hxxp://server1[.]39slxu3bw[.]ru/deploy[.]xml

General

Target

http://server1.39slxu3bw.ru/deploy.xml
Sample

240328-wpm1ksce5v

Score

7^/10

Malware Config

Targets

- Target
  
  http://server1.39slxu3bw.ru/deploy.xml
Score

7^/10

antivm spyware stealer
- Changes its process name
- Reads user data of web browsers
  Reads stored browser data which can include saved credentials.
  spyware stealer
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1

T1497

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

urlscan1

behavioral1

behavioral2

behavioral3

behavioral4