General
-
Target
AimbotV1.exe
-
Size
6.0MB
-
Sample
240603-h6cpaafh7t
-
MD5
2d69130b2faf1626e4a05c8e34f040bf
-
SHA1
aeca58ab7e4ba16d787aab187eb37947ac434c32
-
SHA256
44aafa5fcf23abad80eef019c859a4119cef2fe05d8cc243b571022249b56931
-
SHA512
bbe7b857d717fa4c7561319f973276080d0257de18d45f20451f412fe3f6b255d667b9e3cd1c7ea60f356142ffd82dbb580739bb3ffbea0c20cad3568f24a86b
-
SSDEEP
98304:v6pEtdFBGi9amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtOuAKJJGIyH:vZFENeN/FJMIDJf0gsAGK4RouAKJsjH
Behavioral task
behavioral1
Sample
AimbotV1.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
AimbotV1.exe
-
Size
6.0MB
-
MD5
2d69130b2faf1626e4a05c8e34f040bf
-
SHA1
aeca58ab7e4ba16d787aab187eb37947ac434c32
-
SHA256
44aafa5fcf23abad80eef019c859a4119cef2fe05d8cc243b571022249b56931
-
SHA512
bbe7b857d717fa4c7561319f973276080d0257de18d45f20451f412fe3f6b255d667b9e3cd1c7ea60f356142ffd82dbb580739bb3ffbea0c20cad3568f24a86b
-
SSDEEP
98304:v6pEtdFBGi9amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtOuAKJJGIyH:vZFENeN/FJMIDJf0gsAGK4RouAKJsjH
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-