General

  • Target

    LeagueFVM_2.2.exe

  • Size

    22.2MB

  • Sample

    240603-a3s8vsda8x

  • MD5

    323c5554ba396eafe23a462f96db6b0e

  • SHA1

    e094035104e30f8ee8963a8d671301fa53269d93

  • SHA256

    54e11d707eb6904fa1f3262b461a12bf5e4040c71ed155a58d68b1e2f7a2a93e

  • SHA512

    f466e21ec60bda298392076b27fbc314b0c72e193bde3c7a36c0139b488556f238fa085a811369ce0bda7575ab02e33dbca469c893de4ff7d2dcb183d4acf64e

  • SSDEEP

    393216:VEkQLQtss27vCJWQsUcR4NzQW+eGQRg93iObIhRS/PcLprpJnU6oHd85Tv/:VYQts5CYQFIW+e5R49MhR+cV9lEy5T

Malware Config

Targets

    • Target

      LeagueFVM_2.2.exe

    • Size

      22.2MB

    • MD5

      323c5554ba396eafe23a462f96db6b0e

    • SHA1

      e094035104e30f8ee8963a8d671301fa53269d93

    • SHA256

      54e11d707eb6904fa1f3262b461a12bf5e4040c71ed155a58d68b1e2f7a2a93e

    • SHA512

      f466e21ec60bda298392076b27fbc314b0c72e193bde3c7a36c0139b488556f238fa085a811369ce0bda7575ab02e33dbca469c893de4ff7d2dcb183d4acf64e

    • SSDEEP

      393216:VEkQLQtss27vCJWQsUcR4NzQW+eGQRg93iObIhRS/PcLprpJnU6oHd85Tv/:VYQts5CYQFIW+e5R49MhR+cV9lEy5T

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to get system information as a root user.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks