General

  • Target

    RyzenCheats.exe

  • Size

    6.8MB

  • Sample

    241124-vc9s5sypgv

  • MD5

    1e8aa3040cfe04f61dd80d6085fbe0ae

  • SHA1

    9a0cfa008db1c20635120c38f2f4303c8db370f3

  • SHA256

    545f156d03870077adfe4d24b7464edbaa85ce6d682bb1a96e668761c478dfc0

  • SHA512

    58a01b076c149650fb6230b1d64d1c095d8b3d79b2c56d5c9b57d40db3a14105f3d9fdece6c05b08f4322fc80ea90d7bcdaae25b9cafcafb1939edc938bed5c2

  • SSDEEP

    98304:b0zdbM+Q2y+aq0NsjOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbCEJ1nL2hBnLnC6:bif0gOjmFQR4MVGFtwLPsnL2hVp3

Malware Config

Targets

    • Target

      RyzenCheats.exe

    • Size

      6.8MB

    • MD5

      1e8aa3040cfe04f61dd80d6085fbe0ae

    • SHA1

      9a0cfa008db1c20635120c38f2f4303c8db370f3

    • SHA256

      545f156d03870077adfe4d24b7464edbaa85ce6d682bb1a96e668761c478dfc0

    • SHA512

      58a01b076c149650fb6230b1d64d1c095d8b3d79b2c56d5c9b57d40db3a14105f3d9fdece6c05b08f4322fc80ea90d7bcdaae25b9cafcafb1939edc938bed5c2

    • SSDEEP

      98304:b0zdbM+Q2y+aq0NsjOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbCEJ1nL2hBnLnC6:bif0gOjmFQR4MVGFtwLPsnL2hVp3

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks