General

  • Target

    Vanguard.exe

  • Size

    53.6MB

  • Sample

    240611-wk2m6swckj

  • MD5

    3286da65a9513a996c6b5449dbcf1d5a

  • SHA1

    2b04696f6537a53ccb58985efc735d50f4ca8cdb

  • SHA256

    04f590e3dec6b6ea50a1377916c591e2950e8e2e88e4c6c4902a3e7eb985cebe

  • SHA512

    73732b7ce132e1b006dc4a73edc1740e41d0ed30ffbd6e1ecc1ee6e00040bf905b12352fadbb87cdb3bbe491f5324b4c66ad3568449926d0d72bfebb481960d9

  • SSDEEP

    786432:g19ShzF3yajlAhRn+uKPrONjl0pHlo0FdGghdb8zcY87oJESWqESpxplBkMK+u:mShcMAhRnOPrONJ0Vl4EdoE7FqoMa

Score
7/10

Malware Config

Targets

    • Target

      Vanguard.exe

    • Size

      53.6MB

    • MD5

      3286da65a9513a996c6b5449dbcf1d5a

    • SHA1

      2b04696f6537a53ccb58985efc735d50f4ca8cdb

    • SHA256

      04f590e3dec6b6ea50a1377916c591e2950e8e2e88e4c6c4902a3e7eb985cebe

    • SHA512

      73732b7ce132e1b006dc4a73edc1740e41d0ed30ffbd6e1ecc1ee6e00040bf905b12352fadbb87cdb3bbe491f5324b4c66ad3568449926d0d72bfebb481960d9

    • SSDEEP

      786432:g19ShzF3yajlAhRn+uKPrONjl0pHlo0FdGghdb8zcY87oJESWqESpxplBkMK+u:mShcMAhRnOPrONJ0Vl4EdoE7FqoMa

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks