General

  • Target

    0.4 Private tool v2 clumsy.exe

  • Size

    6.0MB

  • Sample

    240629-nf9tzswfrh

  • MD5

    26f3bc26ba45792d5545959d9a858ed1

  • SHA1

    dd4dc39ad555ecc5547cad730d3926edc4b80602

  • SHA256

    9d4bbfe5521c3a0a171e05ca3598bc2889e0c1e0da7914edcdc2dbe5a21b566d

  • SHA512

    7d55c642d9459c953dc08c570dd025081d4cc2ca9c21b744ae306c2b3c74eb9a67fec1cbd6e94545219d262d5b5adc961db736f48d354bff7c292e82ee8be207

  • SSDEEP

    98304:jgXdQGXqkqM9RL4afkhk9Y+YNwh1SMCJbzRnPJ8iE/56Y3ZDJ1n6hBnLnzTF:q5RL4ack9Y7m7SMYNPKBtn6hVvTF

Malware Config

Targets

    • Target

      0.4 Private tool v2 clumsy.exe

    • Size

      6.0MB

    • MD5

      26f3bc26ba45792d5545959d9a858ed1

    • SHA1

      dd4dc39ad555ecc5547cad730d3926edc4b80602

    • SHA256

      9d4bbfe5521c3a0a171e05ca3598bc2889e0c1e0da7914edcdc2dbe5a21b566d

    • SHA512

      7d55c642d9459c953dc08c570dd025081d4cc2ca9c21b744ae306c2b3c74eb9a67fec1cbd6e94545219d262d5b5adc961db736f48d354bff7c292e82ee8be207

    • SSDEEP

      98304:jgXdQGXqkqM9RL4afkhk9Y+YNwh1SMCJbzRnPJ8iE/56Y3ZDJ1n6hBnLnzTF:q5RL4ack9Y7m7SMYNPKBtn6hVvTF

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks