General

  • Target

    Lag_Switch_V2.exe

  • Size

    16.7MB

  • Sample

    240511-kwgxcsch66

  • MD5

    e017de84589503abaad5669da6fa4011

  • SHA1

    474617635969a2d79896259bf367368a35725aa4

  • SHA256

    11d3b93f794e234ef5b44921b9dac12cbd87df652330bc20ba510d5c979fc3dd

  • SHA512

    ac8954e5f53f76107a5fa96d0a48e65a422050190074860608371fcfe0d38cfe4d0fe8f1e8aa218b3e3f94583d9bd6c9fcd2fc02854775d0b6d0036364c2c599

  • SSDEEP

    393216:bWjv90+5gDkj5L1V8dXurEUWjsrzbEkPKkvbuK+x:qr9PvNRkdb8zbIkSK+

Malware Config

Targets

    • Target

      Lag_Switch_V2.exe

    • Size

      16.7MB

    • MD5

      e017de84589503abaad5669da6fa4011

    • SHA1

      474617635969a2d79896259bf367368a35725aa4

    • SHA256

      11d3b93f794e234ef5b44921b9dac12cbd87df652330bc20ba510d5c979fc3dd

    • SHA512

      ac8954e5f53f76107a5fa96d0a48e65a422050190074860608371fcfe0d38cfe4d0fe8f1e8aa218b3e3f94583d9bd6c9fcd2fc02854775d0b6d0036364c2c599

    • SSDEEP

      393216:bWjv90+5gDkj5L1V8dXurEUWjsrzbEkPKkvbuK+x:qr9PvNRkdb8zbIkSK+

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks