General

  • Target

    sysEXEC.zip

  • Size

    18.8MB

  • Sample

    240618-hrd9kasalg

  • MD5

    b64337c77cb62ff48d87955db53a863f

  • SHA1

    e3c23ab913f0fbe28e2be66f643085b3cdb57e55

  • SHA256

    1b0f8b7a56eedd6416a91dff43c83a15ae2e4ddb966412e5abdc1acefeb8f6c2

  • SHA512

    c5b1e678b65b485daf313541e43de1ae57a55ee06e48e9b6084c8dfb9702248ffd2f9d976a525ad4acaf486d05cad764c77231ad952635bf36a969f75d3bee89

  • SSDEEP

    393216:7oZJFDY1RYfK3/ayMJ/sK43Z7/oSQlo0ztn17fOq:7oZJq1RYfKDMJ/sK4pTobllzt17Wq

Malware Config

Targets

    • Target

      sysEXEC.zip

    • Size

      18.8MB

    • MD5

      b64337c77cb62ff48d87955db53a863f

    • SHA1

      e3c23ab913f0fbe28e2be66f643085b3cdb57e55

    • SHA256

      1b0f8b7a56eedd6416a91dff43c83a15ae2e4ddb966412e5abdc1acefeb8f6c2

    • SHA512

      c5b1e678b65b485daf313541e43de1ae57a55ee06e48e9b6084c8dfb9702248ffd2f9d976a525ad4acaf486d05cad764c77231ad952635bf36a969f75d3bee89

    • SSDEEP

      393216:7oZJFDY1RYfK3/ayMJ/sK43Z7/oSQlo0ztn17fOq:7oZJq1RYfKDMJ/sK4pTobllzt17Wq

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks