General
-
Target
ModMenu.zip
-
Size
81.0MB
-
Sample
241015-2lvh5s1clb
-
MD5
bc85a107c33cb50b368f8fbc2b2c1d7b
-
SHA1
e0aa287542905bc3dfc2b87351d312b2d3bb8536
-
SHA256
7f2f844e05f5934a8eaec2340afa3ab8fd68858d921196ebdd30f7a769b6cb26
-
SHA512
5a1073de88d431ce6b6914ba14f0771395b78e793904453e940acb21c1d2b2ef9cfb030f5da0acd19418da13814af4ec803f6a9401637b4a6c99fdad0d54afaf
-
SSDEEP
1572864:YzHCZ2ml60SzdvIog0uReQqMrlpA+Ql4UxTivfSktquGKw9bAR00:YjCLEtIj9ReyklXxenlt41bX0
Behavioral task
behavioral1
Sample
ModMenu/ModMenu.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ModMenu/ModMenu.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ModMenu/xlabbgrabber.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
ModMenu/xlabbgrabber.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ModMenu/ModMenu.exe
-
Size
55.9MB
-
MD5
38cf7282e87e4b098df558cc82415676
-
SHA1
e06e48bcbced8954e42cd2177d005ead1fb5a35a
-
SHA256
5bcaa28002cffab6ffa3e0c6491bab41b8df2d2e95ca2eb072a360577281a7f4
-
SHA512
96fe6deffa6ff4ab2783c7f27254c0825a801ff9fb6a4c38543e7c38bc17506e69d35ed1fb508a8958b64ceef66931678ec7591bb56d24d75af64378bcc6250c
-
SSDEEP
1572864:e0uReQqMrlpA+Ql4UxTivfSktquGKw9bAR0K:e9ReyklXxenlt41bXK
Score7/10-
Loads dropped DLL
-
-
-
Target
ModMenu/xlabbgrabber.exe
-
Size
25.1MB
-
MD5
8249e50ef3ee0c14f1c7a2afec0fb320
-
SHA1
afc6873676daa2c91f1d668341db0dfec2398545
-
SHA256
277ec5804293832892f741ce95a71aaf7445c50284d54df8eb53d08f2b1312de
-
SHA512
6059ec185a230b15b262b529b280aca4d43261709e09f6097b88fa6a03b0c9814662b5296a92896d74562fd94c0f52fcd0c7e39d3b3110e791a9538e5c4fb39c
-
SSDEEP
786432:tzGJ+zHSK0R/Z2YwUlJIdQu7QPorvSrSMev3ZC3O0o:/zHCZ2ml60SzdvIo
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-