General

  • Target

    incognito_2.zip

  • Size

    24.2MB

  • Sample

    240603-e3hjkscf48

  • MD5

    ee4ac069a0fe67db279144aebb9e78d5

  • SHA1

    193c69f743289e7db96e8a99a3601fcdb1c6d274

  • SHA256

    b7defba55488199f41b756c4857db22d7188e15787e9008af1bb6983465d9e81

  • SHA512

    a45615ed6745ff0f09e2edb571d91e22d95dca6a889960846438207b2a2ee5240304bc4fd65e44d7140890099b1a58b496204e44ff2eb388954e28d0c6832365

  • SSDEEP

    393216:jMqhtzReutMFrrQxlL2Lm7ImA3rAFXWRi7Ytyuh21DIrwbQEnML9moapwXc:j/zNMrr51r6Hwyuh21qwbQf4oKwXc

Malware Config

Targets

    • Target

      incognito/INCOBYFRONBYPASS$$.exe

    • Size

      23.3MB

    • MD5

      ed2ce6dfacd25c327c94e635c4fc3323

    • SHA1

      92d6c8f5978a7c8c7f70f5cffa5655548dfe8ca4

    • SHA256

      ca0b8fc840038188315c95ed2114eb986011fde0bfde080b40aa74080128032c

    • SHA512

      68c08f4fc9b33f6b01f33349aa534b4ba0c3c97c695474244a170f42b5f2c1fca3cd160004231b6f2d0e3cb7f1a25aa4fb786b1ac02c643fc3e00c1fd8766aef

    • SSDEEP

      393216:Wo9DM45CsKh2Jp5M/urEUWj5EnBSVkRIrY87FNwrcf+E6PcZYE9utK+:X9NJKhNdbQzcY87Fycf+8YEWK+

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      incognito/bin/incognito-luau.dll

    • Size

      1.3MB

    • MD5

      157fd035b2a344a94166d7db3756df0e

    • SHA1

      f221d28c1deb80b4e8d9201226435aefce6b0f75

    • SHA256

      8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009

    • SHA512

      fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d

    • SSDEEP

      24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks