General
-
Target
BootstrapperV1.22exe
-
Size
8.2MB
-
Sample
241010-sm57laxemq
-
MD5
c834ce27b48ce073ae19542d0e603b42
-
SHA1
98e4847983520c47b7fe041c93e405ef8887cc59
-
SHA256
f6ed0c2aac145cce3b0c5a0cab9b67bf4c4b7c1401157c1ddf00a366a30fc945
-
SHA512
d1ae20d70faf558a443f89bec2b3a20ec73ca40472b73e61791433900283c725ca662ce0a7b1644dfeb4d90a9fac5574682f689786db43a4cf23c5cc2f8b6386
-
SSDEEP
196608:2bA9ViurErvI9pWjgfPvzm6gs/SEjEg4Af:g4gurEUWjC3zDAad4Af
Malware Config
Targets
-
-
Target
BootstrapperV1.22exe
-
Size
8.2MB
-
MD5
c834ce27b48ce073ae19542d0e603b42
-
SHA1
98e4847983520c47b7fe041c93e405ef8887cc59
-
SHA256
f6ed0c2aac145cce3b0c5a0cab9b67bf4c4b7c1401157c1ddf00a366a30fc945
-
SHA512
d1ae20d70faf558a443f89bec2b3a20ec73ca40472b73e61791433900283c725ca662ce0a7b1644dfeb4d90a9fac5574682f689786db43a4cf23c5cc2f8b6386
-
SSDEEP
196608:2bA9ViurErvI9pWjgfPvzm6gs/SEjEg4Af:g4gurEUWjC3zDAad4Af
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3