General
-
Target
images.jpeg
-
Size
6KB
-
Sample
241002-mjs5za1dqn
-
MD5
15e343aa84d9765669d81b5c718b9331
-
SHA1
58c14dbf7bacaa8cac24fcae95d744b80924faae
-
SHA256
0753f3b0d88583f5a39b5fcdc34c729def11b4ff89c2d4d553810a949a2a3186
-
SHA512
4a48526d3553bbd5537717699b5a08848ff3f47e10dc56147e47fdfd1ef8dabb159fa1b1efe3475e7885fa967190d07939f5fd724a9ac4caba57e6c44aeb9fea
-
SSDEEP
192:k0VBcGEUcNUYvyHjxdgeFCbXFMDVFSu9/iy:bBInUYmdCeFCTFM5xhiy
Malware Config
Targets
-
-
Target
images.jpeg
-
Size
6KB
-
MD5
15e343aa84d9765669d81b5c718b9331
-
SHA1
58c14dbf7bacaa8cac24fcae95d744b80924faae
-
SHA256
0753f3b0d88583f5a39b5fcdc34c729def11b4ff89c2d4d553810a949a2a3186
-
SHA512
4a48526d3553bbd5537717699b5a08848ff3f47e10dc56147e47fdfd1ef8dabb159fa1b1efe3475e7885fa967190d07939f5fd724a9ac4caba57e6c44aeb9fea
-
SSDEEP
192:k0VBcGEUcNUYvyHjxdgeFCbXFMDVFSu9/iy:bBInUYmdCeFCTFM5xhiy
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1