General

  • Target

    unlockerFPSfix.exe

  • Size

    7.1MB

  • Sample

    240527-yv8kkshf36

  • MD5

    85d00e7632bdea73c43b8cada80ca0ba

  • SHA1

    69b0834d3add52f75d30c1ae0cc2fa166fb1f9c9

  • SHA256

    67688cd112dad040da88c6dad7efa983f2f49f4d001a0e961c3d82d5b0025e5e

  • SHA512

    78b2b75e462c59e8f47977c6a0b4be230d0ea5693dd1312242caa75d3c8fac83b97f80caab0453ec4e82808bc3cc7da298ce07ab9eebdb46f4d7d9eb6c2ca6c0

  • SSDEEP

    98304:SozHqdVfB2GyuT/9vUIdD9C+z3zO917vOTh+ezsNhx5S2zh/hQqBvyAEozr1bFyF:SAQsGbT/9bvLz3S1bA329OqNXEod58h

Malware Config

Targets

    • Target

      unlockerFPSfix.exe

    • Size

      7.1MB

    • MD5

      85d00e7632bdea73c43b8cada80ca0ba

    • SHA1

      69b0834d3add52f75d30c1ae0cc2fa166fb1f9c9

    • SHA256

      67688cd112dad040da88c6dad7efa983f2f49f4d001a0e961c3d82d5b0025e5e

    • SHA512

      78b2b75e462c59e8f47977c6a0b4be230d0ea5693dd1312242caa75d3c8fac83b97f80caab0453ec4e82808bc3cc7da298ce07ab9eebdb46f4d7d9eb6c2ca6c0

    • SSDEEP

      98304:SozHqdVfB2GyuT/9vUIdD9C+z3zO917vOTh+ezsNhx5S2zh/hQqBvyAEozr1bFyF:SAQsGbT/9bvLz3S1bA329OqNXEod58h

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      loader-o.pyc

    • Size

      1KB

    • MD5

      279790b1a309f1ae81a40e804d329265

    • SHA1

      456671851352bdafe0b1beab94573dd8502ee88c

    • SHA256

      45ca42da74b4bef9c5b0b48e00f1b9fda1c5a42670fbc0d1aec4b8cd14bb8ce7

    • SHA512

      601a8326184be78f6bf5926a15da3783ba0de2391564774b27a75e836251098369c366d1ddf04db4a9cb0286a0a39005a05aace55dc760ff1fcd25922756d6f7

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks