4fd84148422e99070028431cb36c5fe6f45a68720be5a4aa72c9ab1ba5ec3833

Analysis

max time kernel
126s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Clothing-Stealer.exe
Size

9.7MB
MD5

240b72867deed080c7da36463b1e2f64
SHA1

4617d785b81744cf3ada74fa7581106eb5f886ef
SHA256

4fd84148422e99070028431cb36c5fe6f45a68720be5a4aa72c9ab1ba5ec3833
SHA512

dcabdf97c69d8de147204d1e9eb283796bd96b1190e1ff339f8d475d7bc5b3647caa8a1c3b370fe5620ed2e3e3c74e96309a47ba28bae0448f5f986e37959f9f
SSDEEP

196608:nxrS3tEFDUpQ5/ISExbAQveDtwq+ZkiKDI5SErx0vtef5z88i:JS9dM/ISExvSaq+ZkFnsx065g

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 18 IoCs

Processes:

Clothing-Stealer.exe

pid	process
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe
3464	Clothing-Stealer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

38 raw.githubusercontent.com
39 raw.githubusercontent.com

flow	ioc
38	raw.githubusercontent.com
39	raw.githubusercontent.com

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Clothing-Stealer.exeClothing-Stealer.exe

description	pid	process	target process
PID 348 wrote to memory of 3464	348	Clothing-Stealer.exe	Clothing-Stealer.exe
PID 348 wrote to memory of 3464	348	Clothing-Stealer.exe	Clothing-Stealer.exe
PID 3464 wrote to memory of 3204	3464	Clothing-Stealer.exe	cmd.exe
PID 3464 wrote to memory of 3204	3464	Clothing-Stealer.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Clothing-Stealer.exe
"C:\Users\Admin\AppData\Local\Temp\Clothing-Stealer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:348

C:\Users\Admin\AppData\Local\Temp\Clothing-Stealer.exe
"C:\Users\Admin\AppData\Local\Temp\Clothing-Stealer.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4316,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=1340 /prefetch:8
1⤵
PID:1132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI3482\VCRUNTIME140.dll
Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\_bz2.pyd
Filesize
81KB

MD5
56203038756826a0a683d5750ee04093

SHA1
93d5a07f49bdcc7eb8fba458b2428fe4afcc20d2

SHA256
31c2f21adf27ca77fa746c0fda9c7d7734587ab123b95f2310725aaf4bf4ff3c

SHA512
3da5ae98511300694c9e91617c152805761d3de567981b5ab3ef7cd3dbba3521aae0d49b1eb42123d241b5ed13e8637d5c5bc1b44b9eaa754657f30662159f3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\_ctypes.pyd
Filesize
120KB

MD5
462fd515ca586048459b9d90a660cb93

SHA1
06089f5d5e2a6411a0d7b106d24d5203eb70ec60

SHA256
bf017767ac650420487ca3225b3077445d24260bf1a33e75f7361b0c6d3e96b4

SHA512
67851bdbf9ba007012b89c89b86fd430fce24790466fefbb54431a7c200884fc9eb2f90c36d57acd300018f607630248f1a3addc2aa5f212458eb7a5c27054b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\_hashlib.pyd
Filesize
63KB

MD5
7a74284813386818ada7bf55c8d8acf9

SHA1
380c4184eec7ca266e4c2b96bb92a504dfd8fe5f

SHA256
21a1819013de423bb3b9b682d0b3506c6ef57ee88c61edf4ba12d8d5f589c9c2

SHA512
f8bc4ac57ada754006bbbb0bfa1ccb6c659f9c4d3270970e26219005e872b60afb9242457d8eb3eae0ce1f608f730da3bf16715f04b47bea4c95519dd9994a46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\_lzma.pyd
Filesize
154KB

MD5
14ea9d8ba0c2379fb1a9f6f3e9bbd63b

SHA1
f7d4e7b86acaf796679d173e18f758c1e338de82

SHA256
c414a5a418c41a7a8316687047ed816cad576741bd09a268928e381a03e1eb39

SHA512
64a52fe41007a1cac4afedf2961727b823d7f1c4399d3465d22377b5a4a5935cee2598447aeff62f99c4e98bb3657cfae25b5c27de32107a3a829df5a25ba1ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\_queue.pyd
Filesize
30KB

MD5
60dec90862b996e56aedafb2774c3475

SHA1
ce6ff24b2cc03aff2e825e1cf953cba10c139c9d

SHA256
9568ef8bae36edae7347b6573407c312ce3b19bbd899713551a1819d6632da46

SHA512
c4b2066975f5d204a7659a2c7c6bc6dfc9a2fc83d7614dbbc0396f3dcc8b142df9a803f001768bfd44ca6bfa61622836b20a9d68871954009435449ae6d76720

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\_socket.pyd
Filesize
77KB

MD5
c389430e19f1cd4c2e7b8538e8c52459

SHA1
546ed5a85ad80a7b7db99f80c7080dc972e4f2a2

SHA256
a14efa68d8f7ec018fb867a6ba6c6c290a803b4001fd8c45db7bda66fb700067

SHA512
5bef6c90c65bf1d4be0ce0d0cb3f38fe288f5716c93e444cf12f89f066791850d8316d414f1d795ff148c9e841cda90ef9c35ceb4a499563f28d068a6b427671

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\_ssl.pyd
Filesize
156KB

MD5
7c7223f28c0c27c85a979ad222d19288

SHA1
4185e671b1dc56b22134c97cd8a4a67747887b87

SHA256
4ec47beadc4fd0d38fa39092244c108674012874f3190ee0e484aa988b94f986

SHA512
f3e813b954357f1bc323d897edf308a99ed30ff451053b312f81b6baae188cda58d144072627398a19d8d12fe659e4f40636dbbdf22a45770c3ca71746ec2df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\base_library.zip
Filesize
1.0MB

MD5
3e16d579a240ccf2db5322a6694240fc

SHA1
7dc6cb32762a730346e207a8bed0017ca12979fa

SHA256
68a497f1c286ee26af7d85594069e79ddc17ad63f141efff96f92e9952fb67b9

SHA512
12939e85e883cbe76565e90f2aa4aa0bfb7a4cf0788760abd368d6dc8b9d5f76d7d62a4e649b5169aa88b72fe844024102c79e8f3783cb167b90a99c7d0838c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\certifi\cacert.pem
Filesize
279KB

MD5
7adbcc03e8c4f261c08db67930ec6fdd

SHA1
edc6158964acc5999ed5413575dd9a650a6bcdb2

SHA256
de5f02716b7fa8be36d37d2b1a2783dd22ee7c80855f46d8b4684397f11754f2

SHA512
58299ed51d66a801e2927d13c4304b7020eac80982559c7b898c46909d0bc902eb13fea501bd600c8c19739736289342bae227510c85702b7f04bd80d5a9c723

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\libcrypto-1_1.dll
Filesize
3.3MB

MD5
80b72c24c74d59ae32ba2b0ea5e7dad2

SHA1
75f892e361619e51578b312605201571bfb67ff8

SHA256
eb975c94e5f4292edd9a8207e356fe4ea0c66e802c1e9305323d37185f85ad6d

SHA512
08014ee480b5646362c433b82393160edf9602e4654e12cd9b6d3c24e98c56b46add9bf447c2301a2b2e782f49c444cb8e37ee544f38330c944c87397bdd152a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\libssl-1_1.dll
Filesize
686KB

MD5
86f2d9cc8cc54bbb005b15cabf715e5d

SHA1
396833cba6802cb83367f6313c6e3c67521c51ad

SHA256
d98dd943517963fd0e790fde00965822aa4e4a48e8a479afad74abf14a300771

SHA512
0013d487173b42e669a13752dc8a85b838c93524f976864d16ec0d9d7070d981d129577eda497d4fcf66fc6087366bd320cff92ead92ab79cfcaa946489ac6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\python3.DLL
Filesize
64KB

MD5
24f4d5a96cd4110744766ea2da1b8ffa

SHA1
b12a2205d3f70f5c636418811ab2f8431247da15

SHA256
73b0f3952be222ce676672603ae3848ee6e8e479782bd06745116712a4834c53

SHA512
bd2f27441fe5c25c30bab22c967ef32306bcea2f6be6f4a5da8bbb5b54d3d5f59da1ffcb55172d2413fe0235dd7702d734654956e142e9a0810160b8c16225f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\python310.dll
Filesize
4.3MB

MD5
e4533934b37e688106beac6c5919281e

SHA1
ada39f10ef0bbdcf05822f4260e43d53367b0017

SHA256
2bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5

SHA512
fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\select.pyd
Filesize
29KB

MD5
c6ef07e75eae2c147042d142e23d2173

SHA1
6ef3e912db5faf5a6b4225dbb6e34337a2271a60

SHA256
43ee736c8a93e28b1407bf5e057a7449f16ee665a6e51a0f1bc416e13cee7e78

SHA512
30e915566e7b934bdd49e708151c98f732ff338d7bc3a46797de9cca308621791276ea03372c5e2834b6b55e66e05d58cf1bb4cb9ff31fb0a1c1aca0fcdc0d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\ucrtbase.dll
Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3482\unicodedata.pyd
Filesize
1.1MB

MD5
d4964a28a22078c30064c65e968f9e1f

SHA1
b9b95975bea97a55c888da66148d54bdb38b609b

SHA256
b204718d21952369726472ca12712047839119ccf87e16979af595c0a57b6703

SHA512
bfe200b255ae1ddba53d98d54479e7e1d0932fb27bbfdcb4170d3d4cbbbfc297e3b5fd273b830399b795feb64cd0d9c48d0e1e0eaf72d0e0992261864e2d7296

Download Submit