Resubmissions

11-02-2021 08:57

210211-8wdaflwvr2 7

10-01-2021 18:11

210110-q3s2qpa8sa 10

General

  • Target

    1b0000.exe.exe

  • Size

    79KB

  • Sample

    210211-8wdaflwvr2

  • MD5

    6654235619b25fd70f0233aec854e0ea

  • SHA1

    35b3ffe69da3c97ac10240a83dd413d78c1deff8

  • SHA256

    83956ff42ffb6c352e3257a55ab76416b120a1cbf6b1f92672d50c4b8fae404f

  • SHA512

    fb15de14ce4667f66ac6b6fc9fc3dfa9898a9e9f061c4e496f36567d9dcae43336d093bb0030ecdfccb570b8df66843a61a45dc6e0891da051ab0eaac92cf158

Score
7/10

Malware Config

Targets

    • Target

      1b0000.exe.exe

    • Size

      79KB

    • MD5

      6654235619b25fd70f0233aec854e0ea

    • SHA1

      35b3ffe69da3c97ac10240a83dd413d78c1deff8

    • SHA256

      83956ff42ffb6c352e3257a55ab76416b120a1cbf6b1f92672d50c4b8fae404f

    • SHA512

      fb15de14ce4667f66ac6b6fc9fc3dfa9898a9e9f061c4e496f36567d9dcae43336d093bb0030ecdfccb570b8df66843a61a45dc6e0891da051ab0eaac92cf158

    Score
    7/10
    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks