General

  • Target

    ElectronRob.rar

  • Size

    13.1MB

  • Sample

    240210-nslb6adf22

  • MD5

    cb7e582c4b521b64a1b4f1a40c78e058

  • SHA1

    34f7b1c3d6e091104f40e3f77ba40755889109f4

  • SHA256

    7709b8e6fe27a77e62613f71849a6ba98627161287e71d52bf1baf66df8951b0

  • SHA512

    02d042c695eb9d6dc84998dc59f0e9099eaa5f6a05e14a0968fc4032d02e1e9d5325ad7be53366a75c40f5160f6a8926fcbffd309976733532c29e8b7477f8c8

  • SSDEEP

    196608:IrF12894WPC9yPRtpahDyGIFb9SNUeKA3F6I6++r0MOp0O7Rn7Il6C9Sf9VIfjS:GF11yWBtpODyzSjR6+8eR2IVILS

Malware Config

Targets

    • Target

      ElectronR/Electron.exe

    • Size

      250.0MB

    • MD5

      db98747f25aaa57cdf0c5024edd63ffb

    • SHA1

      40afd52b14e3564fb3a6d7b8c7da58ad0d0352e2

    • SHA256

      f5648a7be659a5f7e9f1c240aa2f7d512a462b8a5f9b3185ed5e134aebe34ea4

    • SHA512

      8d3bb0d832cb987db4dde7a400449eda0e166cdb553111f6a54f6493400db9863915d09fdfa69c4e15c551fe7a70e390970668aa6e2e8de2e7a217c3e001456f

    • SSDEEP

      24576:mus8z4tMW/Sq7ppJbWPPqxQFBRmPEdIS8gHKr0Mi27CBhbX7:xsOtqlpJeqxKBRPtpr27ABL

    Score
    7/10
    • Executes dropped EXE

    • Target

      ElectronR/WpfAnimatedGif.dll

    • Size

      41KB

    • MD5

      f591261c6d85601764b3b8aea8df8b2e

    • SHA1

      1b16ea63fcb9b60e41f871f428880059c40ded0c

    • SHA256

      4498d8d1a0549717852507993b7c0350d1da408d22943ed8244d16441abfaf99

    • SHA512

      05dafbb83d136cd75588f0883497864e942770258461998ab654aa07a1087df590446c28029b6c2fabe27520d47f88eff63ddf80448beaf96887ec5f801544aa

    • SSDEEP

      768:jDcl7W1UiZTo1ooEqzW3SQwiNsI8l5wwyvUPrYZBkcD:X8QpZTsooEX3SQwr9y4UZRD

    Score
    1/10
    • Target

      ElectronR/binkawin.asi

    • Size

      55KB

    • MD5

      d51b5b46735b25c2d8372608159ed1a9

    • SHA1

      2c178740901103d66a59131e19548d84c44fa768

    • SHA256

      dd68562b5e4686e1a07603057db7a12040821beadd81d142bfb6a57d2de45ddb

    • SHA512

      7c9a856fea8f7d4bddfc2b67724b475f7561979fbcf088ef2ce839e7c10870920ab4ea6b7d29254ab9d585a917eff5481c73644290350265682c627ab8fa110b

    • SSDEEP

      1536:Ed01XORcuxj9ijJ644BXOpmE88Y+xs9PuMLHXwbJoeQ3fr:S0tOJxj9GJ644l2m78pm5uMLHX

    Score
    4/10
    • Target

      ElectronR/cef_extensions.pak

    • Size

      1.6MB

    • MD5

      fb65975b17de4a98bd39a56adfba5e49

    • SHA1

      24f554f8d738e5e38d80930b1386092f062b2b18

    • SHA256

      ce0db41570a927a119ddbb29484f02bc1aa6151503f87d8441290daa0b9a3ff1

    • SHA512

      8c7bba37bdbdf426fe8d4bb665b62534b1a98259c4a2f7aaf23cfc5c124f480308496be3f0ff5cbd3a79a2eae3acc2eaf263ca7ab8a62fd5879905d64fc37dc4

    • SSDEEP

      49152:KP7H5FrBDef67G1hdAKG8YVu4ZZCGr68IC72y:B1hLYo6ZCG+8byy

    Score
    1/10
    • Target

      ElectronR/metod 2/loader.exe

    • Size

      222KB

    • MD5

      d21b999040db0b326696983a772f862a

    • SHA1

      77f4fd6966bb5231b1e70b1513cc8c72e41ee37f

    • SHA256

      13fd7e1bb427d92b65e9d9d868b653e2fbf73974268204146bb3a38618ab7082

    • SHA512

      8d7a23d58c5ce24ab5c515c7bb4374639fcef4bc106563d6bf2e3a5dd1e582795864952f879dfb8bb7342825ac13740caec0633297c9dbecd2cc67920ceb0d70

    • SSDEEP

      3072:XDKW1FgppLRHMY0TBfJvjcTp5XMlbchJjQfhd6S34vgI1P1fRfxA:XDKW1Fgbdl0TBBvjc/Mp4+hdov14

    • Detect Poverty Stealer Payload

    • Poverty Stealer

      Poverty Stealer is a crypto and infostealer written in C++.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks