General
-
Target
main.exe
-
Size
18.6MB
-
Sample
241005-yjehcswalb
-
MD5
0ce7d933fe92437a7c0ea0a6c3843224
-
SHA1
746cde4b0146eaa5bc4a64e5cfa52c2208f35fa5
-
SHA256
c4f9e56c151baf8d12cf26ef2460a1e0dfb9cbd774ee8d0d156c45230e385117
-
SHA512
b603cdff2c847e0c5803243b1a3af204b267d5a8899676d8550f86f3047c508bb51afb5f81207bc11a41f3316d73059fca2a51e2986a77a748c7764f230704e9
-
SSDEEP
393216:DqPnLFXlrkQ+DOETgs32fGMQg1axvESxtMe7Iq:GPLFXNkQ/E31kaG8MI
Malware Config
Targets
-
-
Target
main.exe
-
Size
18.6MB
-
MD5
0ce7d933fe92437a7c0ea0a6c3843224
-
SHA1
746cde4b0146eaa5bc4a64e5cfa52c2208f35fa5
-
SHA256
c4f9e56c151baf8d12cf26ef2460a1e0dfb9cbd774ee8d0d156c45230e385117
-
SHA512
b603cdff2c847e0c5803243b1a3af204b267d5a8899676d8550f86f3047c508bb51afb5f81207bc11a41f3316d73059fca2a51e2986a77a748c7764f230704e9
-
SSDEEP
393216:DqPnLFXlrkQ+DOETgs32fGMQg1axvESxtMe7Iq:GPLFXNkQ/E31kaG8MI
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1