General

  • Target

    Scrillex Tool.exe

  • Size

    8.0MB

  • Sample

    240619-zsdg4awbkl

  • MD5

    1f33f9dd3869f120850d3a9ec60e895d

  • SHA1

    a3342ba3a83ad8ee6ef93fc414f0819379860ea2

  • SHA256

    93b8d5e9a747a26271f8f6699727f5bf9f3b50fabe9032ec5c34d2bc33ed2db2

  • SHA512

    e771f8585ce8e617a07122b5910080f8e061dba9cc719a3ec18c3b2f169a33040132c6f9fb6672709db54f7975b3160386be5066c07211fad23489fe4e04980f

  • SSDEEP

    98304:28zHqdVfB2FS27w4X7yuT/9vUIdD9C+z3zO917vOTh+ezDNh7JvmJ1nmOBN9n4mM:2cQsZ7bT/9bvLz3S1bA3z4n97Y1

Malware Config

Targets

    • Target

      Scrillex Tool.exe

    • Size

      8.0MB

    • MD5

      1f33f9dd3869f120850d3a9ec60e895d

    • SHA1

      a3342ba3a83ad8ee6ef93fc414f0819379860ea2

    • SHA256

      93b8d5e9a747a26271f8f6699727f5bf9f3b50fabe9032ec5c34d2bc33ed2db2

    • SHA512

      e771f8585ce8e617a07122b5910080f8e061dba9cc719a3ec18c3b2f169a33040132c6f9fb6672709db54f7975b3160386be5066c07211fad23489fe4e04980f

    • SSDEEP

      98304:28zHqdVfB2FS27w4X7yuT/9vUIdD9C+z3zO917vOTh+ezDNh7JvmJ1nmOBN9n4mM:2cQsZ7bT/9bvLz3S1bA3z4n97Y1

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks