General

  • Target

    Fluxus.exe

  • Size

    8.2MB

  • Sample

    240620-1cg11ssapj

  • MD5

    581dc82e9979e1c60521294837f866f1

  • SHA1

    ebaa244d50a0207e76cb96214ec5959d5b9a27f8

  • SHA256

    3658b5bea1cf77e1d38fb1021a1bc2c481fdd9c3cac8d9d381d764a54a9f1392

  • SHA512

    6f187a90b04dddb9cbf7c427af8e93b7ba547ecd6b246019669c7d6184733863cc1b748d41758805865ffc609c65bd42d06e2db75a935a63c115608dea47e259

  • SSDEEP

    196608:eTFEH5tYqsxC0etQPQeN/FJMIDJf0gsAGK4RwuAKpa/H:pt30fP//Fqyf0gstLAKy

Malware Config

Targets

    • Target

      Fluxus.exe

    • Size

      8.2MB

    • MD5

      581dc82e9979e1c60521294837f866f1

    • SHA1

      ebaa244d50a0207e76cb96214ec5959d5b9a27f8

    • SHA256

      3658b5bea1cf77e1d38fb1021a1bc2c481fdd9c3cac8d9d381d764a54a9f1392

    • SHA512

      6f187a90b04dddb9cbf7c427af8e93b7ba547ecd6b246019669c7d6184733863cc1b748d41758805865ffc609c65bd42d06e2db75a935a63c115608dea47e259

    • SSDEEP

      196608:eTFEH5tYqsxC0etQPQeN/FJMIDJf0gsAGK4RwuAKpa/H:pt30fP//Fqyf0gstLAKy

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks