General

  • Target

    Mod Menu Setup.exe

  • Size

    7.3MB

  • Sample

    240624-1lmb4atbmc

  • MD5

    dd842c2531817318d080817fe7becb55

  • SHA1

    69103ef433a2d48b80a6393a4b6b991c90afabb6

  • SHA256

    dfdcf2fadb2e6614a4ddf5ae74472758603d027e38ddcc5339eabfb96aa9cc79

  • SHA512

    6b75dcfb63b5c83f18bdc4a3a8277fe6749f25eb372d94627a4db70aabcd1aa45c0368ea608ba50a24bb5dd7955481dfca0497f8d0d66db78a99c253c48b710b

  • SSDEEP

    98304:J+eYgZhUW6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3o1p4:JnYS6xOshoKMuIkhVastRL5Di3u01D71

Malware Config

Targets

    • Target

      Mod Menu Setup.exe

    • Size

      7.3MB

    • MD5

      dd842c2531817318d080817fe7becb55

    • SHA1

      69103ef433a2d48b80a6393a4b6b991c90afabb6

    • SHA256

      dfdcf2fadb2e6614a4ddf5ae74472758603d027e38ddcc5339eabfb96aa9cc79

    • SHA512

      6b75dcfb63b5c83f18bdc4a3a8277fe6749f25eb372d94627a4db70aabcd1aa45c0368ea608ba50a24bb5dd7955481dfca0497f8d0d66db78a99c253c48b710b

    • SSDEEP

      98304:J+eYgZhUW6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3o1p4:JnYS6xOshoKMuIkhVastRL5Di3u01D71

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks