General
-
Target
Setup.exe
-
Size
17.8MB
-
Sample
240915-2617esxclg
-
MD5
284028bd2b2ea8f2303ce0161c7ea84a
-
SHA1
343e8d8487bdefebfdadfac66415e5f3148b3111
-
SHA256
25d239bb2c986663eef3c6b450b8b6487b1aabfa1967ee4944ac0620a76ca5cd
-
SHA512
57bb09c386ea3e26e6f7f4a623b3bf6fa1f16e5ac8c4efa8a672d6d1d2d54a555eed1d1f922997cf901e3dd43493644ad557f6484d81cbb63a7a88b32223c01c
-
SSDEEP
393216:vqPnLFXlreQ8DOETgsvfGFdgKt5vEetCXyNnZ+q:CPLFXNeQhEelk1XyNp
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
17.8MB
-
MD5
284028bd2b2ea8f2303ce0161c7ea84a
-
SHA1
343e8d8487bdefebfdadfac66415e5f3148b3111
-
SHA256
25d239bb2c986663eef3c6b450b8b6487b1aabfa1967ee4944ac0620a76ca5cd
-
SHA512
57bb09c386ea3e26e6f7f4a623b3bf6fa1f16e5ac8c4efa8a672d6d1d2d54a555eed1d1f922997cf901e3dd43493644ad557f6484d81cbb63a7a88b32223c01c
-
SSDEEP
393216:vqPnLFXlreQ8DOETgsvfGFdgKt5vEetCXyNnZ+q:CPLFXNeQhEelk1XyNp
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
5db9f36860585652c3fc424286a088ef
-
SHA1
9727de681a58bb7fb1643d853af4536543029ac7
-
SHA256
df930b0cbc457e3a83d7f8bdbe50a93042ffb4002bae042a8bd606ad8ebaa5ae
-
SHA512
468a60743264a907a4af81a2cd5e6d27781d94e9357c6ab50ea4bce892d171c1711f5512fc5f24912bc35c065c7d9a6e1b2c22306425e9c7698fd38a5c258c79
-
SSDEEP
192:wExyE2I7VD8rjchtnWdXwzVR3/oTJhw04Mdw/nw:E3MFhWuz/w1204P/w
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1