General
-
Target
⟹-ⓞ#ⓞLa-t-e$-st-#-Se-t-up-#-PAs$sc0dE-#ⓞ9192ⓞ#-⟸.zip
-
Size
20.2MB
-
Sample
240906-xzfjxstdkp
-
MD5
71aede4516b8e7f9361f38c5e11a9cc5
-
SHA1
dba853dc7fb28c4da5cfbdd2a11a7bf5ee67326e
-
SHA256
8db5af786475fd163cb4fb80396123c6e2a6ed403a7b6a8259719745a1f4779a
-
SHA512
aad82b7724ced73f853c9e5ab0b1d22341a2699ccb3af60b3dfd3300687bf71290dea557a668e9288e150dae8ee8135bb78cde3edbff011077f6b9b65ad1a0ba
-
SSDEEP
393216:sHmG4h93kkgugoJOUHDthdTT7V/tDYMyveikAGO9DcTp:h7hyBugqTT/H6nGOFsp
Static task
static1
Behavioral task
behavioral1
Sample
⟹-ⓞ#ⓞLa-t-e$-st-#-Se-t-up-#-PAs$sc0dE-#ⓞ9192ⓞ#-⟸/⟹-ⓞ#ⓞLa-t-e$-st-#-Se-t-up-#-PAs$sc0dE-#ⓞ9192ⓞ#-⟸.rar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
⟹-ⓞ#ⓞLa-t-e$-st-#-Se-t-up-#-PAs$sc0dE-#ⓞ9192ⓞ#-⟸/⟹-ⓞ#ⓞLa-t-e$-st-#-Se-t-up-#-PAs$sc0dE-#ⓞ9192ⓞ#-⟸.rar
Resource
win10v2004-20240802-en
Malware Config
Extracted
cryptbot
forv14pt.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
⟹-ⓞ#ⓞLa-t-e$-st-#-Se-t-up-#-PAs$sc0dE-#ⓞ9192ⓞ#-⟸/⟹-ⓞ#ⓞLa-t-e$-st-#-Se-t-up-#-PAs$sc0dE-#ⓞ9192ⓞ#-⟸.rar
-
Size
20.2MB
-
MD5
b0088132e07006d811fa0cad898b64c1
-
SHA1
21aa01005fe6e9c53c030bca59250ab88c301a5f
-
SHA256
2cd7984b6226f9fe5542b6083e2552b37df78b9160e1549ee330a96f93ac2ffc
-
SHA512
30235cb2e9d6fb1085f943a0f8a4e33c153e79262258d149383014d6e402fb4d076d7024c829eb48465b0bbb79a7ae3dd357c8c7620eea954767d3f04a1ff6eb
-
SSDEEP
393216:nHmG4h93kkgugoJOUHDthdTT7V/tDYMyveikAGO9DcT2:G7hyBugqTT/H6nGOFs2
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1