General

  • Target

    stub.exe

  • Size

    39.1MB

  • Sample

    240606-hjc2jabf84

  • MD5

    ceac7c6f3ef1dd5ed484339140ec4b29

  • SHA1

    dd3e4dc76baf79a350ab81c3a41a8d60603cf2b6

  • SHA256

    1d148bae80213f195da2521cd6a1d16f0d595d534dbf62c29a942fa2afc53894

  • SHA512

    1f26e8a702b0ae5c106dab38627877b404cc896d021653c9fca0e9feb2b5ce03d814d3a9f760ff43ccfd07174f304651c68f7a650b19344a4f64ce5927ccdcbe

  • SSDEEP

    786432:e+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVL9jvzVSH1QtI6a8DZcLlqZi0sx:8XGMK4XR3bLSCU/+6yPlhvhSViIb6pif

Malware Config

Targets

    • Target

      stub.exe

    • Size

      39.1MB

    • MD5

      ceac7c6f3ef1dd5ed484339140ec4b29

    • SHA1

      dd3e4dc76baf79a350ab81c3a41a8d60603cf2b6

    • SHA256

      1d148bae80213f195da2521cd6a1d16f0d595d534dbf62c29a942fa2afc53894

    • SHA512

      1f26e8a702b0ae5c106dab38627877b404cc896d021653c9fca0e9feb2b5ce03d814d3a9f760ff43ccfd07174f304651c68f7a650b19344a4f64ce5927ccdcbe

    • SSDEEP

      786432:e+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVL9jvzVSH1QtI6a8DZcLlqZi0sx:8XGMK4XR3bLSCU/+6yPlhvhSViIb6pif

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks