0fe8ef270e08fe0c38513e0f847167ce34a2ce062f6927d1a7b677bfffd4d635 | Triage

Sharing

General

Target

CHEAT Loader.exe
Size

4.7MB
Sample

240329-t9tmradc92
MD5

3b016683daab3b3cbd2aec267abf4fe4
SHA1

62c983c0ba81a6295abd66ce7a55ea1f1b56a7da
SHA256

0fe8ef270e08fe0c38513e0f847167ce34a2ce062f6927d1a7b677bfffd4d635
SHA512

5fe17990f09a5075933a3fc4ecb98704d0606f6872b6aeffdd32d60a2f1d995b70e1c0d8bce3e8e425de44a1da191e8f33c7424093246c32aee79aaf21c651f4
SSDEEP

98304:NW5cnbCzw/TRQi1t11OdbRrPejUjnMP+seiZfmNqyoapIRCDmqj9VixwvA2FBqhq:NWzwZ12T/LMPrPZf3yLKRaPUCDqU

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  CHEAT Loader.exe
- Size
  
  4.7MB
- MD5
  
  3b016683daab3b3cbd2aec267abf4fe4
- SHA1
  
  62c983c0ba81a6295abd66ce7a55ea1f1b56a7da
- SHA256
  
  0fe8ef270e08fe0c38513e0f847167ce34a2ce062f6927d1a7b677bfffd4d635
- SHA512
  
  5fe17990f09a5075933a3fc4ecb98704d0606f6872b6aeffdd32d60a2f1d995b70e1c0d8bce3e8e425de44a1da191e8f33c7424093246c32aee79aaf21c651f4
- SSDEEP
  
  98304:NW5cnbCzw/TRQi1t11OdbRrPejUjnMP+seiZfmNqyoapIRCDmqj9VixwvA2FBqhq:NWzwZ12T/LMPrPZf3yLKRaPUCDqU
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence