General
-
Target
Flame.exe
-
Size
16.9MB
-
Sample
240312-3nbdqaed5t
-
MD5
93aa6e8b549da8466c54dd90a1a8e76e
-
SHA1
d64733c3b058db001b0368eb66044c303dcecad6
-
SHA256
c328ee0d8c7308d2612122290e81b13f7d1d52e22d5f221a49328a03f56c6449
-
SHA512
1539549a6507f7eeae6d7aedf9c1fe9aabbc3690e836bcd81dcff5f68c9dc3b8df9f05cf4984abc90f73a8c090a5e575172096df7fec930ee6c5e1a9ccc6fe90
-
SSDEEP
393216:vZEkZgf8XgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1SypX8Wjs+d9:RRbXbX71QtIZS3ILn6ecayCes+d9
Malware Config
Targets
-
-
Target
Flame.exe
-
Size
16.9MB
-
MD5
93aa6e8b549da8466c54dd90a1a8e76e
-
SHA1
d64733c3b058db001b0368eb66044c303dcecad6
-
SHA256
c328ee0d8c7308d2612122290e81b13f7d1d52e22d5f221a49328a03f56c6449
-
SHA512
1539549a6507f7eeae6d7aedf9c1fe9aabbc3690e836bcd81dcff5f68c9dc3b8df9f05cf4984abc90f73a8c090a5e575172096df7fec930ee6c5e1a9ccc6fe90
-
SSDEEP
393216:vZEkZgf8XgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1SypX8Wjs+d9:RRbXbX71QtIZS3ILn6ecayCes+d9
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1