General
-
Target
r6 External Aimbot + ESP.rar
-
Size
3.4MB
-
Sample
241104-djccsasejl
-
MD5
94519843b9b8eee0f68c9eff7aa78a69
-
SHA1
2d682df3dc77039e85b2331c7bbcf1967bba17e6
-
SHA256
bd8c47ee070482e8ebb374c7eca83b3963764bb1cb8af2ac6c072d2463a37adb
-
SHA512
355d54121c553812511eb3406679e6ab2378677e988745b8c173899a3ca077e77baf4f149ae62a9059a3dcdfe45b4c773ee51f34d473a4e7696825f47fe2c422
-
SSDEEP
98304:kY5xjZTIHOK2Q/bKp9SpbsHPhyiJd9wNi6LjfSkZ6YX:kw3IHOKnMQi7ONi6LDSkZpX
Static task
static1
Behavioral task
behavioral1
Sample
r6_external.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
game
http://193.233.112.44
-
url_path
/383ccd496f3c5eee.php
Targets
-
-
Target
r6_external.exe
-
Size
3.7MB
-
MD5
6b81f9f9d69045ba2ebb229dfcd42554
-
SHA1
d3ec868616014de922e1e8fa77f0fd9e19e72f3c
-
SHA256
7261d4b797dbbf5cb8c015beb343ef7f95f1183553d34d11b5a620ee34c80ddc
-
SHA512
c618541f8534d60522c1ead509e2682d511bf749a4221db4b4383da294d8fa807f334c30f4a8b66171a2345381067e5cdb3b79eb72823bb78842b611aa96cc63
-
SSDEEP
98304:TXJFZkiG8LhDN7S8bPDUUNiAcN+KK09tpC/Ms:TZFSEB7S8bbUUEK0k/
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-