General

  • Target

    cc_generator.exe

  • Size

    6.9MB

  • Sample

    240511-29x9yadf3y

  • MD5

    d0ca6d5d4fe5fa540867ab50fd240f1b

  • SHA1

    39708fe9d8deb122e0b02d358628d55a074ed598

  • SHA256

    bfb2a0bbaf0fc6355cfce8f94a4b675d33734b31ed41a2d0d242d462ce487490

  • SHA512

    9bb04a3942c04ca69e1cd7acad75faf61ec921b74a5517b7ecc6be587cc1fe3889d37f50f8e7e95053d7fed5ff99f86dcbc8fc6b39c6396c52fdc7d444c94233

  • SSDEEP

    196608:NrNz0YCeNTfm/pf+xk4dWRGtrbWOjgWyM:3Ny/pWu4kRGtrbvMWyM

Malware Config

Targets

    • Target

      cc_generator.exe

    • Size

      6.9MB

    • MD5

      d0ca6d5d4fe5fa540867ab50fd240f1b

    • SHA1

      39708fe9d8deb122e0b02d358628d55a074ed598

    • SHA256

      bfb2a0bbaf0fc6355cfce8f94a4b675d33734b31ed41a2d0d242d462ce487490

    • SHA512

      9bb04a3942c04ca69e1cd7acad75faf61ec921b74a5517b7ecc6be587cc1fe3889d37f50f8e7e95053d7fed5ff99f86dcbc8fc6b39c6396c52fdc7d444c94233

    • SSDEEP

      196608:NrNz0YCeNTfm/pf+xk4dWRGtrbWOjgWyM:3Ny/pWu4kRGtrbvMWyM

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks