General
-
Target
dx9.exe
-
Size
18.5MB
-
Sample
240821-1jvwfssarf
-
MD5
faadd01d257cf17c3f6b17050f4b77b4
-
SHA1
6769ce3d93a35eade879198f36bdf6c1b30a304d
-
SHA256
60de4e2a39aaf0b8ab00c69c2ada98a5fa338ca6d80bb44c738b743947445060
-
SHA512
52001ff520153f639672a455e66c80860d77bf98c65b754b71fd0f86adb40c1b871fe362c2ac43bd892ada8db458d4220608bbbaabbf748d98da8ba73e71d60f
-
SSDEEP
393216:hqPnLFXlrzQ8DOETgs77fGF8gDhEEvElbYbVpCujq:IPLFXNzQhE7tmulqpQ
Malware Config
Targets
-
-
Target
dx9.exe
-
Size
18.5MB
-
MD5
faadd01d257cf17c3f6b17050f4b77b4
-
SHA1
6769ce3d93a35eade879198f36bdf6c1b30a304d
-
SHA256
60de4e2a39aaf0b8ab00c69c2ada98a5fa338ca6d80bb44c738b743947445060
-
SHA512
52001ff520153f639672a455e66c80860d77bf98c65b754b71fd0f86adb40c1b871fe362c2ac43bd892ada8db458d4220608bbbaabbf748d98da8ba73e71d60f
-
SSDEEP
393216:hqPnLFXlrzQ8DOETgs77fGF8gDhEEvElbYbVpCujq:IPLFXNzQhE7tmulqpQ
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
67c98bddbfa33b07c7928c076004ce5b
-
SHA1
69e708e4beb52f58507433f1dcd93fb399a82f39
-
SHA256
e39ad208f69d4e64b3e376d12d9bdde64c49538e275248d1af0a52ea852d027c
-
SHA512
4c44569448257749f692cee7883e056eba5a91377d3c5bb79c3c0143696d0c4eb8b53c5377ab6ca7658966ead488b2f9fcae487036598ebd9cfbeedd9c09918f
-
SSDEEP
192:wveCvsSfQz5D80VlWdXwjmm2kiJhwNcQ7Mdwi8nw:w1vj4WuE2NBPi8w
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1