General

  • Target

    mmHqhack.exe

  • Size

    53.4MB

  • Sample

    240612-xqv81swdrd

  • MD5

    d0ba31267053ee693643241334eee066

  • SHA1

    69cac3da476cbe2f7f1ba852c7a8833c5b0ea9a1

  • SHA256

    aeca5c681fbc270a5d2fa9677c028ba1dc0d50d300aa630ea542fe6eb38534b8

  • SHA512

    5be81499d357a5e3f5ed9257e2606a2755b8b09c2b192bdc578cd0a9dcde02e7f4454e56b64ebaa0925896f55af94aa77e6fc3be791706b4b4467386c1f61db8

  • SSDEEP

    786432:H9NQmF3yajlAhRn+uKPrONjl0pHlo0FdGgW8zcY87DyESWqEnN4IHqn7EhX:dNQJMAhRnOPrONJ0Vl4WE7DdquNZqnuX

Malware Config

Targets

    • Target

      mmHqhack.exe

    • Size

      53.4MB

    • MD5

      d0ba31267053ee693643241334eee066

    • SHA1

      69cac3da476cbe2f7f1ba852c7a8833c5b0ea9a1

    • SHA256

      aeca5c681fbc270a5d2fa9677c028ba1dc0d50d300aa630ea542fe6eb38534b8

    • SHA512

      5be81499d357a5e3f5ed9257e2606a2755b8b09c2b192bdc578cd0a9dcde02e7f4454e56b64ebaa0925896f55af94aa77e6fc3be791706b4b4467386c1f61db8

    • SSDEEP

      786432:H9NQmF3yajlAhRn+uKPrONjl0pHlo0FdGgW8zcY87DyESWqEnN4IHqn7EhX:dNQJMAhRnOPrONJ0Vl4WE7DdquNZqnuX

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks