General
-
Target
Cheat1.2.1.exe
-
Size
77.7MB
-
Sample
240725-w7lv8sxbjq
-
MD5
363668a4103ea46a1b6a31d6c9126637
-
SHA1
fcdba83774317899ad73c7f17551426d9b3173b5
-
SHA256
af31259afecb4806010514b6e0c9fd6722dfd3e5dfdefeeeed0140303cec6a69
-
SHA512
f3f0db347c41acaac140ac113653477a2c0d3828d5245e20e43408ea9fb8d3520e5b8eb7ae57664de5f1bade173454f811afd540def83231e0ffc9a7e29be703
-
SSDEEP
1572864:TvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:TvHcRohTSkB05awqfhdCpukdRzMs9U
Behavioral task
behavioral1
Sample
Cheat1.2.1.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Cheat1.2.1.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Cheat1.2.1.exe
-
Size
77.7MB
-
MD5
363668a4103ea46a1b6a31d6c9126637
-
SHA1
fcdba83774317899ad73c7f17551426d9b3173b5
-
SHA256
af31259afecb4806010514b6e0c9fd6722dfd3e5dfdefeeeed0140303cec6a69
-
SHA512
f3f0db347c41acaac140ac113653477a2c0d3828d5245e20e43408ea9fb8d3520e5b8eb7ae57664de5f1bade173454f811afd540def83231e0ffc9a7e29be703
-
SSDEEP
1572864:TvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:TvHcRohTSkB05awqfhdCpukdRzMs9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-