General

  • Target

    source_prepared.exe

  • Size

    104.0MB

  • Sample

    231118-3xhjdsfh85

  • MD5

    ab4639b518c4bf6bc1165cc1432e6f6c

  • SHA1

    91fa58e654953d6c9ecc28f45787a89efdbddfcb

  • SHA256

    30961d98925afefd945ac5badd7945d0fe21a2f3a53e57dec2c57314ed0cfe99

  • SHA512

    969e04bae4db55dff4dd31957db9dceb84aa94bb9a9afe4686d4317746eb61f1e77851b5049f741c4b1180ea4c280f3e0cce0db1c3ea47f46914dc7634c637e2

  • SSDEEP

    3145728:2ZHZdMxNJS6xjKcBaJR2qHO5i+8zYPYDVhoTgSv2Iall8WVT:fxXSWNaJHHCi5jLxSv2HlF

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      104.0MB

    • MD5

      ab4639b518c4bf6bc1165cc1432e6f6c

    • SHA1

      91fa58e654953d6c9ecc28f45787a89efdbddfcb

    • SHA256

      30961d98925afefd945ac5badd7945d0fe21a2f3a53e57dec2c57314ed0cfe99

    • SHA512

      969e04bae4db55dff4dd31957db9dceb84aa94bb9a9afe4686d4317746eb61f1e77851b5049f741c4b1180ea4c280f3e0cce0db1c3ea47f46914dc7634c637e2

    • SSDEEP

      3145728:2ZHZdMxNJS6xjKcBaJR2qHO5i+8zYPYDVhoTgSv2Iall8WVT:fxXSWNaJHHCi5jLxSv2HlF

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks