ceecefcf9cdd5c58e5b934ae568c241986f85df3ba4648dc925fc93b2243cbf8

Sharing

Copy URL

Twitter E-mail

General

Target

ceecefcf9cdd5c58e5b934ae568c241986f85df3ba4648dc925fc93b2243cbf8
Size

12.8MB
Sample

240523-bx88kagh94
MD5

a236077d4478142cc405890ac29dcf67
SHA1

2727125deeeb12957ee16ee319fe1c5c4bcf3e27
SHA256

ceecefcf9cdd5c58e5b934ae568c241986f85df3ba4648dc925fc93b2243cbf8
SHA512

ebc935e4950eed03bfa8a5a003be829a469cb4653d00b74ff9ba7632b75e08ced38f1bf78052d7ecd69745a98311ec20b03d0e9c30be5387a2355528f3933002
SSDEEP

393216:yDFf6mky+kKfHX/oRGyAqlitjj+2TmpRA:yDFf6ny+TwAdRj7Tme

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.python.org/ftp/python/3.10.5/python-3.10.5-amd64.exe

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://developer.download.nvidia.com/compute/cuda/12.2.0/network_installers/cuda_12.2.0_windows_network.exe

Targets

- Target
  
  plpscripts_freeV2/auto_setup_install.bat
- Size
  
  2KB
- MD5
  
  bdba7ddafbddca1a9bd0ed4646819426
- SHA1
  
  9a69db7ab775800ce12e7c05e0193046b6d9ee04
- SHA256
  
  160184eb890d9d25418bba37efb2fabedb93b333de9a1fd291e233e750344a15
- SHA512
  
  7d46bc1c8723a43fe0b9a8bce21be3abad96b6bba9558bc564b9e6adfc8eebd5c94bae8839f1d4d46654a15a46398ada29aad33d18fc49efe8468d8841c69898
Score

10^/10

execution discovery
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/aimbot.py
- Size
  
  45KB
- MD5
  
  5437f4bbc2b19716d9a4f2edf94a418b
- SHA1
  
  5a596bd86902d6358d01075fc9f8aeb3e60f14be
- SHA256
  
  73e19d2af9ebd0b19f57519b5efacc655979078b9fa0680a8c1ea4857ca1a01e
- SHA512
  
  bb3ed71217a62c7d544298c38bda92b94e98264e916b908ad8aef3b4703ecbdf9bbd4b939c77a7910dbe267618602d4a6d1eee4e8f808736a7847b2a98dc86f8
- SSDEEP
  
  768:UpwyHVyltUFxclSRGA8D1I3/yKs/bub1Y3oNwyr3R+phZRoAcrukCq56rr3O9pjn:US8AlExWSR4HbuRN3w5GikOqpN/9rVdn
Score

3^/10
behavioral3 behavioral4
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/main.py
- Size
  
  11KB
- MD5
  
  278b94da858a87ef65c1ddb484393078
- SHA1
  
  71ce6717e419421f16fda9172de23b1c52fd6292
- SHA256
  
  3424487c41c79ecd49110347c89460116d4fefd1725d84390dada977341a6bf3
- SHA512
  
  c1acace3f5911c641b1b9b87813c7fa9008fc1444218403ff36278818c86b9f36e8b41c03a20964f0c6577ef00b27134df83426227c94761b28508f8e197fc82
- SSDEEP
  
  192:G3cikohsCfRiF0OGaVOIJADz1ryh2A98DOD+qPwK4o7uSiWxtYTo1i:GMizsCGCalEvA9eOy8TcWyki
Score

3^/10
behavioral5 behavioral6
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/plpscripts_freev2.py
- Size
  
  20KB
- MD5
  
  1cd6ddacfd0574940e0b6db3c15e2ca9
- SHA1
  
  60878df601182387c53c0ff04568848344d81efe
- SHA256
  
  d19dd7dd045d9689038b12048df58afca4fb0d0e58b4588322abb6d3be1f1962
- SHA512
  
  51a3506737bc633cdeecf690cb780a0a27d9a5a984343e25e90153f7a8ed8b070100c6ba155abe4b00cbbd31f55b3801d0b2feae7511898a4d9ce66e5f4f4947
- SSDEEP
  
  384:vedcru/zST5dtFzRZADgnlBxOLOW/ra6GPEt4doE6fSfbjYFLAXdhiJAPjEZqwPn:veyu/zw5fFlmDtOVNEtPfK0VANhFjOqM
Score

3^/10
behavioral7 behavioral8
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/pyarmor_runtime_000000/__init__.py
- Size
  
  103B
- MD5
  
  b531b298be665224d9033ce2cc9f8e66
- SHA1
  
  92f4036fe8225e2b35631b49e8fff4fd72b180b1
- SHA256
  
  7072222a776c768ede0d208609b9948e13b99c3c666085f924f0bf7064e449cf
- SHA512
  
  717dcb8ce03b46ee2d98fc3359a859593e8cf783a1904c57aea84640dabaf058b9d5060019046a056e2d9740ebbfa06556232fed4f24b38acf3e953574de69f6
Score

3^/10
behavioral10 behavioral9
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/pyarmor_runtime_000000/pyarmor_runtime.pyd
- Size
  
  619KB
- MD5
  
  ad2f4d832ae9af7f18be8dba02d3aaff
- SHA1
  
  7f3f536d2aab7eb9b570b109c4befa16dd7614a0
- SHA256
  
  d19911c013cb25f7515ef69ca218896f97967dc3579ad9149527e1d936a5081a
- SHA512
  
  20bf1467b8c68f23df05408d73a88cb0dd680e77c7d959d6948a17fa55d5318259156be10a32a80964f091b82d70335195484ab6313803c3a987c69f0f7d6e28
- SSDEEP
  
  12288:xGkzy1XSZNIHctjdcg7fUoPFByvcnE8s1sB:cNS6ctjdcg7fUoPFByvcnN3
Score

1^/10
behavioral11 behavioral12
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/start.bat
- Size
  
  40B
- MD5
  
  1e7695df315480d6bcd57e8971d8d881
- SHA1
  
  f4f5f764f237b49d698ca1fd5ab0c32157c7e511
- SHA256
  
  ee6e664af57a744c3d5587adc2cc1493262fe8f0b90bc8bfc0951461e99139fd
- SHA512
  
  0454dc00587ca2dd1ec9b74643c6707f11337b2f1a0cec9f094ba0dc9ceba0a310635341abaf069e1c3850dde925d6dc0c98c5990f765654dccdb8e94df49f26
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14