General

  • Target

    FireSafe2.exe

  • Size

    8.2MB

  • Sample

    240603-jcfphsgb2w

  • MD5

    b313bf2117a3f913868841a695a20e32

  • SHA1

    445f9a39f48d95dd3c57821cadc6cbfca6cd0165

  • SHA256

    3ecf3dc9b79725ed6966d2f79f2e8feef96aa0c5ec1c2ad6dcfcd4d53d872a12

  • SHA512

    dd121426df097429e02355bc5774e1f421414afb2d56b9d9fd1769e347faf4bf7a38d2d4d43f7e632421b70fdd5276f3eb5a3bd56a924e6ae4c94fcbd94785d1

  • SSDEEP

    196608:Nr3vA9VEcurErvI9pWjgfPvzm6gs/SEjEB4AuF:F47urEUWjC3zDAa84AuF

Malware Config

Targets

    • Target

      FireSafe2.exe

    • Size

      8.2MB

    • MD5

      b313bf2117a3f913868841a695a20e32

    • SHA1

      445f9a39f48d95dd3c57821cadc6cbfca6cd0165

    • SHA256

      3ecf3dc9b79725ed6966d2f79f2e8feef96aa0c5ec1c2ad6dcfcd4d53d872a12

    • SHA512

      dd121426df097429e02355bc5774e1f421414afb2d56b9d9fd1769e347faf4bf7a38d2d4d43f7e632421b70fdd5276f3eb5a3bd56a924e6ae4c94fcbd94785d1

    • SSDEEP

      196608:Nr3vA9VEcurErvI9pWjgfPvzm6gs/SEjEB4AuF:F47urEUWjC3zDAa84AuF

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks