General

  • Target

    CypherExecutor.exe

  • Size

    8.2MB

  • Sample

    240603-jafxhaga6v

  • MD5

    eedf8816578dd8f29f275ba872dc778a

  • SHA1

    28533ef5cb7267cb79dafe274b04a78578b74bb3

  • SHA256

    1cd1eaa9c7cb3d1946ef75414098f3c10183e3c4b2f1dce6eafc768b3b104b39

  • SHA512

    50baa6c1e28ff2fe96053a154758b858622a7eac0619c74193338d2d3a571785ce2f38bd43f585223d992c937d4bdb60965ccb522d77cfd2b05d094178bac856

  • SSDEEP

    196608:nrHdwurErvI9pWjgyvoaYrE41JIVSESIqoxkg:iurEUWjdo/H1JHFoGg

Malware Config

Targets

    • Target

      CypherExecutor.exe

    • Size

      8.2MB

    • MD5

      eedf8816578dd8f29f275ba872dc778a

    • SHA1

      28533ef5cb7267cb79dafe274b04a78578b74bb3

    • SHA256

      1cd1eaa9c7cb3d1946ef75414098f3c10183e3c4b2f1dce6eafc768b3b104b39

    • SHA512

      50baa6c1e28ff2fe96053a154758b858622a7eac0619c74193338d2d3a571785ce2f38bd43f585223d992c937d4bdb60965ccb522d77cfd2b05d094178bac856

    • SSDEEP

      196608:nrHdwurErvI9pWjgyvoaYrE41JIVSESIqoxkg:iurEUWjdo/H1JHFoGg

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks