General
-
Target
neverlose external.exe
-
Size
18.5MB
-
Sample
240830-1s7avaydqn
-
MD5
38c661d8987b5be395dc7fb256a6b284
-
SHA1
58f7aab4bdad0fbe5f5b07a6c09e8f1d5c9e1178
-
SHA256
1a67f35a22c7d92222090056e642f83a8063806684ae07f3e3a4a818a2891c6c
-
SHA512
773bd2c55c7ebfbf78177d7c0e8e052ba4bf497caacafbfd864c32632c3be758fbabeed8280396f63a5b70c01557a306146d8107a51e84e1226de6ba093f801c
-
SSDEEP
393216:zqPnLFXlrzQ8DOETgs77fGF7gpaRvEIGVoBcVtEWq:2PLFXNzQhE7GKvI3c+
Malware Config
Targets
-
-
Target
neverlose external.exe
-
Size
18.5MB
-
MD5
38c661d8987b5be395dc7fb256a6b284
-
SHA1
58f7aab4bdad0fbe5f5b07a6c09e8f1d5c9e1178
-
SHA256
1a67f35a22c7d92222090056e642f83a8063806684ae07f3e3a4a818a2891c6c
-
SHA512
773bd2c55c7ebfbf78177d7c0e8e052ba4bf497caacafbfd864c32632c3be758fbabeed8280396f63a5b70c01557a306146d8107a51e84e1226de6ba093f801c
-
SSDEEP
393216:zqPnLFXlrzQ8DOETgs77fGF7gpaRvEIGVoBcVtEWq:2PLFXNzQhE7GKvI3c+
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1