General

  • Target

    DaddyMadu-Windows-Optimizer.bat

  • Size

    9KB

  • Sample

    240815-snl54sycjd

  • MD5

    453b29a2c477aa84c97285b7334c43c6

  • SHA1

    4f6640464df12d128584067741a917c1d8adf976

  • SHA256

    254a1b759ec149b625aa975ebd6cdf155cc6d513ceeccfbcc03aa3a14356c162

  • SHA512

    5a49897433600b2b11d1ea21056f00b626447d199f0faf4ed70e37c9091026820e39f9bd49e4d167702991dfc4852590c5de4df20a52bc07a0ea877b9dc97791

  • SSDEEP

    192:Z4TfI3NGRTDBPdDYQBiUnBxn5oCobCAoC4jIymBAlBsPfjhNlLGKbqtC1:K0NGNDVdDYQz9/jawOeqDd

Malware Config

Targets

    • Target

      DaddyMadu-Windows-Optimizer.bat

    • Size

      9KB

    • MD5

      453b29a2c477aa84c97285b7334c43c6

    • SHA1

      4f6640464df12d128584067741a917c1d8adf976

    • SHA256

      254a1b759ec149b625aa975ebd6cdf155cc6d513ceeccfbcc03aa3a14356c162

    • SHA512

      5a49897433600b2b11d1ea21056f00b626447d199f0faf4ed70e37c9091026820e39f9bd49e4d167702991dfc4852590c5de4df20a52bc07a0ea877b9dc97791

    • SSDEEP

      192:Z4TfI3NGRTDBPdDYQBiUnBxn5oCobCAoC4jIymBAlBsPfjhNlLGKbqtC1:K0NGNDVdDYQz9/jawOeqDd

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Download via BitsAdmin

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks