Resubmissions

27-05-2024 12:07

240527-paaclscb86 10

27-05-2024 11:55

240527-n3sh8aae9s 10

General

  • Target

    RBTD_Launcher_crack.exe

  • Size

    8.1MB

  • Sample

    240527-paaclscb86

  • MD5

    033881cf6c1de3868ff09e232d7982ef

  • SHA1

    191bef665178ca0302de0bfd7936409accd046da

  • SHA256

    60e87c31ab8ac75fed7827c03fb50c07cb8566a5d6f7be7abfb32405e2d9c712

  • SHA512

    84521b9b362c54cba41ecf74614e84fe0f348d3b21c2e33e8ebb0f3e30e9bfc8997dd70435b84652b081e026e8b4dc259ba234b66acae275d495bcf9f96c2c0b

  • SSDEEP

    196608:7UYGU6aOshoKMuIkhVastRL5Di3unSEa1D7dJJ:QYfFOshouIkPftRL54XtRDJ

Malware Config

Targets

    • Target

      RBTD_Launcher_crack.exe

    • Size

      8.1MB

    • MD5

      033881cf6c1de3868ff09e232d7982ef

    • SHA1

      191bef665178ca0302de0bfd7936409accd046da

    • SHA256

      60e87c31ab8ac75fed7827c03fb50c07cb8566a5d6f7be7abfb32405e2d9c712

    • SHA512

      84521b9b362c54cba41ecf74614e84fe0f348d3b21c2e33e8ebb0f3e30e9bfc8997dd70435b84652b081e026e8b4dc259ba234b66acae275d495bcf9f96c2c0b

    • SSDEEP

      196608:7UYGU6aOshoKMuIkhVastRL5Di3unSEa1D7dJJ:QYfFOshouIkPftRL54XtRDJ

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      F�d��<�.pyc

    • Size

      1KB

    • MD5

      72ffa14edbc474b1dd3ae8b20a171404

    • SHA1

      65db44651c40ee6cd5ba3e3186cd9ab969e95b15

    • SHA256

      f187254b4c4d97031b6314deda0af0cb0af1187f99e9b2072cd97bedfb6989fd

    • SHA512

      00e8086a806eb28b9e85a1a0d6fb907b9a99fd9cd53cf2b9717206ab13a0ec57f29ef4be36ec6b9db84c32dc4e11b8ed2d3904f1ca5c16f744f581061db9ec78

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks