Overview

overview

7

Static

static

3

Mineral.exe

windows7-x64

7

Mineral.exe

windows10-2004-x64

7

mineral.txt.lnk

windows7-x64

7

mineral.txt.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30dd0dec7998b790069e168077bce731_JaffaCakes118

  • Size

    480KB

  • Sample

    241010-t3fgjs1apl

  • MD5

    30dd0dec7998b790069e168077bce731

  • SHA1

    ed770fa8d4161ed94d433e045875fd4673f41de9

  • SHA256

    11187b50a7a8f212a22781d5a93b84fd7ecce32c3edaa3a04d581c943ddcd894

  • SHA512

    35eb3494b210cbd605752f6f35dc5abe060a797491bf1a7aa59521fc5944c6f680ed1a903ab7d4a33f5dae77739b53e8eeb858d5d6a0719d1269b2f0bb3e592e

  • SSDEEP

    12288:v2WZkS/picHTlnH2UuZrHTwg0kMDmF+/sVf9pjTFOrDF:Ou3HBH2/ZY5rDmFysNnjTFOPF

Score
7/10
credential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      Mineral.exe

    • Size

      367KB

    • MD5

      60847eef908d4c371a64d58efeb80f2f

    • SHA1

      1587b41a9c28a3d52923c2cb6f395d2487ecbf38

    • SHA256

      1665090883b9e3aa77b433bd241c4aa97290f3f8591e8d69cabe3b70bb3f2256

    • SHA512

      82c18aa0bdeba0d15db8c11182b8992c4cab631c362a8270a9bab80cece69d80d42dfd8ce18bedb3dca711801750a25ec23cbbcd191d7e4abe90cda6fc7b036a

    • SSDEEP

      6144:LapTuicHTfnb2e3kPZrHd/9OvTMqgjzIFgikmVZtmFs/t4pJzf9x7jL9FOwSvAN:LkuicHTfnb2eyZrH/SgukmtmFs/sJf95

    Score
    7/10
    credential_accessdiscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      mineral.txt.lnk

    • Size

      952B

    • MD5

      f9651df6e19b889e394f7682ac3c75ef

    • SHA1

      0a6a15ff46203f1c487e924a62737874b9eb375f

    • SHA256

      40ae023107bfb55242807c36a515704e48d008bf649fa5cfda4ca72bab7cf316

    • SHA512

      b88978db6e69b7a47df7ce6852f309223ae745418c98115b3decd49e230ef3ca6d23db233719c2f5b288facd2b9e41594cdc3fdeef30c69adbcaa644f8e22174

    Score
    7/10
    credential_accessdiscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks