General
-
Target
release.rar
-
Size
21.7MB
-
Sample
240619-yx4peatgkq
-
MD5
7cc9ee71b4f5d983e014b8aa56d1c21a
-
SHA1
664a81a29f759e1b98b50d7986858d5b1d258361
-
SHA256
4d63d075c49aace33f4c890a9d36a01d2768b8f70bea6a37a55a1228aad70175
-
SHA512
c44c0c4e9227239c5d695c206dad103f785c1a08738399d5c322d0064f0c8708d93f1ed884f84f01d697a3bde0b1b3246541ac3138a61f2084f9501aaf5cc5b2
-
SSDEEP
393216:Sa7UEFfXq3iQa2lxUZygg8M5Hsa7UEFfXq3iQa2lxUZygg8M5HMa7UEFfXq3iQax:DUI6ZMc98MvUI6ZMc98MPUI6ZMc98My
Behavioral task
behavioral1
Sample
release/main/cheat.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
release/main/cheat.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
release/main/loader.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
release/main/loader.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
release/map/map.exe
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
release/map/map.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
release/main/cheat.exe
-
Size
7.3MB
-
MD5
4165131d7bed66d69a2467e21842d0b3
-
SHA1
57255f830038d18161089681f43b3c01501bd155
-
SHA256
bcb9ba98165906ab0cf5d60f7c3397fcbe73ff5904b512c59dbeeca6f25b8b47
-
SHA512
de3a459ff83144b1c060d6a37942327e92b8b9633839595cc65998c36f920dec298d8af932b1c8efa6c81f90f83be74b12ec47e992974168538d0ac39ad666fc
-
SSDEEP
196608:s2YS6yoOshoKMuIkhVastRL5Di3uh1D7JK:1YSroOshouIkPftRL54YRJK
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
release/main/loader.exe
-
Size
7.3MB
-
MD5
4165131d7bed66d69a2467e21842d0b3
-
SHA1
57255f830038d18161089681f43b3c01501bd155
-
SHA256
bcb9ba98165906ab0cf5d60f7c3397fcbe73ff5904b512c59dbeeca6f25b8b47
-
SHA512
de3a459ff83144b1c060d6a37942327e92b8b9633839595cc65998c36f920dec298d8af932b1c8efa6c81f90f83be74b12ec47e992974168538d0ac39ad666fc
-
SSDEEP
196608:s2YS6yoOshoKMuIkhVastRL5Di3uh1D7JK:1YSroOshouIkPftRL54YRJK
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
-
-
Target
release/map/map.exe
-
Size
7.3MB
-
MD5
4165131d7bed66d69a2467e21842d0b3
-
SHA1
57255f830038d18161089681f43b3c01501bd155
-
SHA256
bcb9ba98165906ab0cf5d60f7c3397fcbe73ff5904b512c59dbeeca6f25b8b47
-
SHA512
de3a459ff83144b1c060d6a37942327e92b8b9633839595cc65998c36f920dec298d8af932b1c8efa6c81f90f83be74b12ec47e992974168538d0ac39ad666fc
-
SSDEEP
196608:s2YS6yoOshoKMuIkhVastRL5Di3uh1D7JK:1YSroOshouIkPftRL54YRJK
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-