General

  • Target

    Loader.exe

  • Size

    16.2MB

  • Sample

    240508-r4w5kshf21

  • MD5

    631557ec8407f8f27ec14186c1b33426

  • SHA1

    be55f143fbec50dc49768c52c61f757fd544a79c

  • SHA256

    d4e663a0a11ce5581f91dcbb54b5f50f45f0a78d74b8c7217656b02de9a3cabb

  • SHA512

    463e5b85aaa843540a235ae5f76e6548a39b3a739087030b5db45dcbb3f9b13c68f7de1a5ff195f4c783b0a538b03a94b68db76164db99d98434ea322696ab80

  • SSDEEP

    393216:/EkcqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6ln8EfPKksbuK+:/kD49YQFS1QtI6a8DZcIl8zkBK+

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      16.2MB

    • MD5

      631557ec8407f8f27ec14186c1b33426

    • SHA1

      be55f143fbec50dc49768c52c61f757fd544a79c

    • SHA256

      d4e663a0a11ce5581f91dcbb54b5f50f45f0a78d74b8c7217656b02de9a3cabb

    • SHA512

      463e5b85aaa843540a235ae5f76e6548a39b3a739087030b5db45dcbb3f9b13c68f7de1a5ff195f4c783b0a538b03a94b68db76164db99d98434ea322696ab80

    • SSDEEP

      393216:/EkcqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6ln8EfPKksbuK+:/kD49YQFS1QtI6a8DZcIl8zkBK+

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks