General
-
Target
release.zip
-
Size
11.3MB
-
Sample
240616-cw4r5awbqb
-
MD5
4115cd94afc46e92446a5ed4c6e02034
-
SHA1
a27d793c873e89366625e8c2577fac9bcc22f55e
-
SHA256
3a521e8eb6c4a7bc7e8981b6377b5ca5a50b47862cd29c15b394a3e1a91cb4f1
-
SHA512
5bc3d1459061e0285f8f6fd9af8fc884bc7495f34bdf165af4374320db698b3f6563887490dd342bb4865758d14a9df8f080c59978a2d89137fbebeac810a2bd
-
SSDEEP
196608:S6oLLrxYCD3GH4sfsx+QlK6GDoudi0E59ythnAB+rJYmd5wyj:6iCSFskQE6Grdi15AnAB+dPEyj
Behavioral task
behavioral1
Sample
release/main/cheat.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
release/main/cheat.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
release/main/loader.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
release/main/loader.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
release/map/map.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
release/map/map.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
release/main/cheat.exe
-
Size
3.9MB
-
MD5
200e4d1a5f37c511d30b7c778556b1a1
-
SHA1
809060eed706b528705b9e0082a9d0b8f1449aaf
-
SHA256
ab2b268de451ce6bbc5879b014180e47aecd874181d1e03c34159f78839ded67
-
SHA512
8fbf7d4b092c7a0d964fe4a1a0158811fdd1ed0a8ff49aa7de02c6dbcfbf70fa57959b2a922a731da598cd37e3fce008fa330a9daa892f32f61696a44cf1672f
-
SSDEEP
98304:F3t8oJL3g4KQWRa49EwOIJ/enT55/FPeO5hOCEI47zFk:H7hKQW84O4eV5FZjOCEIu5k
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/main/loader.exe
-
Size
4.1MB
-
MD5
9ecdc9ed1bea6c226f92d740d43400b9
-
SHA1
b5b5066cd4284733d8c3f3d7de3ca6653091ae10
-
SHA256
60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
-
SHA512
30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
-
SSDEEP
98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/map/map.exe
-
Size
3.3MB
-
MD5
a5a681b19458d693464f24f0d22d7b32
-
SHA1
10b9edb6e510ee582815b3779064698ed9e90db8
-
SHA256
04a72e5f734b6d97c78477d82b1bd24d45e47769b98d908920265a01bbde2d37
-
SHA512
e27f08721444474d7f37e45b6636f71cd5e9823ab197b6665f5c48106f8f84ec57bd5f1e953a3c2d0200ae0f9e80b72a261444bea6e828a62cd0b44bf128ab31
-
SSDEEP
98304:GyVbJ5frOxTN0fAptwDUB+psfprlsg/zG3lC:f2JN0fG6wgsxrqQzGVC
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-