General

  • Target

    artmoney-v13.1.3 (1).exe

  • Size

    6.3MB

  • Sample

    240620-13phsatdkq

  • MD5

    7149016b02e5f652c1a1ce1a455f2298

  • SHA1

    0b32fcfc404499b65461a3e78509095d2a8c7da3

  • SHA256

    08d1ca9a16a259ea715919ef13d3dbfbdfd1b87bb4036bf7c3c6a58f560c7dc0

  • SHA512

    64825a789fbd38c9fb1a792575136753fef49d1e6fded8fd0e913b56eb69ac43ac7a25a9a1a5a3cf74fe5613d41bbb556fa4eddabfe7c2aa66e3900ccb2b91ea

  • SSDEEP

    98304:ugXd7y75YthUSNccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1prE:I5e6SNraRRnz+R8zmPm1D7J

Malware Config

Targets

    • Target

      artmoney-v13.1.3 (1).exe

    • Size

      6.3MB

    • MD5

      7149016b02e5f652c1a1ce1a455f2298

    • SHA1

      0b32fcfc404499b65461a3e78509095d2a8c7da3

    • SHA256

      08d1ca9a16a259ea715919ef13d3dbfbdfd1b87bb4036bf7c3c6a58f560c7dc0

    • SHA512

      64825a789fbd38c9fb1a792575136753fef49d1e6fded8fd0e913b56eb69ac43ac7a25a9a1a5a3cf74fe5613d41bbb556fa4eddabfe7c2aa66e3900ccb2b91ea

    • SSDEEP

      98304:ugXd7y75YthUSNccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1prE:I5e6SNraRRnz+R8zmPm1D7J

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks