Resubmissions

27-05-2024 12:07

240527-paaclscb86 10

27-05-2024 11:55

240527-n3sh8aae9s 10

General

  • Target

    RBTD_Launcher_crack.exe

  • Size

    8.1MB

  • Sample

    240527-n3sh8aae9s

  • MD5

    033881cf6c1de3868ff09e232d7982ef

  • SHA1

    191bef665178ca0302de0bfd7936409accd046da

  • SHA256

    60e87c31ab8ac75fed7827c03fb50c07cb8566a5d6f7be7abfb32405e2d9c712

  • SHA512

    84521b9b362c54cba41ecf74614e84fe0f348d3b21c2e33e8ebb0f3e30e9bfc8997dd70435b84652b081e026e8b4dc259ba234b66acae275d495bcf9f96c2c0b

  • SSDEEP

    196608:7UYGU6aOshoKMuIkhVastRL5Di3unSEa1D7dJJ:QYfFOshouIkPftRL54XtRDJ

Malware Config

Targets

    • Target

      RBTD_Launcher_crack.exe

    • Size

      8.1MB

    • MD5

      033881cf6c1de3868ff09e232d7982ef

    • SHA1

      191bef665178ca0302de0bfd7936409accd046da

    • SHA256

      60e87c31ab8ac75fed7827c03fb50c07cb8566a5d6f7be7abfb32405e2d9c712

    • SHA512

      84521b9b362c54cba41ecf74614e84fe0f348d3b21c2e33e8ebb0f3e30e9bfc8997dd70435b84652b081e026e8b4dc259ba234b66acae275d495bcf9f96c2c0b

    • SSDEEP

      196608:7UYGU6aOshoKMuIkhVastRL5Di3unSEa1D7dJJ:QYfFOshouIkPftRL54XtRDJ

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks