Overview

overview

9

Static

static

3

Launcher.exe

windows7-x64

1

Launcher.exe

windows10-2004-x64

9

Resubmissions

25/08/2024, 22:47

240825-2qmdbszane 9

25/08/2024, 21:26

240825-1aeswawbqd 9

25/08/2024, 21:12

240825-z2j18sxajm 9

25/08/2024, 19:29

240825-x7bwpssdkp 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Launcher.exe

  • Size

    56.9MB

  • Sample

    240825-x7bwpssdkp

  • MD5

    b3670f482f26691a50a85376ddde32ad

  • SHA1

    48b5c319abdf25365f3613893139f4f5c2f011f5

  • SHA256

    c67dc6e962a28b421cdff1b27d9efa4ba97c3d467f2e21766d168c66b971926b

  • SHA512

    fafbddb91a5df8642fc15260144cca71b3f7f244f25647ad5001f66f43dedd9feed0675650c5948e7070519f4a3318ecef4de04b12067a75f2005076f7311d7e

  • SSDEEP

    786432:WMguj8Q4VfvIqFTrY17OZvPvmPv1JPCl3wT3q0+Gra4pYZ0WMBGA6tBNB:WiAQIHIkH0AafrqXwYhAK

Score
9/10
collectioncredential_accessdiscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      56.9MB

    • MD5

      b3670f482f26691a50a85376ddde32ad

    • SHA1

      48b5c319abdf25365f3613893139f4f5c2f011f5

    • SHA256

      c67dc6e962a28b421cdff1b27d9efa4ba97c3d467f2e21766d168c66b971926b

    • SHA512

      fafbddb91a5df8642fc15260144cca71b3f7f244f25647ad5001f66f43dedd9feed0675650c5948e7070519f4a3318ecef4de04b12067a75f2005076f7311d7e

    • SSDEEP

      786432:WMguj8Q4VfvIqFTrY17OZvPvmPv1JPCl3wT3q0+Gra4pYZ0WMBGA6tBNB:WiAQIHIkH0AafrqXwYhAK

    Score
    9/10
    collectioncredential_accessdiscoveryexecutionspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks