General

  • Target

    3fa4786f54c609e7e5e88c79eb7f99e373964cb316189883b74eb15f428ee5c0

  • Size

    16.9MB

  • Sample

    240508-qz2ntsfd3x

  • MD5

    05522ed977c613937fe6b9067abd8ca5

  • SHA1

    b11bdad106223e222f4483c7e8317a7b58a0dbb1

  • SHA256

    3fa4786f54c609e7e5e88c79eb7f99e373964cb316189883b74eb15f428ee5c0

  • SHA512

    91376cc87d4772013559cae14c8bc7bdf647d0443c2c576f0b1890b0d7b11b080d714c6357d0a4fdbc4de5aa6345157fcc12242fa42f414f5aea91dd31a6291e

  • SSDEEP

    393216:Vv90+5gDTTh2Jp5MwurEUWjsrfT7E5PKk9buK+x:B9PkThidb8fT7bkEK+

Malware Config

Targets

    • Target

      3fa4786f54c609e7e5e88c79eb7f99e373964cb316189883b74eb15f428ee5c0

    • Size

      16.9MB

    • MD5

      05522ed977c613937fe6b9067abd8ca5

    • SHA1

      b11bdad106223e222f4483c7e8317a7b58a0dbb1

    • SHA256

      3fa4786f54c609e7e5e88c79eb7f99e373964cb316189883b74eb15f428ee5c0

    • SHA512

      91376cc87d4772013559cae14c8bc7bdf647d0443c2c576f0b1890b0d7b11b080d714c6357d0a4fdbc4de5aa6345157fcc12242fa42f414f5aea91dd31a6291e

    • SSDEEP

      393216:Vv90+5gDTTh2Jp5MwurEUWjsrfT7E5PKk9buK+x:B9PkThidb8fT7bkEK+

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks