General

  • Target

    YALLO.exe

  • Size

    6.7MB

  • Sample

    240624-sxkzeazajb

  • MD5

    885338d04845c09509ec54d674507405

  • SHA1

    628134668e84bad25631a847d4b52ee70c02759a

  • SHA256

    cc0677ded0c7e2090461aeb331e5ff5196a96a41e21293298a1022e32c089ac0

  • SHA512

    53fb136683ca7b8fec1d8a3699d70b6f371f6ca98db1f57c3d44ac26ad2fd539a3c157fe41e6c5d20f7dd3dfefc9f829d7d6970e38dbc27f3da54541c0e8104e

  • SSDEEP

    196608:65Fh0peN/FJMIDJf0gsAGK5SEQRWuAKuKgi8:G0a/Fqyf0gsfNRAKW

Malware Config

Targets

    • Target

      YALLO.exe

    • Size

      6.7MB

    • MD5

      885338d04845c09509ec54d674507405

    • SHA1

      628134668e84bad25631a847d4b52ee70c02759a

    • SHA256

      cc0677ded0c7e2090461aeb331e5ff5196a96a41e21293298a1022e32c089ac0

    • SHA512

      53fb136683ca7b8fec1d8a3699d70b6f371f6ca98db1f57c3d44ac26ad2fd539a3c157fe41e6c5d20f7dd3dfefc9f829d7d6970e38dbc27f3da54541c0e8104e

    • SSDEEP

      196608:65Fh0peN/FJMIDJf0gsAGK5SEQRWuAKuKgi8:G0a/Fqyf0gsfNRAKW

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

    • Target

      m������.pyc

    • Size

      857B

    • MD5

      234f24e9edee311525c9a5c685be601a

    • SHA1

      4a7c11002b709b9963f47bd4f6188afb73e282c1

    • SHA256

      0a2b2cf86efe93717bedc31080d52a26df3ba5c174e309c971e2f52e837e269c

    • SHA512

      241f311529ca6125f7bf26a1d10b66b010d27a001b1e30426936cb8d2fa8c5389bc82fcf7f6c2dee5e14d49f058e3edc5879578d21a13b222fe1145d573505fc

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks