Overview

overview

10

Static

static

10

InvictaSte...re.rar

windows10-2004-x64

7

Builder.deps.json

windows10-2004-x64

3

Builder.exe

windows10-2004-x64

1

Builder.exe

windows10-2004-x64

1

Builder.ru...g.json

windows10-2004-x64

3

out/Invict...er.exe

windows10-2004-x64

9

readme.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [email protected]

  • Size

    1007KB

  • Sample

    240731-khevvawdjj

  • MD5

    42eac67509f3f66c5fe277b55f53bf85

  • SHA1

    575121a319bd51d047723d74e82983a44754b9e4

  • SHA256

    7b28d7525a6cb9cf2198a6e58e629e94eee4921644f9ba66ff0cbc92d610f0b1

  • SHA512

    383e0fca97d87d6234caac02a6b2b346cf9eb4260b931a217fa2bb4b2d379ec920b99a13d1c43ab5237813669f15d5550514fbe0489caa692861b9d87257f095

  • SSDEEP

    24576:XWTvNDsa5Hg/Vl7Y38+RjsSCMPSjA1cLY9kPlUz:Xy1n5g/VNw8+RjsSTajh8kPg

Score
10/10
invictastealercredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      [email protected]

    • Size

      1007KB

    • MD5

      42eac67509f3f66c5fe277b55f53bf85

    • SHA1

      575121a319bd51d047723d74e82983a44754b9e4

    • SHA256

      7b28d7525a6cb9cf2198a6e58e629e94eee4921644f9ba66ff0cbc92d610f0b1

    • SHA512

      383e0fca97d87d6234caac02a6b2b346cf9eb4260b931a217fa2bb4b2d379ec920b99a13d1c43ab5237813669f15d5550514fbe0489caa692861b9d87257f095

    • SSDEEP

      24576:XWTvNDsa5Hg/Vl7Y38+RjsSCMPSjA1cLY9kPlUz:Xy1n5g/VNw8+RjsSTajh8kPg

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

    • Target

      Builder.deps.json

    • Size

      413B

    • MD5

      d63849c93243f2630d66f6e185dfd38e

    • SHA1

      f6439b943edcb1ca8c5b79a966824865b1de6e2a

    • SHA256

      fa927bea80bfba0f853c21f84f63411364f57887b18c1ffb9b702ecd2dbef3fe

    • SHA512

      7a3ec17a7549ffa3c2a68844f02a86672c3dbc5c5b58b3ec602b2a792807b685cc240ff6780024993cd4b382851a67ed4bf03623299a0fafb56bae01deb5e7b1

    Score
    3/10
    behavioral2

    • Target

      Builder.dll

    • Size

      12KB

    • MD5

      fb88ad352d320b55a3c9ccdfa9aad8aa

    • SHA1

      a52d2190e291bd93e2bdd0f176984376143f2737

    • SHA256

      111dae513ae61c7edf7693a341dd0ab8b71fee33a60f3d218c0906fc809c42bb

    • SHA512

      027cbf99a734c4a48c02e7389dfc28e58a7623f8c5df820d3952d0207003da86af38eeec67844895b3fbf745ae5a2a0f9030edbf2bc3eb6ca95091bd06eca0ab

    • SSDEEP

      192:sKBiQV83wzhd91P4a6gwWY93MYPDgrdHd0BBjCPJ0RgFP2XE:3w41hQgwWk3MwDchdyBOJ0W2X

    Score
    1/10
    behavioral3

    • Target

      Builder.exe

    • Size

      145KB

    • MD5

      1866f69cfaeeda3915074a0aab36717a

    • SHA1

      e23f16b7e655c38fe825e25974ea97688447c597

    • SHA256

      b17d9682fd03dc7d18fb141718d6fc90b59e76ee6b8f39f2ace385600fad7c68

    • SHA512

      47e73abff170aa4021b5124a6820afcbba25c6f0d7d6bb5c4e2b35df454f8b7fdbc39b5d25d69e126161ba678238e2d5d98eb77ce2fecb1c00ebda2dae2e8c03

    • SSDEEP

      3072:qguAgTsGLYEZl70PsLko1Gs2T/0oim/JbRZzlZ2pJqq:q5twsLko1Gs2T/pPlZ2fq

    Score
    1/10
    behavioral4

    • Target

      Builder.runtimeconfig.json

    • Size

      372B

    • MD5

      d94cf983fba9ab1bb8a6cb3ad4a48f50

    • SHA1

      04855d8b7a76b7ec74633043ef9986d4500ca63c

    • SHA256

      1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

    • SHA512

      09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

    Score
    3/10
    behavioral5

    • Target

      out/InvictaStealer.exe

    • Size

      2.2MB

    • MD5

      986a9cd4347aa2207ae5fdbffecfae5a

    • SHA1

      541b1fc771d28fa4605605afe5e5bfa019043fee

    • SHA256

      f74146e200ac3983f6df782faa0d0807c22bfc9c2ae69ec1df6f9df439c65f5c

    • SHA512

      7cabb9e108247b40387d9e10bfd3380c6d8f1ad0e8e1728b7166a29b99449ff59eb01f5766a62daf94ca86508eaa9a831dde947f168e8b116b698fb7f523b800

    • SSDEEP

      24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtR:PBozBdhEV7q8bOQnIFWY+3Je0w5

    Score
    9/10
    credential_accessdiscoveryspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral6

    • Target

      readme.txt

    • Size

      287B

    • MD5

      e48a1963ceef8bec7934c70028a9acc2

    • SHA1

      3193071b4f9b84091edd505ff193a4e77ab83703

    • SHA256

      a1c6158a5d599640d38d23b4f8df619d1856d4c76b86184fb60233037c0ce623

    • SHA512

      65c3d1c25cd7e0b5be42c7f3f29413431897f6671f15cbb1f12d67307278ea4832daef2661f387ce6e13a0f2208ddc5e6684852b9b51e1f68dfd5ee1eeae7128

    Score
    1/10
    behavioral7

MITRE ATT&CK Enterprise v15

Tasks