General
-
Target
Infinity.exe
-
Size
20.8MB
-
Sample
240426-wz7sqshd68
-
MD5
933f3e0b718c34759c6ee6a323d07b36
-
SHA1
25876ddcf8e4cbd58a4c8e4e439040903a33af60
-
SHA256
f2cc7d03e0e8501de435aed53094cd9dc11ec13e93ab56e9ce64055214d3a1b9
-
SHA512
9ae6644c99aa7c71d84eab0ffafbfd8463c1db073eed11f97df04da582c3c4bb5c5266559bb33105fae86392b5195b19739f9b5274355c512435f11cac1b63a2
-
SSDEEP
393216:G8iNh2Jp5MXL+9qzGZaSJHh1JsSJ3Jlx:+h1+9q6ZaSJHh1KQ
Malware Config
Targets
-
-
Target
Infinity.exe
-
Size
20.8MB
-
MD5
933f3e0b718c34759c6ee6a323d07b36
-
SHA1
25876ddcf8e4cbd58a4c8e4e439040903a33af60
-
SHA256
f2cc7d03e0e8501de435aed53094cd9dc11ec13e93ab56e9ce64055214d3a1b9
-
SHA512
9ae6644c99aa7c71d84eab0ffafbfd8463c1db073eed11f97df04da582c3c4bb5c5266559bb33105fae86392b5195b19739f9b5274355c512435f11cac1b63a2
-
SSDEEP
393216:G8iNh2Jp5MXL+9qzGZaSJHh1JsSJ3Jlx:+h1+9q6ZaSJHh1KQ
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Stub.pyc
-
Size
197KB
-
MD5
7ebdd6ff7d41006dd8cea6ee13c9178c
-
SHA1
28b4627d3bb818bf708f8add2b8de2fb1315f5ff
-
SHA256
a6506086f1b28611eaad4049f96ca9055dee73b96b894f12d4028216243fa2b3
-
SHA512
20b9d3c5598e54915c8ce27b5c2d641147c2ee6207d8fb2a23e90c375fe674a5c21dab1a7032395d0fffa24f72c8b9f56a5209818e47521645a9a30ab40c40b2
-
SSDEEP
6144:WEYPhcp7+VCI3q/YhYYYYY9YYcXT4+lbG:d2CoVT4+0
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Hide Artifacts
1Hidden Files and Directories
1