General

  • Target

    2conturi.exe

  • Size

    6.3MB

  • Sample

    240623-p8kk8s1dqc

  • MD5

    492dac44e56be4fbf25bace24bace15f

  • SHA1

    866d9574dd56590275728a44d0329f51ad2aaee5

  • SHA256

    5c62b5baeed56897d9bc76d27f168e773bc754ab47397db591b6d64d4f955c49

  • SHA512

    db55ad57d6419562690f596eb3611e938830f53d27e34849eda41aabc67efa225c7706f6543c731c03f2963f5df28d145001861ae981a325adb3b939af12df87

  • SSDEEP

    98304:IgXdPJ75YthU6TccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1pg:L5e66TraRRnz+R8zmPm1D7x

Malware Config

Targets

    • Target

      2conturi.exe

    • Size

      6.3MB

    • MD5

      492dac44e56be4fbf25bace24bace15f

    • SHA1

      866d9574dd56590275728a44d0329f51ad2aaee5

    • SHA256

      5c62b5baeed56897d9bc76d27f168e773bc754ab47397db591b6d64d4f955c49

    • SHA512

      db55ad57d6419562690f596eb3611e938830f53d27e34849eda41aabc67efa225c7706f6543c731c03f2963f5df28d145001861ae981a325adb3b939af12df87

    • SSDEEP

      98304:IgXdPJ75YthU6TccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1pg:L5e66TraRRnz+R8zmPm1D7x

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks