General

  • Target

    Evil_Clicker_-_V2.3.rar

  • Size

    6.3MB

  • Sample

    240527-bjd59sbg72

  • MD5

    bcfd85efc0089831b8a486f485ec491d

  • SHA1

    69901c7bcea1b720d638a2a94659b0015f2436cc

  • SHA256

    719f171db28a450134885f2d94cd4ba99e2c7b02b805c7a3e086c1eb2c716131

  • SHA512

    8ced7e61d6b40b633023f5563675ce8511a56f74de89590392e93282ff15f54757b0d6b45d59580d56c4800e2884581f9c2d2f19b17b46869b757bdb3ef4e4c1

  • SSDEEP

    196608:sZdV/QuZSk/HqAb2LLUFXNIXLBq6QR2GbsWa:srVEk/Vb2LLIIXd02C5a

Malware Config

Targets

    • Target

      Evil_Clicker_-_V2.3.rar

    • Size

      6.3MB

    • MD5

      bcfd85efc0089831b8a486f485ec491d

    • SHA1

      69901c7bcea1b720d638a2a94659b0015f2436cc

    • SHA256

      719f171db28a450134885f2d94cd4ba99e2c7b02b805c7a3e086c1eb2c716131

    • SHA512

      8ced7e61d6b40b633023f5563675ce8511a56f74de89590392e93282ff15f54757b0d6b45d59580d56c4800e2884581f9c2d2f19b17b46869b757bdb3ef4e4c1

    • SSDEEP

      196608:sZdV/QuZSk/HqAb2LLUFXNIXLBq6QR2GbsWa:srVEk/Vb2LLIIXd02C5a

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Evil Clicker/EvilClicker.exe

    • Size

      6.5MB

    • MD5

      8883035f1bcc3d1f2bdbe1f63939f169

    • SHA1

      70e8a2e344c34b1c377f4f20a16d93b6c2f217c5

    • SHA256

      1f320e63957226fc9f8100357bf6467b77c66e3e4827d44f9a4e66d60641522c

    • SHA512

      f6211564267f9f86b10325ab6a7a1938063c72ce05c7e21e6a981f33f9b6502a3a68ba04f674d03767da493be8f10aa7d6b912e7753b49b515cd70bd9dfde72d

    • SSDEEP

      196608:ar+BmDZeXRHvUWvozWOxu9kXwvdbDlA03NhnDetB8wZhUi6:fGcXRHdKbAlbZA03bDMBjb6

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Target

      0v� ���.pyc

    • Size

      857B

    • MD5

      8a7b17dd255040d2cf85e96a90f39db6

    • SHA1

      1444e793280799282684021ace8ee7f16428fc79

    • SHA256

      d3c7b09a9c4eea6a26affdfa0d343bbafbe19370053251da0b3adbc972dc29a1

    • SHA512

      09c4ef3b25f8d2522d0c0e40242d19ca876f92f4407af37c56a1e86b3dd111c35ac437b2d3f84933fd6ce3b30ce8da924624a9ec110cedf31e0b6ca8e88194fe

    Score
    1/10
    • Target

      Evil Clicker/LICENSE.txt

    • Size

      1KB

    • MD5

      4995262d8a89e5f8677934b588cd1356

    • SHA1

      8b83809648d15eb79c8eb78d87e44979f563a417

    • SHA256

      a725070d879017f5274f7d0de6a8190c1da95864d0a63c23d1f4f7407b98553e

    • SHA512

      84a6dcd94ffb5ba6833ae74433c6f46821eaccece12afd7c483369a63066d0aeaa731ad009e921786bbeffa55930650c77062d62fd5eb7214d23882e8ef66fa2

    Score
    1/10
    • Target

      Evil Clicker/README.txt

    • Size

      179B

    • MD5

      d538c8807004f3f4a9844c755ef38fc6

    • SHA1

      0a2785864a2050147be4c9374973dbece8e32414

    • SHA256

      d810a9cc32b5eaa7d0b0c6b1e5fe560df52a00653050ae91639e1484828f884d

    • SHA512

      6a662ebf0918e9a17e60f788f6e1a37b04629fa7da3eb3e12602cc93c8e67902e6efe085274ae68f5229b5996ee7bd8325fefb63ce213a78fab2907b58ac053a

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks