General

  • Target

    mcultimategen_v1.4.8.exe

  • Size

    19.0MB

  • Sample

    240605-pdxx3sfh77

  • MD5

    3a387732a684d7ccdefc18d762ad856e

  • SHA1

    9f36111c5516962bceb56f0f057fd01c3543e336

  • SHA256

    b6e4a7bf88e5a3ee642d3f743fe7a7e697ee22868c566df33c7698ee575bd144

  • SHA512

    94779442aab34e6a3ae5af42299acff901fd58812b1dd1ccc5e1082b2a55d940fb50a4e2cfd5f7c22102664b6d1deed4af2fd015f8a16cb1a8c97949db541438

  • SSDEEP

    393216:xxAlniYXPziGT6KP/m3pRwBA8ZYJdnd9Y:cliYXPzLWKPKu2TT

Malware Config

Targets

    • Target

      mcultimategen_v1.4.8.exe

    • Size

      19.0MB

    • MD5

      3a387732a684d7ccdefc18d762ad856e

    • SHA1

      9f36111c5516962bceb56f0f057fd01c3543e336

    • SHA256

      b6e4a7bf88e5a3ee642d3f743fe7a7e697ee22868c566df33c7698ee575bd144

    • SHA512

      94779442aab34e6a3ae5af42299acff901fd58812b1dd1ccc5e1082b2a55d940fb50a4e2cfd5f7c22102664b6d1deed4af2fd015f8a16cb1a8c97949db541438

    • SSDEEP

      393216:xxAlniYXPziGT6KP/m3pRwBA8ZYJdnd9Y:cliYXPzLWKPKu2TT

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      mcultimategen_v1.4.8.pyc

    • Size

      64KB

    • MD5

      99765b723e5696125eb61afd7805b583

    • SHA1

      d191e589e91476211d080b533748392cdd38b900

    • SHA256

      f72325d019aacdcf1761cc66b7d20f8cb4a6267ba02275b43cefae603b3bd267

    • SHA512

      a6bae3c23185743e5abc569ef1b77db644f53641c1b069ba894d36e598a8920b82c93c5fe633d47a6e0ccd639aa57087c88f03e863ce48efa096564dd138377d

    • SSDEEP

      1536:wJUsQU645Gn230Dp+QXyTm3mWxoVnwLxnm1x4Txa:ju5P30oiEmNCnUmP4Ts

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks