Overview

overview

8

Static

static

3

ExInjector...v4.zip

windows7-x64

1

ExInjector...v4.zip

windows10-2004-x64

1

ExInjector...er.exe

windows7-x64

7

ExInjector...er.exe

windows10-2004-x64

8

exxexexex.pyc

windows7-x64

3

exxexexex.pyc

windows10-2004-x64

3

ExInjector...V4.exe

windows7-x64

7

ExInjector...V4.exe

windows10-2004-x64

8

exxexexex.pyc

windows7-x64

3

exxexexex.pyc

windows10-2004-x64

3

ExInjector...me.txt

windows7-x64

1

ExInjector...me.txt

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    ExInjector Beta v4.zip

  • Size

    30.5MB

  • Sample

    240509-qye4facc8v

  • MD5

    ad3b8a9abb671f15a0a963168e8cbd30

  • SHA1

    433695d8e037d85e3086c8cbbcd64324da6a19a7

  • SHA256

    2de41d31b8d3e57b38e7f1635aec6389d28e715c4887ae8fcb37c153f5800bda

  • SHA512

    d089479bed895ba899f25ed84b47dc786663f22ab5875911f706cd1193cfa6132e6f73a60aa54a846301a7a904c662241229658213131272b9427b9f778021b7

  • SSDEEP

    786432:iTwAZ92kQN06GF/5QDsXooMyCTwAZ92kQN06GF/5QDsXooMyF:UwA37QY/5QDsZ0wA37QY/5QDsZF

Score
8/10
executionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      ExInjector Beta v4.zip

    • Size

      30.5MB

    • MD5

      ad3b8a9abb671f15a0a963168e8cbd30

    • SHA1

      433695d8e037d85e3086c8cbbcd64324da6a19a7

    • SHA256

      2de41d31b8d3e57b38e7f1635aec6389d28e715c4887ae8fcb37c153f5800bda

    • SHA512

      d089479bed895ba899f25ed84b47dc786663f22ab5875911f706cd1193cfa6132e6f73a60aa54a846301a7a904c662241229658213131272b9427b9f778021b7

    • SSDEEP

      786432:iTwAZ92kQN06GF/5QDsXooMyCTwAZ92kQN06GF/5QDsXooMyF:UwA37QY/5QDsZ0wA37QY/5QDsZF

    Score
    1/10
    behavioral1behavioral2

    • Target

      ExInjector Beta v4/AutoUpdater.exe

    • Size

      40.4MB

    • MD5

      b5376b0ac908c1ff23f00ba4b4823f87

    • SHA1

      89f270e1404a76594b0780d70a7ab9491b1e0de3

    • SHA256

      6957aa3b521d1ddcc4a512e2fe7aa93eabf58e9a53a4acd4866c4930a881de28

    • SHA512

      49c1704611beec9469cb47c74fa285404afe33b442a2aa64dd0a4efdb5bc2cf523096d1fca9044f81d7e9ea8488f7ee8b9f3b7d015aee1bec4167bf69d555d40

    • SSDEEP

      393216:zWvz+q3V1VUIC3L+9qz8GvD7fEU2IGY/Vt1Wom6:Sz+q37/O+9q4GL7fEvILpm6

    Score
    8/10
    upxexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      exxexexex.pyc

    • Size

      44KB

    • MD5

      f3a787e7c2da671889a3219d587f3d05

    • SHA1

      579e2b76e0aaf6d7327274d5e12a70f975a37746

    • SHA256

      8eeb5933c9991210782c8d04ab5fb55a41544caf2234a3c96202a61c78bdc02a

    • SHA512

      b005e4c4dd8d9be73b2efaac990a45c2a868046c131ac7bd801053a319b22bc634e5d1b7cc3a9f73ef0d18c65335a2a35db0a57839017ab54f14a0a315d947b1

    • SSDEEP

      768:n9JWavmeVQ+gzp6LxOKH90Zf06pAFbo6LhrpJIkzRA1Sksd+Bgr48WPedDlhLx3V:n9JW4Xu4ObZf0mAhIkzRUSksd+SU8C8n

    Score
    3/10
    behavioral5behavioral6

    • Target

      ExInjector Beta v4/ExInject V4.exe

    • Size

      40.4MB

    • MD5

      b5376b0ac908c1ff23f00ba4b4823f87

    • SHA1

      89f270e1404a76594b0780d70a7ab9491b1e0de3

    • SHA256

      6957aa3b521d1ddcc4a512e2fe7aa93eabf58e9a53a4acd4866c4930a881de28

    • SHA512

      49c1704611beec9469cb47c74fa285404afe33b442a2aa64dd0a4efdb5bc2cf523096d1fca9044f81d7e9ea8488f7ee8b9f3b7d015aee1bec4167bf69d555d40

    • SSDEEP

      393216:zWvz+q3V1VUIC3L+9qz8GvD7fEU2IGY/Vt1Wom6:Sz+q37/O+9q4GL7fEvILpm6

    Score
    8/10
    upxexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral7behavioral8

    • Target

      exxexexex.pyc

    • Size

      44KB

    • MD5

      f3a787e7c2da671889a3219d587f3d05

    • SHA1

      579e2b76e0aaf6d7327274d5e12a70f975a37746

    • SHA256

      8eeb5933c9991210782c8d04ab5fb55a41544caf2234a3c96202a61c78bdc02a

    • SHA512

      b005e4c4dd8d9be73b2efaac990a45c2a868046c131ac7bd801053a319b22bc634e5d1b7cc3a9f73ef0d18c65335a2a35db0a57839017ab54f14a0a315d947b1

    • SSDEEP

      768:n9JWavmeVQ+gzp6LxOKH90Zf06pAFbo6LhrpJIkzRA1Sksd+Bgr48WPedDlhLx3V:n9JW4Xu4ObZf0mAhIkzRUSksd+SU8C8n

    Score
    3/10
    behavioral10behavioral9

    • Target

      ExInjector Beta v4/Read me.txt

    • Size

      354B

    • MD5

      20f69fc3792679b61d6d6216cbce8026

    • SHA1

      93965e7f4487073f0b8cee34efe831650a543f03

    • SHA256

      5223e6b58d8ebfe16438d4e45b0a2ea4d35012023f940331e354e64b86fa83fd

    • SHA512

      88c089aa80e3ac2b94ab4ed2576694f5c4e49cda6287ea12d418628ce11639bf43ed0a5eaa1f80c6bf0ebfe9bd137e0d39e88fac0ccc54f5f075393d3df1c08d

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks