General

  • Target

    df103f4fae541a2bd46ae4692741d07bff6ff39592520b0cb12f5e50ce197a4d

  • Size

    314KB

  • Sample

    220822-2a5jzaeacj

  • MD5

    54f30fd8d792f52ea2d8aa9fa5afa9bf

  • SHA1

    fdd05d8d69fe973c9370388c508af85b6d9d6086

  • SHA256

    df103f4fae541a2bd46ae4692741d07bff6ff39592520b0cb12f5e50ce197a4d

  • SHA512

    36e323bee5fb038571fc39fd856fb509edec50ddf73004603b1d946b45b3471883314bac92674e11781df6041a924aaa00bf9356e78dd0a42a85627ee9d665a3

  • SSDEEP

    6144:m615Ykutpw63P/VAvy087nKmfrH6i/Y8DKWBhdqcNDixkKiP8dIDYkMp:mA5EHw63P/VAvyNnKmf2YY8DK2dqCiW4

Malware Config

Targets

    • Target

      df103f4fae541a2bd46ae4692741d07bff6ff39592520b0cb12f5e50ce197a4d

    • Size

      314KB

    • MD5

      54f30fd8d792f52ea2d8aa9fa5afa9bf

    • SHA1

      fdd05d8d69fe973c9370388c508af85b6d9d6086

    • SHA256

      df103f4fae541a2bd46ae4692741d07bff6ff39592520b0cb12f5e50ce197a4d

    • SHA512

      36e323bee5fb038571fc39fd856fb509edec50ddf73004603b1d946b45b3471883314bac92674e11781df6041a924aaa00bf9356e78dd0a42a85627ee9d665a3

    • SSDEEP

      6144:m615Ykutpw63P/VAvy087nKmfrH6i/Y8DKWBhdqcNDixkKiP8dIDYkMp:mA5EHw63P/VAvyNnKmf2YY8DK2dqCiW4

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Detects Eternity clipper

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks