General

  • Target

    CCB-Import‎‎‎‎‍‎‎‎‏‍‎‮‮‮xlsx.exe

  • Size

    13.1MB

  • Sample

    240516-wvvmlshe32

  • MD5

    ab740bc551a267cf931f53ef0bff682d

  • SHA1

    ffe4b31735ca554a18421952b8b851e98118db10

  • SHA256

    759d59a9d5473c2c36677c2c98e56100c3fa1e78180ca50cb77fd723ef804cd2

  • SHA512

    a105edcbcae676ec96f65963786be56114adbc81b494e7740d0277540fd89016a6956a98c8020ee819350e413081d47b22599a3da8c69d5ad28aa2a382d28b57

  • SSDEEP

    393216:OEkiQdqRdQJluIF3MnG3/l5L4+upm2uXi76LLbIg:OaqKdQt3MGzM+Z9LM

Malware Config

Targets

    • Target

      CCB-Import‎‎‎‎‍‎‎‎‏‍‎‮‮‮xlsx.exe

    • Size

      13.1MB

    • MD5

      ab740bc551a267cf931f53ef0bff682d

    • SHA1

      ffe4b31735ca554a18421952b8b851e98118db10

    • SHA256

      759d59a9d5473c2c36677c2c98e56100c3fa1e78180ca50cb77fd723ef804cd2

    • SHA512

      a105edcbcae676ec96f65963786be56114adbc81b494e7740d0277540fd89016a6956a98c8020ee819350e413081d47b22599a3da8c69d5ad28aa2a382d28b57

    • SSDEEP

      393216:OEkiQdqRdQJluIF3MnG3/l5L4+upm2uXi76LLbIg:OaqKdQt3MGzM+Z9LM

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks