379b49c58a0a
-
SHA256
2786febdd57874118eaf5e257382cf4467d43f9ca189ac48ff6d45494f1cbab7
-
SHA512
e382f79ec1f1c370cd0053cccc7a0db8f3dc28b22f9dacd5f425c60adfb21e4a6eed3e119a7f9bbf135839e22d46511ca793cf8b5118d0e6256ebbbe749fc508
-
SSDEEP
6144:LpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrZR5lJWPkOD:Lp8KLBzQ7Lcf3SiQs2FTTql9unNrkvzw
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
data/AppInfo/services/wget.exe
-
Size
4.9MB
-
MD5
8c04808e4ba12cb793cf661fbbf6c2a0
-
SHA1
bdfdb50c5f251628c332042f85e8dd8cf5f650e3
-
SHA256
a7b656fb7a45f8980784b90b40f4a14d035b9dc15616465a341043736ec53272
-
SHA512
9619f96c3180ef3d738ecc1f5df7508c3ff8904021065665c8388a484648e135105e1c1585de1577c8b158f9b5bc241e3ff7f92665e9553e846e1b750ddea20f
-
SSDEEP
98304:bHObnQdOb3OWEqNHeHq6PdOnS8SOGdVilQeHPpXF0aGOVxuGqYE6hpAl/70pzd+Z:bHInQ5WE2HeHq61OJSOGdVilQeHPpXFA
Score1/10 -
-
-
Target
data/AppInfo/vhXDYuQByxPS
-
Size
50KB
-
MD5
69e8b3c7830da5c4198b328b8b7edb96
-
SHA1
b6f34033a98dd7fc8d71aff46fe341c52c5c3b2b
-
SHA256
88bb8308d0534b6a095a6a6e077ff5458cf64e5aeed4af9e2c699fe477062aa1
-
SHA512
9030969249198eec69791bad27ff28e8a679ab3fab147210434e2f2b0c054f4cc0dfec3f8b55df4f03f67a690252c4387fd2bbb0da0f36a94dc02e86f787ebbe
-
SSDEEP
768:8I09HEsnpUEW3OZrkouzHpo1WOzgcfeWiy0Xn4C6tm1neEndy+Uo:8IKnpUEPrrutogcmWmg27Uo
Score1/10 -
-
-
Target
data/BLAKEX64.DLL
-
Size
158KB
-
MD5
cbd662a04f272ce00461a52ae2e74a49
-
SHA1
97cede2b282e79d9646e4b0d15e3eb666d13a613
-
SHA256
bb997248e7b5da5b3c112ef3e2d127c300c412465d342004d3ac34d50d50fc85
-
SHA512
354b7cbd237963382b95c537c8243efadddeed9d40c40c73c3519a5061d7e1572aa0a67d5fbc28d2fa56631bad963c28eb47d793406440e9bf0ae03f56ef0d8f
-
SSDEEP
3072:X76r2tq8JlXY/6pOO742Mv5o8JsMxt1E:L6rgFJSu74Bv5
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1