General
-
Target
file.exe
-
Size
3MB
-
Sample
230131-ydhmtsbh2s
-
MD5
69101e26faea9e8412c011ab73da7e92
-
SHA1
1e72408118f740c4dfaca4ba157bb07c55ad9b1c
-
SHA256
67a7f99493b62e553232daac052b6382ddf57eb5661ee08ea0fa769d92ca6090
-
SHA512
5c977e5cb9f755fe010c78f4cdb86f2f0a73bb9d1f7247e6761f4bd64023ed9d985378aeac663a0bb11dffcbc61b2bb7f7fbff58d51a1d1cbe0e8f5e51edbfe0
-
SSDEEP
98304:AqNHddSy2xT3SJ0vsw4AHCJpV/82TJNK+gT9/69CzFc7P7CbM5zD6sILTjblMS0u:rjV/pNK+gMwz+i4osI3jhMSN
Malware Config
Targets
-
-
Target
file.exe
-
Size
3MB
-
MD5
69101e26faea9e8412c011ab73da7e92
-
SHA1
1e72408118f740c4dfaca4ba157bb07c55ad9b1c
-
SHA256
67a7f99493b62e553232daac052b6382ddf57eb5661ee08ea0fa769d92ca6090
-
SHA512
5c977e5cb9f755fe010c78f4cdb86f2f0a73bb9d1f7247e6761f4bd64023ed9d985378aeac663a0bb11dffcbc61b2bb7f7fbff58d51a1d1cbe0e8f5e51edbfe0
-
SSDEEP
98304:AqNHddSy2xT3SJ0vsw4AHCJpV/82TJNK+gT9/69CzFc7P7CbM5zD6sILTjblMS0u:rjV/pNK+gMwz+i4osI3jhMSN
Score7/10-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation