Analysis
-
max time kernel
15s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
10-06-2023 03:59
General
-
Target
InvictaStealer.exe
-
Size
2.2MB
-
MD5
986a9cd4347aa2207ae5fdbffecfae5a
-
SHA1
541b1fc771d28fa4605605afe5e5bfa019043fee
-
SHA256
f74146e200ac3983f6df782faa0d0807c22bfc9c2ae69ec1df6f9df439c65f5c
-
SHA512
7cabb9e108247b40387d9e10bfd3380c6d8f1ad0e8e1728b7166a29b99449ff59eb01f5766a62daf94ca86508eaa9a831dde947f168e8b116b698fb7f523b800
-
SSDEEP
24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtR:PBozBdhEV7q8bOQnIFWY+3Je0w5
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 3 ipinfo.io -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 5104 4108 WerFault.exe InvictaStealer.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_NL_{6caee1a8-b190-11ed-8e2c-806e6f6e6963}_IWmPfWk0et.zipFilesize
405KB
MD5619b1a7a85e3b12308ef332f2bd10549
SHA18aae23d6a1f506ffeb49a31422a99d3787ff3ac2
SHA2566bb9830a3f6af5074aa07144051aced6c92f61ab0d5b62cb464cb342d082b651
SHA512374cf074c84e3f46323dc6d874c8112bda1f9cb6b0e869ff5d9045ec331468f86610116d373107b69155856ab07e4bb71006cbea61795d8784f2aa492f273e32