General

  • Target

    Nameless.exe

  • Size

    80.3MB

  • Sample

    231011-h6mt9abe66

  • MD5

    3e2c0c53bbdec02c57e9ff2663e154ff

  • SHA1

    4d32ec208dc18680417e0a27d6cd75ad47c43a64

  • SHA256

    771e2e9dd2f23b339fa2002611ff226eb19c002ddd71f5c9c506bffe65c89ac9

  • SHA512

    f4c44769b7957df2332b27a662c3a654f5c6b23e405198e4310675f8d1179f8ef1c760cae2ec04f7f59b277c94db3abf4f9db4ced5b6d750d24fa60441f392ac

  • SSDEEP

    1572864:W2MTiQYHuiEH/E7lftaIDtWWc2Mp6Sb9irAH8+1osuTCSxOB6xMbWHamrBDzzg:WZTixO3HPIhlc2gnb9S6xjKcBaOWamr+

Malware Config

Targets

    • Target

      Nameless.exe

    • Size

      80.3MB

    • MD5

      3e2c0c53bbdec02c57e9ff2663e154ff

    • SHA1

      4d32ec208dc18680417e0a27d6cd75ad47c43a64

    • SHA256

      771e2e9dd2f23b339fa2002611ff226eb19c002ddd71f5c9c506bffe65c89ac9

    • SHA512

      f4c44769b7957df2332b27a662c3a654f5c6b23e405198e4310675f8d1179f8ef1c760cae2ec04f7f59b277c94db3abf4f9db4ced5b6d750d24fa60441f392ac

    • SSDEEP

      1572864:W2MTiQYHuiEH/E7lftaIDtWWc2Mp6Sb9irAH8+1osuTCSxOB6xMbWHamrBDzzg:WZTixO3HPIhlc2gnb9S6xjKcBaOWamr+

    • Enumerates VirtualBox DLL files

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks