Overview

overview

10

Static

static

10

doxing and...ol.exe

windows7-x64

doxing and...ol.exe

windows10-2004-x64

Resubmissions

05/04/2024, 15:24

240405-std2pafe61 10

05/04/2024, 15:23

240405-sskg3sfe5s 10

05/04/2024, 15:22

240405-sr3bhaga47 10

05/04/2024, 15:22

240405-srx2safe3z 10

05/04/2024, 15:20

240405-sq122sga26 10

05/04/2024, 15:17

240405-sn8n4sfh72 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    doxing and beaming and ip logger tool.exe

  • Size

    4.6MB

  • Sample

    240405-sn8n4sfh72

  • MD5

    308e6053518b46518daba0e5561d98b0

  • SHA1

    653e11f2df8727c8d815aaeba421fb60cbe9d68b

  • SHA256

    e7aa560a8bea5ba549da2f58464e8bda994d4ade6e5890c713527201257b6492

  • SHA512

    6e40b78c478572e48c9ba50fcbbf45d460c90e7889a3b3fbf9df6f27c7aca6a30c0e9dea45ea34d6dbd2041b86f778e319519104a5089c94f9c67515273f1b33

  • SSDEEP

    98304:UQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDvc:RzUcwti7TQlF3ZxxWJSUnDvc

Score
10/10
evasionspywarestealertrojanupx

Malware Config

Targets

    • Target

      doxing and beaming and ip logger tool.exe

    • Size

      4.6MB

    • MD5

      308e6053518b46518daba0e5561d98b0

    • SHA1

      653e11f2df8727c8d815aaeba421fb60cbe9d68b

    • SHA256

      e7aa560a8bea5ba549da2f58464e8bda994d4ade6e5890c713527201257b6492

    • SHA512

      6e40b78c478572e48c9ba50fcbbf45d460c90e7889a3b3fbf9df6f27c7aca6a30c0e9dea45ea34d6dbd2041b86f778e319519104a5089c94f9c67515273f1b33

    • SSDEEP

      98304:UQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDvc:RzUcwti7TQlF3ZxxWJSUnDvc

    Score
    10/10
    evasionspywarestealertrojanupx

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Modifies security service

      evasion

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks