General

  • Target

    ModMenu.zip

  • Size

    81.0MB

  • Sample

    241015-2lvh5s1clb

  • MD5

    bc85a107c33cb50b368f8fbc2b2c1d7b

  • SHA1

    e0aa287542905bc3dfc2b87351d312b2d3bb8536

  • SHA256

    7f2f844e05f5934a8eaec2340afa3ab8fd68858d921196ebdd30f7a769b6cb26

  • SHA512

    5a1073de88d431ce6b6914ba14f0771395b78e793904453e940acb21c1d2b2ef9cfb030f5da0acd19418da13814af4ec803f6a9401637b4a6c99fdad0d54afaf

  • SSDEEP

    1572864:YzHCZ2ml60SzdvIog0uReQqMrlpA+Ql4UxTivfSktquGKw9bAR00:YjCLEtIj9ReyklXxenlt41bX0

Malware Config

Targets

    • Target

      ModMenu/ModMenu.exe

    • Size

      55.9MB

    • MD5

      38cf7282e87e4b098df558cc82415676

    • SHA1

      e06e48bcbced8954e42cd2177d005ead1fb5a35a

    • SHA256

      5bcaa28002cffab6ffa3e0c6491bab41b8df2d2e95ca2eb072a360577281a7f4

    • SHA512

      96fe6deffa6ff4ab2783c7f27254c0825a801ff9fb6a4c38543e7c38bc17506e69d35ed1fb508a8958b64ceef66931678ec7591bb56d24d75af64378bcc6250c

    • SSDEEP

      1572864:e0uReQqMrlpA+Ql4UxTivfSktquGKw9bAR0K:e9ReyklXxenlt41bXK

    Score
    7/10
    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      ModMenu/xlabbgrabber.exe

    • Size

      25.1MB

    • MD5

      8249e50ef3ee0c14f1c7a2afec0fb320

    • SHA1

      afc6873676daa2c91f1d668341db0dfec2398545

    • SHA256

      277ec5804293832892f741ce95a71aaf7445c50284d54df8eb53d08f2b1312de

    • SHA512

      6059ec185a230b15b262b529b280aca4d43261709e09f6097b88fa6a03b0c9814662b5296a92896d74562fd94c0f52fcd0c7e39d3b3110e791a9538e5c4fb39c

    • SSDEEP

      786432:tzGJ+zHSK0R/Z2YwUlJIdQu7QPorvSrSMev3ZC3O0o:/zHCZ2ml60SzdvIo

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks