General

  • Target

    Cheat1.2.1.exe

  • Size

    77.7MB

  • Sample

    240725-w7lv8sxbjq

  • MD5

    363668a4103ea46a1b6a31d6c9126637

  • SHA1

    fcdba83774317899ad73c7f17551426d9b3173b5

  • SHA256

    af31259afecb4806010514b6e0c9fd6722dfd3e5dfdefeeeed0140303cec6a69

  • SHA512

    f3f0db347c41acaac140ac113653477a2c0d3828d5245e20e43408ea9fb8d3520e5b8eb7ae57664de5f1bade173454f811afd540def83231e0ffc9a7e29be703

  • SSDEEP

    1572864:TvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:TvHcRohTSkB05awqfhdCpukdRzMs9U

Malware Config

Targets

    • Target

      Cheat1.2.1.exe

    • Size

      77.7MB

    • MD5

      363668a4103ea46a1b6a31d6c9126637

    • SHA1

      fcdba83774317899ad73c7f17551426d9b3173b5

    • SHA256

      af31259afecb4806010514b6e0c9fd6722dfd3e5dfdefeeeed0140303cec6a69

    • SHA512

      f3f0db347c41acaac140ac113653477a2c0d3828d5245e20e43408ea9fb8d3520e5b8eb7ae57664de5f1bade173454f811afd540def83231e0ffc9a7e29be703

    • SSDEEP

      1572864:TvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:TvHcRohTSkB05awqfhdCpukdRzMs9U

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks