Extracted

• • Target

    cheat(crack).zip

  • Size

    22.4MB

  • MD5

    a9bbe94ce07b91f949631cee1447f84d

  • SHA1

    7dd9a0d08ff9a090ff8e0d498fa21c1bc5986d3c

  • SHA256

    0d0b902df62c00b15d1e6043a98262905b556aec52c628179c9e39e8f315ee7e

  • SHA512

    bbd60c09984f1aebc30ff93c47642d254b3954a6bdd32ba5f9ab3f32a2eeb296339a51dd12822eb80e5cd43d513f3afcc437c865a8482245c0a23c6a0fdb2c7b

  • SSDEEP

    393216:yxJqmbOB2P/+x4jlzKmoCmwEncKSz6T39Bbab48WfS2kiK1+ZWs/vx0K9N:yPqci2P/+fmoDncKLBbm48WfSZ1+ZN/z

  Score

  1^/10
  behavioral1behavioral2

• • Target

    cheat(crack)/Cheat(crack).exe

  • Size

    19.1MB

  • MD5

    f9da6a2308ad8b33759396eba9d71a55

  • SHA1

    d2897b32f46c232f14958a2458331274360f297d

  • SHA256

    25f7453e76cd457a4646bbba21a1c2dedb0e0cd8f90e7d249e93dfd6c2b77de3

  • SHA512

    c04e5804fdaf7642cade1c8d943260e2315f358cfb749dca9311798bc43d3b393b8012e3f33fea9d33745ef53c212a0592102e1b3b9d979610f3a940eb1b0bd2

  • SSDEEP

    393216:CDTF+si4rs4FMRk/aD+CeXhX7NqtSmqu/2o4Pe5MCEJXZrHyxMz6:YT7zhMRk/NhhsFqu/d4PJBXmMz6

  Score

  10^/10

  njrathackeddiscoveryevasionexecutionpersistenceprivilege_escalationtrojanupx

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Enumerates processes with tasklist

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral3behavioral4