General

  • Target

    Image Logger Creater.exe

  • Size

    74.5MB

  • Sample

    231130-z7qe7sag6x

  • MD5

    86a41dd7f55fa30a6b9aee8e1792906a

  • SHA1

    733a36437aca64603dffd663032322f7da5bd873

  • SHA256

    0b3cda79a820f532cf7000c66377cb24a4ed04ce0012ab268b02a5c868c7a1ad

  • SHA512

    1f5c25cdfd806d26c6e24ae9754c238ef67705947de7617468f418043b147b64d84e5b3298bd13beb89d0d4ad0016341a7c0e17a0fb5e17be39ebaad6c5bf0ff

  • SSDEEP

    1572864:IPV2MueQpjnkSk8IpG7V+VPhqILE7ARjRnWWWpyppiZzI+hReSW+/8Z5/Rj5:OVZueqzkSkB05awIRRdleg2zdESIrRt

Malware Config

Targets

    • Target

      Image Logger Creater.exe

    • Size

      74.5MB

    • MD5

      86a41dd7f55fa30a6b9aee8e1792906a

    • SHA1

      733a36437aca64603dffd663032322f7da5bd873

    • SHA256

      0b3cda79a820f532cf7000c66377cb24a4ed04ce0012ab268b02a5c868c7a1ad

    • SHA512

      1f5c25cdfd806d26c6e24ae9754c238ef67705947de7617468f418043b147b64d84e5b3298bd13beb89d0d4ad0016341a7c0e17a0fb5e17be39ebaad6c5bf0ff

    • SSDEEP

      1572864:IPV2MueQpjnkSk8IpG7V+VPhqILE7ARjRnWWWpyppiZzI+hReSW+/8Z5/Rj5:OVZueqzkSkB05awIRRdleg2zdESIrRt

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks