General

  • Target

    SpeedHack666Cheat (no VM detected).exe

  • Size

    369KB

  • Sample

    241014-tx3pwsvajd

  • MD5

    65c0f9249f64c65cda3e5ea32126fc1f

  • SHA1

    d567a001160109f58a4ec43db2abd9971e01afa7

  • SHA256

    7522fa6d0f83eac9662ae47af048f02ddfaab925738cec1280b0c5c7788d2d0a

  • SHA512

    08347609ba2b8ba7a69a147fe7c426baebed93f2a9db3137a9d9ebbc0bf87a775808e55d7c7b7e0b852e8f0065f0204b71fbbadf3cdffc84b1cbea21723e0308

  • SSDEEP

    6144:wb8Xw/FxbPPf7QdZE6B5srZP7i+wIUNr4:2/fw5kjwT4

Malware Config

Targets

    • Target

      SpeedHack666Cheat (no VM detected).exe

    • Size

      369KB

    • MD5

      65c0f9249f64c65cda3e5ea32126fc1f

    • SHA1

      d567a001160109f58a4ec43db2abd9971e01afa7

    • SHA256

      7522fa6d0f83eac9662ae47af048f02ddfaab925738cec1280b0c5c7788d2d0a

    • SHA512

      08347609ba2b8ba7a69a147fe7c426baebed93f2a9db3137a9d9ebbc0bf87a775808e55d7c7b7e0b852e8f0065f0204b71fbbadf3cdffc84b1cbea21723e0308

    • SSDEEP

      6144:wb8Xw/FxbPPf7QdZE6B5srZP7i+wIUNr4:2/fw5kjwT4

    • UAC bypass

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks