General

  • Target

    TempSpoofer.exe

  • Size

    52.6MB

  • Sample

    240525-avgvvsgf34

  • MD5

    37b6943506912719089e3520b213a271

  • SHA1

    4ca265917598d53f6d605a44d7bc7b18644ae1e1

  • SHA256

    a3187fae9c661ee35c83520a694c1bd7f96e757b320640d7f2fb1d4dc12fd41c

  • SHA512

    e5339926ab5eddb38d1038e16a883fef971e40efbcd9c92c7a4ea3eb9439ffe7a64400b991c7c128671775ee4c7391be43f47a8728c24e8cdbde17b37f0601c0

  • SSDEEP

    1572864:NS0NHnqf3Gd6xdnj+YV5szudUE7fzqrSuW:NSInyo6VVBdn

Score
7/10

Malware Config

Targets

    • Target

      TempSpoofer.exe

    • Size

      52.6MB

    • MD5

      37b6943506912719089e3520b213a271

    • SHA1

      4ca265917598d53f6d605a44d7bc7b18644ae1e1

    • SHA256

      a3187fae9c661ee35c83520a694c1bd7f96e757b320640d7f2fb1d4dc12fd41c

    • SHA512

      e5339926ab5eddb38d1038e16a883fef971e40efbcd9c92c7a4ea3eb9439ffe7a64400b991c7c128671775ee4c7391be43f47a8728c24e8cdbde17b37f0601c0

    • SSDEEP

      1572864:NS0NHnqf3Gd6xdnj+YV5szudUE7fzqrSuW:NSInyo6VVBdn

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks