General
-
Target
Adamx_Tweaking_Utility_Version_10.04.23.exe
-
Size
14.7MB
-
Sample
231205-qtexwabc4v
-
MD5
007c895e193a8d123836c1a2e065ce55
-
SHA1
9698bf6d00ba857ae3509b146f5679a5f3f063a1
-
SHA256
2573e100d0ada48bd0cd45122b6b519579113db03ddbdc5c14a8f4b828d40285
-
SHA512
caf3526f85f6217377c99a385773ee31de65e122f0e64508ec5309fdbee80645b22625eb7ba443f1944f5f2e006aa479d233e21d9a9041f199e7333a9a516627
-
SSDEEP
393216:QJBtXiIE7YoPQJidQuslSq99oWOv+9fg+bUb7Vf:QJBts7rPQwdQuSDorvSY+bWV
Malware Config
Targets
-
-
Target
Adamx_Tweaking_Utility_Version_10.04.23.exe
-
Size
14.7MB
-
MD5
007c895e193a8d123836c1a2e065ce55
-
SHA1
9698bf6d00ba857ae3509b146f5679a5f3f063a1
-
SHA256
2573e100d0ada48bd0cd45122b6b519579113db03ddbdc5c14a8f4b828d40285
-
SHA512
caf3526f85f6217377c99a385773ee31de65e122f0e64508ec5309fdbee80645b22625eb7ba443f1944f5f2e006aa479d233e21d9a9041f199e7333a9a516627
-
SSDEEP
393216:QJBtXiIE7YoPQJidQuslSq99oWOv+9fg+bUb7Vf:QJBts7rPQwdQuSDorvSY+bWV
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1