Overview

overview

8

Static

static

1

updateTask.dll

windows7-x64

8

updateTask.dll

windows10-2004-x64

8

Resubmissions

10/02/2023, 11:21

230210-ngfmjadb8v 10

10/02/2023, 11:19

230210-ne3dhsda9w 10

09/02/2023, 23:23

230209-3dfwfsca2x 8

24/01/2023, 20:20

230124-y4kvwade98 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    updateTask.dll

  • Size

    497KB

  • Sample

    230209-3dfwfsca2x

  • MD5

    377f617ccd4aa09287d5221d5d8e1228

  • SHA1

    288358deaa053b30596100c9841a7d6d1616908d

  • SHA256

    f1623c2f7c00affa3985cf7b9cdf25e39320700fa9d69f9f9426f03054b4b712

  • SHA512

    c990868c093b1eed64d1b35e75a6116cdffd4995be781bb714b1c365d7af8cc5a3b982e08aa863eb3a2829520a86d6758765ae7db1c4971820c5f95697777031

  • SSDEEP

    6144:ljlddHEk5UvAbkvsYOpkoxuRFj7tVtQohAYWlFdIJbFOR:ljlddkk5U4b7YbogjB7Qocr6JbA

Score
8/10
collectionpersistencespywarestealer

Malware Config

Targets

    • Target

      updateTask.dll

    • Size

      497KB

    • MD5

      377f617ccd4aa09287d5221d5d8e1228

    • SHA1

      288358deaa053b30596100c9841a7d6d1616908d

    • SHA256

      f1623c2f7c00affa3985cf7b9cdf25e39320700fa9d69f9f9426f03054b4b712

    • SHA512

      c990868c093b1eed64d1b35e75a6116cdffd4995be781bb714b1c365d7af8cc5a3b982e08aa863eb3a2829520a86d6758765ae7db1c4971820c5f95697777031

    • SSDEEP

      6144:ljlddHEk5UvAbkvsYOpkoxuRFj7tVtQohAYWlFdIJbFOR:ljlddkk5U4b7YbogjB7Qocr6JbA

    Score
    8/10
    persistencecollectionspywarestealer

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks