General

  • Target

    feather.zip

  • Size

    81.1MB

  • Sample

    240611-ws29nswcqg

  • MD5

    f2d059f5834543d166e650590f9fe573

  • SHA1

    006832be8a6184d26198ddea6f32e93927853889

  • SHA256

    a8d738c7427f3a81c50449a91fca1a4c6f801b0193ce12a2dd2d418e553b4730

  • SHA512

    d532129a63e6816cca5d79047d633ca7f7207fd1e3c0fae01134d10e7848ca77446c382eb68d4e2c7497eacda149a982edc94a7cf981e90391303e7d830f4ccf

  • SSDEEP

    1572864:VWypficxVUIm5CT+ds+fGROO8LopVFOJEE7S/0dikpEwIaBEPUHeo:VW2KmU1i+iRXU57qeikEFMHeo

Malware Config

Targets

    • Target

      feather.exe

    • Size

      81.1MB

    • MD5

      4ffa727c03dbcf8a73fd839c8773749c

    • SHA1

      31a6375fc4f2ff53287d9240696a576c28f15c30

    • SHA256

      a4c5f72184b8bb06b6202074d1c81469ea56f74dace70d09fb5c798f85d8b700

    • SHA512

      92cc6080b3a94ce7266e124fa885735ef4a12e21cb2320abb349bf67398539edff38ed8af8963d0e643fe6b2acd303951341a6eadbeeb256b15df8c1ae9b77d0

    • SSDEEP

      1572864:U4gPXMoXxnYytwXaLyC6k9sEOQZgD3nWDUENqJQRaCluoWUDwhCXkF7:U4AcKn5saZ9s5kRNqQaCKTQXkF7

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Disables Task Manager via registry modification

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks