Overview

overview

10

Static

static

10

cheatloader.exe

windows7-x64

7

cheatloader.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cheatloader.exe

  • Size

    7.7MB

  • Sample

    241101-ysk2hawmer

  • MD5

    cd7ced7032f8a2e05a460f0579c3daba

  • SHA1

    6c84735e5ee871284487fcf4644047fd3cc9f7a7

  • SHA256

    5c6b8f80ecef33db96e30a29a71b48e3ff7dcf4e6bb3c1ac84e183e9359f6a80

  • SHA512

    927bc7f65717eae87981df12274a0cb8d8bb809ea0f5bf1bef222f6aa29efdfcc557adfc6ca18c6d8f80c6b35c5c5ba908b53e0243a24139bde6fb3d1a0d5634

  • SSDEEP

    196608:UG0fFneNTfm/pf+xk4dNSESRpmrbW3jmrU:ry/pWu4m5RpmrbmyrU

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      cheatloader.exe

    • Size

      7.7MB

    • MD5

      cd7ced7032f8a2e05a460f0579c3daba

    • SHA1

      6c84735e5ee871284487fcf4644047fd3cc9f7a7

    • SHA256

      5c6b8f80ecef33db96e30a29a71b48e3ff7dcf4e6bb3c1ac84e183e9359f6a80

    • SHA512

      927bc7f65717eae87981df12274a0cb8d8bb809ea0f5bf1bef222f6aa29efdfcc557adfc6ca18c6d8f80c6b35c5c5ba908b53e0243a24139bde6fb3d1a0d5634

    • SSDEEP

      196608:UG0fFneNTfm/pf+xk4dNSESRpmrbW3jmrU:ry/pWu4m5RpmrbmyrU

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks