Resubmissions

17/08/2023, 02:22

230817-ctk71agf6v 8

17/08/2023, 02:12

230817-cm3tgagf3z 8

General

  • Target

    ordered-products-3V9Zuy7HRKjvicTbRvT0-22166-95539.rar

  • Size

    852B

  • Sample

    230817-cm3tgagf3z

  • MD5

    7fd82f9b2f96483f14e2e51e219215ec

  • SHA1

    34051f5f57488f668ef9a1507b795f249b47e5c5

  • SHA256

    22605e51a07d3b42a12ef1a6eedb1c8f8ddf7c65f588b094990c5bb0e2590f26

  • SHA512

    4ac29e5a5cb36fdabfd7acbdf0987110dea81306b630ab42588c5929bdf388b6e8626affe2c15217cc0f3c34097bf852977e28c2f3f298043688f7a85bfeebe0

Score
8/10

Malware Config

Targets

    • Target

      ordered products-3V9Zuy7HRKjvicTbRvT0-22166-95539.bat

    • Size

      2KB

    • MD5

      579038f61cae4fe3bbca72e851c24e83

    • SHA1

      44957e10ea3035756002b3936f20f7ec73d8848b

    • SHA256

      436ca3866cb36a4808eb22fb705f918c521dbbf79b4d9f449b48ee463d497802

    • SHA512

      60de6b9ef53d6cb9f850f91532565d4a9412916bcf1e457e756027ddf023eeb1d20dfcc508bedefc93df9214326f9c7acae2ef4ce0e5aed13def6c9e4a502be8

    Score
    8/10
    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks