General

  • Target

    AimbotV1.exe

  • Size

    6.0MB

  • Sample

    240603-h6cpaafh7t

  • MD5

    2d69130b2faf1626e4a05c8e34f040bf

  • SHA1

    aeca58ab7e4ba16d787aab187eb37947ac434c32

  • SHA256

    44aafa5fcf23abad80eef019c859a4119cef2fe05d8cc243b571022249b56931

  • SHA512

    bbe7b857d717fa4c7561319f973276080d0257de18d45f20451f412fe3f6b255d667b9e3cd1c7ea60f356142ffd82dbb580739bb3ffbea0c20cad3568f24a86b

  • SSDEEP

    98304:v6pEtdFBGi9amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtOuAKJJGIyH:vZFENeN/FJMIDJf0gsAGK4RouAKJsjH

Malware Config

Targets

    • Target

      AimbotV1.exe

    • Size

      6.0MB

    • MD5

      2d69130b2faf1626e4a05c8e34f040bf

    • SHA1

      aeca58ab7e4ba16d787aab187eb37947ac434c32

    • SHA256

      44aafa5fcf23abad80eef019c859a4119cef2fe05d8cc243b571022249b56931

    • SHA512

      bbe7b857d717fa4c7561319f973276080d0257de18d45f20451f412fe3f6b255d667b9e3cd1c7ea60f356142ffd82dbb580739bb3ffbea0c20cad3568f24a86b

    • SSDEEP

      98304:v6pEtdFBGi9amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtOuAKJJGIyH:vZFENeN/FJMIDJf0gsAGK4RouAKJsjH

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks