General

  • Target

    Oracle.exe

  • Size

    17.2MB

  • Sample

    240511-g3yxnsab4z

  • MD5

    c9913cbcaa6bdbf0a567f4a5c2921520

  • SHA1

    f36f7f8042120141fd1d131c69b60e2834c45de0

  • SHA256

    714a503eac2735230d0d481b0519bd91832c1a728e50fcf3c98269d8a8a06ad4

  • SHA512

    b8ac9155df5da7500a9dfaac8f8e8a4507019bc63c71c30cea91d9dc2a07e70c3ee21caddc58bc1ce3651d7511f1eaa31ecdffdddcff313558858c0d3276e376

  • SSDEEP

    393216:m77TN3Vw8v90+5gDkj5L1V8dXurEUWjsrzbEkPKkvbuK+x:SwK9PvNRkdb8zbIkSK+

Malware Config

Targets

    • Target

      Oracle.exe

    • Size

      17.2MB

    • MD5

      c9913cbcaa6bdbf0a567f4a5c2921520

    • SHA1

      f36f7f8042120141fd1d131c69b60e2834c45de0

    • SHA256

      714a503eac2735230d0d481b0519bd91832c1a728e50fcf3c98269d8a8a06ad4

    • SHA512

      b8ac9155df5da7500a9dfaac8f8e8a4507019bc63c71c30cea91d9dc2a07e70c3ee21caddc58bc1ce3651d7511f1eaa31ecdffdddcff313558858c0d3276e376

    • SSDEEP

      393216:m77TN3Vw8v90+5gDkj5L1V8dXurEUWjsrzbEkPKkvbuK+x:SwK9PvNRkdb8zbIkSK+

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks