General

  • Target

    4eda7fdcc6081486e3a840365c46e5d069fb5c521b9eecad775456fea48c9ab3.exe

  • Size

    183KB

  • Sample

    231004-rw846scd8x

  • MD5

    0303a17fe201386700406928e5c50e48

  • SHA1

    c2736ab3cd708ccd5b6fcf3244d6ac45d07c8486

  • SHA256

    4eda7fdcc6081486e3a840365c46e5d069fb5c521b9eecad775456fea48c9ab3

  • SHA512

    e2d6240281d829a3799d24c4c8aa0e38c2c47cc26eef6eb6a6a49dd332baf84dec09a1fd22b7ce0f7177e44e69632487736e14158b6099b401e650038b0460e0

  • SSDEEP

    3072:GUI/zCt5UXBUkH+LGP34oeKerVUzeeDXbwa21Dq9ua/aHyvZR6d2iT:GUI/+t5USmbwv

Malware Config

Targets

    • Target

      4eda7fdcc6081486e3a840365c46e5d069fb5c521b9eecad775456fea48c9ab3.exe

    • Size

      183KB

    • MD5

      0303a17fe201386700406928e5c50e48

    • SHA1

      c2736ab3cd708ccd5b6fcf3244d6ac45d07c8486

    • SHA256

      4eda7fdcc6081486e3a840365c46e5d069fb5c521b9eecad775456fea48c9ab3

    • SHA512

      e2d6240281d829a3799d24c4c8aa0e38c2c47cc26eef6eb6a6a49dd332baf84dec09a1fd22b7ce0f7177e44e69632487736e14158b6099b401e650038b0460e0

    • SSDEEP

      3072:GUI/zCt5UXBUkH+LGP34oeKerVUzeeDXbwa21Dq9ua/aHyvZR6d2iT:GUI/+t5USmbwv

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks