General

  • Target

    TrayHelper.rar

  • Size

    6.5MB

  • Sample

    211008-rttxgaeeg6

  • MD5

    25f8eb48b6c095f56d5c5bfbc040138f

  • SHA1

    ed0e4e5ea33ef39eaf0c941e3888dd1ee3cd310c

  • SHA256

    68ebab3a43a80264ad9eccca2d31dd49d71bb83b8b6e66ea97e1761c004ecc47

  • SHA512

    7b5803e74ecf679c7309b6ec44df409c2fa3d12cc25a832cef48763b9a52af62181f8e423adaae8c8ecc547b0dc13e3ca47e86af19ee3457a6c304e80fb2464e

Malware Config

Targets

    • Target

      TrayHelper.exe

    • Size

      6.6MB

    • MD5

      ed629675ffcbd864df0c8a39467e7a1d

    • SHA1

      f70a3a6c1175ad86c40e5b062f7145df4595f467

    • SHA256

      9112098aacf18ad20a8ef5a79f48e5da4b67d63c5caa84878193e01f075160fe

    • SHA512

      c11252b55faa35ecec0e68771cf298e5e7a578da3406d0c2bb86661faa9bbc887090bbf658a917b6768963c1cffaccb869e97de70daca408666d9b8ffd266837

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks