604d2a693634ed16a6d84f446ca7d208408f57e87ec30f35a577c27e2cc542f7

Sharing

Copy URL

Twitter E-mail

General

Target

micify-stealer-main4.21.zip
Size

20.2MB
Sample

240428-na8dzaee6x
MD5

d14dd4853a65145f873c1b274c724531
SHA1

1658dab2482ef2c9b25ecd8b0fd56e38e00ecc69
SHA256

604d2a693634ed16a6d84f446ca7d208408f57e87ec30f35a577c27e2cc542f7
SHA512

7a22db8fae78238fdf3e2d90ae7d730c479220cd3896fec5e181b9684e432a21c7fe6c8f96c22e183521b397a1557bd3f6105b9c735c328252ed481aebaa71c3
SSDEEP

393216:RxXkuPbd7mCFHAqtPv+VQBY1cTSZnwpArE4L4VONKzVdc2nm:Rx0uPbd7VAyP2H1cTSZwpCks2nm

Score

8^/10

Malware Config

Targets

- Target
  
  micify-stealer-main4.21/micify-stealer-main/Obfuscator/obf.py
- Size
  
  6KB
- MD5
  
  971de10c48374e792d88a7838fd9851c
- SHA1
  
  7556eb8ff1f78216c3f03f03221d27fd655791db
- SHA256
  
  1ceb3856f0bbf47c4dc42e08d54b94f9d217fac532de54566c42ca6fcee58a57
- SHA512
  
  8deb4449ccab3186948e90880b094f3ad34352d0557b425de6f9005745239087dbffda674742920f2e7ff9ae4d600b838dc8e57cee3591be5f5b7889209a3b7e
- SSDEEP
  
  192:jULXiicxM5A+21Gf/t/J44NfPmUTFnxkXD:jeXV5V26PxTFnxI
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  micify-stealer-main4.21/micify-stealer-main/UPX/upx.exe
- Size
  
  550KB
- MD5
  
  39ecdf78cb357513d1fd565c5e9edbdd
- SHA1
  
  433bb8e090e48ea304c89bab1bf1b5defaaa08d7
- SHA256
  
  1ea92da93eeaf4d456114b847b9bddfb47ef854e7c24143f290d5e3f44973e91
- SHA512
  
  e83f04a8f7f5ffe257747f5b294d17d386ce700f4c59afa6ab9c4995be8ae33d34add425472722538c429ea0decd797393d5316d620df6d2895c2930e2474efb
- SSDEEP
  
  12288:G5ngMB4arMslBeWZdK8hXN4f0K2YQpDZOBEVOEA/ToKrkW1A9N3:G9g349lPZdZ8Mg6+hB
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  micify-stealer-main4.21/micify-stealer-main/Waltuhium.py
- Size
  
  142KB
- MD5
  
  a68c266b695985a653e227a9db3f0cc3
- SHA1
  
  cab667616ad48f7ff006334083fc8ce70fd98a58
- SHA256
  
  6c8fbec69a8d070cb00f253fc9886e620034733038b2307779b2026559d3fa0b
- SHA512
  
  9d958551dfcecd763c3c8e98273c06db76248547c4774ec90188bff0ac4779582c1228735663b9503f2e7058cb60743344bc1c85d26d0cfe45df6338755c6928
- SSDEEP
  
  1536:eiYj57SAiFZjpKNrwne+HAz6v5QnsOkZdaC12JNsLqDhC/+0M/K6U5ftN:87JWGwFgZ6daC2JNs+C/+fyVN
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  micify-stealer-main4.21/micify-stealer-main/index.py
- Size
  
  9KB
- MD5
  
  bf2fdcbe728a8e056567b665a66aaf33
- SHA1
  
  6de4e1996da4ff57375af57b7398e3217248c3a3
- SHA256
  
  1cba64ecd7c6ec307a75151d1e0ddcd1633c916c040d01e1c95934407fd94083
- SHA512
  
  f095be763dd8754ea5036f1fe612141c2d350574199e49a0fcaf6806797795b9342fd46267794acf6e5322e17ff55daf7fb792cb3a1f7f6bd44c8d4111516d15
- SSDEEP
  
  192:OmvjvYv13epp3U+I2Pa/fcjzPLu1krJU1jDxsOlSNl:Om7vM1upp3GV8LLblUlDxsOM
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  micify-stealer-main4.21/micify-stealer-main/main.exe
- Size
  
  19.8MB
- MD5
  
  ce52604a9ada5cf25e82b078688ad019
- SHA1
  
  6eddf09acd225f25945dfb088ae8ff50d4dcd1b4
- SHA256
  
  88490f0f3245ea7b04344b71884a3ec939053f2c030272c1d6b29fab5846cdb8
- SHA512
  
  ba95a4d55ff192ef241ae0ff17cbd83d343a99b34cf59d37014d84a29e0669af48ba2303441418f3e12112c2732dc4c8fa5f7fac910a506eef95777e60b1d58e
- SSDEEP
  
  393216:CEkZQtsJJpUTLfhJKQETSrvJQ7ErYeG41UXFZeGZ:ChQtshUTLJQQEWrhQI/5
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Legitimate hosting services abused for malware hosting/C2

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12