General

  • Target

    L_0SpooferXX.exe

  • Size

    17.8MB

  • Sample

    230205-ebphtabd6z

  • MD5

    80ae1538ef6d102fe84a6218b239a0c9

  • SHA1

    cda6dc7994c0ed71e7688ed8a5608c266543d636

  • SHA256

    24a1e8f1024a2a6a5a6b648f98f0eb270dd90ae4854aa2954a6e38d5bf4adbba

  • SHA512

    86149af84ef1ae31fcb72ded4bddd95541be1741284a1980259590ede2f111550e35e2aae29cdc49d82ef25cffad3fba25734a761785c1f2b1db060c3bb58cff

  • SSDEEP

    393216:Mu7L/dWBb+4hQenSyY+k4tOJCEDd/m3pCZkVRiEFT7b5e5m:MCL0N+4XY4tuCEDdKCZkVRiS7c0

Malware Config

Targets

    • Target

      L_0SpooferXX.exe

    • Size

      17.8MB

    • MD5

      80ae1538ef6d102fe84a6218b239a0c9

    • SHA1

      cda6dc7994c0ed71e7688ed8a5608c266543d636

    • SHA256

      24a1e8f1024a2a6a5a6b648f98f0eb270dd90ae4854aa2954a6e38d5bf4adbba

    • SHA512

      86149af84ef1ae31fcb72ded4bddd95541be1741284a1980259590ede2f111550e35e2aae29cdc49d82ef25cffad3fba25734a761785c1f2b1db060c3bb58cff

    • SSDEEP

      393216:Mu7L/dWBb+4hQenSyY+k4tOJCEDd/m3pCZkVRiEFT7b5e5m:MCL0N+4XY4tuCEDdKCZkVRiS7c0

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks