General

  • Target

    Oroxajy.exe

  • Size

    83KB

  • Sample

    230902-l9tnracb25

  • MD5

    7009de27fbb617ac41e9ae0891eff749

  • SHA1

    de66b97cbbe1c42a79c9f4584ecffcb74364c6f0

  • SHA256

    d20669eeb6812453c378bca4fb3cb015e17d2e37b017f2949b89e350362606f6

  • SHA512

    35923240558f4f6490e7634953925a9487bb222913a3c33f1be8cacac9700c7247385f5e9c3d2d4d3dcd3fb874f1f00173a48e05d4f7d3bb788f68157c5f1937

  • SSDEEP

    1536:PYQDKGQLCnGTcfo4nexySO5T3rZISwEKSK99Tzpma:PYQDKGQentA4exa5TbZRwEKSK99TV3

Malware Config

Targets

    • Target

      Oroxajy.exe

    • Size

      83KB

    • MD5

      7009de27fbb617ac41e9ae0891eff749

    • SHA1

      de66b97cbbe1c42a79c9f4584ecffcb74364c6f0

    • SHA256

      d20669eeb6812453c378bca4fb3cb015e17d2e37b017f2949b89e350362606f6

    • SHA512

      35923240558f4f6490e7634953925a9487bb222913a3c33f1be8cacac9700c7247385f5e9c3d2d4d3dcd3fb874f1f00173a48e05d4f7d3bb788f68157c5f1937

    • SSDEEP

      1536:PYQDKGQLCnGTcfo4nexySO5T3rZISwEKSK99Tzpma:PYQDKGQentA4exa5TbZRwEKSK99TV3

    • Phemedrone

      An information and wallet stealer written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks