General

  • Target

    9bf20509ce5be3d8dd7afed314d9739a5a4e241bab4a6e3b8946f8b3a88c3ce9

  • Size

    592KB

  • Sample

    210301-8m6kdvcqks

  • MD5

    c638e8327f9bbf1b0acadfc1a7a3cdd0

  • SHA1

    57e822f7ea9c96d9e6997cb7fe85b7f279c6e810

  • SHA256

    9bf20509ce5be3d8dd7afed314d9739a5a4e241bab4a6e3b8946f8b3a88c3ce9

  • SHA512

    3f9549e95582cd3ab77694f292abf38d26f2dddce322cd1325c480e436a467fe939aa2478d4eeb655ffce3be7a961b1471fbeac53bc492b9d02253142ac3a497

Score
8/10

Malware Config

Targets

    • Target

      9bf20509ce5be3d8dd7afed314d9739a5a4e241bab4a6e3b8946f8b3a88c3ce9

    • Size

      592KB

    • MD5

      c638e8327f9bbf1b0acadfc1a7a3cdd0

    • SHA1

      57e822f7ea9c96d9e6997cb7fe85b7f279c6e810

    • SHA256

      9bf20509ce5be3d8dd7afed314d9739a5a4e241bab4a6e3b8946f8b3a88c3ce9

    • SHA512

      3f9549e95582cd3ab77694f292abf38d26f2dddce322cd1325c480e436a467fe939aa2478d4eeb655ffce3be7a961b1471fbeac53bc492b9d02253142ac3a497

    Score
    8/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks