General

  • Target

    ñape.exe

  • Size

    25.7MB

  • Sample

    240526-ya3tlaab79

  • MD5

    7051a08c6f42b5832e9b7b366d22aed9

  • SHA1

    c4856f9119b010bc52ea994e35b3cb3d49fae4dd

  • SHA256

    b0f8a28363609b60ed20888564b25854ebd2af5fd46331fd92f7c56dd670930f

  • SHA512

    71cc3bb45756ed7a0f79e4b56d32b3fae375b60f5edd3b5120dc456738700c640429d6a16213d4bc20c869dffdc705585484efd924e3aca0c9ac8ee720295fd7

  • SSDEEP

    393216:cFo9DM45Ct55L1V8dkurEUWj+rMDEGPKkIbuK+:l9NMXRndbmMD4k1K+

Malware Config

Targets

    • Target

      ñape.exe

    • Size

      25.7MB

    • MD5

      7051a08c6f42b5832e9b7b366d22aed9

    • SHA1

      c4856f9119b010bc52ea994e35b3cb3d49fae4dd

    • SHA256

      b0f8a28363609b60ed20888564b25854ebd2af5fd46331fd92f7c56dd670930f

    • SHA512

      71cc3bb45756ed7a0f79e4b56d32b3fae375b60f5edd3b5120dc456738700c640429d6a16213d4bc20c869dffdc705585484efd924e3aca0c9ac8ee720295fd7

    • SSDEEP

      393216:cFo9DM45Ct55L1V8dkurEUWj+rMDEGPKkIbuK+:l9NMXRndbmMD4k1K+

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks