General
-
Target
V2.0.0-updated.exe
-
Size
18.8MB
-
Sample
240907-q7rhtsyhrc
-
MD5
ab4761ef9ce26837ce0f76c98d24f563
-
SHA1
f41ca3c91e5491132b1569873d46207dce0c0968
-
SHA256
ce5d11f2c7b199719652d16133ae86e5bbc49963b36851e4a2ed3a1bba12240c
-
SHA512
7eb671dc30d5572f9547aee3bcb0f27b25c125039ab99e2466bffcfac1504b5494fcc91103d233e12b7557e200f8d2eefa08787ccdfc492a90c55553be565420
-
SSDEEP
393216:lqPnLFXlrrQ8DOETgsvfG03gm45J6ZjINvE0WCO8fDJd:cPLFXNrQhEb3V4GNv0WJqVd
Malware Config
Targets
-
-
Target
V2.0.0-updated.exe
-
Size
18.8MB
-
MD5
ab4761ef9ce26837ce0f76c98d24f563
-
SHA1
f41ca3c91e5491132b1569873d46207dce0c0968
-
SHA256
ce5d11f2c7b199719652d16133ae86e5bbc49963b36851e4a2ed3a1bba12240c
-
SHA512
7eb671dc30d5572f9547aee3bcb0f27b25c125039ab99e2466bffcfac1504b5494fcc91103d233e12b7557e200f8d2eefa08787ccdfc492a90c55553be565420
-
SSDEEP
393216:lqPnLFXlrrQ8DOETgsvfG03gm45J6ZjINvE0WCO8fDJd:cPLFXNrQhEb3V4GNv0WJqVd
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1