General

  • Target

    triggerbot.exe

  • Size

    6.3MB

  • Sample

    240530-v7crwsgd74

  • MD5

    61d00638dc9b675029fa77ce234b63c8

  • SHA1

    ec0b83c515ffe998f508e63be9587637d5f2ba7d

  • SHA256

    562011f4373d048ed2b60deb22b126686aee96ceac8255196d599b5f9f378416

  • SHA512

    6d1e249bc6a0a9a098a1c09fbc55fad2522ebdff2cbf201f066925cf1dbe60c74ae9582831166b902c2e0d18f5233ef4a3cbb78104c2d2ae86a1f654b7024900

  • SSDEEP

    98304:yQ9HY75YthUIccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1ST:nm5e6IraRRnz+R8zmPf1D7JT

Malware Config

Targets

    • Target

      triggerbot.exe

    • Size

      6.3MB

    • MD5

      61d00638dc9b675029fa77ce234b63c8

    • SHA1

      ec0b83c515ffe998f508e63be9587637d5f2ba7d

    • SHA256

      562011f4373d048ed2b60deb22b126686aee96ceac8255196d599b5f9f378416

    • SHA512

      6d1e249bc6a0a9a098a1c09fbc55fad2522ebdff2cbf201f066925cf1dbe60c74ae9582831166b902c2e0d18f5233ef4a3cbb78104c2d2ae86a1f654b7024900

    • SSDEEP

      98304:yQ9HY75YthUIccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1ST:nm5e6IraRRnz+R8zmPf1D7JT

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks