General

  • Target

    sysEXEC.zip

  • Size

    18.8MB

  • Sample

    240618-xxdmjsvcrh

  • MD5

    337a3ecd26b0e8df897027abb0b9e5f0

  • SHA1

    d046f684cd33be96d5b68ec0720f56e67f804133

  • SHA256

    7a1eea1311b50e7bc80a2aeb77c772a26d275e9cede456dac7b27fadc81e3607

  • SHA512

    3e3a25662012cc71969cef1841d134d6793ed9ea8a22b7a51ce230ec0662bc6304533eafb489240dd0e1b7ae4ae9d96f709b22e04325e5a2df05af7751f7584a

  • SSDEEP

    393216:7oZJFDY1RYWSvjEXhxeNM9Ux02oiQXWns/DCOcz:7oZJq1RYWSbEXhxeNMOxNobXtbCOcz

Malware Config

Targets

    • Target

      sysEXEC/sysEXEC.exe

    • Size

      14.5MB

    • MD5

      ffd7667734dd00d965d53652f5d79cf2

    • SHA1

      8b2a829f441f3994251a7c0c4df1e0d84e310fd1

    • SHA256

      521a5689f95a3e059413c34b727b4e13d104303beed4163a7c21219541525d72

    • SHA512

      aaa88a9449414a61e0544b9402f5145cc94b75a3eb07dc110b2d1919b2417415e75821fcf3ecc13dd821c0ded7d25c33bca83a5d219656b355071b5bf9b5b42a

    • SSDEEP

      196608:sSEkv0sKYu/PaQ+DuhflMXdQmRJ8dA6lSuqaycBIGpE2o6hTOv+QKfwJ+E39j/l5:7EkZQ0dQuslSq99oWOv+9fg+EH3Pgm3

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks