Overview

overview

7

Static

static

3

Shark Predictor.rar

windows7-x64

3

Shark Predictor.rar

windows10-2004-x64

3

Shark Pred...ad.txt

windows7-x64

1

Shark Pred...ad.txt

windows10-2004-x64

1

Shark Pred...or.exe

windows7-x64

7

Shark Pred...or.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Shark Predictor.rar

  • Size

    17.7MB

  • Sample

    240722-trpabaxakk

  • MD5

    9cb82bc05579d8e047d2187fe3926839

  • SHA1

    df043b623097629580ae8c9df68c17e4664f9152

  • SHA256

    d2ab792a87f650bb12c89d42531762ccbed4abdccc29aae2aa0cf81c98885878

  • SHA512

    f14bb27913a39fa88fed09aea84c358b98660e4cfb805a15917e1d398308b05b1b1687325a135d49cf1f67e494d49e5aad21762fb623241639f83e58cbe7f420

  • SSDEEP

    393216:Qx9ejTA7iTh8soxWIxv8C0GgTRW1BIcmtdSY8EE/BRAoNlX9jMLFkd4XZ:QxgTAshVoxWIWggtW1BIcmtdV8EEBRAJ

Score
7/10
executionpersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Shark Predictor.rar

    • Size

      17.7MB

    • MD5

      9cb82bc05579d8e047d2187fe3926839

    • SHA1

      df043b623097629580ae8c9df68c17e4664f9152

    • SHA256

      d2ab792a87f650bb12c89d42531762ccbed4abdccc29aae2aa0cf81c98885878

    • SHA512

      f14bb27913a39fa88fed09aea84c358b98660e4cfb805a15917e1d398308b05b1b1687325a135d49cf1f67e494d49e5aad21762fb623241639f83e58cbe7f420

    • SSDEEP

      393216:Qx9ejTA7iTh8soxWIxv8C0GgTRW1BIcmtdSY8EE/BRAoNlX9jMLFkd4XZ:QxgTAshVoxWIWggtW1BIcmtdV8EEBRAJ

    Score
    3/10
    behavioral1behavioral2

    • Target

      Shark Predictor/Read.txt

    • Size

      286B

    • MD5

      dd50cac1427727182147c9d18864b235

    • SHA1

      9bcf809847543cbdf5a102ca4a9919f9a891ca52

    • SHA256

      3eb169de4a61a8ebef5b20be0926e5f7c58ee743a3be81673553784f5310d8a9

    • SHA512

      b9b03f217078d1a95ff7a7ebbd424340c4c45506d76b0dcc758f6081ecb6156d8af02bd0d716c409835ef071898108dd6d713e7e8bfe69ad215dbc7292c4fdd4

    Score
    1/10
    behavioral3behavioral4

    • Target

      Shark Predictor/Shark Predictor.exe

    • Size

      17.8MB

    • MD5

      241211133c03a0a9555ca91b5da47fec

    • SHA1

      6589e56c563b335186d1e0717dca432eb664391f

    • SHA256

      372ea9ae9e5acf24a31fea3cfa936b6197c1277624043764fffe1e00d0d94609

    • SHA512

      06ec337fa331022285b8fca7a93d135f752e4d07a7793cd9b6e799475eccf992b0610326173f7588ec728b28ee455f6b5a05e0cbc52974e605b44b1118e30f6e

    • SSDEEP

      393216:0KF+JuCwCRDP8ihyvLiXYCSaXzDWoRDLDyBC1hIHkpyiASnG3YlwZQ:/+JhnDBzoOHDiiA5I

    Score
    7/10
    executionpyinstallerupxpersistenceprivilege_escalationspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks