General

  • Target

    8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f

  • Size

    7.0MB

  • Sample

    240531-rqj8vsbg74

  • MD5

    1de88b87af853d8c0bbdba884f2d0f4b

  • SHA1

    28861b7f59ca69e94e8db88899b9928fcbd4307f

  • SHA256

    8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f

  • SHA512

    cdb0caafa53ae93dda3b17d3985e08f6e49c0ba0011f7acc68383658868ff42c5deb0ccdc157ca35c3d71f2d3dfb0fc10fb0b085904167b1e965dfea8e544a04

  • SSDEEP

    196608:nrN40zXeNTfm/pf+xk4dWRGtrbWOjgWy9:Lky/pWu4kRGtrbvMWy9

Malware Config

Targets

    • Target

      8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f

    • Size

      7.0MB

    • MD5

      1de88b87af853d8c0bbdba884f2d0f4b

    • SHA1

      28861b7f59ca69e94e8db88899b9928fcbd4307f

    • SHA256

      8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f

    • SHA512

      cdb0caafa53ae93dda3b17d3985e08f6e49c0ba0011f7acc68383658868ff42c5deb0ccdc157ca35c3d71f2d3dfb0fc10fb0b085904167b1e965dfea8e544a04

    • SSDEEP

      196608:nrN40zXeNTfm/pf+xk4dWRGtrbWOjgWy9:Lky/pWu4kRGtrbvMWy9

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks