General

  • Target

    spoofer.rar

  • Size

    16.2MB

  • Sample

    240508-3em16add5v

  • MD5

    327b05c4b5a1d15cd7f71caf50cf66f8

  • SHA1

    9a34bec7fbf2cb0c919c80d8f3d6272250023dcd

  • SHA256

    5f91548b380d6146cbe7d226432942a0e29ec255b631da6e53b2d7c4e7b0dff8

  • SHA512

    7763f238325d82f7b39e5a9a03a230cff21783c1f789e412eaa8f4afb382193b70ee738e21463fc29fff96cebf446ce5c01ffde94478128cb42ce393be0c3aee

  • SSDEEP

    393216:WpfBkQhYgJvNDAF0N96I82AfO4GZrYlYOp698Cd0:WPygvqPIOOTrok9+

Malware Config

Targets

    • Target

      spoofer.exe

    • Size

      16.6MB

    • MD5

      aaae9af892545b725f17b2234817fccc

    • SHA1

      2cf5e4044bbc84f8d1898a9a9f71c7937bf876d5

    • SHA256

      53245c0db33c4f8bab442ea125c58e50408796242462f81ed5bbef9d32f05352

    • SHA512

      864a9d07e2880564ce97a52298b5a82aa15d968a5d2d512700f3c9b6de2c7da8e5b86a64106e9bb2d489aff1a302389d8eb7186ce7d94d03e4267ecd9b224708

    • SSDEEP

      393216:CEkFqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lntEwPKksutK+:CND49YQFS1QtI6a8DZcIlt8kvK+

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      creal.pyc

    • Size

      64KB

    • MD5

      d8cd9403e6a921255a8445ff764c5462

    • SHA1

      ffb521167871584ede34ad1d58d4c271fe7d2efc

    • SHA256

      1bb6a413a556047809939bffaacb98796d1f94645d7341d8afe4bb0262e3f0bc

    • SHA512

      81c714a00e5d89aec7da216181b25ca7d71e606792e8aa18af837c083c070d40f42843ef2ede8a214a26840be60c90b292770a1c56f3fdbc6276d2d7217a467f

    • SSDEEP

      1536:7Tr7e+0Ql9pObo8BHWftXASFW08VgeOR2es:7TLYbo8B2VXASNMgeORk

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks