General

  • Target

    SherlockBeta.rar

  • Size

    8.5MB

  • Sample

    240531-ze6lqadd55

  • MD5

    56577878743daafda662e806c8a0b501

  • SHA1

    596859a2837faac384ac3d65d03b9fe3ea8e673c

  • SHA256

    3722af4d4b4227498433a69999f801616be9c7fa8cb461ed8520c9e619f5feab

  • SHA512

    859ca64b8bf02761a15cf27205c6b30aa2e762066046199c72b4ef832a5c354d21106b04afaecc28f77b6183351f033de29ab7d78fcdab5bf88e42620a190007

  • SSDEEP

    196608:CzXtWbDCdyAJwqCN2EJR3v9kqyLhOkQtT5JagngMxq:SXEbDCdhBoLbCAJNgMQ

Malware Config

Targets

    • Target

      SherlockBeta/SherlockBootstrapper.exe

    • Size

      18.0MB

    • MD5

      3d1deb317e8597990bab704400717066

    • SHA1

      ba10661fe8af712312a847bed7709d74b78c5809

    • SHA256

      325473616dd8490112f047143d777128444b93fdd698f7009b2d256a89b334e6

    • SHA512

      369d146a921128e0d4bec32f4e51c464458174e34c9c7d88e5c42575ed9c291d2369a397c91859efeaa299ed9c3de8ebacd40bcf80ca287645dca7740d4ff5ec

    • SSDEEP

      196608:9rdRhI5TurErvI9pWjgaAnajMsbSEo23fQC//OoLxhN:7STurEUWjJjIfoo4jLxhN

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      F"ivb��.pyc

    • Size

      1KB

    • MD5

      5fc9cebb5d468830a8d7dfade82346e0

    • SHA1

      57ca326d0f8c81ac11eb43bff7a46bf84a06c5a3

    • SHA256

      584098a58c99bc99e338aa423e226ac36c590c7a475678ee8e6ba2dd05135c3e

    • SHA512

      30d23d78df54403dcd3f0956199e1408d313027490f0b8d2774de2e9e55c6069401cb771da83658e253da460229d701535fb57f557af4636bb1c265683144603

    Score
    1/10
    • Target

      SherlockBeta/SherlockV1.exe

    • Size

      1.7MB

    • MD5

      c3d109ce0a46245ba7d1c849199948b9

    • SHA1

      a823a2c813228a92d1afabba8b6d4019f26a2f69

    • SHA256

      3e3888288da5b945bc5b01e4d92e0f4e7bf3701b55e9d1093cb139f54c946722

    • SHA512

      fddeb5983c9858c31b67ce93b7202d18e84ca91d165b040a00c7594d74f049d83d503f27cbccc735637768ba0828961c0e700631519c1dfebb6589b67c1c44cb

    • SSDEEP

      6144:Eko8cjSDX/ow3ASp611u+V6oLvko8cjSDX/ow3ASp611u+V6oLvko8cjSDX/ow3N:cvv2

    Score
    1/10
    • Target

      SherlockBeta/Siticone.UI.dll

    • Size

      1.3MB

    • MD5

      750c58af2e56b6addecffcf152520ab8

    • SHA1

      14995e7f1d12498606d9d209d78d55fe6fd87802

    • SHA256

      27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

    • SHA512

      2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

    • SSDEEP

      24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks