General

  • Target

    ImageLoggerV9.exe

  • Size

    74.7MB

  • Sample

    231126-pdjqfshc41

  • MD5

    6d32b1f5cb8ef1f0adc48fb9d15c71c2

  • SHA1

    fa197aadb6721117d53d05907e9fc2ba5d14743f

  • SHA256

    4ec4df15c4127aedd1a468b26c1d6b2ccda6f4f4bfede5d7f6cbe3db96207090

  • SHA512

    6c043f4e7238afe81dd271cc4cc934ffc769aacce724c6a6d092e8a90e82e3962ebf75099bb87cf10c07dd7fbc31b0448ba57aecbae4f193833194ea9561d480

  • SSDEEP

    1572864:cT2MueQpjkkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XWKGZjyhfq:0ZueqwkSkB05awS8Rd0eg2zd7XEQhq

Malware Config

Targets

    • Target

      ImageLoggerV9.exe

    • Size

      74.7MB

    • MD5

      6d32b1f5cb8ef1f0adc48fb9d15c71c2

    • SHA1

      fa197aadb6721117d53d05907e9fc2ba5d14743f

    • SHA256

      4ec4df15c4127aedd1a468b26c1d6b2ccda6f4f4bfede5d7f6cbe3db96207090

    • SHA512

      6c043f4e7238afe81dd271cc4cc934ffc769aacce724c6a6d092e8a90e82e3962ebf75099bb87cf10c07dd7fbc31b0448ba57aecbae4f193833194ea9561d480

    • SSDEEP

      1572864:cT2MueQpjkkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XWKGZjyhfq:0ZueqwkSkB05awS8Rd0eg2zd7XEQhq

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks