General
-
Target
file.exe
-
Size
3MB
-
Sample
230126-h8cr3aed31
-
MD5
e4285ed9f73fbe9b801a1b245ce7cdb9
-
SHA1
3a488206550062f8897d7413f5ac2895859fa882
-
SHA256
1db21ff2a1259b9aa3a5406db534ed160ba5b6a044b776507581155fb9bdd2e2
-
SHA512
f20e19bcfe0be242cd5183287ef0913cbd5599d8b4ab8f75e7f8eca6cae3a133ef439d97c7a4314fe60dcc65b6c4ce70eefccce2a139d35992f921f09f385f8f
-
SSDEEP
98304:AqNHddSy2xT3SJ0vsw4AHCJpV/82TJNK+gT9/69CzF07P7CbM5zD6sILTjblMS0u:rjV/pNK+gMwz+i4osI3jhMSN
Malware Config
Targets
-
-
Target
file.exe
-
Size
3MB
-
MD5
e4285ed9f73fbe9b801a1b245ce7cdb9
-
SHA1
3a488206550062f8897d7413f5ac2895859fa882
-
SHA256
1db21ff2a1259b9aa3a5406db534ed160ba5b6a044b776507581155fb9bdd2e2
-
SHA512
f20e19bcfe0be242cd5183287ef0913cbd5599d8b4ab8f75e7f8eca6cae3a133ef439d97c7a4314fe60dcc65b6c4ce70eefccce2a139d35992f921f09f385f8f
-
SSDEEP
98304:AqNHddSy2xT3SJ0vsw4AHCJpV/82TJNK+gT9/69CzF07P7CbM5zD6sILTjblMS0u:rjV/pNK+gMwz+i4osI3jhMSN
Score7/10-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation