General

  • Target

    ExInjector Beta v4.zip

  • Size

    30.5MB

  • Sample

    240628-2dhjlsxanl

  • MD5

    ad3b8a9abb671f15a0a963168e8cbd30

  • SHA1

    433695d8e037d85e3086c8cbbcd64324da6a19a7

  • SHA256

    2de41d31b8d3e57b38e7f1635aec6389d28e715c4887ae8fcb37c153f5800bda

  • SHA512

    d089479bed895ba899f25ed84b47dc786663f22ab5875911f706cd1193cfa6132e6f73a60aa54a846301a7a904c662241229658213131272b9427b9f778021b7

  • SSDEEP

    786432:iTwAZ92kQN06GF/5QDsXooMyCTwAZ92kQN06GF/5QDsXooMyF:UwA37QY/5QDsZ0wA37QY/5QDsZF

Malware Config

Targets

    • Target

      ExInjector Beta v4/ExInject V4.exe

    • Size

      40.4MB

    • MD5

      b5376b0ac908c1ff23f00ba4b4823f87

    • SHA1

      89f270e1404a76594b0780d70a7ab9491b1e0de3

    • SHA256

      6957aa3b521d1ddcc4a512e2fe7aa93eabf58e9a53a4acd4866c4930a881de28

    • SHA512

      49c1704611beec9469cb47c74fa285404afe33b442a2aa64dd0a4efdb5bc2cf523096d1fca9044f81d7e9ea8488f7ee8b9f3b7d015aee1bec4167bf69d555d40

    • SSDEEP

      393216:zWvz+q3V1VUIC3L+9qz8GvD7fEU2IGY/Vt1Wom6:Sz+q37/O+9q4GL7fEvILpm6

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks