Overview
overview
10Static
static
10Bird.exe
windows7-x64
10Bird.exe
windows10-2004-x64
10CSGO FREE HACK.exe
windows7-x64
10CSGO FREE HACK.exe
windows10-2004-x64
10CSGO FREEHACK.exe
windows7-x64
3CSGO FREEHACK.exe
windows10-2004-x64
3CSGhost-v4.1.exe
windows7-x64
8CSGhost-v4.1.exe
windows10-2004-x64
10Install.exe
windows7-x64
10Install.exe
windows10-2004-x64
10Installer.exe
windows7-x64
10Installer.exe
windows10-2004-x64
10Installer2.exe
windows7-x64
10Installer2.exe
windows10-2004-x64
10Kiddions Mod MENU.exe
windows7-x64
7Kiddions Mod MENU.exe
windows10-2004-x64
7Minecraft_v4.5.exe
windows7-x64
10Minecraft_v4.5.exe
windows10-2004-x64
10Vape Crack.exe
windows7-x64
10Vape Crack.exe
windows10-2004-x64
10Vape Patch.exe
windows7-x64
10Vape Patch.exe
windows10-2004-x64
10Vape_V4.exe
windows7-x64
10Vape_V4.exe
windows10-2004-x64
10launcher.exe
windows7-x64
10launcher.exe
windows10-2004-x64
10nixware crack.exe
windows7-x64
3nixware crack.exe
windows10-2004-x64
3Analysis
-
max time kernel
133s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-11-2024 16:28
Behavioral task
behavioral1
Sample
Bird.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Bird.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
CSGO FREE HACK.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
CSGO FREE HACK.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
CSGO FREEHACK.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
CSGO FREEHACK.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
CSGhost-v4.1.exe
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
CSGhost-v4.1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Install.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Install.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Installer.exe
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
Installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Installer2.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Installer2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Kiddions Mod MENU.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Kiddions Mod MENU.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Minecraft_v4.5.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Minecraft_v4.5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Vape Crack.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Vape Crack.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Vape Patch.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Vape Patch.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Vape_V4.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Vape_V4.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
launcher.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
launcher.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
nixware crack.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
nixware crack.exe
Resource
win10v2004-20241007-en
General
-
Target
Kiddions Mod MENU.exe
-
Size
142KB
-
MD5
0bc5ae5e0021fccd9bff9f64f686f043
-
SHA1
06e779dae148031e6294ecf0cc5e135da09811b4
-
SHA256
e0aca3b1e2806672143d256e87812294fe04f1ea95625979e3b9d64b951449db
-
SHA512
ac306d51feaddbc4f733963314b48aeb50a1a707bea90d3347dcf832d59ae96da6775e73760d6899066cdbcb11370ad26e5b901447fd8be2133fbbe6143b6414
-
SSDEEP
3072:FvcjAFss11pSyRNKB2c3XEECZOX0ByrzwZ+Tlttu6OcTy+Dp1jWT39Y7umZZWDpT:Fvt11pxIuZOX0ByrzwZ+Zv9WqumZZ1Pb
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Kiddions Mod MENU.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Kiddions Mod MENU.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 2396 Kiddions Mod MENU.exe 2396 Kiddions Mod MENU.exe 2396 Kiddions Mod MENU.exe 2396 Kiddions Mod MENU.exe 2396 Kiddions Mod MENU.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2396 Kiddions Mod MENU.exe