Overview

overview

8

Static

static

1

custom_clu...v2.exe

windows11-21h2-x64

8

loader-o.pyc

windows11-21h2-x64

3

Resubmissions

14/06/2024, 22:38

240614-2kkmjssfpj 7

14/06/2024, 22:20

240614-19k4yasbrn 7

14/06/2024, 22:19

240614-18xrcaybnd 7

14/06/2024, 21:37

240614-1gvsnsxand 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    custom_clumsy_0.5v2.exe

  • Size

    52.8MB

  • Sample

    240614-1gvsnsxand

  • MD5

    244867dbd3fda789347a4d7c6aeb2ec6

  • SHA1

    9a3d267dfc9a407ace732ba31c8758adf9d4b1a3

  • SHA256

    cfdbdb67681aa3f011c417148a72330b7e0bb8d67e3584f4ebba391a3d868753

  • SHA512

    d70fdea97811d6344062d732449a0c51c65bf0ead363a96567690df9f056e147c25103d840f651d4375e84a8f0c8818b656a43277f17b23f89263ad2bc5eaa73

  • SSDEEP

    786432:Np9S0zF3yajlAhRn+uKPrONjl0pHlo0FdGghdb7YzcY87oJESWqESnFIBkMK+p:N/S0cMAhRnOPrONJ0Vl4EdAE7FqjMF

Score
8/10
executionspywarestealerupx

Malware Config

Targets

    • Target

      custom_clumsy_0.5v2.exe

    • Size

      52.8MB

    • MD5

      244867dbd3fda789347a4d7c6aeb2ec6

    • SHA1

      9a3d267dfc9a407ace732ba31c8758adf9d4b1a3

    • SHA256

      cfdbdb67681aa3f011c417148a72330b7e0bb8d67e3584f4ebba391a3d868753

    • SHA512

      d70fdea97811d6344062d732449a0c51c65bf0ead363a96567690df9f056e147c25103d840f651d4375e84a8f0c8818b656a43277f17b23f89263ad2bc5eaa73

    • SSDEEP

      786432:Np9S0zF3yajlAhRn+uKPrONjl0pHlo0FdGghdb7YzcY87oJESWqESnFIBkMK+p:N/S0cMAhRnOPrONJ0Vl4EdAE7FqjMF

    Score
    8/10
    executionspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      loader-o.pyc

    • Size

      74KB

    • MD5

      7b8fd788c4b6c6619190501d3fba9744

    • SHA1

      f0bb37839ca93818cdc94bf604d889b9df6f0553

    • SHA256

      8a3a32fc2d2d02c0638401e923b2bc02b51f49bdc51721c9cfe19115a4fe11b0

    • SHA512

      8adaa1834667683146fa996afe6cca9bec959fa83046a689866cd7c31a3f5bf557c1e582e3a7cd38026d7dbc40ca489d492d26a127ac21cb02a2cbe982fb3213

    • SSDEEP

      1536:NI1R2NZF8LBvqUVTWQOl9DhxKiWjei3Q9H:OIkLBvqUVT4hIiWjoH

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks