General

  • Target

    NovaRBX.exe

  • Size

    11.0MB

  • Sample

    240529-tyd3xsbe9w

  • MD5

    fea0d725220c95cfcc57417b9b682284

  • SHA1

    41261f9656756fb6fe024ad5f8000b346782764b

  • SHA256

    be425c0983d8306b1fdeb3feef2ad6f1c4ffdc722070867f13635beb9bc5bc7e

  • SHA512

    e96c4efdd643cbe2d1e9f4202b2029b80d0c538123ca8040f037f657ae8966a2a30c7dddde950d36716c3235460d0d50afa3cb54174d9d6ae6c12cda45e11b8f

  • SSDEEP

    196608:Jsjmgg1PpGAjMGhuPD5U4YA1HeT39IigwCeE9TFa0Z8DOjCdylAM0QjZ/ko0k:Hgg1P8AxYDX1+TtIiFPY9Z8D8CclAOPv

Malware Config

Targets

    • Target

      NovaRBX.exe

    • Size

      11.0MB

    • MD5

      fea0d725220c95cfcc57417b9b682284

    • SHA1

      41261f9656756fb6fe024ad5f8000b346782764b

    • SHA256

      be425c0983d8306b1fdeb3feef2ad6f1c4ffdc722070867f13635beb9bc5bc7e

    • SHA512

      e96c4efdd643cbe2d1e9f4202b2029b80d0c538123ca8040f037f657ae8966a2a30c7dddde950d36716c3235460d0d50afa3cb54174d9d6ae6c12cda45e11b8f

    • SSDEEP

      196608:Jsjmgg1PpGAjMGhuPD5U4YA1HeT39IigwCeE9TFa0Z8DOjCdylAM0QjZ/ko0k:Hgg1P8AxYDX1+TtIiFPY9Z8D8CclAOPv

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks