General

  • Target

    69fa6aa34cf0ae63c618d3dc67f123f2bcc2e4e21f28caf45f799206beebfff0

  • Size

    2MB

  • Sample

    210302-36q4he8zln

  • MD5

    e2ff2b8181e08ad9638e802775cac4a6

  • SHA1

    2f4a054b49bd2550ae927f85e02292277e9f24b9

  • SHA256

    69fa6aa34cf0ae63c618d3dc67f123f2bcc2e4e21f28caf45f799206beebfff0

  • SHA512

    00515c0c873edee75118f5be067a954743924307d7be87a2787f2044d4783561ea96ae4fdf12983e8dbe6dd473c5961f44af3d6b3882ad6b4acc8c22c014d544

Score
8/10

Malware Config

Targets

    • Target

      69fa6aa34cf0ae63c618d3dc67f123f2bcc2e4e21f28caf45f799206beebfff0

    • Size

      2MB

    • MD5

      e2ff2b8181e08ad9638e802775cac4a6

    • SHA1

      2f4a054b49bd2550ae927f85e02292277e9f24b9

    • SHA256

      69fa6aa34cf0ae63c618d3dc67f123f2bcc2e4e21f28caf45f799206beebfff0

    • SHA512

      00515c0c873edee75118f5be067a954743924307d7be87a2787f2044d4783561ea96ae4fdf12983e8dbe6dd473c5961f44af3d6b3882ad6b4acc8c22c014d544

    Score
    8/10
    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks