Overview
overview
9Static
static
7release.rar
windows7-x64
3release.rar
windows10-2004-x64
3release/ma...at.exe
windows7-x64
9release/ma...at.exe
windows10-2004-x64
9release/ma...er.exe
windows7-x64
9release/ma...er.exe
windows10-2004-x64
9release/readme.txt
windows7-x64
1release/readme.txt
windows10-2004-x64
1General
-
Target
release.rar
-
Size
8.1MB
-
Sample
240523-j72v8saf23
-
MD5
550f5e261d58b60ad66fe0303e3a1234
-
SHA1
69bca3605b33b4043e0c730b73ceee2a596db82d
-
SHA256
d414a91153d3003d9026994389a629203aa3f8fc83017f0e727273560315e181
-
SHA512
14f157e0d1f44dacd12b5a6f13583d156a8b261956e97d47cc014536709f4402eb303f26b58ea6987323afa88ffa0b2332d5f6efa0eeb620afd35905f1309b40
-
SSDEEP
196608:E7BFRsgkFbyhlu0X4f0ZvpBxAvGUFi0gpuKLoqizxw1j:EVXsg2byTu0NBA+UA0gxLonzG
Behavioral task
behavioral1
Sample
release.rar
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
release.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
release/main/cheat.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
release/main/cheat.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
release/main/loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
release/main/loader.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
release/readme.txt
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
release/readme.txt
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
release.rar
-
Size
8.1MB
-
MD5
550f5e261d58b60ad66fe0303e3a1234
-
SHA1
69bca3605b33b4043e0c730b73ceee2a596db82d
-
SHA256
d414a91153d3003d9026994389a629203aa3f8fc83017f0e727273560315e181
-
SHA512
14f157e0d1f44dacd12b5a6f13583d156a8b261956e97d47cc014536709f4402eb303f26b58ea6987323afa88ffa0b2332d5f6efa0eeb620afd35905f1309b40
-
SSDEEP
196608:E7BFRsgkFbyhlu0X4f0ZvpBxAvGUFi0gpuKLoqizxw1j:EVXsg2byTu0NBA+UA0gxLonzG
Score3/10 -
-
-
Target
release/main/cheat.exe
-
Size
4.1MB
-
MD5
d1895f02df8810e698741d4805317916
-
SHA1
b45eb5ebe4184b6249f514122838b582c8030a0b
-
SHA256
b2304109f2212ccf8b49c9fe8999b178ce7563c1c7540a05ea3d2836b22d361d
-
SHA512
bf9449415ee28b84319df57dca23ce43b345e5dfa042e2613fd84f183a02154bca859785a8b51434ed5466ea7def19a2d562822d9d9f1c7a9de72055843d60b1
-
SSDEEP
98304:bSXAizswlu7vCx/0nrEw1PP3rSDdV+8Tz7kI:bS/Qa50RP3rSP3II
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/main/loader.exe
-
Size
4.1MB
-
MD5
9ecdc9ed1bea6c226f92d740d43400b9
-
SHA1
b5b5066cd4284733d8c3f3d7de3ca6653091ae10
-
SHA256
60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
-
SHA512
30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
-
SSDEEP
98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/readme.txt
-
Size
57B
-
MD5
83eb57baa8d488be71cf1fd0a3b53031
-
SHA1
f77b686d14bacd629937f18917eff5efca2e00de
-
SHA256
855091ca408b3b9a0f27a9fe0f143165c86c056f14f0c56bb239e986aa6b4246
-
SHA512
3c608249e01f7cc3425fd91e67fe37165f1e21bceb65d785124696ef06ecd9256ddfffd9e34239e84c4f4eaf4f1dda67721f7e49b4c8546b2aba7183ea65606c
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
2Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1