General
-
Target
edge.exe
-
Size
11.8MB
-
Sample
240613-stw79svakh
-
MD5
0c6f9be215b7440a2b41c86ec95d06b7
-
SHA1
1bd3c80033d33d198fa214f08823140919cc6081
-
SHA256
45a1983c2e363b2caf0befe1f6a92d066e08d8877fe4240b1378c5985fcb32b3
-
SHA512
c1d738a56ab469227afa801e13eded9df3a3b0234fd9f263b965bae5275a64df7cad3b5f23ecbdf0dd28d44d0dbe240bf9783aa559b8b77334f476972707d587
-
SSDEEP
196608:NLcB7F32lvVaUBffLWDqeVs/53s8nz8MjM:Nm7J2FVdaTVj5
Malware Config
Targets
-
-
Target
edge.exe
-
Size
11.8MB
-
MD5
0c6f9be215b7440a2b41c86ec95d06b7
-
SHA1
1bd3c80033d33d198fa214f08823140919cc6081
-
SHA256
45a1983c2e363b2caf0befe1f6a92d066e08d8877fe4240b1378c5985fcb32b3
-
SHA512
c1d738a56ab469227afa801e13eded9df3a3b0234fd9f263b965bae5275a64df7cad3b5f23ecbdf0dd28d44d0dbe240bf9783aa559b8b77334f476972707d587
-
SSDEEP
196608:NLcB7F32lvVaUBffLWDqeVs/53s8nz8MjM:Nm7J2FVdaTVj5
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1