General

  • Target

    RageMpCheat.rar

  • Size

    7.4MB

  • Sample

    240603-l2ybzaag8x

  • MD5

    7129f62b266350e28d78ed360af30e00

  • SHA1

    fe561d3317ffc5bbf2eb46d84860fc874bd90065

  • SHA256

    24d9801e173481efd967263838402c015d9dc2789fafc292fa67dd11ce535860

  • SHA512

    f8df96f3ec103443b57daea6f0f344352f56608173ef1594057152cefe07d97808ed8b14b5a8c4abd98883bd1c387747b7cc27730ceade7cc30b97b2f3443de8

  • SSDEEP

    196608:jGZNwIjMBPjFjRXt3ZCD4z+RVmdd0tOU0d1DDCPlN/iQV:2wyIF16RQ+iKD/7

Malware Config

Targets

    • Target

      RageMp Cheat.exe

    • Size

      7.6MB

    • MD5

      b10373c607c2a0a1358c9e689b3b8c0b

    • SHA1

      fec2891dedf1d311e68fffeda78aa7db476abd08

    • SHA256

      6afd602e99c286bfbb0406998df962935d9ce854049849850602b506185d1776

    • SHA512

      3775cdd94fe28e534dba23007c6445f1d6ca3a05eb356a52924c0919d55e272db3759f2ceeea60a4f24777c2033ea2b8dca94bf88c3447f0049c30d9229acda7

    • SSDEEP

      196608:Qru3V1EB6ylnlPzf+JiJCsmFMvGSEin6hVvT0:oBRlnlPSa7mmvzJ+r0

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks