General

  • Target

    d244db3aca9903984b8aafbfeff7c4402f410b5e0508fb59d8c2a5385bff7a6d

  • Size

    2.1MB

  • Sample

    210228-ykeyyh1sls

  • MD5

    760ba691b33453c6fee622d5757cfdd0

  • SHA1

    bdf715f38cd5609e036f95abf14d6ede8fd084da

  • SHA256

    d244db3aca9903984b8aafbfeff7c4402f410b5e0508fb59d8c2a5385bff7a6d

  • SHA512

    6a777757074ab9e2f49474230d74c6e96a48f6a08dc64cf279bc44269bd5df25cfd13d001caf9e8df51323a87445adc1b395d24816c178969e09e20ba3c7a373

Score
8/10

Malware Config

Targets

    • Target

      d244db3aca9903984b8aafbfeff7c4402f410b5e0508fb59d8c2a5385bff7a6d

    • Size

      2.1MB

    • MD5

      760ba691b33453c6fee622d5757cfdd0

    • SHA1

      bdf715f38cd5609e036f95abf14d6ede8fd084da

    • SHA256

      d244db3aca9903984b8aafbfeff7c4402f410b5e0508fb59d8c2a5385bff7a6d

    • SHA512

      6a777757074ab9e2f49474230d74c6e96a48f6a08dc64cf279bc44269bd5df25cfd13d001caf9e8df51323a87445adc1b395d24816c178969e09e20ba3c7a373

    Score
    8/10
    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks