Overview

overview

9

Static

static

3

MWIII CHEA...V1.exe

windows10-1703-x64

9

Resubmissions

29/04/2024, 01:55

240429-ccmphafc81 9

29/04/2024, 01:55

240429-cb9smsfc8s 3

Sharing

Copy URL Twitter E-mail

General

  • Target

    MWIII CHEAT + SPOOFERV1.exe.exe

  • Size

    38.9MB

  • Sample

    240429-ccmphafc81

  • MD5

    17c135e2f2f60f333229bbb014db29ba

  • SHA1

    cb6038484868df0eaa798adbc9ff5cd8d6207d31

  • SHA256

    1ce1698809f336e9599a1a9513f5cfb38f68b806bda5d6d90b82d4216fde5a07

  • SHA512

    592653814ef5a60c764d0f2561cf6155227ba65fa4ef62c786a5d698bcd9ef88d66bb5fce60384b5e0f6d5d83c16364dce7563f6c13d1bf5e050e5dfab27ccaa

  • SSDEEP

    786432:agKR5wneSEF2EF0+gC3lwIR/k+LK3lVrrXogwPle00FsOTzAye:agKge7FvFsWl5gMrc0as1D

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      MWIII CHEAT + SPOOFERV1.exe.exe

    • Size

      38.9MB

    • MD5

      17c135e2f2f60f333229bbb014db29ba

    • SHA1

      cb6038484868df0eaa798adbc9ff5cd8d6207d31

    • SHA256

      1ce1698809f336e9599a1a9513f5cfb38f68b806bda5d6d90b82d4216fde5a07

    • SHA512

      592653814ef5a60c764d0f2561cf6155227ba65fa4ef62c786a5d698bcd9ef88d66bb5fce60384b5e0f6d5d83c16364dce7563f6c13d1bf5e050e5dfab27ccaa

    • SSDEEP

      786432:agKR5wneSEF2EF0+gC3lwIR/k+LK3lVrrXogwPle00FsOTzAye:agKge7FvFsWl5gMrc0as1D

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks