General
-
Target
Shark Predictor.rar
-
Size
32.0MB
-
Sample
240720-cfrgvs1gll
-
MD5
0d1723d5644101d0863150e6bc0ec8e8
-
SHA1
f62c8cb3813953a278e664c02dc6a4e0e4ccb4fe
-
SHA256
b898d8294125b6d5d661281c132c7675518cf5bef57b28f902fbdc97e5f05d66
-
SHA512
d8a347537bb05d4eb3f655333faa88342084d51960d7faaa84557b01905333aa45911e3c38d4a7050e8e83e1981c7a52d293fcef76a0dfbb1bfb1433529bdcd2
-
SSDEEP
786432:kQwNqHevrlZXwT0IF5D0tkO5qRMCmY0wdwdWJSCvy2UpYP+:fwkHuRSf0+LMCmGwEsGw/
Behavioral task
behavioral1
Sample
Shark Predictor/Shark Predictor.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Shark Predictor/Shark Predictor.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Shark Predictor/python-3.12.4-amd64.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
Shark Predictor/python-3.12.4-amd64.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Shark Predictor/Shark Predictor.exe
-
Size
6.8MB
-
MD5
94ebee0fc8692acb4b12cb40e0aba034
-
SHA1
f8a90ebc1fa203ec9c38a8cfa343f928c81abf5c
-
SHA256
7a6809d47c3ed09ef32544325c6ffb992f78119441ffe2ec69fb3caf9bb35ff2
-
SHA512
e6631670028e9e26f7aacd54a74b5a328edc5e3f3b4fc630f38a1680631b08a236bfe81a2ee6d326246ee47fa54a1fdee67fdd6dbaa69f9a65b8b2e47e41939c
-
SSDEEP
98304:kAkwN+MdA5wqMt98MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBnLng:kAV16B6ylnlPzf+JiJCsmFMvcn6hVvU
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Shark Predictor/python-3.12.4-amd64.exe
-
Size
25.5MB
-
MD5
f3df1be26cc7cbd8252ab5632b62d740
-
SHA1
3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
-
SHA256
da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
-
SHA512
2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89
-
SSDEEP
786432:zRd0l0X/46+nq1rcVqA5Z2bQcLsv0GlYrJF55e2nRk:L5P46+q1QTILMKB5e2nRk
-
Drops file in Drivers directory
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
3Netsh Helper DLL
2Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Event Triggered Execution
3Netsh Helper DLL
2Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1