General

  • Target

    EvilClickerV2.3.rar

  • Size

    6.3MB

  • Sample

    240603-jbz2rsga9w

  • MD5

    bcfd85efc0089831b8a486f485ec491d

  • SHA1

    69901c7bcea1b720d638a2a94659b0015f2436cc

  • SHA256

    719f171db28a450134885f2d94cd4ba99e2c7b02b805c7a3e086c1eb2c716131

  • SHA512

    8ced7e61d6b40b633023f5563675ce8511a56f74de89590392e93282ff15f54757b0d6b45d59580d56c4800e2884581f9c2d2f19b17b46869b757bdb3ef4e4c1

  • SSDEEP

    196608:sZdV/QuZSk/HqAb2LLUFXNIXLBq6QR2GbsWa:srVEk/Vb2LLIIXd02C5a

Malware Config

Targets

    • Target

      Evil Clicker/EvilClicker.exe

    • Size

      6.5MB

    • MD5

      8883035f1bcc3d1f2bdbe1f63939f169

    • SHA1

      70e8a2e344c34b1c377f4f20a16d93b6c2f217c5

    • SHA256

      1f320e63957226fc9f8100357bf6467b77c66e3e4827d44f9a4e66d60641522c

    • SHA512

      f6211564267f9f86b10325ab6a7a1938063c72ce05c7e21e6a981f33f9b6502a3a68ba04f674d03767da493be8f10aa7d6b912e7753b49b515cd70bd9dfde72d

    • SSDEEP

      196608:ar+BmDZeXRHvUWvozWOxu9kXwvdbDlA03NhnDetB8wZhUi6:fGcXRHdKbAlbZA03bDMBjb6

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks