General

  • Target

    FiveM-Cleaner-main.zip

  • Size

    224KB

  • Sample

    250119-ws12lsznbj

  • MD5

    c10f6fc22fb0182ceac7d59cbf560dd1

  • SHA1

    17dc2b0cff549de7037f7dd359fc771c0c31fdc1

  • SHA256

    c8001310a36b68904e5a980065b0ef27c9862dbdf1813e938244a1f26721f1c2

  • SHA512

    6539008a31d2c830e06eb32664bdd6a544db2548b0efe751afcf90733531264429c977a396c9ef2b12c07a0540c1fe67d20c942b48fd8d5de8613b678fc77da5

  • SSDEEP

    6144:7lRvmfgrMWX2fqhESldik9yf8QmBwRXwhESldik9yf8QmBwRsq0:7OrWGfqOMd5c0QmCRXwOMd5c0QmCRA

Malware Config

Targets

    • Target

      FiveM-Cleaner-main/HvH Service Cleaner/Program.cs

    • Size

      27KB

    • MD5

      65517d770e0b60bbff5cbc68815c80de

    • SHA1

      3e833cd5b0764fcc3406bc468b5a5c50a61a398b

    • SHA256

      6b40f76654bc828d94dbbabaf246e1ac9be39e3bfbcafe25ecee4707036a016b

    • SHA512

      890b366fb584988e3e1092c3d662034381ae1803ba4324b7c946b8c4951a2d475255e28dc64954b6a5c3939f7f6b5df885c73ac3db40770cc9c40e91c49d4af3

    • SSDEEP

      384:WoLJAgDUFUD6/ahO43EJOF8f8V43Es7VO4rT2OBkhoR7KVs/kf8FGZxwSZTkS9mf:3JAgDUFUD6/ac5P7Jbd/Gdb+ByS

    Score
    3/10
    • Target

      FiveM-Cleaner-main/HvH Service Cleaner/bin/Debug/HvH Service Cleaner.exe

    • Size

      82KB

    • MD5

      a29c5a6dcdcee2b94ac1fe2a98043d6b

    • SHA1

      6f0fe1d9bce1e85fb15ab2673a488ffca6424e97

    • SHA256

      649a4bd3401efd8acab0df567e92e6936cdb0863c8c11b699877919e2c6a448a

    • SHA512

      850e2de5b0791d27b0b44e5584c01f3946faab4f30d3f80e4dcad7e35391b81867717676057af97463620f4facbf5e1974f4cd56bd33c68727db62731e23f733

    • SSDEEP

      1536:HNONdbWZ41tj+99yOPVUG4/BKTI6NqsseZnD68/d1l3ZRnB:ENdbWeP+99y6m/BQIR/eZec3ZdB

    • Clears Network RDP Connection History and Configurations

      Remove evidence of malicious network connections to clean up operations traces.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Target

      FiveM-Cleaner-main/HvH Service Cleaner/obj/Debug/HvH Service Cleaner.exe

    • Size

      82KB

    • MD5

      a29c5a6dcdcee2b94ac1fe2a98043d6b

    • SHA1

      6f0fe1d9bce1e85fb15ab2673a488ffca6424e97

    • SHA256

      649a4bd3401efd8acab0df567e92e6936cdb0863c8c11b699877919e2c6a448a

    • SHA512

      850e2de5b0791d27b0b44e5584c01f3946faab4f30d3f80e4dcad7e35391b81867717676057af97463620f4facbf5e1974f4cd56bd33c68727db62731e23f733

    • SSDEEP

      1536:HNONdbWZ41tj+99yOPVUG4/BKTI6NqsseZnD68/d1l3ZRnB:ENdbWeP+99y6m/BQIR/eZec3ZdB

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks