Resubmissions

19-07-2023 11:12

230719-natktacg76 8

19-07-2023 10:58

230719-m3cmbscg23 8

General

  • Target

    imagelogger.exe

  • Size

    10.0MB

  • Sample

    230719-m3cmbscg23

  • MD5

    e661889b752f111ab118d25a45ec8e13

  • SHA1

    da81ff57a8fb3368da590e085926e8c32c31d6c3

  • SHA256

    1a9a08ca27316ae220e520e888c7a85089e55a384a2d8458f1137e0deb0c97a3

  • SHA512

    65839b9eec6eaca987bf6c3f7dab106d89150818691876fa396328dd84c1869ad46196b93af295e8fa0b027ef36da9bff9c1ec37612e71698dd4a992c1a39fa3

  • SSDEEP

    98304:DuEtdFBmamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzDgsRuGKCR2CT2cevYAryy48S5:DtFFeN/FJMIDJf/gsAGKCR2CTWYAO5

Malware Config

Targets

    • Target

      imagelogger.exe

    • Size

      10.0MB

    • MD5

      e661889b752f111ab118d25a45ec8e13

    • SHA1

      da81ff57a8fb3368da590e085926e8c32c31d6c3

    • SHA256

      1a9a08ca27316ae220e520e888c7a85089e55a384a2d8458f1137e0deb0c97a3

    • SHA512

      65839b9eec6eaca987bf6c3f7dab106d89150818691876fa396328dd84c1869ad46196b93af295e8fa0b027ef36da9bff9c1ec37612e71698dd4a992c1a39fa3

    • SSDEEP

      98304:DuEtdFBmamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzDgsRuGKCR2CT2cevYAryy48S5:DtFFeN/FJMIDJf/gsAGKCR2CTWYAO5

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks