General
-
Target
main.exe
-
Size
18.4MB
-
Sample
241011-xybvcatdnp
-
MD5
a452a25c63d25ec14d4bf9083f04e489
-
SHA1
aa31573ba52d0856fc9f9aa9a47e0a3cd45a7608
-
SHA256
f930a03b3b68809d060d8cf8082307cbf95245baad173c99c92fc9f7387e2472
-
SHA512
07574c6358af55d75e29e2fe627223b3d63a1372017e8b4b612bbdc1547a752f1d7b3b95eb8191c8e4898b257c1a1076b39d993dfe942a0cb8a1da9d00914bab
-
SSDEEP
393216:iqPnLFXlrLQpDOETgs77fGalgzeJvEksHILLJq:nPLFXNLQoE7VWe+beI
Malware Config
Targets
-
-
Target
main.exe
-
Size
18.4MB
-
MD5
a452a25c63d25ec14d4bf9083f04e489
-
SHA1
aa31573ba52d0856fc9f9aa9a47e0a3cd45a7608
-
SHA256
f930a03b3b68809d060d8cf8082307cbf95245baad173c99c92fc9f7387e2472
-
SHA512
07574c6358af55d75e29e2fe627223b3d63a1372017e8b4b612bbdc1547a752f1d7b3b95eb8191c8e4898b257c1a1076b39d993dfe942a0cb8a1da9d00914bab
-
SSDEEP
393216:iqPnLFXlrLQpDOETgs77fGalgzeJvEksHILLJq:nPLFXNLQoE7VWe+beI
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
34344dbdef6d844760a694b6f489037a
-
SHA1
080d24d9279c573ac500557db3c6aff0bcd27009
-
SHA256
e6d38738b084062c02f871e10813f480b589d58165f549db7060f988c24612bb
-
SHA512
4f3e787bf3af87aa2944518ccc8ad15854f4de52f839d21a11c56fd24bbf5eadc44f0af915c77c7aa315b974b687d66d3b71ae076620354f13972a5878ab57ae
-
SSDEEP
192:wU+CD8pPzWdXwHeTWzPewfuXJhwz5Mdw7Jnw:v+BWu+TKmZ2z5P7Jw
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1