907421fab1fe990e44ed8ca45f2726777d3bc3cc1f21c2831674c259eed4dc72 | Triage

Sharing

General

Target

Killer-cheat.fivem.exe
Size

89KB
Sample

240628-zbhqgs1end
MD5

416836b98c9e18887f5abf64004a6b47
SHA1

b99db31c9e9c2b5a2b99e0666c19efa204532574
SHA256

907421fab1fe990e44ed8ca45f2726777d3bc3cc1f21c2831674c259eed4dc72
SHA512

6c3c40ef9e35d7e227be520c8988169ad87f99dd922e29d72556179941873cef5e2f4c7834fc8fa0d21244a27ec1d276e737feea5bbda37ab9e44df4bdc7baa3
SSDEEP

1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf+wExO0:z7DhdC6kzWypvaQ0FxyNTBf+PR

Score

10^/10

persistence privilege_escalation

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/webcam.ps1

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/kematian_shellcode.ps1

Targets

- Target
  
  Killer-cheat.fivem.exe
- Size
  
  89KB
- MD5
  
  416836b98c9e18887f5abf64004a6b47
- SHA1
  
  b99db31c9e9c2b5a2b99e0666c19efa204532574
- SHA256
  
  907421fab1fe990e44ed8ca45f2726777d3bc3cc1f21c2831674c259eed4dc72
- SHA512
  
  6c3c40ef9e35d7e227be520c8988169ad87f99dd922e29d72556179941873cef5e2f4c7834fc8fa0d21244a27ec1d276e737feea5bbda37ab9e44df4bdc7baa3
- SSDEEP
  
  1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf+wExO0:z7DhdC6kzWypvaQ0FxyNTBf+PR
Score

10^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation