General
-
Target
Built.exe
-
Size
8.2MB
-
Sample
241002-za16favfjk
-
MD5
74c5441cb9255c13b0b15b2d2c4fd2f4
-
SHA1
2121d6ed4e6b1606cac6fa2996b2b7bf6b9a147e
-
SHA256
1835e755687ecb8dde2d3d245355ad8deb49796fdd34354ee9ebe9cec147d551
-
SHA512
e600880525cba4414e311e4bae375699f719f7f256f65fbf0a3ec3356ea258536b8ee5491bec3b5428c44d4d3f05ff6a0ef2784cbe2649cc8fec1cd49955321e
-
SSDEEP
196608:OVtf09Vz1urErvI9pWjgfPvzm6gsieM0E14AY:YdUJ1urEUWjC3zDQs04AY
Malware Config
Targets
-
-
Target
Built.exe
-
Size
8.2MB
-
MD5
74c5441cb9255c13b0b15b2d2c4fd2f4
-
SHA1
2121d6ed4e6b1606cac6fa2996b2b7bf6b9a147e
-
SHA256
1835e755687ecb8dde2d3d245355ad8deb49796fdd34354ee9ebe9cec147d551
-
SHA512
e600880525cba4414e311e4bae375699f719f7f256f65fbf0a3ec3356ea258536b8ee5491bec3b5428c44d4d3f05ff6a0ef2784cbe2649cc8fec1cd49955321e
-
SSDEEP
196608:OVtf09Vz1urErvI9pWjgfPvzm6gsieM0E14AY:YdUJ1urEUWjC3zDQs04AY
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3