Overview

overview

10

Static

static

10

cs2 hvh cheat.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cs2 hvh cheat.exe

  • Size

    8.2MB

  • Sample

    241015-bqfyfawfmf

  • MD5

    dce0567da5018d584625ce11a7bfddb6

  • SHA1

    26d76de18c08b94354fef94c2791d72fc1aa9bbc

  • SHA256

    9c5f598dc527f099f43eeed0d8ac582e01ba108011c1819b8f975be5c77055ce

  • SHA512

    7edc6867af2d289929b2aa94ad4251a99bbfc414998e018cbd6e916fc89a127b48edcf4dbac7e7d3b048c0ef2eb8c78ea55a8fd36d2748cd80382a0704a4bbd0

  • SSDEEP

    196608:Q3uyqZDhwfI9jUC2XMvH8zPjweaBpZ0cISEu2ooccXK7oSy:Z8IH2XgHq+jq283Yoj

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      cs2 hvh cheat.exe

    • Size

      8.2MB

    • MD5

      dce0567da5018d584625ce11a7bfddb6

    • SHA1

      26d76de18c08b94354fef94c2791d72fc1aa9bbc

    • SHA256

      9c5f598dc527f099f43eeed0d8ac582e01ba108011c1819b8f975be5c77055ce

    • SHA512

      7edc6867af2d289929b2aa94ad4251a99bbfc414998e018cbd6e916fc89a127b48edcf4dbac7e7d3b048c0ef2eb8c78ea55a8fd36d2748cd80382a0704a4bbd0

    • SSDEEP

      196608:Q3uyqZDhwfI9jUC2XMvH8zPjweaBpZ0cISEu2ooccXK7oSy:Z8IH2XgHq+jq283Yoj

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks