General

  • Target

    Paypal Checker - V7 05.31.24.rar

  • Size

    15.9MB

  • Sample

    240603-adw88aca71

  • MD5

    5567395df6e82a74362ac2eeb3ed8b22

  • SHA1

    5dbd271178385588d0c38e72dfb54e394b8625f8

  • SHA256

    03d5e4bbe2c41d51f43df399a69a7a85f1e7829fb091e75edec7a5c3357d020f

  • SHA512

    1578d572c6ca524587431f609479d2c60d37d484b61d90c03e431024e275da9157bf0e2f1e8655b3e5d67beb56a14e23a0c022cbb8590bd02aa2dda438d0d429

  • SSDEEP

    393216:z+3OtYMu3nlPm7nADyn92npeBc9ZGkqsQZ47SYg:z+3OtYRxUnAEgmcjqbZVYg

Malware Config

Targets

    • Target

      Paypal Checker - V7 05.31.24.rar

    • Size

      15.9MB

    • MD5

      5567395df6e82a74362ac2eeb3ed8b22

    • SHA1

      5dbd271178385588d0c38e72dfb54e394b8625f8

    • SHA256

      03d5e4bbe2c41d51f43df399a69a7a85f1e7829fb091e75edec7a5c3357d020f

    • SHA512

      1578d572c6ca524587431f609479d2c60d37d484b61d90c03e431024e275da9157bf0e2f1e8655b3e5d67beb56a14e23a0c022cbb8590bd02aa2dda438d0d429

    • SSDEEP

      393216:z+3OtYMu3nlPm7nADyn92npeBc9ZGkqsQZ47SYg:z+3OtYRxUnAEgmcjqbZVYg

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      V7 Paypal Checker 05.20.24/Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      715a1fbee4665e99e859eda667fe8034

    • SHA1

      e13c6e4210043c4976dcdc447ea2b32854f70cc6

    • SHA256

      c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    • SHA512

      bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    • SSDEEP

      12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7

    Score
    1/10
    • Target

      V7 Paypal Checker 05.20.24/V7 Paypal Checker.exe

    • Size

      16.0MB

    • MD5

      77ad5b84e21dc1155820654b9e084362

    • SHA1

      e2c6871938a3904e1d315b055eabf2266a3f0717

    • SHA256

      6dc03a735e97cd90e7a40db2f8017d10fad1415da1323241f66bcc1047e80480

    • SHA512

      5d461dd421a85ea71e7689cd0a83a0a7964ea6d0d930494211fc166c270714f42f3824addf0db3a17624eebc96b8cf1b6567ffc456e3b3dda949e816baf0f39d

    • SSDEEP

      393216:cEk/+4u0P8AxYD3W+eGQRe9jo7BGcGlYn6bB2:c3+RnXTW+e5Re9MS2

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      creal.pyc

    • Size

      64KB

    • MD5

      b47b0a51ed2c99078312c793a5f0293a

    • SHA1

      e028bb62361641629245b3934b640028973af282

    • SHA256

      6cabf20b88035e07d207477a426b410b7352a52f80e41f1f014333db5bbe325e

    • SHA512

      ec9eb82fb26541e0ae44325e6d7e3e34291d22efa7378d13c97af996b7bf6c9c1dd398c00c577f70ee47d1d9dd0d26c0f0929e6c90052f64a970a735dd4c04b3

    • SSDEEP

      1536:7Trie+0Ql9pObo8BHWftXASFW08VgeOR2es:7TsYbo8B2VXASNMgeORk

    Score
    3/10
    • Target

      V7 Paypal Checker 05.20.24/V7 Rotation Proxies 05.23.24.txt

    • Size

      41KB

    • MD5

      78752e8ec73d4fe2e8e11a8a83259ae1

    • SHA1

      a6677bdb04d918596768c10ebe86307074668b95

    • SHA256

      532b41f2eb04e9b2311226d455c11c7d82e64807f000bf4bf4e8c5751a2385fc

    • SHA512

      3adf65e645782ccbe567581f1e70a82f35715cb30800186eb3754ce6fc9df44c386216e3236f01aa8ad8ede5effc85b4544e21f18bd42c6618df4234fcddaf88

    • SSDEEP

      768:ajUL5fXjYUe2nZB5UDzTScWz/WUNZD9A+IXe:P1fXjYxOXz/t5WXe

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks