General

  • Target

    Win64OpenSSL-3_3_0 (1).exe

  • Size

    8.2MB

  • Sample

    240624-cpppmavdkh

  • MD5

    b9a396bfe10c492b1cf53fa91983744e

  • SHA1

    0fbd3eb257ae25edc8486d5a4c3dd511531a9d76

  • SHA256

    a431d570cc8881bc03f4b0dc02265b1c3f865d38f80a18e02719280254f6074b

  • SHA512

    8ab912fda8cd8f77fe0507f0943ae23812b3fd6550e106a21189ef181a634f620a50867caa009f70ad50ccdf4801d2ebe00fcc80040bf6292da5710f162c06bc

  • SSDEEP

    196608:9kfQXwuLIourErvI9pWjgN3ZdahF0pbH1AYSEp1CtQsNI/SBmUJ:c6urEUWjqeWxQX6nWvJ

Malware Config

Targets

    • Target

      Win64OpenSSL-3_3_0 (1).exe

    • Size

      8.2MB

    • MD5

      b9a396bfe10c492b1cf53fa91983744e

    • SHA1

      0fbd3eb257ae25edc8486d5a4c3dd511531a9d76

    • SHA256

      a431d570cc8881bc03f4b0dc02265b1c3f865d38f80a18e02719280254f6074b

    • SHA512

      8ab912fda8cd8f77fe0507f0943ae23812b3fd6550e106a21189ef181a634f620a50867caa009f70ad50ccdf4801d2ebe00fcc80040bf6292da5710f162c06bc

    • SSDEEP

      196608:9kfQXwuLIourErvI9pWjgN3ZdahF0pbH1AYSEp1CtQsNI/SBmUJ:c6urEUWjqeWxQX6nWvJ

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks