a8fa1195c3314ea31f36703bd1966bfe423f8d79664d953c04d3c55d6b088b79

Sharing

Copy URL Twitter E-mail

General

Target

ExiCheats.zip
Size

10.3MB
Sample

240808-q9ravavakk
MD5

d89e78989591b236b2cff49c6ed54815
SHA1

f6a195c90798aba6ff00d795c3bf1fce219d729c
SHA256

a8fa1195c3314ea31f36703bd1966bfe423f8d79664d953c04d3c55d6b088b79
SHA512

7847ccaf803ff4d8b5eb9b3230f7387072704c2eb120a1cc425a771f2a64df7fc7d510a1a2e9c9f42b5124478fac2af9fab623a154a3d368166b765e4f9e6867
SSDEEP

196608:fJ+ILZNOlfIRq3Ppv0MzCu1DxqKdIW01FU+A5zmehreM:UIVN4fAieg1NQBFUjhrB

Score

7^/10

Malware Config

Targets

- Target
  
  Debug.DLL/AccessibleHandler — копия.dll
- Size
  
  3.4MB
- MD5
  
  96b95a995d325fe15201f32db9fe6116
- SHA1
  
  cad60d85dd5810ad23199f756c89d78f71567799
- SHA256
  
  3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed
- SHA512
  
  24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e
- SSDEEP
  
  24576:03s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3v:iaaaaaaaaaaaaaaaaaaaaav
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1
- Target
  
  Debug.DLL/AccessibleHandler.dll
- Size
  
  3.4MB
- MD5
  
  96b95a995d325fe15201f32db9fe6116
- SHA1
  
  cad60d85dd5810ad23199f756c89d78f71567799
- SHA256
  
  3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed
- SHA512
  
  24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e
- SSDEEP
  
  24576:03s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3v:iaaaaaaaaaaaaaaaaaaaaav
Score

1^/10
behavioral2
- Target
  
  Debug.DLL/AccessibleMarshal.dll
- Size
  
  26KB
- MD5
  
  a3118f1dc70d8ef4b8ea6d5fffaa7649
- SHA1
  
  8f835c345d6dae18565eeb06ee88334dce729bc7
- SHA256
  
  7ac06c7b7bd831d9ce468a1d8eecfe45eea866d212bdd03c507d9469e3b612a9
- SHA512
  
  3cdef9b193b0fe893d067d2cf05fd0e3d15a1ebc1c7424576468ad16583c02082dedb70b1229c74d1cfbf3efead1cebd74343c890939016c75336fab087a6785
- SSDEEP
  
  384:7gk4781J+VfRVIGBGesocyB9wE3vDG/Gh1bJtENa:ska81QVfR6GBGeeyA4DGehHSk
Score

3^/10

discovery
behavioral3
- Target
  
  Debug.DLL/api-ms-win-core-file-l1-2-0.dll
- Size
  
  17KB
- MD5
  
  79ee4a2fcbe24e9a65106de834ccda4a
- SHA1
  
  fd1ba674371af7116ea06ad42886185f98ba137b
- SHA256
  
  9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613
- SHA512
  
  6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c
- SSDEEP
  
  192:Y+W1hWifcvHCjdks/nGfe4pBjSYA89sX5W5RKTt3E2sVWQ4GWFuLOgVqnaj6uDp6:Y+W1hWoQim0GftpBj7sIm3SFOslD16hP
Score

3^/10

discovery
behavioral4
- Target
  
  Debug.DLL/api-ms-win-core-file-l2-1-0.dll
- Size
  
  17KB
- MD5
  
  3f224766fe9b090333fdb43d5a22f9ea
- SHA1
  
  548d1bb707ae7a3dfccc0c2d99908561a305f57b
- SHA256
  
  ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357
- SHA512
  
  c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca
- SSDEEP
  
  192:FZkW1hWiecvHCjdks/nGfe4pBjSYo3Vq34W5RKTt3E2sVWQ4GW2rOqnajd2siD+k:MW1hWdQim0GftpBj4VuFm3SWlg+0mw
Score

3^/10

discovery
behavioral5
- Target
  
  Debug.DLL/api-ms-win-core-localization-l1-2-0.dll
- Size
  
  20KB
- MD5
  
  23bd405a6cfd1e38c74c5150eec28d0a
- SHA1
  
  1d3be98e7dfe565e297e837a7085731ecd368c7b
- SHA256
  
  a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41
- SHA512
  
  c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21
- SSDEEP
  
  384:9OMw3zdp3bwjGjue9/0jCRrndb5W1hW54wm0GftpBjvTNvwm3SBMltZ2m:9OMwBprwjGjue9/0jCRrndboUFViZ2Vu
Score

3^/10

discovery
behavioral6
- Target
  
  Debug.DLL/api-ms-win-core-processthreads-l1-1-1.dll
- Size
  
  18KB
- MD5
  
  95c5b49af7f2c7d3cd0bc14b1e9efacb
- SHA1
  
  c400205c81140e60dffa8811c1906ce87c58971e
- SHA256
  
  ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1
- SHA512
  
  f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3
- SSDEEP
  
  384:NS8DfIelW1hWu4wm0GftpBjBFm3SzlJrI:NSLecfFViRTs
Score

3^/10

discovery
behavioral7
- Target
  
  ExiCheats.exe
- Size
  
  380KB
- MD5
  
  e607c382927fb038880cf1a2a849dfe4
- SHA1
  
  d769bfd287767ac8f675234d9ab88257533b5c9d
- SHA256
  
  5e9f7ed1c8f91cb3701644a9445a917c87c2b5b763242b225753df27f774e13d
- SHA512
  
  735bc8e717ba5254085d6e8efae0a821e37e5d8e10f5638a1c35c1ad83b074aa1256568b5b0eee457d4a915bd6273756ec8b70489159b520f17b427e8cada9dc
- SSDEEP
  
  6144:9aVwB0LKymEKiAFneG/WoGfDlwGJCdvFNs40w1TWe2fnqbi:DBS/NkAGOfDlwGJRxATSfG
Score

5^/10

discovery
- Suspicious use of SetThreadContext
behavioral8
- Target
  
  Packaged/AccessibleHandler — копия (2).dll
- Size
  
  3.4MB
- MD5
  
  96b95a995d325fe15201f32db9fe6116
- SHA1
  
  cad60d85dd5810ad23199f756c89d78f71567799
- SHA256
  
  3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed
- SHA512
  
  24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e
- SSDEEP
  
  24576:03s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3v:iaaaaaaaaaaaaaaaaaaaaav
Score

1^/10
behavioral9
- Target
  
  Packaged/AccessibleHandler — копия (3).dll
- Size
  
  3.4MB
- MD5
  
  96b95a995d325fe15201f32db9fe6116
- SHA1
  
  cad60d85dd5810ad23199f756c89d78f71567799
- SHA256
  
  3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed
- SHA512
  
  24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e
- SSDEEP
  
  24576:03s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3v:iaaaaaaaaaaaaaaaaaaaaav
Score

1^/10
behavioral10
- Target
  
  Packaged/AccessibleHandler — копия.dll
- Size
  
  3.4MB
- MD5
  
  96b95a995d325fe15201f32db9fe6116
- SHA1
  
  cad60d85dd5810ad23199f756c89d78f71567799
- SHA256
  
  3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed
- SHA512
  
  24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e
- SSDEEP
  
  24576:03s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3v:iaaaaaaaaaaaaaaaaaaaaav
Score

1^/10
behavioral11
- Target
  
  Packaged/AccessibleHandler.dll
- Size
  
  3.4MB
- MD5
  
  96b95a995d325fe15201f32db9fe6116
- SHA1
  
  cad60d85dd5810ad23199f756c89d78f71567799
- SHA256
  
  3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed
- SHA512
  
  24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e
- SSDEEP
  
  24576:03s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3s3v:iaaaaaaaaaaaaaaaaaaaaav
Score

1^/10
behavioral12
- Target
  
  Packaged/AccessibleMarshal.dll
- Size
  
  26KB
- MD5
  
  a3118f1dc70d8ef4b8ea6d5fffaa7649
- SHA1
  
  8f835c345d6dae18565eeb06ee88334dce729bc7
- SHA256
  
  7ac06c7b7bd831d9ce468a1d8eecfe45eea866d212bdd03c507d9469e3b612a9
- SHA512
  
  3cdef9b193b0fe893d067d2cf05fd0e3d15a1ebc1c7424576468ad16583c02082dedb70b1229c74d1cfbf3efead1cebd74343c890939016c75336fab087a6785
- SSDEEP
  
  384:7gk4781J+VfRVIGBGesocyB9wE3vDG/Gh1bJtENa:ska81QVfR6GBGeeyA4DGehHSk
Score

3^/10

discovery
behavioral13
- Target
  
  Packaged/api-ms-win-core-file-l1-2-0.dll
- Size
  
  17KB
- MD5
  
  79ee4a2fcbe24e9a65106de834ccda4a
- SHA1
  
  fd1ba674371af7116ea06ad42886185f98ba137b
- SHA256
  
  9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613
- SHA512
  
  6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c
- SSDEEP
  
  192:Y+W1hWifcvHCjdks/nGfe4pBjSYA89sX5W5RKTt3E2sVWQ4GWFuLOgVqnaj6uDp6:Y+W1hWoQim0GftpBj7sIm3SFOslD16hP
Score

3^/10

discovery
behavioral14
- Target
  
  Packaged/api-ms-win-core-file-l2-1-0.dll
- Size
  
  17KB
- MD5
  
  3f224766fe9b090333fdb43d5a22f9ea
- SHA1
  
  548d1bb707ae7a3dfccc0c2d99908561a305f57b
- SHA256
  
  ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357
- SHA512
  
  c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca
- SSDEEP
  
  192:FZkW1hWiecvHCjdks/nGfe4pBjSYo3Vq34W5RKTt3E2sVWQ4GW2rOqnajd2siD+k:MW1hWdQim0GftpBj4VuFm3SWlg+0mw
Score

3^/10

discovery
behavioral15
- Target
  
  Packaged/api-ms-win-core-localization-l1-2-0.dll
- Size
  
  20KB
- MD5
  
  23bd405a6cfd1e38c74c5150eec28d0a
- SHA1
  
  1d3be98e7dfe565e297e837a7085731ecd368c7b
- SHA256
  
  a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41
- SHA512
  
  c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21
- SSDEEP
  
  384:9OMw3zdp3bwjGjue9/0jCRrndb5W1hW54wm0GftpBjvTNvwm3SBMltZ2m:9OMwBprwjGjue9/0jCRrndboUFViZ2Vu
Score

3^/10

discovery
behavioral16
- Target
  
  Packaged/api-ms-win-core-processthreads-l1-1-1.dll
- Size
  
  18KB
- MD5
  
  95c5b49af7f2c7d3cd0bc14b1e9efacb
- SHA1
  
  c400205c81140e60dffa8811c1906ce87c58971e
- SHA256
  
  ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1
- SHA512
  
  f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3
- SSDEEP
  
  384:NS8DfIelW1hWu4wm0GftpBjBFm3SzlJrI:NSLecfFViRTs
Score

3^/10

discovery
behavioral17