General

  • Target

    VoidBeta.rar

  • Size

    7.2MB

  • Sample

    240531-elkmlsed8x

  • MD5

    193062112d1d4ccdc16e635acf5542e5

  • SHA1

    35072633d6400c4a3c493832d0f0669d61e9c35b

  • SHA256

    5d0dfb6487cb5cd027644670048f255b465124c106ee43f94a7566b8b748535d

  • SHA512

    8f869b7f4e6a8e1e45d0ee02b3a99f008b65fa12d573684afb903395eb464e06cd25906f24afa755fe957df29e25c64eae6376a8edc5982acfb2d54966afc8d2

  • SSDEEP

    196608:nehnH99SKtBLYPsMtVHfQO7tOUtl8GvcpGGky8Pa:ehdptB1MXQOpdl7cpGGkTPa

Malware Config

Targets

    • Target

      VoidBeta/VoidBeta.exe

    • Size

      7.4MB

    • MD5

      247217477ecaaa189d0d6e99530f9a5d

    • SHA1

      a61aa6f5bf9ccb7fa02b02833120dea91b64b594

    • SHA256

      838f8253ab0565b1af383cb26371138bfc4b7aae99d0dab056a28670c28829f7

    • SHA512

      b59034734fab28f87feb9ddb01788bce7e78f42f3c7b5fa109ce438c291b838748455742dfe5048686f53fe5479a9fc6cd0142c6b0b0f3d139fd90127482911d

    • SSDEEP

      196608:jrEeZurErvI9pWjgyvoaYrE41JIuIqoxkR:JZurEUWjdo/H1J9oGR

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks