Overview

overview

8

Static

static

1

Executor.exe

windows7-x64

7

Executor.exe

windows10-2004-x64

8

loader-o.pyc

windows7-x64

3

loader-o.pyc

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Executor.exe

  • Size

    57.1MB

  • Sample

    240630-sw3g3atbqq

  • MD5

    1140eb1cbfc34592dcbd7e2c6ebc1945

  • SHA1

    523bb13ae589e4e2dcdbd88320f14753fc96b626

  • SHA256

    43ba1e67473bebceb3526f3cc9e69f768abc344925c2b1fe747f83bb80a44fe3

  • SHA512

    c265fbf2bd892fbc18f9da082f2bcae2a0413f617c6a17ddf3938d0b590084d42514139118ad44b92bd891b39d6561feb3b4dff7cd91f23d78872e1118fbe6cf

  • SSDEEP

    786432:K9/Qm7QqMoknvNpA+vIlo0FdGgrgKvIjjk3ESWqEp+0/pWTPuxBNxGo:8/QcQqMrlpA+Ql4yvIswqrS5nNxGo

Score
8/10
defense_evasionexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      Executor.exe

    • Size

      57.1MB

    • MD5

      1140eb1cbfc34592dcbd7e2c6ebc1945

    • SHA1

      523bb13ae589e4e2dcdbd88320f14753fc96b626

    • SHA256

      43ba1e67473bebceb3526f3cc9e69f768abc344925c2b1fe747f83bb80a44fe3

    • SHA512

      c265fbf2bd892fbc18f9da082f2bcae2a0413f617c6a17ddf3938d0b590084d42514139118ad44b92bd891b39d6561feb3b4dff7cd91f23d78872e1118fbe6cf

    • SSDEEP

      786432:K9/Qm7QqMoknvNpA+vIlo0FdGgrgKvIjjk3ESWqEp+0/pWTPuxBNxGo:8/QcQqMrlpA+Ql4yvIswqrS5nNxGo

    Score
    8/10
    upxdefense_evasionexecutionpersistenceprivilege_escalationspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1behavioral2

    • Target

      loader-o.pyc

    • Size

      275KB

    • MD5

      bee718a9105b39cf5f470bc40824c271

    • SHA1

      833a64f2b46ed46e2b8b6a87ac50f847b4a051da

    • SHA256

      c12c4d01d03fc9369b29880853ee44b80b7fd20d9724ffdf5e5ede6f9d340ffe

    • SHA512

      f8c62c682f804814eb60482e6814646a5341f26fb1d6e3c042e63abf3c71c13a9d28bf21958c413bd0d53507593a25ac9893b7474a76606456c39c9092cb3c04

    • SSDEEP

      1536:I+kcfZ7Su7NnIc0rEXdca2RqpFiigtpuCmQL6At+4ZQNHtHMh/3c5iI54NSes+2g:I+kcxBib4/PR5G6TtQ6kfv0ip/OE

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks