General

  • Target

    filehistory.exe

  • Size

    435KB

  • Sample

    230528-ye8weagd34

  • MD5

    fba73c5a9abd2782af4bcfbce153e299

  • SHA1

    bee739c3bcc4f415ef1f363229efbedf359cab6d

  • SHA256

    43cc6ed0dcd1fa220283f7bbfa79aaf6342fdb5e73cdabdde67debb7e2ffc945

  • SHA512

    f73396c01cbea32fc751f392c1de1f1aed47ee1f687752136894b9091a93ddbe6d5ced8a9b48fe2df63c1d21661da3479d196cd0f31ab3dd10c2f4339ea67c0f

  • SSDEEP

    12288:f8n3bVLUBUOw4ra554+zy+RG+EBH8ATUUC8up:mlG+G5p

Malware Config

Targets

    • Target

      filehistory.exe

    • Size

      435KB

    • MD5

      fba73c5a9abd2782af4bcfbce153e299

    • SHA1

      bee739c3bcc4f415ef1f363229efbedf359cab6d

    • SHA256

      43cc6ed0dcd1fa220283f7bbfa79aaf6342fdb5e73cdabdde67debb7e2ffc945

    • SHA512

      f73396c01cbea32fc751f392c1de1f1aed47ee1f687752136894b9091a93ddbe6d5ced8a9b48fe2df63c1d21661da3479d196cd0f31ab3dd10c2f4339ea67c0f

    • SSDEEP

      12288:f8n3bVLUBUOw4ra554+zy+RG+EBH8ATUUC8up:mlG+G5p

    • Blocklisted process makes network request

    • Modifies Windows Firewall

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks