General

  • Target

    NICErat_controlpannel.exe

  • Size

    21.1MB

  • Sample

    240526-1aqv5sde38

  • MD5

    ca45e66fe0b99a074ea63ddb078baaf2

  • SHA1

    5a54342b46c9b49fc8fe416096e50bf4261fa163

  • SHA256

    3b8b68f11b2146d11b3fbfb0c57e6a46af7d96885d3fccf54604202584489b07

  • SHA512

    4a1138969ec2618d92030f01a89c3dc25407cf143c9777a415aeabcd579a6addae28b161a5640c1d7d1a87ab32eec5fcb68aa4f548d5d26a44233bac28f9a8e2

  • SSDEEP

    393216:TEkZQtss27xhjJWQsUcR4NzQW+eGQRg93iObIhRS/tuLGrqT6oHd85Tv/:ThQtsZjYQFIW+e5R49MhRZqePy5T

Malware Config

Targets

    • Target

      NICErat_controlpannel.exe

    • Size

      21.1MB

    • MD5

      ca45e66fe0b99a074ea63ddb078baaf2

    • SHA1

      5a54342b46c9b49fc8fe416096e50bf4261fa163

    • SHA256

      3b8b68f11b2146d11b3fbfb0c57e6a46af7d96885d3fccf54604202584489b07

    • SHA512

      4a1138969ec2618d92030f01a89c3dc25407cf143c9777a415aeabcd579a6addae28b161a5640c1d7d1a87ab32eec5fcb68aa4f548d5d26a44233bac28f9a8e2

    • SSDEEP

      393216:TEkZQtss27xhjJWQsUcR4NzQW+eGQRg93iObIhRS/tuLGrqT6oHd85Tv/:ThQtsZjYQFIW+e5R49MhRZqePy5T

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Process Discovery

1
T1057

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Tasks