General

  • Target

    FIVEMREDENGINE.exe

  • Size

    17.7MB

  • Sample

    240522-l1995sbd4z

  • MD5

    5d910e8a042dc45d5c9f138dfd9ffcfd

  • SHA1

    3cf6822ba1207b2861efc05eac129b2fdec98be2

  • SHA256

    820116facc6cab4c532c8b898316431867d243975ea994084157cea550505cd7

  • SHA512

    afffc0a961aff721f36617a9e667b0b2e7b904b4ce8a67eb1b41739323f3f7a21aa5145a9142d0cf04f86df589e2ec814a9d7929bb38278847bf4a4cb397bc1e

  • SSDEEP

    393216:Yxfz1FeREWudQuslN/m3pvfrAZYCuPJOmuSeg0WBJHr75QPjMKIISexp5PC:YxjeRidQu4KvMJuxdfz00qrMKjSexp5C

Malware Config

Targets

    • Target

      FIVEMREDENGINE.exe

    • Size

      17.7MB

    • MD5

      5d910e8a042dc45d5c9f138dfd9ffcfd

    • SHA1

      3cf6822ba1207b2861efc05eac129b2fdec98be2

    • SHA256

      820116facc6cab4c532c8b898316431867d243975ea994084157cea550505cd7

    • SHA512

      afffc0a961aff721f36617a9e667b0b2e7b904b4ce8a67eb1b41739323f3f7a21aa5145a9142d0cf04f86df589e2ec814a9d7929bb38278847bf4a4cb397bc1e

    • SSDEEP

      393216:Yxfz1FeREWudQuslN/m3pvfrAZYCuPJOmuSeg0WBJHr75QPjMKIISexp5PC:YxjeRidQu4KvMJuxdfz00qrMKjSexp5C

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks