Resubmissions

26-06-2024 05:18

240626-fzl82azell 10

26-06-2024 05:12

240626-fwckeszcnm 10

General

  • Target

    XyloTool.rar

  • Size

    5.8MB

  • Sample

    240626-fwckeszcnm

  • MD5

    23431e2bb1fdb82b98285ce1daa81223

  • SHA1

    fa5e1f6f33b8ef6244a5812f64c0aab1a78077d8

  • SHA256

    79fe80b6762a5ee29c76185cd062fcf832deb1620f04ddc4de50d3358ca9373f

  • SHA512

    84afc3b4867e601ea1703e7670aa4ac8e1c57335acfe1ed4733f745bc2a2d1efef40406a312a5bd6383908de2e436fcffe5e898c62b71a12a3b41149c028f149

  • SSDEEP

    98304:4Xuoid5KMbpyo/BoPsTAlZ7pZcRnGSatjD9s4E79L9Wta5XtAuFh5vJBt0Pf:OuoidRBoP5Z74RAC4SL9WMfncH

Malware Config

Targets

    • Target

      XyloTool.exe

    • Size

      5.9MB

    • MD5

      1bae503880fbeb67ea0df79e4123eb3f

    • SHA1

      66f88a8d04503aa36f97153271e756b184915cfd

    • SHA256

      6ba55b8fc0d8a37a2d5942c54d86c267d38fc4bd4bc1339dde80190ddf800980

    • SHA512

      bea868f8215a69ff0f72a67b04cb0eeb3030b1c830c700ca29b61f1e38ccddb5401ae3285b9101d3998480a31a8e7a5fe053ad2b464de6ffdfea36cda403e663

    • SSDEEP

      98304:zN+nhj832i65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeF29hGkr/LcQ:zAn4EDOYjJlpZstQoS9Hf12VKXpbGC0E

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks