General
-
Target
SpaceSoliderSS.exe
-
Size
84.3MB
-
Sample
240801-1elrzs1elh
-
MD5
f834f045522514a77a4469945d29d68e
-
SHA1
a4c3f7d3636bee1be37bf89fed8882b1145e4b1a
-
SHA256
3516ddddfac672d716e77867c51a73bf46fdeea2c5ab84b0caf76b03467cb096
-
SHA512
b0dac134f536aeb5d14316fa6cd10b05b09a5750c056c81ce7d627cbfc65c46b3fa04de0badd37fe00f73a0e8512f3249e81997a895ef5151ef99c353e3465d4
-
SSDEEP
1572864:fMe4hdV6xfeQRO3Dneef/VynQ3Y9GF0J2/3M4fvHyrIYKVemIzM:fMe4DoxfvRO3ree8I/0A/3/vHYIQjzM
Malware Config
Targets
-
-
Target
SpaceSoliderSS.exe
-
Size
84.3MB
-
MD5
f834f045522514a77a4469945d29d68e
-
SHA1
a4c3f7d3636bee1be37bf89fed8882b1145e4b1a
-
SHA256
3516ddddfac672d716e77867c51a73bf46fdeea2c5ab84b0caf76b03467cb096
-
SHA512
b0dac134f536aeb5d14316fa6cd10b05b09a5750c056c81ce7d627cbfc65c46b3fa04de0badd37fe00f73a0e8512f3249e81997a895ef5151ef99c353e3465d4
-
SSDEEP
1572864:fMe4hdV6xfeQRO3Dneef/VynQ3Y9GF0J2/3M4fvHyrIYKVemIzM:fMe4DoxfvRO3ree8I/0A/3/vHYIQjzM
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2