General

  • Target

    Danger.exe

  • Size

    13.3MB

  • Sample

    240710-m2cwpstemp

  • MD5

    753246758ca655f425dd579c3271aa76

  • SHA1

    e5e90bfc6e04b3a7aa0dd6bd6229503f5deae0f0

  • SHA256

    1fa5cea81cc8a36a94bb8e326d0342c8640e81fb9277bec8211fcea1760c2631

  • SHA512

    a6cbbed0966d93de7cfa0334523ebae98224fddafe17f41a321e77788dce97ff5cf45d945404da126e70163aa53db477ed24bba2688b778309034a9126bd475a

  • SSDEEP

    393216:sEkMDn5nwW+eGQRIMTozGxu8C0ibfz6e57dA8K5aWCuVl:sUDnRwW+e5R5oztZ026e51xVuVl

Malware Config

Targets

    • Target

      Danger.exe

    • Size

      13.3MB

    • MD5

      753246758ca655f425dd579c3271aa76

    • SHA1

      e5e90bfc6e04b3a7aa0dd6bd6229503f5deae0f0

    • SHA256

      1fa5cea81cc8a36a94bb8e326d0342c8640e81fb9277bec8211fcea1760c2631

    • SHA512

      a6cbbed0966d93de7cfa0334523ebae98224fddafe17f41a321e77788dce97ff5cf45d945404da126e70163aa53db477ed24bba2688b778309034a9126bd475a

    • SSDEEP

      393216:sEkMDn5nwW+eGQRIMTozGxu8C0ibfz6e57dA8K5aWCuVl:sUDnRwW+e5R5oztZ026e51xVuVl

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks