Resubmissions

07-10-2024 17:08

241007-vnl68azgpq 10

07-10-2024 15:28

241007-swkx1szbpk 10

02-10-2024 22:19

241002-18r6vstekh 10

General

  • Target

    Gtag account Gen (maybe works).exe

  • Size

    58.0MB

  • Sample

    241007-swkx1szbpk

  • MD5

    da151f3b7f812e244ea8531fc1a9b797

  • SHA1

    f1d6afbf71d1dbe9877340ee0c4dfeb450bf0d37

  • SHA256

    2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988

  • SHA512

    9a52cf415824fccab919ea44c92bbbe4656f0a2a623ec5e7cf3ffdcdd15deca69b47308e755e260b3e439b4378202942219f0da4b30ae4f0b3389b0ba880481c

  • SSDEEP

    1572864:BiFhyZZIl0B/Cip8weeQIB5eSKY47f++yBd7XM5nZ7vA:UhyZm4/Cip8cHXb4LTShc5nl

Malware Config

Targets

    • Target

      Gtag account Gen (maybe works).exe

    • Size

      58.0MB

    • MD5

      da151f3b7f812e244ea8531fc1a9b797

    • SHA1

      f1d6afbf71d1dbe9877340ee0c4dfeb450bf0d37

    • SHA256

      2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988

    • SHA512

      9a52cf415824fccab919ea44c92bbbe4656f0a2a623ec5e7cf3ffdcdd15deca69b47308e755e260b3e439b4378202942219f0da4b30ae4f0b3389b0ba880481c

    • SSDEEP

      1572864:BiFhyZZIl0B/Cip8weeQIB5eSKY47f++yBd7XM5nZ7vA:UhyZm4/Cip8cHXb4LTShc5nl

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks