General

  • Target

    External.1.rar

  • Size

    5.8MB

  • Sample

    240620-3at9nssbqg

  • MD5

    ea1d29be660c9f4404c72b814fda36d4

  • SHA1

    305815af5248a1f60d914cb04ae11db0b7a30d80

  • SHA256

    94f13ae8d22a2679069c6ca4c8bfa8e05779b32ddc724f44211b4d218bb323ba

  • SHA512

    2904984ffea1b725040043395919ecc3446517c0833682f80a325656a6895619a2704e7aca5768129fbbf62c718250d4995cfc9e168d76a6d235d9a667707891

  • SSDEEP

    98304:qwHIj0tYl8+P1/ykQjXYgy/f1u0pGBF01Rh6e/6WFGXymM+s1mTZnnRN07RdhQ:qAIj0tYl8+dqPXYgu19uFwh6e/6sE9MS

Malware Config

Targets

    • Target

      External.1.rar

    • Size

      5.8MB

    • MD5

      ea1d29be660c9f4404c72b814fda36d4

    • SHA1

      305815af5248a1f60d914cb04ae11db0b7a30d80

    • SHA256

      94f13ae8d22a2679069c6ca4c8bfa8e05779b32ddc724f44211b4d218bb323ba

    • SHA512

      2904984ffea1b725040043395919ecc3446517c0833682f80a325656a6895619a2704e7aca5768129fbbf62c718250d4995cfc9e168d76a6d235d9a667707891

    • SSDEEP

      98304:qwHIj0tYl8+P1/ykQjXYgy/f1u0pGBF01Rh6e/6WFGXymM+s1mTZnnRN07RdhQ:qAIj0tYl8+dqPXYgu19uFwh6e/6sE9MS

    Score
    3/10
    • Target

      External.1

    • Size

      6.0MB

    • MD5

      38fc94374662e564cbdb2d28d44fc49d

    • SHA1

      c1267e0143682490d7f34c9a6c673d6d79f93314

    • SHA256

      65d867387d0fa431d50eb0dd7945507a6aa8731fb6cf6e5cb9ca7674eefb6382

    • SHA512

      0b33c4566f8ba179d6c4fb3aeefecd717230776cb8d7059b96ef327776ded0e22f58b6acecfe83371b154445bdf73c1dd75e1e6f1c76033b351dfbda3081f5b4

    • SSDEEP

      98304:uiWJEtdFByUamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RlBMMX3JxsT+:TWIFMVeN/FJMIDJf0gsAGK4RluMET+

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      <߲�#_H.pyc

    • Size

      857B

    • MD5

      caf9b8a378cf7f0d16a6d437c580bf68

    • SHA1

      0962b284c7dfc45bb195ec5379839dd4dac65fd5

    • SHA256

      253703fe645cbaff9defd459e1e443e74f393846911ba3306b9a0bfd34e7479b

    • SHA512

      efdcdae228f9cb1cda0401b5409aff15afacc1b4aa9e49b9e4cefb0b9e51c5c691d3451636fa53b807d9a20107b5cfe824c620d9826095d41bc100834a922828

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks