hxxp://archive[.]ubuntu[.]com/ubuntu/pool/universe/i/impacket/impacket_0[.]9[.]20[.]orig[.]tar[.]gz

General

Target

http://archive.ubuntu.com/ubuntu/pool/universe/i/impacket/impacket_0.9.20.orig.tar.gz
Sample

240326-n7s1jshg37

Score

7^/10

Malware Config

Targets

- Target
  
  http://archive.ubuntu.com/ubuntu/pool/universe/i/impacket/impacket_0.9.20.orig.tar.gz
Score

7^/10

antivm spyware stealer
- Changes its process name
- Reads user data of web browsers
  Reads stored browser data which can include saved credentials.
  spyware stealer
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1

behavioral2

behavioral3

behavioral4