General
-
Target
injector.exe
-
Size
8.2MB
-
Sample
240522-z45eysha4x
-
MD5
698c9719289f60f75e9ef0bbbb30095e
-
SHA1
a63608483dd847f4ea00ccd43f94f05444716fde
-
SHA256
199b646baa3584624411f6dce79e3ec648dce21ae78ae5b4b490785fa4fc2f63
-
SHA512
484a8816c10ecb4bd3c8b894f7e9b1b7a2327fc7355fcefd7a8c704adedb7c724b51905259117ac2cf51c5753c3b92766459e4481452a4666f157805b8fa6af2
-
SSDEEP
196608:UrH8vEzpCuLjv+bhqNVoB8Ck5c7GpNlpq41J2mrlvbk9qtlDfqWi:H4NL+9qz88Ck+7q3p91JNMqfqWi
Malware Config
Targets
-
-
Target
injector.exe
-
Size
8.2MB
-
MD5
698c9719289f60f75e9ef0bbbb30095e
-
SHA1
a63608483dd847f4ea00ccd43f94f05444716fde
-
SHA256
199b646baa3584624411f6dce79e3ec648dce21ae78ae5b4b490785fa4fc2f63
-
SHA512
484a8816c10ecb4bd3c8b894f7e9b1b7a2327fc7355fcefd7a8c704adedb7c724b51905259117ac2cf51c5753c3b92766459e4481452a4666f157805b8fa6af2
-
SSDEEP
196608:UrH8vEzpCuLjv+bhqNVoB8Ck5c7GpNlpq41J2mrlvbk9qtlDfqWi:H4NL+9qz88Ck+7q3p91JNMqfqWi
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-