Overview

overview

10

Static

static

10

ghost cheat.exe

windows10-2004-x64

8

��I+.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ghost cheat.exe

  • Size

    10.0MB

  • Sample

    240930-bv6dwsvdqf

  • MD5

    249a1f67c978836ecb8befc961b68a24

  • SHA1

    df65e1866385c19420b5e1559e0f07c4d9450723

  • SHA256

    0afde0fdb0c168deb5561cfbfa8ea5a09d99d03a9de33ed6cd35fdd935bf9a21

  • SHA512

    4cb1192b54a85f8fe6b7311ed15639c2b2c683834fd50f018b1c9fa31c322f5471c73c7c346b7714130f29470f4cdcb5343a3d0c3325a33f34b8f022ac893273

  • SSDEEP

    196608:U/FhteN/FJMIDJf0gsAGK5SEQRquAK3n4Io:WW/Fqyf0gsfNtAK4

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      ghost cheat.exe

    • Size

      10.0MB

    • MD5

      249a1f67c978836ecb8befc961b68a24

    • SHA1

      df65e1866385c19420b5e1559e0f07c4d9450723

    • SHA256

      0afde0fdb0c168deb5561cfbfa8ea5a09d99d03a9de33ed6cd35fdd935bf9a21

    • SHA512

      4cb1192b54a85f8fe6b7311ed15639c2b2c683834fd50f018b1c9fa31c322f5471c73c7c346b7714130f29470f4cdcb5343a3d0c3325a33f34b8f022ac893273

    • SSDEEP

      196608:U/FhteN/FJMIDJf0gsAGK5SEQRquAK3n4Io:WW/Fqyf0gsfNtAK4

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      ��I+.pyc

    • Size

      857B

    • MD5

      8424b3fec5d5290d1c6dc5c5cfa74f49

    • SHA1

      d52d7741954fe8f5340afdea1eea8fe451393209

    • SHA256

      8a822e84dd5e13e3de529dad751e10a68964e95209e76e6e263d8058d116b023

    • SHA512

      fccfc6e066f326db1e363667a7e243ed2cadfc2e8826926ab81c672b4c1c5f1fbfbcc293fb5c3406f1e3d673b097e6e034d5a95e5edb7f0d6db029bd195359c2

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks