General
-
Target
mmHqhack.exe
-
Size
53.4MB
-
Sample
240612-xqv81swdrd
-
MD5
d0ba31267053ee693643241334eee066
-
SHA1
69cac3da476cbe2f7f1ba852c7a8833c5b0ea9a1
-
SHA256
aeca5c681fbc270a5d2fa9677c028ba1dc0d50d300aa630ea542fe6eb38534b8
-
SHA512
5be81499d357a5e3f5ed9257e2606a2755b8b09c2b192bdc578cd0a9dcde02e7f4454e56b64ebaa0925896f55af94aa77e6fc3be791706b4b4467386c1f61db8
-
SSDEEP
786432:H9NQmF3yajlAhRn+uKPrONjl0pHlo0FdGgW8zcY87DyESWqEnN4IHqn7EhX:dNQJMAhRnOPrONJ0Vl4WE7DdquNZqnuX
Static task
static1
Behavioral task
behavioral1
Sample
mmHqhack.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
mmHqhack.exe
-
Size
53.4MB
-
MD5
d0ba31267053ee693643241334eee066
-
SHA1
69cac3da476cbe2f7f1ba852c7a8833c5b0ea9a1
-
SHA256
aeca5c681fbc270a5d2fa9677c028ba1dc0d50d300aa630ea542fe6eb38534b8
-
SHA512
5be81499d357a5e3f5ed9257e2606a2755b8b09c2b192bdc578cd0a9dcde02e7f4454e56b64ebaa0925896f55af94aa77e6fc3be791706b4b4467386c1f61db8
-
SSDEEP
786432:H9NQmF3yajlAhRn+uKPrONjl0pHlo0FdGgW8zcY87DyESWqEnN4IHqn7EhX:dNQJMAhRnOPrONJ0Vl4WE7DdquNZqnuX
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-