General
-
Target
release-1.rar
-
Size
11.5MB
-
Sample
240702-da42faxajq
-
MD5
2193b6604f588f357d740a18bdab44f4
-
SHA1
76f47e39d4f2519c2cf0286f32f6dbe6750058c1
-
SHA256
16c7a73b769a3cd125d7954c8a2f9e00899b24d1ff8141e7f4ccb4e57119bac1
-
SHA512
cd681225749e199689369aed7a3beb96cd7137a9d052a9b7d753d61906b4187da5696364d31b37b5d2453ae344b6fb5c7fc872a1ac9e43b20a3442a30bdbb193
-
SSDEEP
196608:viS/BJrAwImyJd7fRMEef/KIMxAvGUFi0gpuKLoqizxw139o3IVTiypXyGF:vigrAdmATje3DAA+UA0gxLonzm9o3IB5
Behavioral task
behavioral1
Sample
release/main/cheat.exe
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
release/main/loader.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
release/map/map.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
release/main/cheat.exe
-
Size
4.1MB
-
MD5
3b821f77818bf6529d9b85af041f28bd
-
SHA1
a9782ab905e4540f1a1e38663cf22807505ffbe5
-
SHA256
56d0dfd1dde9cb0a196fc881c05ab7ef4a1d769145e2d2e24242426a935bc649
-
SHA512
b0f50ebdc50d1c4452bf8e7aab1a7b88eaf948dbdcca230f6257663f9f91ffd413432a88c5eeed7871e0a18e9ef37219f5176939f3350a5dfc377c83d0c77a4f
-
SSDEEP
98304:oUXr5eFWXgNcV+TTqth4ci1ss30nI2yCrdA8+quSThpD46NtCMmD:VrIFWUcVYY6r3l251+quSThl9pi
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/main/loader.exe
-
Size
4.1MB
-
MD5
9ecdc9ed1bea6c226f92d740d43400b9
-
SHA1
b5b5066cd4284733d8c3f3d7de3ca6653091ae10
-
SHA256
60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
-
SHA512
30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
-
SSDEEP
98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/map/map.exe
-
Size
3.3MB
-
MD5
a5a681b19458d693464f24f0d22d7b32
-
SHA1
10b9edb6e510ee582815b3779064698ed9e90db8
-
SHA256
04a72e5f734b6d97c78477d82b1bd24d45e47769b98d908920265a01bbde2d37
-
SHA512
e27f08721444474d7f37e45b6636f71cd5e9823ab197b6665f5c48106f8f84ec57bd5f1e953a3c2d0200ae0f9e80b72a261444bea6e828a62cd0b44bf128ab31
-
SSDEEP
98304:GyVbJ5frOxTN0fAptwDUB+psfprlsg/zG3lC:f2JN0fG6wgsxrqQzGVC
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-