General

  • Target

    Leviathan Checker.exe

  • Size

    8.3MB

  • Sample

    240530-yh4e4agg81

  • MD5

    966f0f89ff2e06c641f20c8233e298ec

  • SHA1

    eea0253c0c22ffed4f00ff27dc80808a90a3cc28

  • SHA256

    bf189f1b11f451193c18d48a707acb57a94021c75ffd54ac4f1e6f44a72a2ad9

  • SHA512

    b65289ddcba268b4c9698f71e57e2b00e5105577307392149d05c3404e1bdd6330592a4ac38d90b1813b9b8f91f751c640459197f6946dbc2776e3278aad9b3b

  • SSDEEP

    196608:erFiT0cD9z9HLjv+bhqNVoBKUh8mz4Iv9PzQKu1D7A4:+i9zVL+9qz8/b4ICKuRA4

Malware Config

Targets

    • Target

      Leviathan Checker.exe

    • Size

      8.3MB

    • MD5

      966f0f89ff2e06c641f20c8233e298ec

    • SHA1

      eea0253c0c22ffed4f00ff27dc80808a90a3cc28

    • SHA256

      bf189f1b11f451193c18d48a707acb57a94021c75ffd54ac4f1e6f44a72a2ad9

    • SHA512

      b65289ddcba268b4c9698f71e57e2b00e5105577307392149d05c3404e1bdd6330592a4ac38d90b1813b9b8f91f751c640459197f6946dbc2776e3278aad9b3b

    • SSDEEP

      196608:erFiT0cD9z9HLjv+bhqNVoBKUh8mz4Iv9PzQKu1D7A4:+i9zVL+9qz8/b4ICKuRA4

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks