General

  • Target

    5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446.exe

  • Size

    26.6MB

  • Sample

    240516-3chzesea76

  • MD5

    67bd09879e6fe66763074091f57f3150

  • SHA1

    43825d37d0821a6a21aee73e30ecb71c04b14119

  • SHA256

    5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446

  • SHA512

    668d8048608bf31795fd743d34b8210d2a8b75b3e5c119acfa5d790e06aba0c06cc3f95f2b219879f80ea4201de89d04e99255cda30d6ae0d3c7de3578fb3e88

  • SSDEEP

    393216:Io9D7E9QdXG45L1V8dJKFqy4gst0BPeiz+xy446iU:19cQPR4hveGYv4P

Malware Config

Targets

    • Target

      5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446.exe

    • Size

      26.6MB

    • MD5

      67bd09879e6fe66763074091f57f3150

    • SHA1

      43825d37d0821a6a21aee73e30ecb71c04b14119

    • SHA256

      5604246ead9eb4b6ddd749a285e1bb3296f186988c3eb298964a3138cece1446

    • SHA512

      668d8048608bf31795fd743d34b8210d2a8b75b3e5c119acfa5d790e06aba0c06cc3f95f2b219879f80ea4201de89d04e99255cda30d6ae0d3c7de3578fb3e88

    • SSDEEP

      393216:Io9D7E9QdXG45L1V8dJKFqy4gst0BPeiz+xy446iU:19cQPR4hveGYv4P

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks