General

  • Target

    screensharing.exe

  • Size

    19.7MB

  • Sample

    240403-v6v7vagd33

  • MD5

    229eb21cbfd6b7e1105eb8a9aec0964b

  • SHA1

    2f3e7ddb97968c154d3e4caf1b4a3b38a183cd55

  • SHA256

    e1ec0ec1eab7e51144a6cc0600f366b5b0876780028eb319ab4337201735511b

  • SHA512

    bd905ec52cf7430b7bfacf504e1fd77565af43260ea67f4253c52627d80195f26acac74714970d43068f1d1b741d8263455420d41adc6407974afb7979b11020

  • SSDEEP

    393216:rEkZQtstQdqWP8AxYDwdQJlUwF3MnG3o4l5iJBLeZWiv8RZ5ZHTy:rhQtstq8XsdQN3MGYAAkMbz

Malware Config

Targets

    • Target

      screensharing.exe

    • Size

      19.7MB

    • MD5

      229eb21cbfd6b7e1105eb8a9aec0964b

    • SHA1

      2f3e7ddb97968c154d3e4caf1b4a3b38a183cd55

    • SHA256

      e1ec0ec1eab7e51144a6cc0600f366b5b0876780028eb319ab4337201735511b

    • SHA512

      bd905ec52cf7430b7bfacf504e1fd77565af43260ea67f4253c52627d80195f26acac74714970d43068f1d1b741d8263455420d41adc6407974afb7979b11020

    • SSDEEP

      393216:rEkZQtstQdqWP8AxYDwdQJlUwF3MnG3o4l5iJBLeZWiv8RZ5ZHTy:rhQtstq8XsdQN3MGYAAkMbz

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks