General

  • Target

    eL9iw2JX9kSovRbsX.exe

  • Size

    17.3MB

  • Sample

    240525-mazw6adg73

  • MD5

    324a67ac858c92753c577dcc8656876b

  • SHA1

    152ec94737908108c7b1ccb7e41ffd5742dd16e1

  • SHA256

    3034a99441bec34b73687ea1ee396d84029be66a2036571480442b1e154533b9

  • SHA512

    d5cf19d4f50f19a270869ac0a5bbd8b37e5cb3d290c391ae8d3b859ed1cf9a5413e380f5f37171d0eed5310350f1ec1c62efe36c007b350fd496906e9c139da6

  • SSDEEP

    196608:+C1Fih8Fpji0sKYu/PaQdXGn934usUR3ElCHPIeNABFJMIDJD5qgsAGK5SEQRrqz:bLFmQdXGmm0EKFqy4gsfNYgYPw1TXC

Malware Config

Targets

    • Target

      eL9iw2JX9kSovRbsX.exe

    • Size

      17.3MB

    • MD5

      324a67ac858c92753c577dcc8656876b

    • SHA1

      152ec94737908108c7b1ccb7e41ffd5742dd16e1

    • SHA256

      3034a99441bec34b73687ea1ee396d84029be66a2036571480442b1e154533b9

    • SHA512

      d5cf19d4f50f19a270869ac0a5bbd8b37e5cb3d290c391ae8d3b859ed1cf9a5413e380f5f37171d0eed5310350f1ec1c62efe36c007b350fd496906e9c139da6

    • SSDEEP

      196608:+C1Fih8Fpji0sKYu/PaQdXGn934usUR3ElCHPIeNABFJMIDJD5qgsAGK5SEQRrqz:bLFmQdXGmm0EKFqy4gsfNYgYPw1TXC

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks