General

  • Target

    elsify.exe

  • Size

    7.3MB

  • Sample

    240625-x43j9a1anr

  • MD5

    e4b286423740d4f4829ce2cb0eaa84d2

  • SHA1

    98ae80a330920c598743690c2d2a2dac4248eeda

  • SHA256

    fe6511f0175fc0f7e50e034e2bc3d43ce0488348e6a76919ef921db512535fe8

  • SHA512

    febfcd2a3dd60cb4d369f9b4d793a1acef4337f2168294c218849d51c82c2785985bda794a581976efb6b93299199c887e2c13488377adf695c214402952a210

  • SSDEEP

    196608:HEYS62/OshoKMuIkhVastRL5Di3uh1D7JU:kYSv/OshouIkPftRL54YRJU

Malware Config

Targets

    • Target

      elsify.exe

    • Size

      7.3MB

    • MD5

      e4b286423740d4f4829ce2cb0eaa84d2

    • SHA1

      98ae80a330920c598743690c2d2a2dac4248eeda

    • SHA256

      fe6511f0175fc0f7e50e034e2bc3d43ce0488348e6a76919ef921db512535fe8

    • SHA512

      febfcd2a3dd60cb4d369f9b4d793a1acef4337f2168294c218849d51c82c2785985bda794a581976efb6b93299199c887e2c13488377adf695c214402952a210

    • SSDEEP

      196608:HEYS62/OshoKMuIkhVastRL5Di3uh1D7JU:kYSv/OshouIkPftRL54YRJU

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks