General

  • Target

    spoofer.rar

  • Size

    27.6MB

  • Sample

    240510-2xf5wshc94

  • MD5

    782a56fbe24bc419501d9e3d47a054f6

  • SHA1

    1f2d386428c08ce8c296bcfef39c52f63c9b113a

  • SHA256

    53adce61ae8d60998270effcc98ef86e311477635407a1df0b9ee1b21d320c21

  • SHA512

    11c63dbdcb45a5ef72e1edbd14391b22387ca05baf52b31e7ab7885140b6e507aa5a9ef389941ee07352260b5ab6d19db2c5ea2467138f36f4710d83c44f9c72

  • SSDEEP

    786432:RkENv4BQX3DFCzhUPehsC5R4uouIPPSMRzYfkq7Copu3H6:RkEFiQpYqeWC34L1aMxYcq7xW6

Malware Config

Targets

    • Target

      Qt5Core.dll

    • Size

      3.7MB

    • MD5

      8e4dacc3e44160be5615bc8f97cb363b

    • SHA1

      9ad44c7d18aaf7e9e108956d76e1e7a5bbe47769

    • SHA256

      71bf3859b71c395110e0167542a94558f44a7308d146acf35dc37e2cd10840d9

    • SHA512

      b6f4ac0e85a1fcfdb274035d73b7b6ffd8cbf84101dbd9ef36f5af9519df7a2a7f22eba143899a3727d6108a44dc5b3beb097e62d9b201f1b7878b18d108a2e1

    • SSDEEP

      49152:GVuHfzDizPlXqOa68n9yX1NjMtRJ8Njv5A8Jsv6tWKFdu9CjTH9ry0mRYPUFwR01:GVuHfzDiB8ylNItn8/HJsv6tWKFdu9C

    Score
    3/10
    • Target

      Qt5Gui.dll

    • Size

      2.8MB

    • MD5

      2e6e0d37b7876af3df53571d89d69dea

    • SHA1

      5923daf1090aaa59f5289296381c2ea0144d9046

    • SHA256

      5d1ff382f950deb2017dc981cdc11cff15c18caa4ebf274070adeb44e6e9aa73

    • SHA512

      22f76c0aa8d8a65740e8313e447ad36b65d10ed4919f386a66901455b78d05596f8cb2a2477063440c2be8e3ad1ad19cd48af0e026558b67c4419694340f3390

    • SSDEEP

      24576:aJ0hif8Ie6ufVgt7Baa440CqTdNu7VOzehw1ARLlbMK9ovxoR55DgRhz0nBE7nG/:I0BVBan0CqTMBhw5fXz6EuVMR7XEXeY

    Score
    3/10
    • Target

      Qt5Widgets.dll

    • Size

      4.1MB

    • MD5

      da9d27ff42f875d3803d20ab7d725b8f

    • SHA1

      df9578285ffde620a260693567e972f1b1b32436

    • SHA256

      4dd313ccaf0c6fe70b3c06d7350cb2ece59840d5c0fcfc91bb0842e2f64876c1

    • SHA512

      1ffe5deba23bce9b4a78f3509441653692641c584ab8a765ef64ff57d9fd70985c5a050667af0f31dfe4adbc1cd4d7aa582ca2aa60a01d8fc91556da9fa7b49f

    • SSDEEP

      24576:G6HNX+SaobmDAwmlhIB45JprYXFafATw93FKInnhTV8jF2IYJGlCrQORBFujN4Rq:x7bnOFlgQ0uJiphwWO10VmVsPBp

    Score
    3/10
    • Target

      icudt51.dll

    • Size

      21.3MB

    • MD5

      90fb58ca451b32be5ac406175901b7b2

    • SHA1

      fa25ea12773d4c43697639983cd149f6db4d2ce1

    • SHA256

      8d5d12ad3925bcb3d175e48c469f9d65887fe296624a049afe8658e00c45e0cd

    • SHA512

      c325e1bfa25940ce358c1407a944c140b104115b8e7e73322248251252b0a06e93ad594494f89b62a16ca24a9e2607f94762dc58ffb5d2e8ad7f5ff5008a2f4d

    • SSDEEP

      393216:buE2HH+yW1oBMUeHzl+4kbIWQOT0b8O8:s+P

    Score
    1/10
    • Target

      icuin51.dll

    • Size

      1.7MB

    • MD5

      a7f201c0b9ac05e950ecc55d4403ec16

    • SHA1

      20b5b9aefd27b11bd129af6bf362d11dffafa5e5

    • SHA256

      173092c4e256958b100683a6ab2ce0d1c9895ec63f222198f9de485e61c728ca

    • SHA512

      0d3b3a3f2d5c39b7309943591e51587c1db4bfc70ea5b0fd4a9016aacf0ca9dfa69040e6d74e1b9424fd8e41b3b3e22ab5d7c5352af6c216e491edec78c612d7

