General
-
Target
0xcheat.exe
-
Size
8.2MB
-
Sample
240527-xyp2zafh75
-
MD5
e105137e99534bb200e1db67c430e57e
-
SHA1
b95539aafdd4e2bd1e8ef783ad65cb5a627c92c6
-
SHA256
e98e2d71d36b70545619496744b226aadb6f99f3721541d709018ee9fdb24011
-
SHA512
fac4662c466ee96985d0698f2116d1f39971aaa0010747e91e991aeff3900e78d1916cbb2dae92577f8c71fe82941041c3bc837395055f3496ea67d01e4acd8e
-
SSDEEP
196608:E3gI+o2n018urErvI9pWjgaAnajMs4F23fQC//OoLxhF:9I72n0yurEUWjJjiFoo4jLxhF
Behavioral task
behavioral1
Sample
0xcheat.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
0xcheat.exe
-
Size
8.2MB
-
MD5
e105137e99534bb200e1db67c430e57e
-
SHA1
b95539aafdd4e2bd1e8ef783ad65cb5a627c92c6
-
SHA256
e98e2d71d36b70545619496744b226aadb6f99f3721541d709018ee9fdb24011
-
SHA512
fac4662c466ee96985d0698f2116d1f39971aaa0010747e91e991aeff3900e78d1916cbb2dae92577f8c71fe82941041c3bc837395055f3496ea67d01e4acd8e
-
SSDEEP
196608:E3gI+o2n018urErvI9pWjgaAnajMs4F23fQC//OoLxhF:9I72n0yurEUWjJjiFoo4jLxhF
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-