General

  • Target

    autohitter.exe

  • Size

    8.3MB

  • Sample

    240516-xb62zaae84

  • MD5

    51e99c16a2b8319b768ac17180ae553f

  • SHA1

    b9eb2b96ba82d7ed4c792a841b9a7dc7a89ac1e0

  • SHA256

    2144c91ea07c4402aff18ed9083f699787443058005aae02b659ee3241f6ae25

  • SHA512

    0f8e822fdb6c3d31142471c105494eb00c27eff700be2a915381f1125b9057cdb32c72aa61b22bb8df79dea2bdca934d82d6dd105eb880ea52723ca03e4471f2

  • SSDEEP

    98304:TOf9TXulL1cAkiQLqezZVacsbxlAlN+I6y7X6n010h/kpfKc4u0wJZTvaXx0:TmFwcdJzZyU3+Ix6S0WewJZTSXx

Malware Config

Targets

    • Target

      autohitter.exe

    • Size

      8.3MB

    • MD5

      51e99c16a2b8319b768ac17180ae553f

    • SHA1

      b9eb2b96ba82d7ed4c792a841b9a7dc7a89ac1e0

    • SHA256

      2144c91ea07c4402aff18ed9083f699787443058005aae02b659ee3241f6ae25

    • SHA512

      0f8e822fdb6c3d31142471c105494eb00c27eff700be2a915381f1125b9057cdb32c72aa61b22bb8df79dea2bdca934d82d6dd105eb880ea52723ca03e4471f2

    • SSDEEP

      98304:TOf9TXulL1cAkiQLqezZVacsbxlAlN+I6y7X6n010h/kpfKc4u0wJZTvaXx0:TmFwcdJzZyU3+Ix6S0WewJZTSXx

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks