General

  • Target

    09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2

  • Size

    6.9MB

  • Sample

    240527-wxm1jsea58

  • MD5

    20d8ae67143710a585884b9fe368a5d7

  • SHA1

    c8cef7f07490294bffad57630165cec7229232ed

  • SHA256

    09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2

  • SHA512

    24ab172bb32e12ce2106e7d7bd060acc533ef54cf4fbab84c26d3cb333ac2d78a60dd7d0fc01d88fa7ec5bfea92f7896e60b6ba097872e3fea7f77cc611f1a92

  • SSDEEP

    196608:drtP0QKeNTfm/pf+xk4dWRGtrbWOjgWy6:jFy/pWu4kRGtrbvMWy6

Malware Config

Targets

    • Target

      09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2

    • Size

      6.9MB

    • MD5

      20d8ae67143710a585884b9fe368a5d7

    • SHA1

      c8cef7f07490294bffad57630165cec7229232ed

    • SHA256

      09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2

    • SHA512

      24ab172bb32e12ce2106e7d7bd060acc533ef54cf4fbab84c26d3cb333ac2d78a60dd7d0fc01d88fa7ec5bfea92f7896e60b6ba097872e3fea7f77cc611f1a92

    • SSDEEP

      196608:drtP0QKeNTfm/pf+xk4dWRGtrbWOjgWy6:jFy/pWu4kRGtrbvMWy6

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks