General

  • Target

    source_prepared.exe

  • Size

    75.4MB

  • Sample

    230923-mjmcesgc44

  • MD5

    aec9e84cc74318b918004f64eee5856a

  • SHA1

    31bf0bb240e0abac14790e8b04b74cabee523812

  • SHA256

    8e1afb371f897a37dcd3e72ab0d1a7caaef5e932caf8598de9877dc60697f8e3

  • SHA512

    a686ffcec6fa45dc68f86e1741145e17302ff3abd0538ac6dcc3707c65cbdcea0c81f01ae8618a2130c26fdc3f59732408146ac9f4be2edfd1752c874284a14e

  • SSDEEP

    1572864:M2M1RQvHrELVhE7lFnNC3xWHSqLJknMw8CAvRDoGirAH8+1osuTCSxOB6xMj7LHz:MZDUE6nN5yqLJkn1yDzS6xjKcBaYnHeS

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      75.4MB

    • MD5

      aec9e84cc74318b918004f64eee5856a

    • SHA1

      31bf0bb240e0abac14790e8b04b74cabee523812

    • SHA256

      8e1afb371f897a37dcd3e72ab0d1a7caaef5e932caf8598de9877dc60697f8e3

    • SHA512

      a686ffcec6fa45dc68f86e1741145e17302ff3abd0538ac6dcc3707c65cbdcea0c81f01ae8618a2130c26fdc3f59732408146ac9f4be2edfd1752c874284a14e

    • SSDEEP

      1572864:M2M1RQvHrELVhE7lFnNC3xWHSqLJknMw8CAvRDoGirAH8+1osuTCSxOB6xMj7LHz:MZDUE6nN5yqLJkn1yDzS6xjKcBaYnHeS

    • Enumerates VirtualBox DLL files

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks