General

  • Target

    hwidchangers.exe

  • Size

    24.2MB

  • Sample

    240601-g4ev7adc39

  • MD5

    c971ab7ae68c269c2386c1516f801959

  • SHA1

    548797da7953c9bb0644bad66979903e21babbbe

  • SHA256

    a7db57d2a94e7f1a681ebcc6f90247e28fada8e029055fec70c41e015152acfe

  • SHA512

    60478ab88215c639bc609c118db0df026efada888841e38b4ed2f7f1ad7eca587b758caa44d667b9540f748a9ff11066d991231fd77700dade6a0127e0335412

  • SSDEEP

    786432:JGpttD7yBG/jx1/N/tZUDPr4q1QtIna8DZcLlqjKh:ApttD7y0/V1l/s/42iIa6T

Malware Config

Targets

    • Target

      hwidchangers.exe

    • Size

      24.2MB

    • MD5

      c971ab7ae68c269c2386c1516f801959

    • SHA1

      548797da7953c9bb0644bad66979903e21babbbe

    • SHA256

      a7db57d2a94e7f1a681ebcc6f90247e28fada8e029055fec70c41e015152acfe

    • SHA512

      60478ab88215c639bc609c118db0df026efada888841e38b4ed2f7f1ad7eca587b758caa44d667b9540f748a9ff11066d991231fd77700dade6a0127e0335412

    • SSDEEP

      786432:JGpttD7yBG/jx1/N/tZUDPr4q1QtIna8DZcLlqjKh:ApttD7y0/V1l/s/42iIa6T

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks