General

  • Target

    Toxinware.exe

  • Size

    46.7MB

  • Sample

    240510-mmdjpahf21

  • MD5

    c9bca83898ffecbc976cf8d4e486e3dc

  • SHA1

    c59533d551441b0eb617e8060768555f004a13e1

  • SHA256

    604e116a9bb85c08a7e82dca901d330f7b49188b68b01c159248917a50f03b83

  • SHA512

    f1f03db18813dbd7a746f22ac2ffe30a2533ada3604269797af6fde97debeb70ce6a780219c4248ecaac1c42bf7a871b7eff61688c07388478e4ff61d3aab77a

  • SSDEEP

    393216:XDna3FQtsMr7M5lin1+TtIiFP/IjcAHiS26YxoroFWF452:X21Qtse7M5lq1QtIi/IdHrWxoeV5

Malware Config

Targets

    • Target

      Toxinware.exe

    • Size

      46.7MB

    • MD5

      c9bca83898ffecbc976cf8d4e486e3dc

    • SHA1

      c59533d551441b0eb617e8060768555f004a13e1

    • SHA256

      604e116a9bb85c08a7e82dca901d330f7b49188b68b01c159248917a50f03b83

    • SHA512

      f1f03db18813dbd7a746f22ac2ffe30a2533ada3604269797af6fde97debeb70ce6a780219c4248ecaac1c42bf7a871b7eff61688c07388478e4ff61d3aab77a

    • SSDEEP

      393216:XDna3FQtsMr7M5lin1+TtIiFP/IjcAHiS26YxoroFWF452:X21Qtse7M5lq1QtIi/IdHrWxoeV5

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Toxinware.pyc

    • Size

      50KB

    • MD5

      989b7bfb86b86dd20bfa8ea62e3ee67f

    • SHA1

      b31143428835a6f78b75bcddff13dfa95d695a89

    • SHA256

      030a44e9da0932adce88a2fdf9767b7e6174b69b572d9c586c16ce2d71dc04a9

    • SHA512

      306da6339176730d53d70ff264557b9ae5aa01c59034ce698147ca3902908feaeac02ab9f2dad5c432629632330cd2f2a236d1ce4ad6160cb3f08ec5ff28d039

    • SSDEEP

      1536:t9MWlNC+//7de2kaw0gF8YUHPlHM0jMZDlhLxwUSgeC:vNCEE5a5P9M0j3UaC

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks