Overview

overview

10

Static

static

10

Pirat cheat.exe

windows11-21h2-x64

9

Resubmissions

22-01-2025 20:51

250122-zndmasvmgs 10

22-01-2025 19:56

250122-ynwmfatmek 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pirat cheat.exe

  • Size

    103.9MB

  • Sample

    250122-zndmasvmgs

  • MD5

    b76305d6ef8c96a6a8beb10361fda7e1

  • SHA1

    12810daa04355d407d96fbf91ce31c2828b3c5a5

  • SHA256

    f0cd6f311d9d5d06463ecebf22e7e9efecfb1b12814589efc07e028368bb3eb2

  • SHA512

    9931ea876fe53a74e8363e12ef5bb5407ceab7c816e4ee76ab0c530192170e0de4884d4ac938a08401fb7fc2eaae07b2f8f7430b90d35f7e070ba2804222f385

  • SSDEEP

    3145728:Y3nzSCRrS6xjKcBanL2qHO5iVXfnGQbRe0zJcBUZ2:mzNZSWNaBHCid1XcB7

Score
10/10
pysilondefense_evasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      Pirat cheat.exe

    • Size

      103.9MB

    • MD5

      b76305d6ef8c96a6a8beb10361fda7e1

    • SHA1

      12810daa04355d407d96fbf91ce31c2828b3c5a5

    • SHA256

      f0cd6f311d9d5d06463ecebf22e7e9efecfb1b12814589efc07e028368bb3eb2

    • SHA512

      9931ea876fe53a74e8363e12ef5bb5407ceab7c816e4ee76ab0c530192170e0de4884d4ac938a08401fb7fc2eaae07b2f8f7430b90d35f7e070ba2804222f385

    • SSDEEP

      3145728:Y3nzSCRrS6xjKcBanL2qHO5iVXfnGQbRe0zJcBUZ2:mzNZSWNaBHCid1XcB7

    Score
    9/10
    defense_evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks