Overview

overview

9

Static

static

7

GRADIENT LOADER.zip

windows7-x64

3

GRADIENT LOADER.zip

windows10-2004-x64

1

1ST.exe

windows7-x64

7

1ST.exe

windows10-2004-x64

7

out.exe

windows7-x64

out.exe

windows10-2004-x64

1ST.ini

windows7-x64

1

1ST.ini

windows10-2004-x64

1

GRADIENTLOADER.exe

windows7-x64

7

GRADIENTLOADER.exe

windows10-2004-x64

9

loader-o.pyc

windows7-x64

3

loader-o.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GRADIENT LOADER.zip

  • Size

    57.4MB

  • Sample

    240824-smwm6awdlc

  • MD5

    f02ed71ab2c31d4e53327c626ec978b1

  • SHA1

    6446c506c56deb6e4cc60ea21abb1cbf24648420

  • SHA256

    8c030073c10ea9058edfb91eb8d8b60ed10a8844690a8321b8f65ab56951d268

  • SHA512

    e62c14cf8cbeb0a364da28b430e261a0ff5841847f709be9e2600d2caee4c0ec1ad91ddc85e99769ab59f116b940c6bc00af3229bb146ca6c297d784b2acd6e0

  • SSDEEP

    1572864:WBH3D5KU2J9pC2pZW3LX7wdu+avx9slHgfffuz:WBHduxZmX7sBlH4fe

Score
9/10
credential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      GRADIENT LOADER.zip

    • Size

      57.4MB

    • MD5

      f02ed71ab2c31d4e53327c626ec978b1

    • SHA1

      6446c506c56deb6e4cc60ea21abb1cbf24648420

    • SHA256

      8c030073c10ea9058edfb91eb8d8b60ed10a8844690a8321b8f65ab56951d268

    • SHA512

      e62c14cf8cbeb0a364da28b430e261a0ff5841847f709be9e2600d2caee4c0ec1ad91ddc85e99769ab59f116b940c6bc00af3229bb146ca6c297d784b2acd6e0

    • SSDEEP

      1572864:WBH3D5KU2J9pC2pZW3LX7wdu+avx9slHgfffuz:WBHduxZmX7sBlH4fe

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      1ST.exe

    • Size

      447KB

    • MD5

      58008524a6473bdf86c1040a9a9e39c3

    • SHA1

      cb704d2e8df80fd3500a5b817966dc262d80ddb8

    • SHA256

      1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326

    • SHA512

      8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31

    • SSDEEP

      6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral3behavioral4

    • Target

      out.upx

    • Size

      653KB

    • MD5

      6970ea0b6597dcd5b4f5f19f28e958a8

    • SHA1

      a0130bb7ac03ec4799c90781ca93fd1392c6d54c

    • SHA256

      481e03978ca339ce697252895efe89b09fefd3098ad247d24eeb6cca9969f553

    • SHA512

      bc95cbe9a050e3d3b713745ef399bf2817d38f8e019f6edffdd2bf755badbde766e434e39a7f32356125bba0692b694c18da8dd0762aac0c9430d45acb215e01

    • SSDEEP

      12288:nkxDoouVA2nxKkhEvdRgQriDJOIlW+yBGQowlNCWS:RRmJkioQrilOIc+yMx

    Score
    1/10
    behavioral5behavioral6

    • Target

      1ST.ini

    • Size

      2KB

    • MD5

      562a89d865e893212fd136eff6643971

    • SHA1

      be55c621edf68351db0a3ca178ce3ef1b7023e8a

    • SHA256

      42ff40789aabe42163954fd623e3463d90f45269b5f90d2f411751dc4627f2fe

    • SHA512

      7e943fb4ff503144d282db7116bdcf0815969f5c0f5ea8c2b709663244741c387fea8890de5c7574871cbd4287473f3b588d82b17ae80ab653adf3a145f3d360

    Score
    1/10
    behavioral7behavioral8

    • Target

      GRADIENTLOADER.exe

    • Size

      77.3MB

    • MD5

      033068e1bd57cbc0c3643875c82c03eb

    • SHA1

      7c7a25f00bacb09677781098e9c7818972599cc5

    • SHA256

      cadf54b2cb4ac1ee63f3b1908385c1ad43e1a713e724f81b5ecd5b6c31bd235f

    • SHA512

      586009d992246194d36e396cfecafcec94c741c714669a2ed28d5ca029ab31efc7b6aa9684da551b9a9df582072d77aae09ab2245c0f86ea941194ef2adfdd52

    • SSDEEP

      1572864:gxB7vFQqMrlpA+Ql4VddvIe6MqQZ19Wb04xhMk:gxBJyklAdvNF/9e0eh

    Score
    9/10
    credential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral10behavioral9

    • Target

      loader-o.pyc

    • Size

      79KB

    • MD5

      8e4b7e74bb365c740b739aeb5d073fbe

    • SHA1

      4933cc64a93c20f5bc8ef7d2aa3606905dcdc27b

    • SHA256

      a8a3f69b773248c3fe533c7dcbd5c91a1cd2653510c37cfba893c63f0d454045

    • SHA512

      c7389d474bba02868399bb34c3a2dea8e39f688f76760ffccd88ad7a6f4dc5f8cdfbf223399e015f3d98c25e4279aa9ab73db651fc902f1f2afa94fd6db26569

    • SSDEEP

      768:3SrRsuFjZePNqDFCGuroU6v4/aT1ZVnITCXeHUeNtNvRQ+Ou3qmgprQvO4H15SY:3sR3jZewCGu6EaT1UThHD1JQ+OscpGOs

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

1
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks