General

  • Target

    Shaderify Beta 8.4.4.exe

  • Size

    53.4MB

  • Sample

    240603-ks6rbaag78

  • MD5

    00fd4bc0a7baa10e72d1990cb10dd831

  • SHA1

    f9489c06d63debd3d1d42655f59f3885ec69716d

  • SHA256

    2bd09329ad4d791ebabbb6e37876ccbfba538231e91487d6fc9c7abe28ddfc64

  • SHA512

    e8a3d1fdc9fda83d9ca2789d6ebd507e9326aabb51cca0e25b55fc9b6566ec27f12db37e29030e0d5978428bf9baeea55351966b33f20fc301dcab8513f79132

  • SSDEEP

    786432:fOHETki1abURB3jCKt3+l7eeHwQXG01UsMhb0lRJR/vACVs8F5j5mgbprQLL:g1rgCKt367XwuGcdM1+zHOK5zrQLL

Malware Config

Targets

    • Target

      Shaderify Beta 8.4.4.exe

    • Size

      53.4MB

    • MD5

      00fd4bc0a7baa10e72d1990cb10dd831

    • SHA1

      f9489c06d63debd3d1d42655f59f3885ec69716d

    • SHA256

      2bd09329ad4d791ebabbb6e37876ccbfba538231e91487d6fc9c7abe28ddfc64

    • SHA512

      e8a3d1fdc9fda83d9ca2789d6ebd507e9326aabb51cca0e25b55fc9b6566ec27f12db37e29030e0d5978428bf9baeea55351966b33f20fc301dcab8513f79132

    • SSDEEP

      786432:fOHETki1abURB3jCKt3+l7eeHwQXG01UsMhb0lRJR/vACVs8F5j5mgbprQLL:g1rgCKt367XwuGcdM1+zHOK5zrQLL

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks