General

  • Target

    fixed.exe

  • Size

    23.4MB

  • Sample

    240606-rqc5jsgc64

  • MD5

    6d1696528ee9e5d75759f85d22059034

  • SHA1

    50fba881accd0f35fd5713cc58ec165b94478d3b

  • SHA256

    03a38e819632cf8fd4150a1b5c5fb67aba14b6dbe92d235d53b428f63e497fae

  • SHA512

    58ea15a318be77fe5d11a5fc78d0f67d2748ea79c00e4550b66d3f52e33e6608c9bd73938165bea28a7380f4fa72c53f0a499a559caab691944022398c49b795

  • SSDEEP

    393216:2h9SCD5/7XfAh2Jp5MLurEUWjZEnBSVkRIrY874hxjEh01tLKyh/R/X8WjC+da:w9fh7YhpdbwzcY874j91NKyJRkeC+da

Malware Config

Targets

    • Target

      fixed.exe

    • Size

      23.4MB

    • MD5

      6d1696528ee9e5d75759f85d22059034

    • SHA1

      50fba881accd0f35fd5713cc58ec165b94478d3b

    • SHA256

      03a38e819632cf8fd4150a1b5c5fb67aba14b6dbe92d235d53b428f63e497fae

    • SHA512

      58ea15a318be77fe5d11a5fc78d0f67d2748ea79c00e4550b66d3f52e33e6608c9bd73938165bea28a7380f4fa72c53f0a499a559caab691944022398c49b795

    • SSDEEP

      393216:2h9SCD5/7XfAh2Jp5MLurEUWjZEnBSVkRIrY874hxjEh01tLKyh/R/X8WjC+da:w9fh7YhpdbwzcY874j91NKyJRkeC+da

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks