General
-
Target
file.exe
-
Size
3MB
-
Sample
230130-yvyqdace99
-
MD5
4767440b9e11d6bed073cb74cb23f2d8
-
SHA1
3ca92c2badf62433701126917e3a5126cab9c809
-
SHA256
4a17ec36b7675cbf830ab51d5375d3d3bd3234f9294ef9caef5608023e8f8c52
-
SHA512
c23dd8cc26580636ef7c9b3bd8ae36148ad6883b4eed5132f042343c1adaf9939a4dda10e36034dbabd6e596e72d6d4d92da9dbebaad204126825bfea2366943
-
SSDEEP
98304:AqNHddSy2xT3SJ0vsw4AHCJpV/82TJNK+gT9/69CzFR7P7CbM5zD6sILTjblMS0u:rjV/pNK+gMwzTi4osI3jhMSN
Malware Config
Targets
-
-
Target
file.exe
-
Size
3MB
-
MD5
4767440b9e11d6bed073cb74cb23f2d8
-
SHA1
3ca92c2badf62433701126917e3a5126cab9c809
-
SHA256
4a17ec36b7675cbf830ab51d5375d3d3bd3234f9294ef9caef5608023e8f8c52
-
SHA512
c23dd8cc26580636ef7c9b3bd8ae36148ad6883b4eed5132f042343c1adaf9939a4dda10e36034dbabd6e596e72d6d4d92da9dbebaad204126825bfea2366943
-
SSDEEP
98304:AqNHddSy2xT3SJ0vsw4AHCJpV/82TJNK+gT9/69CzFR7P7CbM5zD6sILTjblMS0u:rjV/pNK+gMwzTi4osI3jhMSN
Score7/10-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation