General
-
Target
0xcheat.exe.bin
-
Size
8.2MB
-
Sample
240527-xy2e1afh85
-
MD5
e105137e99534bb200e1db67c430e57e
-
SHA1
b95539aafdd4e2bd1e8ef783ad65cb5a627c92c6
-
SHA256
e98e2d71d36b70545619496744b226aadb6f99f3721541d709018ee9fdb24011
-
SHA512
fac4662c466ee96985d0698f2116d1f39971aaa0010747e91e991aeff3900e78d1916cbb2dae92577f8c71fe82941041c3bc837395055f3496ea67d01e4acd8e
-
SSDEEP
196608:E3gI+o2n018urErvI9pWjgaAnajMs4F23fQC//OoLxhF:9I72n0yurEUWjJjiFoo4jLxhF
Behavioral task
behavioral1
Sample
0xcheat.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
0xcheat.exe.bin
-
Size
8.2MB
-
MD5
e105137e99534bb200e1db67c430e57e
-
SHA1
b95539aafdd4e2bd1e8ef783ad65cb5a627c92c6
-
SHA256
e98e2d71d36b70545619496744b226aadb6f99f3721541d709018ee9fdb24011
-
SHA512
fac4662c466ee96985d0698f2116d1f39971aaa0010747e91e991aeff3900e78d1916cbb2dae92577f8c71fe82941041c3bc837395055f3496ea67d01e4acd8e
-
SSDEEP
196608:E3gI+o2n018urErvI9pWjgaAnajMs4F23fQC//OoLxhF:9I72n0yurEUWjJjiFoo4jLxhF
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-