    • SSDEEP

      24576:7GWPHUAzlcNk0BjXxOKWf8e4VY/+AnattjtpKFJ/t:FPHUGOkIxOKW5OXlKHV

    Score
    3/10
    • Target

      icuuc51.dll

    • Size

      1.2MB

    • MD5

      dae4100039a943128c34ba3e05f6cd02

    • SHA1

      22b25c997c8204ca104cb72d98bc7fe57ea02b48

    • SHA256

      2357806ca24c9d3152d54d34270810da9d9ca943462ebf7291ae06a10e5cb8ba

    • SHA512

      5155b812afecddfcc904ad403d04dd060d284a2e9a9a0b26ccc96fb593801176be2ba69ffd2fa2a6f246a84f6dc824f042adaca7e8c1d3d57aae3fc62c2c24e1

    • SSDEEP

      24576:DCYW9S/7mMcs50Mf+Av1gQp3Y6ZBGB6riFv9Kk2HPmOh:DCw/8s0IaQp3Y6ZBj+Kf

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      47KB

    • MD5

      fa21c09c83ad8c73c5f759662dfc7d28

    • SHA1

      3200769281496cc61065ff856836e36a50690033

    • SHA256

      cdb4ba8f6e622f63a94df438552acb08d13af7b4a80ddce4b459f943e636d160

    • SHA512

      b763c878db6bbc15f7ebfec2b65e01ec63c8ace681662a4a844ae55fa6f5dbbbe066713ca47357e68a8d7cb1b8b81d901fa6622934b576e4cd5604061703a1d3

    • SSDEEP

      768:4dp3loIiS+gbIdX9h9btywVT+0sdfLKc/IQiInhtTaQotOnKOdNGd3:4H3llRbIdth9JjTvsFec/IYhtuztOnTW

    Score
    1/10
    • Target

      libGLESv2.dll

    • Size

      711KB

    • MD5

      ab04036478f242066e47aebd26557250

    • SHA1

      79042e6cc77513ee58d22a96d404a7fa494adf50

    • SHA256

      82dd77ecc2ec3893d9f64d3bfb0db345fc82ccb11ec3fa2a4144828052e880a9

    • SHA512

      386ae8a71f004da410e61c16ff567f6fe8c8dfedf0d9231f94c4edd9a9ac2e5bdcb6b09a4ed837c0ebc2d7e810c6e8ad60d2f9f0d52c33a585bcbc33f0ab5b54

    • SSDEEP

      12288:fgCO4mFq3kAVoYQVggbGAoTbmnuNfMxJWVtrKnffO9Py0n4w0:ocmFq37JQOTbZpaffOFy0n4N

    Score
    1/10
    • Target

      msvcp100.dll

    • Size

      411KB

    • MD5

      bc83108b18756547013ed443b8cdb31b

    • SHA1

      79bcaad3714433e01c7f153b05b781f8d7cb318d

    • SHA256

      b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

    • SHA512

      6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

    • SSDEEP

      12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx

    Score
    3/10
    • Target

      msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    • Target

      platforms/qwindows.dll

    • Size

      813KB

    • MD5

      a5f6bf2510039476d894a4dbdc1ebf57

    • SHA1

      8127005b31bc3008bebb0f4c3fe3064bc02fd459

    • SHA256

      60b2057abf8ad26da8571e36431d98854dbc5224c85be6b2cae5ef291b6fdab7

    • SHA512

      6f39840915d41b6d2f904b90ffcff80aaed144f9556896fba51ad08bf59afda0bff85c10b80af8a1e3ada3baa68d8ff7c3346d33a9619f481dd4125f938b87ff

    • SSDEEP

      12288:ME9A+8KGsbuY68kn3ldh57A5sqoFBuP4cs41Hsd2LgAN4yukK:MUGqxkn3l0sqo7uZf1cjyc

    Score
    1/10
    • Target

      spoofer.exe

    • Size

      16.6MB

    • MD5

      aaae9af892545b725f17b2234817fccc

    • SHA1

      2cf5e4044bbc84f8d1898a9a9f71c7937bf876d5

    • SHA256

      53245c0db33c4f8bab442ea125c58e50408796242462f81ed5bbef9d32f05352

    • SHA512

      864a9d07e2880564ce97a52298b5a82aa15d968a5d2d512700f3c9b6de2c7da8e5b86a64106e9bb2d489aff1a302389d8eb7186ce7d94d03e4267ecd9b224708

    • SSDEEP

      393216:CEkFqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lntEwPKksutK+:CND49YQFS1QtI6a8DZcIlt8kvK+

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      tpm

    • Size

      54B

    • MD5

      2b2427dbfb51f868c8b84755ed574107

    • SHA1

      25f093b0840dc5c1b0a638724dfbf05faf4142bf

    • SHA256

      a5ffc2c06af5be1226f20c21c3d03465a0801d38d9be82e5ece72444c4e8f744

    • SHA512

      501871b37339ad76d643b54e03b9b79aae23c44ee195e70e20833b7649c2b95a514d55513ef581e3563c21ac59f2afaab4eea75b583aaaca1514eb6eefbfe59b

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks