General

  • Target

    obfuscated_unload.exe

  • Size

    17.2MB

  • Sample

    240525-bs9crshh94

  • MD5

    e23da987867c8ca30f03dfbc87745d8a

  • SHA1

    6857b0f3ef3ad12aa2585239aa8845b96c92e17f

  • SHA256

    ad711b316518035c37c469d8be5c3ec60f8eabe9c7c66878367dc4fb5ccb3ad9

  • SHA512

    a2517b97b926a2d92a709932bf52e286872895b144d8e4c277b67dede402e2659bb8c4f71cadf3060914134a2ca6e426a433f8eb9cb00edeed0a1eb7e80183eb

  • SSDEEP

    393216:SgTV9s45Ci55L1V8dkurEUWj+rcfeEkuKS2uKo:D9h/XRndbmcfevSNKo

Malware Config

Targets

    • Target

      obfuscated_unload.exe

    • Size

      17.2MB

    • MD5

      e23da987867c8ca30f03dfbc87745d8a

    • SHA1

      6857b0f3ef3ad12aa2585239aa8845b96c92e17f

    • SHA256

      ad711b316518035c37c469d8be5c3ec60f8eabe9c7c66878367dc4fb5ccb3ad9

    • SHA512

      a2517b97b926a2d92a709932bf52e286872895b144d8e4c277b67dede402e2659bb8c4f71cadf3060914134a2ca6e426a433f8eb9cb00edeed0a1eb7e80183eb

    • SSDEEP

      393216:SgTV9s45Ci55L1V8dkurEUWj+rcfeEkuKS2uKo:D9h/XRndbmcfevSNKo

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks