General
-
Target
ArksSpoofer.exe
-
Size
7.4MB
-
Sample
240719-t3pefszepk
-
MD5
7595fe6971a43a4632a6c299fad98eb5
-
SHA1
5e7217f1e7d9adcb6bd3d64497a9d6ee908900b9
-
SHA256
cb30f10a94216876421b20d4177829fd4856ca9f52f620f61914144a5371aa4c
-
SHA512
b1665c2e667e9dbed544fb59742df18c107c3be2690a6f8afa91917508e80818ba7522578c4e0799753922bd396b827592de80a6fc7c6257983d7d9964094011
-
SSDEEP
196608:mOP9VXMo8urErvI9pWjgfPvzm6gsFE14An:7ldh8urEUWjC3zDb04An
Malware Config
Targets
-
-
Target
ArksSpoofer.exe
-
Size
7.4MB
-
MD5
7595fe6971a43a4632a6c299fad98eb5
-
SHA1
5e7217f1e7d9adcb6bd3d64497a9d6ee908900b9
-
SHA256
cb30f10a94216876421b20d4177829fd4856ca9f52f620f61914144a5371aa4c
-
SHA512
b1665c2e667e9dbed544fb59742df18c107c3be2690a6f8afa91917508e80818ba7522578c4e0799753922bd396b827592de80a6fc7c6257983d7d9964094011
-
SSDEEP
196608:mOP9VXMo8urErvI9pWjgfPvzm6gsFE14An:7ldh8urEUWjC3zDb04An
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-