General

  • Target

    modest-menu_v0.9.7_[kiddionsmodmenu.com]_.zip

  • Size

    13MB

  • Sample

    230206-ydvbmafe92

  • MD5

    140e983ee8f097e731d0365757878f58

  • SHA1

    77d425314b1d68d3fdde1d96ac1e8dcc5644248a

  • SHA256

    2d7405b5d6cd5293b6c81a232edf4f5e98c7e6443152b78b849d619f73e8274a

  • SHA512

    7faef00b0574d2ce42ddce3d2581f4f733d82098fb6a9be8467f86e2d208698e6a60d87d49ae06d8626243c8c0ab18ce68a6dfa1f963f421cd85f858a34a656b

  • SSDEEP

    393216:s1jf6i5VQ6rUWnguEJaDfz9b9znSFxlUOFXxJY:ufbI7OguES7zSFx+

Malware Config

Targets

    • Target

      modest-menu.exe

    • Size

      14MB

    • MD5

      ac062fc9712de55c8c888d6d7fe40c4b

    • SHA1

      2be787ad29f7b783b24ec925153967f4206adacd

    • SHA256

      e388f58cb819d7d603ab71b8909a439ee9e4ac1630c7c64386112a75f2e60966

    • SHA512

      1ad9ecd99df89806fb1b3d7e02343f5297e0379eeef0235bbeb98288788bab9250e20e3c4d3b0a6cbab7a726bfe7dcb1dbd76419d06d7a35d51ad048b5dd450f

    • SSDEEP

      393216:Dl/7prg5lxSqTWgwboGCij0dVMIVibKTWfXuWIQ:R6UqigwboG2JVib7fp

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks