Resubmissions

16-06-2024 02:32

240616-c1rclazdnr 9

16-06-2024 02:29

240616-cyj6hazcpn 9

16-06-2024 02:26

240616-cw4r5awbqb 9

General

  • Target

    release.zip

  • Size

    11.3MB

  • Sample

    240616-cw4r5awbqb

  • MD5

    4115cd94afc46e92446a5ed4c6e02034

  • SHA1

    a27d793c873e89366625e8c2577fac9bcc22f55e

  • SHA256

    3a521e8eb6c4a7bc7e8981b6377b5ca5a50b47862cd29c15b394a3e1a91cb4f1

  • SHA512

    5bc3d1459061e0285f8f6fd9af8fc884bc7495f34bdf165af4374320db698b3f6563887490dd342bb4865758d14a9df8f080c59978a2d89137fbebeac810a2bd

  • SSDEEP

    196608:S6oLLrxYCD3GH4sfsx+QlK6GDoudi0E59ythnAB+rJYmd5wyj:6iCSFskQE6Grdi15AnAB+dPEyj

Malware Config

Targets

    • Target

      release/main/cheat.exe

    • Size

      3.9MB

    • MD5

      200e4d1a5f37c511d30b7c778556b1a1

    • SHA1

      809060eed706b528705b9e0082a9d0b8f1449aaf

    • SHA256

      ab2b268de451ce6bbc5879b014180e47aecd874181d1e03c34159f78839ded67

    • SHA512

      8fbf7d4b092c7a0d964fe4a1a0158811fdd1ed0a8ff49aa7de02c6dbcfbf70fa57959b2a922a731da598cd37e3fce008fa330a9daa892f32f61696a44cf1672f

    • SSDEEP

      98304:F3t8oJL3g4KQWRa49EwOIJ/enT55/FPeO5hOCEI47zFk:H7hKQW84O4eV5FZjOCEIu5k

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      release/main/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      release/map/map.exe

    • Size

      3.3MB

    • MD5

      a5a681b19458d693464f24f0d22d7b32

    • SHA1

      10b9edb6e510ee582815b3779064698ed9e90db8

    • SHA256

      04a72e5f734b6d97c78477d82b1bd24d45e47769b98d908920265a01bbde2d37

    • SHA512

      e27f08721444474d7f37e45b6636f71cd5e9823ab197b6665f5c48106f8f84ec57bd5f1e953a3c2d0200ae0f9e80b72a261444bea6e828a62cd0b44bf128ab31

    • SSDEEP

      98304:GyVbJ5frOxTN0fAptwDUB+psfprlsg/zG3lC:f2JN0fG6wgsxrqQzGVC

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks