Overview

overview

10

Static

static

10

AimBot Mta.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AimBot Mta.exe

  • Size

    8.2MB

  • Sample

    241010-x5m6yssdnf

  • MD5

    583e557683a1c31d8c92e751bf8243eb

  • SHA1

    f783ee7ce56fbdc2a9f7716adc55eafa2fafda99

  • SHA256

    8374db803d99dba4640415d21423667b86b4f79e4924a5f872681a8f49d95321

  • SHA512

    7973a4e92c04d604aabf248cabd515a15c5536d5136d8721d947433a91925635c1e4570b6d329cbc6b40e065b0d8795ffc835225799d20355f9da85addeb85d5

  • SSDEEP

    196608:59g8VEsaRwfI9jUC2gYBYv3vbW4SEf+iITx1U6na:48VENOIH2gYBgDWZjTnza

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      AimBot Mta.exe

    • Size

      8.2MB

    • MD5

      583e557683a1c31d8c92e751bf8243eb

    • SHA1

      f783ee7ce56fbdc2a9f7716adc55eafa2fafda99

    • SHA256

      8374db803d99dba4640415d21423667b86b4f79e4924a5f872681a8f49d95321

    • SHA512

      7973a4e92c04d604aabf248cabd515a15c5536d5136d8721d947433a91925635c1e4570b6d329cbc6b40e065b0d8795ffc835225799d20355f9da85addeb85d5

    • SSDEEP

      196608:59g8VEsaRwfI9jUC2gYBYv3vbW4SEf+iITx1U6na:48VENOIH2gYBgDWZjTnza

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks