General

  • Target

    releases

  • Size

    154KB

  • Sample

    240510-ras6tshg7s

  • MD5

    c5c7c2fbe51ccd79db6f2761975dbc8b

  • SHA1

    b02a1066f3225b48bb8dfa0f46c56d0ce68d7f0c

  • SHA256

    6f4bacdb016c4ff2e11575cd2fc6ea5cd3a0c4af14e3caecf27f82d2efbe2ba9

  • SHA512

    c14fb0250ed202536c957e974c58cd7e8778b2661a4fa1d55b59eac176ba65d52513c14d4df9eea1a7a1c3d0e0cd0c6efad76b72e9e94d312655ce37a8631cb3

  • SSDEEP

    3072:jOAoEcMBy2xzVuyknfVMBFSKl+k76IScDXmNc8EXtnwYcSQMg+7kew2YNDl2n9d+:9fQxl2n9ddKM2vkm0aWyRv3pR9YvZJTM

Malware Config

Targets

    • Target

      releases

    • Size

      154KB

    • MD5

      c5c7c2fbe51ccd79db6f2761975dbc8b

    • SHA1

      b02a1066f3225b48bb8dfa0f46c56d0ce68d7f0c

    • SHA256

      6f4bacdb016c4ff2e11575cd2fc6ea5cd3a0c4af14e3caecf27f82d2efbe2ba9

    • SHA512

      c14fb0250ed202536c957e974c58cd7e8778b2661a4fa1d55b59eac176ba65d52513c14d4df9eea1a7a1c3d0e0cd0c6efad76b72e9e94d312655ce37a8631cb3

    • SSDEEP

      3072:jOAoEcMBy2xzVuyknfVMBFSKl+k76IScDXmNc8EXtnwYcSQMg+7kew2YNDl2n9d+:9fQxl2n9ddKM2vkm0aWyRv3pR9YvZJTM

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks