General
-
Target
GameStealerV1.exe
-
Size
19.7MB
-
Sample
240525-x9afnafe6z
-
MD5
81147138442b4d147c7cbed2c8043cf8
-
SHA1
6f42fd9daffee8b9816d2df0287010f310a62975
-
SHA256
cb31806a9dfbf19858779bb3a1b98efbcd2135eea4def247d99ce31c4d5bef8e
-
SHA512
f2772bef74ea468cdfd3dc4e4a210cb2e15fc3b7363066dacef13fa7565e46d48486b2a55b27fcd7b3b578644edb7f6daeb7ab79903b033c1cda08ba13d99bf5
-
SSDEEP
393216:Bh9Sl6eQnrh2Jp5M7V+C/pW/cRhuX2ByeZWiv8RR52HTy:L9kQrh1V+C/pWWuXulMoz
Malware Config
Targets
-
-
Target
GameStealerV1.exe
-
Size
19.7MB
-
MD5
81147138442b4d147c7cbed2c8043cf8
-
SHA1
6f42fd9daffee8b9816d2df0287010f310a62975
-
SHA256
cb31806a9dfbf19858779bb3a1b98efbcd2135eea4def247d99ce31c4d5bef8e
-
SHA512
f2772bef74ea468cdfd3dc4e4a210cb2e15fc3b7363066dacef13fa7565e46d48486b2a55b27fcd7b3b578644edb7f6daeb7ab79903b033c1cda08ba13d99bf5
-
SSDEEP
393216:Bh9Sl6eQnrh2Jp5M7V+C/pW/cRhuX2ByeZWiv8RR52HTy:L9kQrh1V+C/pWWuXulMoz
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-