General
-
Target
Mod Menu Setup.exe
-
Size
7.3MB
-
Sample
240624-1lmb4atbmc
-
MD5
dd842c2531817318d080817fe7becb55
-
SHA1
69103ef433a2d48b80a6393a4b6b991c90afabb6
-
SHA256
dfdcf2fadb2e6614a4ddf5ae74472758603d027e38ddcc5339eabfb96aa9cc79
-
SHA512
6b75dcfb63b5c83f18bdc4a3a8277fe6749f25eb372d94627a4db70aabcd1aa45c0368ea608ba50a24bb5dd7955481dfca0497f8d0d66db78a99c253c48b710b
-
SSDEEP
98304:J+eYgZhUW6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3o1p4:JnYS6xOshoKMuIkhVastRL5Di3u01D71
Malware Config
Targets
-
-
Target
Mod Menu Setup.exe
-
Size
7.3MB
-
MD5
dd842c2531817318d080817fe7becb55
-
SHA1
69103ef433a2d48b80a6393a4b6b991c90afabb6
-
SHA256
dfdcf2fadb2e6614a4ddf5ae74472758603d027e38ddcc5339eabfb96aa9cc79
-
SHA512
6b75dcfb63b5c83f18bdc4a3a8277fe6749f25eb372d94627a4db70aabcd1aa45c0368ea608ba50a24bb5dd7955481dfca0497f8d0d66db78a99c253c48b710b
-
SSDEEP
98304:J+eYgZhUW6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3o1p4:JnYS6xOshoKMuIkhVastRL5Di3u01D71
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-