General

  • Target

    Shaderify_8.4.4.rar

  • Size

    53.8MB

  • Sample

    240603-krfthahe2w

  • MD5

    e3524c572f69d40b68fff74e6e682205

  • SHA1

    3abcaca785898235d5cb141155e110440cad75e9

  • SHA256

    db11f713b75df9ffea554ca36aa4135d4e258198af482eb4e72f45b74141f14b

  • SHA512

    5a1e5575dcfd71cbddb99d28a67a0a01ccdbf5cc91f5aa0dd7d08e1046402a5be13f2e47cd179bce265726fea58974593c2054487c7babc668feac03174a45bd

  • SSDEEP

    786432:2iOHETki1abUwp4cKt3pIlWf9KazQTqbuUGpudQ1EyU2FXG73mPaGrbaBq5H/p/C:O1rycKt3pG6VbuUuFUv2PaGSq7/QcW

Malware Config

Targets

    • Target

      Shaderify 8.4.4.exe

    • Size

      53.4MB

    • MD5

      505ea174fba0dea1147a32496c847101

    • SHA1

      879cc448363cf6bfbbdf2a45f652fe4ca6720f98

    • SHA256

      dd4ce9e1a9daf52b9264ed81d72af9a0c7037d4f09af1883bce0faaeef91e914

    • SHA512

      2a952ac23fdbced88fa302346b26a853f1bc1824958dcb80e42df5ad37733b0349d3a207c2fa1aab8137048324f5aa2515b877c21dbcb6a0429ab59a5f1d9bc7

    • SSDEEP

      786432:MOHETki1abUwp4cKt3pIlWf9KazQTqbuUGpudQ1EyU2FXG73mPaGrbaBq5H/p/Qk:H1rycKt3pG6VbuUuFUv2PaGSq7/Qc5

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks