Resubmissions

26-07-2024 12:21

240726-pjheks1cka 10

General

  • Target

    Cheat-V1.exe

  • Size

    77.6MB

  • Sample

    240726-pjheks1cka

  • MD5

    66ccdf10182804870c9279acea52c0fc

  • SHA1

    b344375b9fb864382032722e1dd79fc74f84b8c3

  • SHA256

    c73412d46e9d1baa65510faad6d1768c941c17b90c1fadaf4bab5d88180348fe

  • SHA512

    5a245461777cf882a2028fedcee6c5d402b2a93bf9c40d2caac8fe3fc9b63f8d15897e8178063936485ceb83ddbb5c4218baece08bc007c6aceb19e51f08f186

  • SSDEEP

    1572864:vQvHcRlqbh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4Cj6uxO/Z95:vQvHcRKhTSkB05awqfhdCpukdReTI9U

Malware Config

Targets

    • Target

      Cheat-V1.exe

    • Size

      77.6MB

    • MD5

      66ccdf10182804870c9279acea52c0fc

    • SHA1

      b344375b9fb864382032722e1dd79fc74f84b8c3

    • SHA256

      c73412d46e9d1baa65510faad6d1768c941c17b90c1fadaf4bab5d88180348fe

    • SHA512

      5a245461777cf882a2028fedcee6c5d402b2a93bf9c40d2caac8fe3fc9b63f8d15897e8178063936485ceb83ddbb5c4218baece08bc007c6aceb19e51f08f186

    • SSDEEP

      1572864:vQvHcRlqbh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4Cj6uxO/Z95:vQvHcRKhTSkB05awqfhdCpukdReTI9U

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks