General

  • Target

    source_prepared.exe

  • Size

    79.0MB

  • Sample

    231121-z5rkgsgf72

  • MD5

    b7db55b5ff8cac5c3d0dc03194bb0ab4

  • SHA1

    bd8e19e56896ae54e9e32b7642a57019c2d0da34

  • SHA256

    51c93532ffb7856f212e09a8238e14104b6b294d82ce9f7006d792067d7087b4

  • SHA512

    955b827f35c26eb27e1dcec5bb1f95efb3af8ffc69cbebe26d360a0395fa687aac5d8ed05b31194f664f1705409a9b0195db41725410aba00718444d01661158

  • SSDEEP

    1572864:32MbiJR5Q3jX2UjSk8IpG7V+VPhqb+TDE7GjCMWlsnghowmaOlldIlWHawxBSWVI:3ZbC+79SkB05awb+THubsghfxOlldSm7

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      79.0MB

    • MD5

      b7db55b5ff8cac5c3d0dc03194bb0ab4

    • SHA1

      bd8e19e56896ae54e9e32b7642a57019c2d0da34

    • SHA256

      51c93532ffb7856f212e09a8238e14104b6b294d82ce9f7006d792067d7087b4

    • SHA512

      955b827f35c26eb27e1dcec5bb1f95efb3af8ffc69cbebe26d360a0395fa687aac5d8ed05b31194f664f1705409a9b0195db41725410aba00718444d01661158

    • SSDEEP

      1572864:32MbiJR5Q3jX2UjSk8IpG7V+VPhqb+TDE7GjCMWlsnghowmaOlldIlWHawxBSWVI:3ZbC+79SkB05awb+THubsghfxOlldSm7

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks