General

  • Target

    source_prepared.exe

  • Size

    76.6MB

  • Sample

    231125-wsvjtsbh78

  • MD5

    5ff1ae99dac344b67a90976043b3b8ca

  • SHA1

    ec8d7ad6df29ceed3a494e4fbb61ba827af13fde

  • SHA256

    81936d79154b6e882a767c6de06742eab1a127c053ec2910f4c4fa78d5661ffb

  • SHA512

    562f414f48c32e45d8bf8d07fe15c4e086ffcbb5a9a5d0a43940ed7d151da887b8ce0948772a6b9172a7f70d3b0cc485e931fcd9975ea9f5e1b768177a336534

  • SSDEEP

    1572864:j2MbiJR5Q3jX2UWSk8IpG7V+VPhqb+TDE7GjCMWlsnghowmaOlldIlWaawxBFbVI:jZbC+7ESkB05awb+THubsghfxOlldSjJ

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      76.6MB

    • MD5

      5ff1ae99dac344b67a90976043b3b8ca

    • SHA1

      ec8d7ad6df29ceed3a494e4fbb61ba827af13fde

    • SHA256

      81936d79154b6e882a767c6de06742eab1a127c053ec2910f4c4fa78d5661ffb

    • SHA512

      562f414f48c32e45d8bf8d07fe15c4e086ffcbb5a9a5d0a43940ed7d151da887b8ce0948772a6b9172a7f70d3b0cc485e931fcd9975ea9f5e1b768177a336534

    • SSDEEP

      1572864:j2MbiJR5Q3jX2UWSk8IpG7V+VPhqb+TDE7GjCMWlsnghowmaOlldIlWaawxBFbVI:jZbC+7ESkB05awb+THubsghfxOlldSjJ

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks