Overview

overview

9

Static

static

3

LowestCheatV2.exe

windows7-x64

7

LowestCheatV2.exe

windows10-2004-x64

9

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

LowestCheatV2.exe

windows7-x64

1

LowestCheatV2.exe

windows10-2004-x64

9

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

3

resources/elevate.exe

windows10-2004-x64

3

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LowestCheatV2.zip

  • Size

    81.0MB

  • Sample

    240919-fcx21s1frh

  • MD5

    c9f9a55d44d9fd0c44baf7259e59bdcc

  • SHA1

    f12fa0ed0202cc9c3c570f15813653ddbec5fa68

  • SHA256

    6ce917d7095c92f60e0be0da52f5082f3dcca6b2e276138e6037f210ee398e04

  • SHA512

    0dab937b99d4416eef3a41887cd1b2b2b86a6b300dea72e31a407ce61e3cfe88f1665e53ad98ee9a226f4cb4d167f3f3e05ebacde594e3af1f5e773526ec7f2b

  • SSDEEP

    1572864:gUyzfiufbRM9cMlZ5STzmsv5XuxLwX2UZQGys3JSa1gD2jbi:gUEK2YcMlZ5STq25XoL22UZss5SamD2y

Score
9/10
collectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      LowestCheatV2.exe

    • Size

      81.0MB

    • MD5

      d1eb32fd9afc4dcee9673ac58f88ee5a

    • SHA1

      9d30602c05f6ee38eea01a158b279ecf171565c6

    • SHA256

      7fe8c498d23589fa8dda28a10834e0a43429027cbe09a40bbf065caf048c618e

    • SHA512

      cf9bc33b9293d11cc8b31d3a3d3276b7502acf7fcdd7c58581277af2fd3a43b98f621af3d3bb842afced5d5af08f92577b0bfedec4391022048eb61fb73da9cb

    • SSDEEP

      1572864:34gPXMo9/hWLOfF2v0MzeMRZRW3FarsQDeg4w9BQkh+nag37:34Ac0+OfF2v0MKQZRuFYsQDawjQkUnau

    Score
    9/10
    discoverycollectioncredential_accessexecutionpersistenceprivilege_escalationspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      LICENSES.chromium.html

    • Size

      8.8MB

    • MD5

      2675b30d524b6c79b6cee41af86fc619

    • SHA1

      407716c1bb83c211bcb51efbbcb6bf2ef1664e5b

    • SHA256

      6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081

    • SHA512

      3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485

    • SSDEEP

      24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      LowestCheatV2.exe

    • Size

      164.7MB

    • MD5

      9015f998b118c79c4c36a7fc1bd8852e

    • SHA1

      debac7ecd686e64764ac96eb05c386d0a5b2fa4e

    • SHA256

      80249d1d22b6dfdb13e1cdc4cb8291550bb08419143189ce389d008a904ed156

    • SHA512

      98f7c5c8b9c8fc86258c4bbaf87608511952fff353af9a1383c923a95fcc3615d22e0090c3e5efbc002bad9a8e1fb7ad7058b8c5301048f888f6676c232562d8

    • SSDEEP

      1572864:03OB0RhDP7igv6wO+HkaN/xtpj56BZWua2T3jC0gqhd07YeRt6C1Bd1jKoUeKtQ9:MPvt1x2z5m7jN

    Score
    9/10
    collectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral10behavioral9

    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      2191e768cc2e19009dad20dc999135a3

    • SHA1

      f49a46ba0e954e657aaed1c9019a53d194272b6a

    • SHA256

      7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

    • SHA512

      5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

    • SSDEEP

      49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l

    Score
    1/10
    behavioral11

    • Target

      ffmpeg.dll

    • Size

      2.8MB

    • MD5

      a9ea2fab0940c6d0d04deb70e0f81b48

    • SHA1

      a992109beec766bf315da8035a6eaa5c3e4660d2

    • SHA256

      6b721af2850f8654d42585e363e1ffa2e92843b3b84bb2e0074cd954966300ff

    • SHA512

      014e3fafaa84f433c26d77e666ba94f0e364d7ae4268602742af9ab81169601a1e94d20a8a0a4328573b6f36052e2afe0745374c03c71b4d853c825df9372096

    • SSDEEP

      49152:kF5qb84KtStWEK/Ju2lf3tAtiLHQVTf6yfcrhCHDXLl8+0LKSQISCu:kFvSkJXv+tiLAD0+DIS5

    Score
    1/10
    behavioral12behavioral13

    • Target

      libEGL.dll

    • Size

      477KB

    • MD5

      f1c6c87ee66112b3c7cce3ad1cab59c8

    • SHA1

      cce4f00e654c10ea5408897296a269be79a21a2e

    • SHA256

      5318dc1ede886a1d33c7243f68847e6c29436f3f7d1891a6803c70aaea3a278d

    • SHA512

      ddec01354988ce401a1fbdf06c57b25acfcfd8dfbcd58337f029f579e9f6c7cdc98aeee9001073de88db192d4b7ac6bda4b3bcccf2aa5d8f136aef580c95bcc6

    • SSDEEP

      6144:48hd1BSjuMmof2SEXVVfgV8hxN7h2NvIEOg51f0FticyQ:48DXSjZmof2SEsmN12NvIE7f0FticyQ

    Score
    1/10
    behavioral14behavioral15

    • Target

      libGLESv2.dll

    • Size

      7.3MB

    • MD5

      d5993dd046fc7331aa3da6a6a68f634f

    • SHA1

      f7a8fa4add31e581d7af8f1e832168e29c7c759a

    • SHA256

      158cc009ec9b331b6b279818743e451c3ee706b8faac52e85ffedeff4643ffab

    • SHA512

      e37bcfb2919ae649ab9be9f15150f5cc221d07913a4d6872060d722fbada266620868de2179ffefd04d119f08909a6635561078b0a24b59e60478e42770f162d

    • SSDEEP

      98304:FwY1sQqaLe2Egto8U4r5Pp6TlITQZ3uW888888888tb8dKi:mNaSgtvroZu

    Score
    1/10
    behavioral16behavioral17

    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    3/10
    discovery
    behavioral18behavioral19

    • Target

      vk_swiftshader.dll

    • Size

      4.9MB

    • MD5

      0e653627e1754dfb69680077af7bc0e1

    • SHA1

      45a46f604d5da8920c2485e4931feb4f84ae294c

    • SHA256

      b279cb96e6e853624079b87f6f5d9321c8662aeb06631bb9261db5a73496a55c

    • SHA512

      0c71bdfde59a47c435c98311714a9417a5be5356fb8845cd8b755357eed6bf4d70124c495303d2f2a4e8d0a964af2c4579b8d6715f6ee4915aaf47163ec20b28

    • SSDEEP

      49152:G6h3a0f1ABi1jP9LoS8lne0Zv8EgHI7JXYN3bgFNmEgMYmz2qA0Mr7wsVUsNCOzh:nh3aMXoSHfPwksHldLiuNr

    Score
    1/10
    behavioral20behavioral21

    • Target

      vulkan-1.dll

    • Size

      931KB

    • MD5

      66f1223b63719717e59ce7059f2cfba8

    • SHA1

      80cfccccac4d55d0b1916ac2fe744c61e6baae0e

    • SHA256

      96d48cbc783aa0aa283398f3bfdc3d997ad328265f1af2cfd781ba89829601b4

    • SHA512

      9a3e08ea3c91f67ca16a9ac17f6257a6035873e34ab341d8103c3da0b3a659f5d95f3522f87065bde5c4be2373dabc229b1bd8a194574753c85b1d8a9d6ac114

    • SSDEEP

      24576:yYWOq/4Kt/Ku8n387ecbFb6Z5WoDYsHY6g3P0zAk7sz:yY65/M387R56Z5WoDYsHY6g3P0zAk7s

    Score
    1/10
    behavioral22behavioral23

    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      424KB

    • MD5

      80e44ce4895304c6a3a831310fbf8cd0

    • SHA1

      36bd49ae21c460be5753a904b4501f1abca53508

    • SHA256

      b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    • SHA512

      c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

    • SSDEEP

      6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

    Score
    3/10
    discovery
    behavioral24behavioral25

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

3
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

collectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealer
Score
9/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

Score
1/10

behavioral10

collectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealer
Score
9/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10