General
-
Target
RageMpCheat.rar
-
Size
7.4MB
-
Sample
240603-l2ybzaag8x
-
MD5
7129f62b266350e28d78ed360af30e00
-
SHA1
fe561d3317ffc5bbf2eb46d84860fc874bd90065
-
SHA256
24d9801e173481efd967263838402c015d9dc2789fafc292fa67dd11ce535860
-
SHA512
f8df96f3ec103443b57daea6f0f344352f56608173ef1594057152cefe07d97808ed8b14b5a8c4abd98883bd1c387747b7cc27730ceade7cc30b97b2f3443de8
-
SSDEEP
196608:jGZNwIjMBPjFjRXt3ZCD4z+RVmdd0tOU0d1DDCPlN/iQV:2wyIF16RQ+iKD/7
Behavioral task
behavioral1
Sample
RageMp Cheat.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
RageMp Cheat.exe
-
Size
7.6MB
-
MD5
b10373c607c2a0a1358c9e689b3b8c0b
-
SHA1
fec2891dedf1d311e68fffeda78aa7db476abd08
-
SHA256
6afd602e99c286bfbb0406998df962935d9ce854049849850602b506185d1776
-
SHA512
3775cdd94fe28e534dba23007c6445f1d6ca3a05eb356a52924c0919d55e272db3759f2ceeea60a4f24777c2033ea2b8dca94bf88c3447f0049c30d9229acda7
-
SSDEEP
196608:Qru3V1EB6ylnlPzf+JiJCsmFMvGSEin6hVvT0:oBRlnlPSa7mmvzJ+r0
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-