General

  • Target

    ss.txt

  • Size

    73B

  • Sample

    240516-wrpl7ahc62

  • MD5

    24e644c89b0f9d147e49336551de58fc

  • SHA1

    0b6fa395817697347b674be3283af8d434a49f84

  • SHA256

    024a29d5948d287869cb95736cadd4da97fd01ba6e2a26a9da756a26c48d0b16

  • SHA512

    e33380f49a2a687e083099f04e8518c6f9e1fba03361873a5f10a56afd0e9585df3ba5a885f85d945ce10d432dc0f5174f438d7174a1f66b7a050b072c586112

Malware Config

Targets

    • Target

      ss.txt

    • Size

      73B

    • MD5

      24e644c89b0f9d147e49336551de58fc

    • SHA1

      0b6fa395817697347b674be3283af8d434a49f84

    • SHA256

      024a29d5948d287869cb95736cadd4da97fd01ba6e2a26a9da756a26c48d0b16

    • SHA512

      e33380f49a2a687e083099f04e8518c6f9e1fba03361873a5f10a56afd0e9585df3ba5a885f85d945ce10d432dc0f5174f438d7174a1f66b7a050b072c586112

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks for any installed AV software in registry

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks