31f1d523058b0d54d92891739a2ce64f240db3e696b74faba0450e44e756e9b4 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

nigger-cheat.exe

windows7-x64

7

nigger-cheat.exe

windows10-2004-x64

Resubmissions

06-10-2024 16:39

241006-t56frayblh 10

06-10-2024 16:36

241006-t4j65ayaqa 8

Sharing

General

Target

nigger-cheat.exe
Size

6.2MB
Sample

241006-t4j65ayaqa
MD5

70fcc9a9d3e2025e73f1990a4520f224
SHA1

dd245b304a144b57b022662fd8996c74ed41f591
SHA256

31f1d523058b0d54d92891739a2ce64f240db3e696b74faba0450e44e756e9b4
SHA512

f637d23529d8b056cc8a7a3a9467670cb81a4772ea4160a891423d5959b86b7402fc855372ce05c8e92b5d29a8e41c6d5ae246613a628b6ea861a08cd2ba6608
SSDEEP

98304:2pwpHyly42uW5MI0mleFahftplflf6dUwOEH6d8e6aSpXqG0youVkHcOj/to:wSHvzL2VmlTNfwZHYYaSEWouVCVp

Score

8^/10

bootkit discovery persistence pyinstaller

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

nigger-cheat.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral2

Sample

nigger-cheat.exe

Resource

win10v2004-20240802-en

bootkit discovery persistence

windows10-2004-x64

19 signatures

1800 seconds

Malware Config

Targets

- Target
  
  nigger-cheat.exe
- Size
  
  6.2MB
- MD5
  
  70fcc9a9d3e2025e73f1990a4520f224
- SHA1
  
  dd245b304a144b57b022662fd8996c74ed41f591
- SHA256
  
  31f1d523058b0d54d92891739a2ce64f240db3e696b74faba0450e44e756e9b4
- SHA512
  
  f637d23529d8b056cc8a7a3a9467670cb81a4772ea4160a891423d5959b86b7402fc855372ce05c8e92b5d29a8e41c6d5ae246613a628b6ea861a08cd2ba6608
- SSDEEP
  
  98304:2pwpHyly42uW5MI0mleFahftplflf6dUwOEH6d8e6aSpXqG0youVkHcOj/to:wSHvzL2VmlTNfwZHYYaSEWouVCVp
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitdiscoverypersistence

© 2018-2025

Terms | Privacy