General

  • Target

    Hackserver.exe

  • Size

    6.0MB

  • Sample

    240603-lt5q3sbg85

  • MD5

    3ff2846552e4daf2ed1a57c942e6c4eb

  • SHA1

    2d7ff422879cc66b04736d3444c1c538d2673a9f

  • SHA256

    207d997deba4b3f52041bc9bfd2acccbc374a0ebac6347101b1d93eccb09adc0

  • SHA512

    bdd44848bed91e9b40cd8b668900f43635558f219a6d1bb7231d06aeb44b5c26744c815a963ead944167a4a3f172dd7f94bd01e818bbaa1ad7bb9cb0f04cf284

  • SSDEEP

    98304:4SSEtdFBodamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtBRjVAbB9:4S5FO4eN/FJMIDJf0gsAGK4RtBRjVs9

Malware Config

Targets

    • Target

      Hackserver.exe

    • Size

      6.0MB

    • MD5

      3ff2846552e4daf2ed1a57c942e6c4eb

    • SHA1

      2d7ff422879cc66b04736d3444c1c538d2673a9f

    • SHA256

      207d997deba4b3f52041bc9bfd2acccbc374a0ebac6347101b1d93eccb09adc0

    • SHA512

      bdd44848bed91e9b40cd8b668900f43635558f219a6d1bb7231d06aeb44b5c26744c815a963ead944167a4a3f172dd7f94bd01e818bbaa1ad7bb9cb0f04cf284

    • SSDEEP

      98304:4SSEtdFBodamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtBRjVAbB9:4S5FO4eN/FJMIDJf0gsAGK4RtBRjVs9

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks