General
-
Target
Bloxfruits v2.exe
-
Size
24.2MB
-
Sample
240918-2y2g8axera
-
MD5
a294fe616613569e32dbeab516aab01b
-
SHA1
e337ecce3c7b6f2d9e13afa46e250ba65cfcdfd5
-
SHA256
a4346ab84b5ad8a097453bdf3ee20a0bc3995235ad5f671c03a3a389ee9b2b82
-
SHA512
a45a768c4e8a37efcf8491f9831712013e0bf33494500e87ecba5425fb93b134a0755387c4fcfc6cb155132261df0a671ec569a7fb430e02e4e45b8aedf731be
-
SSDEEP
393216:mqPnLFXlr7de9TQbq7oBDOETgsvcGFVgtv8rYfAnpMpqcv6WMqRKVHNos:LPLFXNYQbq7PE5Q8YY6lvNKVt
Malware Config
Targets
-
-
Target
Bloxfruits v2.exe
-
Size
24.2MB
-
MD5
a294fe616613569e32dbeab516aab01b
-
SHA1
e337ecce3c7b6f2d9e13afa46e250ba65cfcdfd5
-
SHA256
a4346ab84b5ad8a097453bdf3ee20a0bc3995235ad5f671c03a3a389ee9b2b82
-
SHA512
a45a768c4e8a37efcf8491f9831712013e0bf33494500e87ecba5425fb93b134a0755387c4fcfc6cb155132261df0a671ec569a7fb430e02e4e45b8aedf731be
-
SSDEEP
393216:mqPnLFXlr7de9TQbq7oBDOETgsvcGFVgtv8rYfAnpMpqcv6WMqRKVHNos:LPLFXNYQbq7PE5Q8YY6lvNKVt
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1