General

  • Target

    ImageLoggerV18.exe

  • Size

    74.7MB

  • Sample

    231126-yndrmacb2w

  • MD5

    ecd49f73c998bc30282ed140391e0f22

  • SHA1

    634d463bca8f9cf0624f357dd356a74e7adf8a55

  • SHA256

    11ff1920c304a838f4bfa23459e4cf8655bdddb3ef2f36195fe7f358040bbf34

  • SHA512

    4996b286ee2399be26a9dcd74f838aff4a0e310816fc3e4cbf35ccbabe80b313be021a8f3fef5070b4f2d1f6bb8b23c27d83d7100c7f7881b8efae315268f800

  • SSDEEP

    1572864:Lf2MueQpjAkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XW3gQZjCRfz8:zZueqkkSkB05awS8Rd0eg2zd7XfQkNz8

Malware Config

Targets

    • Target

      ImageLoggerV18.exe

    • Size

      74.7MB

    • MD5

      ecd49f73c998bc30282ed140391e0f22

    • SHA1

      634d463bca8f9cf0624f357dd356a74e7adf8a55

    • SHA256

      11ff1920c304a838f4bfa23459e4cf8655bdddb3ef2f36195fe7f358040bbf34

    • SHA512

      4996b286ee2399be26a9dcd74f838aff4a0e310816fc3e4cbf35ccbabe80b313be021a8f3fef5070b4f2d1f6bb8b23c27d83d7100c7f7881b8efae315268f800

    • SSDEEP

      1572864:Lf2MueQpjAkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XW3gQZjCRfz8:zZueqkkSkB05awS8Rd0eg2zd7XfQkNz8

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks