General

  • Target

    0xcheat.exe

  • Size

    8.2MB

  • Sample

    240527-xyp2zafh75

  • MD5

    e105137e99534bb200e1db67c430e57e

  • SHA1

    b95539aafdd4e2bd1e8ef783ad65cb5a627c92c6

  • SHA256

    e98e2d71d36b70545619496744b226aadb6f99f3721541d709018ee9fdb24011

  • SHA512

    fac4662c466ee96985d0698f2116d1f39971aaa0010747e91e991aeff3900e78d1916cbb2dae92577f8c71fe82941041c3bc837395055f3496ea67d01e4acd8e

  • SSDEEP

    196608:E3gI+o2n018urErvI9pWjgaAnajMs4F23fQC//OoLxhF:9I72n0yurEUWjJjiFoo4jLxhF

Malware Config

Targets

    • Target

      0xcheat.exe

    • Size

      8.2MB

    • MD5

      e105137e99534bb200e1db67c430e57e

    • SHA1

      b95539aafdd4e2bd1e8ef783ad65cb5a627c92c6

    • SHA256

      e98e2d71d36b70545619496744b226aadb6f99f3721541d709018ee9fdb24011

    • SHA512

      fac4662c466ee96985d0698f2116d1f39971aaa0010747e91e991aeff3900e78d1916cbb2dae92577f8c71fe82941041c3bc837395055f3496ea67d01e4acd8e

    • SSDEEP

      196608:E3gI+o2n018urErvI9pWjgaAnajMs4F23fQC//OoLxhF:9I72n0yurEUWjJjiFoo4jLxhF

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks