General

  • Target

    1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64

  • Size

    6.9MB

  • Sample

    240527-ygqgvafg31

  • MD5

    bf18bb02b51874987a314cbee503f426

  • SHA1

    0ff7983c47cc5e2ab803c9a357ddd1d234a3e278

  • SHA256

    1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64

  • SHA512

    c53eebaa430338f251a8c4833875257978bf247425c38789b87fd722376a3b1136985245f5ec7102d83b453c6de0586f9666c7c1bbc6a8e67aac1ae94374e2a9

  • SSDEEP

    196608:Dr720XleNTfm/pf+xk4dWRGtrbWOjgWyb:Gy/pWu4kRGtrbvMWyb

Malware Config

Targets

    • Target

      1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64

    • Size

      6.9MB

    • MD5

      bf18bb02b51874987a314cbee503f426

    • SHA1

      0ff7983c47cc5e2ab803c9a357ddd1d234a3e278

    • SHA256

      1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64

    • SHA512

      c53eebaa430338f251a8c4833875257978bf247425c38789b87fd722376a3b1136985245f5ec7102d83b453c6de0586f9666c7c1bbc6a8e67aac1ae94374e2a9

    • SSDEEP

      196608:Dr720XleNTfm/pf+xk4dWRGtrbWOjgWyb:Gy/pWu4kRGtrbvMWyb

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks