Resubmissions

30-09-2024 13:51

240930-q51nqasgjc 10

04-07-2023 01:01

230704-bc68gaca2x 7

General

  • Target

    111f77941b7654e8c728a77b49b11969.bin

  • Size

    14.1MB

  • Sample

    240930-q51nqasgjc

  • MD5

    627975455be0eacf0cb21c87d7a31854

  • SHA1

    3bdb21ef0785902a2c433230eb579cd3593edf86

  • SHA256

    f73e3710863e7464e59e4a229185b67cb74d01dab3085c78b76ec5e5d7627072

  • SHA512

    94eb7e7dab161b8be8650db4944637078b29eeb3d29f578b1d5b8dc3908255e3d3aad4cb221c5b5cb7321c8cf53b41178a4db76ec636ae9ef60ae9f73dc47e04

  • SSDEEP

    393216:lhTwyOZPIpjSjoHf7+a34sepc2kd3yZVzjOa+ogm6osFa4WZmibUlUlxuxcF1edi:lhTysejo/713Vey2ks33+c6oYNWgiyUv

Malware Config

Targets

    • Target

      43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357.exe

    • Size

      14.3MB

    • MD5

      111f77941b7654e8c728a77b49b11969

    • SHA1

      6f7dc6e8ed6fca87966226be1b05ec5aaa1639cb

    • SHA256

      43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357

    • SHA512

      3f78050f7687e64152313ac130e406e8b886e3510d066b66db15cbc6bacb458a7e77410150f625030149c22ebd237c7c40847b13b67c3b19ff45998352d70998

    • SSDEEP

      196608:Iw0sKYu/PaQ+DuvfcdQmRJ8dA6lSuqaycBIGpEqo6hTOv+QKfwJDEENxgTkSGlyP:1QQdQuslSq9RoWOv+9fgDfMIyvBF

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks