General

  • Target

    IGReport Bot.rar

  • Size

    19.3MB

  • Sample

    230220-ycq8ksdh8t

  • MD5

    1b22198369717162112830262c689312

  • SHA1

    52891299291d7eb1db43c12b55146572088e769b

  • SHA256

    b80969db6d1521216f024392a0a3a0019f8099d7bf37e1b51e11beab369cd9ec

  • SHA512

    3f23ea33d511efe5e0db4e677b4f44127524151e4377277ec6749dc9ecf851ffeea134e7cd61e14a9409d7fa23c1413d9cb709b6226fda8c9444afccadb1cf3e

  • SSDEEP

    393216:gcaCkcyo1X9E3Y1rpi94oyVkuC0IrsIeSgx2ngeh8BFJfXvCe82aLgL+gLtGTw/j:gOkfo43Y1Q9EVMrq2ngbFRXvCHgHtG2

Malware Config

Targets

    • Target

      IGReportBot.exe-pp.exe

    • Size

      1.2MB

    • MD5

      b81ef2de054f66f32134aa0e22bf65cb

    • SHA1

      453007c031021b9b270e0a16ccd16b5eb96af273

    • SHA256

      a3a5a06c291f9728fa1be3520e753cbe8a115b7383f27e9c4582806d2d78e5a5

    • SHA512

      d3bb9a328bc9e4e753fc649b2b3488b95cdb6131f0dbc124e1ffb658ad3abca724de2e6737c5ec3f889b55f5cb31d1545ca258b8d0e8bea9ca2421c7523a894a

    • SSDEEP

      24576:pEaH68R3DIgNZLc145cFoSXyr6KcsgAK7cm4lcU+TVd4Ht9ofX:p5HHpNFaoS8SVjhTVd4gP

    Score
    10/10
    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Support DLL

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      REQUIREMENTS.bat

    • Size

      273B

    • MD5

      045fe8f298f119e274b62d49d40499b5

    • SHA1

      4749cbd55576201e6d1a8cd04d4ed417b75b1027

    • SHA256

      4e46299b7c3bea59bff5b59dd7165b7965c70730d69b06ad9b8e85075f0ba2c1

    • SHA512

      1a2dccbdbd9155a62ea7e4d655ebceb87ddef2d6b69d97d56bad97552a674bcd6564117300102b9048eacd0cd6e5becb959922444b4412625a71ff0f8112cf9e

    Score
    1/10
    • Target

      chromedriver.exe

    • Size

      9.2MB

    • MD5

      d0b5b7fc6b2a78d7b01806ccf0eca224

    • SHA1

      6ab774ef3a681ecfe601f62522e19846050cebd4

    • SHA256

      0986fa1d2b07f3c755b84bc50d8115a09f246bf2d30bc1b850b957bc394fad53

    • SHA512

      a995b75e89a737383450c6e1e51dfa58ae17b6bcf0d9544e79d64354f960ec23980b3ed98ad0527d065f625d55bc75d546af67c91ffb0711729348f0b4f969cb

    • SSDEEP

      98304:pfQOA0IYCD/OJWhS2uxgd+ZdeN6666666666666666666666666666666x66666:pfUpmzxgBnah7xh5OoXD/JJSDL

    Score
    1/10
    • Target

      utils.key

    • Size

      14.2MB

    • MD5

      e32e886d38d3f491f7a2e5165445219e

    • SHA1

      7b643c9e66043b35982e62c789ea07822a706e3a

    • SHA256

      b67229c705c1b136bfb6c9bd004bb620a7e5e37f267293e389959edca898bd80

    • SHA512

      bfc0a98b9cc3b6bc95b07d91a20e18e4e1f276414c1daffff585ae0433a3f94e0ea4afd8c52a4a49f02054961fb9a17ca4b5d2e7948d0013c8d9e200aea7ad1a

    • SSDEEP

      393216:GdB9c5hlER35ShR4uw7MRFJzFcguH3tN3ZW7CNfWVE:GZEhkpQ2HqCtN3+CN

    Score
    7/10
    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks