General

  • Target

    five-m-spoofer-main.zip

  • Size

    2.8MB

  • Sample

    240416-tkglwsed23

  • MD5

    fcd21bdf93186ac3df9f83489576521f

  • SHA1

    ff226aae1226677ae1634816f6ab46de5b2a0818

  • SHA256

    a8574a174932122c44662671965d1fda3d35682266be57216400ceac1280b14c

  • SHA512

    efa58d33a2c3714310514867a74c3a292bb5d00f3a754747867316d23bbb76a52a6d16a3f75deef443b2f25e75694d77492716b5215b88f6890e12f36bf1b7a2

  • SSDEEP

    49152:R60nRqisXp7c+d9KpY0aNlLsEDY4Smio6UC9VNxFNU7OCKeF86Kr/MFc5lSF9gxP:LgrpA+L0aNlLsuSForCVxF+QSFc5lSFs

Score
9/10

Malware Config

Targets

    • Target

      five-m-spoofer-main/five-m-spoofer.exe

    • Size

      2.8MB

    • MD5

      c0c4ae67d89cd777965286d8b1a95ab0

    • SHA1

      bfd61d1cd3c9a3f1caf2c7da1f6127560862e68c

    • SHA256

      7a1ef3cddcc4affb36f37e86d76652aeb5b4aea140d598342b20ddbe5af30afb

    • SHA512

      732a6f1042ae653a8b32ea58efa1fabcd04adc4a649f878298ac00e8c6beb76674a4c13e78296e646ed52a1be8cf4cb3bf7500ccbd5a6e4607b4cf861431af2c

    • SSDEEP

      49152:7smhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:9qXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs

    Score
    9/10
    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks