General

  • Target

    2cb0c308999d3a1b70fd9b9151a4120c.bin

  • Size

    7.3MB

  • Sample

    240626-cstsrasakr

  • MD5

    2cb0c308999d3a1b70fd9b9151a4120c

  • SHA1

    82e6238433e83cd4c94108748439f93c861e73fa

  • SHA256

    b10488502194f6a2ba6bdf545d38f5c636f0f821564b0a174a573beaee2dfe01

  • SHA512

    15fd8ace5ff6ff21a8f218fd900adab75017dbb3c6a7cbe84643627b6e44de307f74dd2a2dde928b02d9cace0074767bf0cf9d4ed2caf58c5ef7850aa601f046

  • SSDEEP

    196608:D10cDepLjv+bhqNVoBKUh8mz4Iv9Pfu1D78:WieRL+9qz8/b4IBuR8

Malware Config

Targets

    • Target

      2cb0c308999d3a1b70fd9b9151a4120c.bin

    • Size

      7.3MB

    • MD5

      2cb0c308999d3a1b70fd9b9151a4120c

    • SHA1

      82e6238433e83cd4c94108748439f93c861e73fa

    • SHA256

      b10488502194f6a2ba6bdf545d38f5c636f0f821564b0a174a573beaee2dfe01

    • SHA512

      15fd8ace5ff6ff21a8f218fd900adab75017dbb3c6a7cbe84643627b6e44de307f74dd2a2dde928b02d9cace0074767bf0cf9d4ed2caf58c5ef7850aa601f046

    • SSDEEP

      196608:D10cDepLjv+bhqNVoBKUh8mz4Iv9Pfu1D78:WieRL+9qz8/b4IBuR8

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks