General
-
Target
FiveM-Cleaner-main.zip
-
Size
224KB
-
Sample
250119-ws12lsznbj
-
MD5
c10f6fc22fb0182ceac7d59cbf560dd1
-
SHA1
17dc2b0cff549de7037f7dd359fc771c0c31fdc1
-
SHA256
c8001310a36b68904e5a980065b0ef27c9862dbdf1813e938244a1f26721f1c2
-
SHA512
6539008a31d2c830e06eb32664bdd6a544db2548b0efe751afcf90733531264429c977a396c9ef2b12c07a0540c1fe67d20c942b48fd8d5de8613b678fc77da5
-
SSDEEP
6144:7lRvmfgrMWX2fqhESldik9yf8QmBwRXwhESldik9yf8QmBwRsq0:7OrWGfqOMd5c0QmCRXwOMd5c0QmCRA
Static task
static1
Behavioral task
behavioral1
Sample
FiveM-Cleaner-main/HvH Service Cleaner/Program.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
FiveM-Cleaner-main/HvH Service Cleaner/Program.js
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
FiveM-Cleaner-main/HvH Service Cleaner/bin/Debug/HvH Service Cleaner.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
FiveM-Cleaner-main/HvH Service Cleaner/bin/Debug/HvH Service Cleaner.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
FiveM-Cleaner-main/HvH Service Cleaner/obj/Debug/HvH Service Cleaner.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
FiveM-Cleaner-main/HvH Service Cleaner/obj/Debug/HvH Service Cleaner.exe
Resource
win11-20241023-en
Malware Config
Targets
-
-
Target
FiveM-Cleaner-main/HvH Service Cleaner/Program.cs
-
Size
27KB
-
MD5
65517d770e0b60bbff5cbc68815c80de
-
SHA1
3e833cd5b0764fcc3406bc468b5a5c50a61a398b
-
SHA256
6b40f76654bc828d94dbbabaf246e1ac9be39e3bfbcafe25ecee4707036a016b
-
SHA512
890b366fb584988e3e1092c3d662034381ae1803ba4324b7c946b8c4951a2d475255e28dc64954b6a5c3939f7f6b5df885c73ac3db40770cc9c40e91c49d4af3
-
SSDEEP
384:WoLJAgDUFUD6/ahO43EJOF8f8V43Es7VO4rT2OBkhoR7KVs/kf8FGZxwSZTkS9mf:3JAgDUFUD6/ac5P7Jbd/Gdb+ByS
Score3/10 -
-
-
Target
FiveM-Cleaner-main/HvH Service Cleaner/bin/Debug/HvH Service Cleaner.exe
-
Size
82KB
-
MD5
a29c5a6dcdcee2b94ac1fe2a98043d6b
-
SHA1
6f0fe1d9bce1e85fb15ab2673a488ffca6424e97
-
SHA256
649a4bd3401efd8acab0df567e92e6936cdb0863c8c11b699877919e2c6a448a
-
SHA512
850e2de5b0791d27b0b44e5584c01f3946faab4f30d3f80e4dcad7e35391b81867717676057af97463620f4facbf5e1974f4cd56bd33c68727db62731e23f733
-
SSDEEP
1536:HNONdbWZ41tj+99yOPVUG4/BKTI6NqsseZnD68/d1l3ZRnB:ENdbWeP+99y6m/BQIR/eZec3ZdB
-
Clears Network RDP Connection History and Configurations
Remove evidence of malicious network connections to clean up operations traces.
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
-
-
Target
FiveM-Cleaner-main/HvH Service Cleaner/obj/Debug/HvH Service Cleaner.exe
-
Size
82KB
-
MD5
a29c5a6dcdcee2b94ac1fe2a98043d6b
-
SHA1
6f0fe1d9bce1e85fb15ab2673a488ffca6424e97
-
SHA256
649a4bd3401efd8acab0df567e92e6936cdb0863c8c11b699877919e2c6a448a
-
SHA512
850e2de5b0791d27b0b44e5584c01f3946faab4f30d3f80e4dcad7e35391b81867717676057af97463620f4facbf5e1974f4cd56bd33c68727db62731e23f733
-
SSDEEP
1536:HNONdbWZ41tj+99yOPVUG4/BKTI6NqsseZnD68/d1l3ZRnB:ENdbWeP+99y6m/BQIR/eZec3ZdB
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Indicator Removal
1Clear Network Connection History and Configurations
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1