General

  • Target

    StartBotNet.exe

  • Size

    6.9MB

  • Sample

    240624-q4gt8aydqr

  • MD5

    49a84723ce9c5eb7b023e5650b05f987

  • SHA1

    7d7895834e26df3bcf292717bed20d4107c788fe

  • SHA256

    a2cffb22e4f0fd46b17626c25ed79cd04f5e166352ece6fcfe4bf3685a943c15

  • SHA512

    789ced61880b4612ec99e21a3f56315a88d0483b5340a9a9b87f11f5face6a256c985dd40e60ff0ae93f6c59a51f9550bad07dbe239800a293d1d8338171f441

  • SSDEEP

    98304:3vDjWM8JEE1rBamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIFWR:3v0MeNTfm/pf+xk4dWRGtrbWOjgWyr

Malware Config

Targets

    • Target

      StartBotNet.exe

    • Size

      6.9MB

    • MD5

      49a84723ce9c5eb7b023e5650b05f987

    • SHA1

      7d7895834e26df3bcf292717bed20d4107c788fe

    • SHA256

      a2cffb22e4f0fd46b17626c25ed79cd04f5e166352ece6fcfe4bf3685a943c15

    • SHA512

      789ced61880b4612ec99e21a3f56315a88d0483b5340a9a9b87f11f5face6a256c985dd40e60ff0ae93f6c59a51f9550bad07dbe239800a293d1d8338171f441

    • SSDEEP

      98304:3vDjWM8JEE1rBamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIFWR:3v0MeNTfm/pf+xk4dWRGtrbWOjgWyr

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

    • Target

      WA��.pyc

    • Size

      1KB

    • MD5

      1389e21e7fce0794d5cfa31ebb28c746

    • SHA1

      defbb515439644f4263d0b8aefc19cae4526cfdf

    • SHA256

      4e30657ffd9b127022c7d293758f3878c36eac3f297912b605e2815643f9e41b

    • SHA512

      99b299eae15cbce1cc4b5b89390ae14227b36eea792663b61ddc3b021aace4a9ecc89aec6f492d1f23f208aa98d02e4ad03ffce9c5b954ec9fcd5de99d76cb19

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks