Resubmissions

15-10-2024 19:33

241015-x9nnaasgpc 10

14-10-2024 19:34

241014-yacx6ssdrc 10

07-10-2024 15:27

241007-sv1xvazbnl 10

04-10-2024 16:32

241004-t11dyayemh 10

General

  • Target

    dedsec multitool.exe

  • Size

    17.8MB

  • Sample

    241004-t11dyayemh

  • MD5

    a8db1e9986184e9a1f8503d668605851

  • SHA1

    a8882e5f3620ebcb57b2c44e7043d7ece076e0de

  • SHA256

    995b408bf06ae75d610d250b48a775709884c834905d32097e9d455814565661

  • SHA512

    3ab3ecbe1b2c827955090d699abcfbf4b219a1105df05077ee708dc62c32f61c1937247a9f1ecee2fbaa428e15e75e9cf9e566cd626da08d77fc1a444f18d664

  • SSDEEP

    393216:iqPnLFXlrGBQ+DOETgsvfGwgcGXvEFh0qOCPhsEq:nPLFXNGBQ/E5fFsqOCQ

Malware Config

Targets

    • Target

      dedsec multitool.exe

    • Size

      17.8MB

    • MD5

      a8db1e9986184e9a1f8503d668605851

    • SHA1

      a8882e5f3620ebcb57b2c44e7043d7ece076e0de

    • SHA256

      995b408bf06ae75d610d250b48a775709884c834905d32097e9d455814565661

    • SHA512

      3ab3ecbe1b2c827955090d699abcfbf4b219a1105df05077ee708dc62c32f61c1937247a9f1ecee2fbaa428e15e75e9cf9e566cd626da08d77fc1a444f18d664

    • SSDEEP

      393216:iqPnLFXlrGBQ+DOETgsvfGwgcGXvEFh0qOCPhsEq:nPLFXNGBQ/E5fFsqOCQ

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks