General

  • Target

    confession.exe

  • Size

    75.9MB

  • Sample

    230928-xt1mxafb32

  • MD5

    ddbbe20949c2b13a0b9c8fab7184b610

  • SHA1

    37ca047d68e235b59a332c634e658e28e66bca16

  • SHA256

    d229c8d5e7919815fa5c92cd1a602d02bc77bb651dff62731ade73cc72e38eae

  • SHA512

    6b333f0e5bd44f603b4c0cfe3e03c629305d5ca75c4c0aff3538ff24d20f623e740bf07785ea8e8a6e059e813590e454fd245305f83afa7f28e56336077f20db

  • SSDEEP

    1572864:12MTiQYHNSk8IpG7V+VPhqaAE7lftXHpPWlXxTa9k4VTW7aUnBOIYq:1ZTixtSkB05awaJJe3Ty9VTUaUnAIYq

Malware Config

Targets

    • Target

      confession.exe

    • Size

      75.9MB

    • MD5

      ddbbe20949c2b13a0b9c8fab7184b610

    • SHA1

      37ca047d68e235b59a332c634e658e28e66bca16

    • SHA256

      d229c8d5e7919815fa5c92cd1a602d02bc77bb651dff62731ade73cc72e38eae

    • SHA512

      6b333f0e5bd44f603b4c0cfe3e03c629305d5ca75c4c0aff3538ff24d20f623e740bf07785ea8e8a6e059e813590e454fd245305f83afa7f28e56336077f20db

    • SSDEEP

      1572864:12MTiQYHNSk8IpG7V+VPhqaAE7lftXHpPWlXxTa9k4VTW7aUnBOIYq:1ZTixtSkB05awaJJe3Ty9VTUaUnAIYq

    • Enumerates VirtualBox DLL files

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks