General

  • Target

    total.exe

  • Size

    15.7MB

  • Sample

    240621-glht5azbkh

  • MD5

    3f99a7f33cb7f423ac019daa0f9fa3ee

  • SHA1

    1f254de90fb69873a3bd4d5a2aa292a2c6b60178

  • SHA256

    13241a42849c36ee19303234c9b65770dcefdee962f40468201d044af8292d4a

  • SHA512

    e0f3a472a36f40c8ea7386cb664aaf82e371fc65d80b7b70f330fc20a82d2d8ea062b1fcb8ab285afefc5159ca59d5c7be00c4f25dececa74670061f5e4a030c

  • SSDEEP

    393216:lo9DM45UUDtSJurEUWjagZew3m6bjHTw6:K9N6cYdb9Zew3mUHJ

Malware Config

Targets

    • Target

      total.exe

    • Size

      15.7MB

    • MD5

      3f99a7f33cb7f423ac019daa0f9fa3ee

    • SHA1

      1f254de90fb69873a3bd4d5a2aa292a2c6b60178

    • SHA256

      13241a42849c36ee19303234c9b65770dcefdee962f40468201d044af8292d4a

    • SHA512

      e0f3a472a36f40c8ea7386cb664aaf82e371fc65d80b7b70f330fc20a82d2d8ea062b1fcb8ab285afefc5159ca59d5c7be00c4f25dececa74670061f5e4a030c

    • SSDEEP

      393216:lo9DM45UUDtSJurEUWjagZew3m6bjHTw6:K9N6cYdb9Zew3mUHJ

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks