General
-
Target
https://cdn.discordapp.com/attachments/1226586800466694164/1226587446922317936/cheeto.exe?ex=66254f94&is=6612da94&hm=3927169101076a108a01c358a9f4beca81f743952352f9c8f44a42d4717e16d9&
-
Sample
240407-wcg9kaab3v
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1226586800466694164/1226587446922317936/cheeto.exe?ex=66254f94&is=6612da94&hm=3927169101076a108a01c358a9f4beca81f743952352f9c8f44a42d4717e16d9&
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1226586800466694164/1226587446922317936/cheeto.exe?ex=66254f94&is=6612da94&hm=3927169101076a108a01c358a9f4beca81f743952352f9c8f44a42d4717e16d9&
Score8/10-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-