9994a6b197115dcabb4e62178e4ae4b32a9aea2f9f1246a70b618d4b3e4d3ab1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Builder.bat
Size

1KB
Sample

240109-yq6v7aahd4
MD5

1cefa9223ee082195e3f72715bb34d6d
SHA1

bde8c4f17e1d8dbae96e71868f9010eb5d80e056
SHA256

9994a6b197115dcabb4e62178e4ae4b32a9aea2f9f1246a70b618d4b3e4d3ab1
SHA512

bb3f88ca57829929c1ac453b548910c24a39e2bcf7feee1c2f353a4e4bcfd44405afbe675a322729817b7df78b18859737ecac97f9d8fd37981b272c4fc9095a

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1186759970017005689/1194319576343781506/IW_Stealer.exe

Targets

- Target
  
  Builder.bat
- Size
  
  1KB
- MD5
  
  1cefa9223ee082195e3f72715bb34d6d
- SHA1
  
  bde8c4f17e1d8dbae96e71868f9010eb5d80e056
- SHA256
  
  9994a6b197115dcabb4e62178e4ae4b32a9aea2f9f1246a70b618d4b3e4d3ab1
- SHA512
  
  bb3f88ca57829929c1ac453b548910c24a39e2bcf7feee1c2f353a4e4bcfd44405afbe675a322729817b7df78b18859737ecac97f9d8fd37981b272c4fc9095a
Score

10^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2