General

  • Target

    variobeta.exe

  • Size

    7.4MB

  • Sample

    240531-1kcq9sfc64

  • MD5

    321f4cf12473f004464aa797966517a2

  • SHA1

    a3cddb8878b89c504449b7c40d039ec616f8c1c6

  • SHA256

    af83f9089626a51404c25f162ae74f173fec31bcf450b13ccfa8656e850ba463

  • SHA512

    622fa0a314696bdb767c541c3703b7b44650abe038024fb61773c4cb351e6867dde280460674d9fd30dc2f4592e84f458e398b3109021d079abc3918bdc55127

  • SSDEEP

    196608:HrxU8PULjv+bhqNVoB0SEsucQZ41JBbIP11tJG:G8P0L+9qz80SJHQK1Jy1vJG

Malware Config

Targets

    • Target

      variobeta.exe

    • Size

      7.4MB

    • MD5

      321f4cf12473f004464aa797966517a2

    • SHA1

      a3cddb8878b89c504449b7c40d039ec616f8c1c6

    • SHA256

      af83f9089626a51404c25f162ae74f173fec31bcf450b13ccfa8656e850ba463

    • SHA512

      622fa0a314696bdb767c541c3703b7b44650abe038024fb61773c4cb351e6867dde280460674d9fd30dc2f4592e84f458e398b3109021d079abc3918bdc55127

    • SSDEEP

      196608:HrxU8PULjv+bhqNVoB0SEsucQZ41JBbIP11tJG:G8P0L+9qz80SJHQK1Jy1vJG

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      �[P���.pyc

    • Size

      1KB

    • MD5

      956871cfc9edcf840c977906354c9631

    • SHA1

      fd05d45b2e6814727fa8a8088ab55b1d24b39ad0

    • SHA256

      9f3f7422c54536316341e6b6109525dc06e76ee9bef78e13b85bdbcdff33c9b1

    • SHA512

      0c6a5c7d59d5aacad43bde37c080ebcfcdcd56b20130adc5a0a1a0c65912d6e929b6b49063adeba5f3dd062e7c95bf85ba829ba149bd290278036c32e97f9364

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks