General

  • Target

    cosmic_tag_testing.exe

  • Size

    16.2MB

  • Sample

    240619-sngkmasenb

  • MD5

    c13e972797382d3e4d9c232abf79273d

  • SHA1

    a9dd3d75356024caebf756f2b5c23ae74fde356c

  • SHA256

    fb945a466e3abf02d02b52457dfcf99889d57157903537af2d53ed7596135b74

  • SHA512

    cc7a086431304dc8bda33ff61d9cbdd77eb0691110726cbfe42216817708215081db11cc5ae582cc693b5d0f35d252dcf8b55e2fa52d6cfe8721c8df46865011

  • SSDEEP

    393216:FEkcqY4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lnbE0PKksbuK+:FkD4bX71QtI6a8DZcIlbskBK+

Malware Config

Targets

    • Target

      cosmic_tag_testing.exe

    • Size

      16.2MB

    • MD5

      c13e972797382d3e4d9c232abf79273d

    • SHA1

      a9dd3d75356024caebf756f2b5c23ae74fde356c

    • SHA256

      fb945a466e3abf02d02b52457dfcf99889d57157903537af2d53ed7596135b74

    • SHA512

      cc7a086431304dc8bda33ff61d9cbdd77eb0691110726cbfe42216817708215081db11cc5ae582cc693b5d0f35d252dcf8b55e2fa52d6cfe8721c8df46865011

    • SSDEEP

      393216:FEkcqY4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lnbE0PKksbuK+:FkD4bX71QtI6a8DZcIlbskBK+

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks