Overview

overview

7

Static

static

3

ICE_Mod_Fortnite.exe

windows7-x64

7

ICE_Mod_Fortnite.exe

windows10-2004-x64

7

cstealer.pyc

windows7-x64

3

cstealer.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 19:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cstealer.pyc

  • Size

    67KB

  • MD5

    ad0492a222956db980daa4e5449226f9

  • SHA1

    417bc557da6c95e6d5e020a4ab73d6060346d236

  • SHA256

    b13a667128e2fdf35a0b4cfd267e24a606c09e99a4b5094829c4f7a2d5d672c6

  • SHA512

    d0dba4b06fe7aa4dac6b98e718bff87212e011f3584da311db3f4a4f309d4b809cb5e551c9be6c852b24b60b65cae7206ea3b518df48bb8b8c4c4018338f35dd

  • SSDEEP

    1536:l0xqOgDxpqBJlMstbo88jLQwcXf9qS0VL+LRheG:lqE/+bo88PCXX0L+LRP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cstealer.pyc
    1⤵
    • Modifies registry class
    PID:2828
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3632

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads