General

  • Target

    MyCase_09.2024_77.js

  • Size

    396KB

  • Sample

    241001-ydw58a1bkc

  • MD5

    6b915dedbcbafa6ea29de46eca105968

  • SHA1

    41c1ef4eca2607cdebaf3029a134102bbc8633ec

  • SHA256

    b8d578da584b1afde9cd29f599685a01b4f4524f309addff244931eeb87de95e

  • SHA512

    35f98d93463a4ae01bb2b3989452ffa2eef5280e4a02bc7abf79f20cbac98c5b4dcf58ef81d2a8d5b4283bc5cbc985971f9159a77c530020bc96f14125066425

  • SSDEEP

    6144:YtmEdkq+uqmUdQbADBXXr/6C8sPqe0gQNR:DRXdcANrbwgQNR

Malware Config

Extracted

Family

metastealer

C2

kiyaqoimsiieeyqa.xyz

ssqsmisuowqcwsqo.xyz

ykqmwgsuummieaug.xyz

ewukeskgqswqesiw.xyz

cscqcsgewmwwaaui.xyz

cyoksykiamiscyia.xyz

okgomokemoucqeso.xyz

ikwacuakiqeimwua.xyz

aawcsqqaywckiwmi.xyz

aiqasksgmyeqocei.xyz

qgumcuisgaeyuqqe.xyz

eiesoycamyqqgcea.xyz

ywceswakicsqomqw.xyz

auaieuewouawygku.xyz

cmiascusccywowcs.xyz

uiqkkomkaceqacec.xyz

quqeciymqmkqccqw.xyz

ssqsauuuyyigouou.xyz

aogaakukuugqswcy.xyz

ucgwcwsuqsuwewgc.xyz

Attributes
  • dga_seed

    21845

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      MyCase_09.2024_77.js

    • Size

      396KB

    • MD5

      6b915dedbcbafa6ea29de46eca105968

    • SHA1

      41c1ef4eca2607cdebaf3029a134102bbc8633ec

    • SHA256

      b8d578da584b1afde9cd29f599685a01b4f4524f309addff244931eeb87de95e

    • SHA512

      35f98d93463a4ae01bb2b3989452ffa2eef5280e4a02bc7abf79f20cbac98c5b4dcf58ef81d2a8d5b4283bc5cbc985971f9159a77c530020bc96f14125066425

    • SSDEEP

      6144:YtmEdkq+uqmUdQbADBXXr/6C8sPqe0gQNR:DRXdcANrbwgQNR

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • MetaStealer payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.