General

  • Target

    moksAiV1.1.exe

  • Size

    10.1MB

  • Sample

    240620-q8p2ds1dkg

  • MD5

    a5fecb069127cde64c8776b5b5d7e3e4

  • SHA1

    aa39950220c930f35feda221aba98a8acaea7ae7

  • SHA256

    eb0e737fecd80717da329800c7a518a548974ade3ded60d2ad61bed85b0c49cc

  • SHA512

    57f00c03cb115f96ee5cdbc3668c4addf8a5b7171c5ffa6fbb5ababf094dc1843ff2f4073bceed2e16b33e3b9f5d552917034a6106a82c359e8328f815403e59

  • SSDEEP

    196608:tOoEkN8NUF1W903eV4QR24KF5ikWMWKACyByHVKOri+81PRsv:IoEkGNsW+eGQR2n/ikWMWvyQOriP7sv

Malware Config

Targets

    • Target

      moksAiV1.1.exe

    • Size

      10.1MB

    • MD5

      a5fecb069127cde64c8776b5b5d7e3e4

    • SHA1

      aa39950220c930f35feda221aba98a8acaea7ae7

    • SHA256

      eb0e737fecd80717da329800c7a518a548974ade3ded60d2ad61bed85b0c49cc

    • SHA512

      57f00c03cb115f96ee5cdbc3668c4addf8a5b7171c5ffa6fbb5ababf094dc1843ff2f4073bceed2e16b33e3b9f5d552917034a6106a82c359e8328f815403e59

    • SSDEEP

      196608:tOoEkN8NUF1W903eV4QR24KF5ikWMWKACyByHVKOri+81PRsv:IoEkGNsW+eGQR2n/ikWMWvyQOriP7sv

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks