Resubmissions

05-08-2024 19:24

240805-x4v56swbrp 10

03-08-2024 05:43

240803-getytavdrk 10

General

  • Target

    Moon Predictor V2 (1) (1).exe

  • Size

    14.2MB

  • Sample

    240803-getytavdrk

  • MD5

    11afed49123fd774af33550dae13777a

  • SHA1

    f02c2409c589f76a1639cef002dda5f7f538e98d

  • SHA256

    07266653b14ff50a02d0be770e90e102d766cede26e92bd43eb61255c5931fca

  • SHA512

    303d1eae5e242b0c831bf235705e57d0cb92c65387d7fe7279da364100f402c2212f48972cb6dbb64c951c704ebbd7af2081164bc8884b79064d2ba15e16fd55

  • SSDEEP

    393216:Hu7L/qdQusl7Q+q9RoWOv+9fav+NNxDnDz:HCLydQu2QdborvSiv+DxDD

Malware Config

Targets

    • Target

      Moon Predictor V2 (1) (1).exe

    • Size

      14.2MB

    • MD5

      11afed49123fd774af33550dae13777a

    • SHA1

      f02c2409c589f76a1639cef002dda5f7f538e98d

    • SHA256

      07266653b14ff50a02d0be770e90e102d766cede26e92bd43eb61255c5931fca

    • SHA512

      303d1eae5e242b0c831bf235705e57d0cb92c65387d7fe7279da364100f402c2212f48972cb6dbb64c951c704ebbd7af2081164bc8884b79064d2ba15e16fd55

    • SSDEEP

      393216:Hu7L/qdQusl7Q+q9RoWOv+9fav+NNxDnDz:HCLydQu2QdborvSiv+DxDD

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks