General
-
Target
Duper.exe
-
Size
6.0MB
-
Sample
241013-dhh4yazfkm
-
MD5
28fc8700e0e24439b1d7e69225bfb9eb
-
SHA1
c31b20c26d8fc7564b7b450b3d921631bf368400
-
SHA256
3a504c75c47e05bfc439b64f1d9b265876f24aabcd679c95e3ebc37b83af8a4f
-
SHA512
c61e1080da17c4a20fb3c0bd6f6a5f7240cc3364052bab746907f0c86fbd3aa93f8a7b0b4e1a30b9ec5667a577b549f7ec8b524b3fc3c2171c116bc545041bc0
-
SSDEEP
98304:bdEtdFBCramaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RSO3wq7MnFyZ:bUF8OeN/FJMIDJf0gsAGK4RJ3V79Z
Malware Config
Targets
-
-
Target
Duper.exe
-
Size
6.0MB
-
MD5
28fc8700e0e24439b1d7e69225bfb9eb
-
SHA1
c31b20c26d8fc7564b7b450b3d921631bf368400
-
SHA256
3a504c75c47e05bfc439b64f1d9b265876f24aabcd679c95e3ebc37b83af8a4f
-
SHA512
c61e1080da17c4a20fb3c0bd6f6a5f7240cc3364052bab746907f0c86fbd3aa93f8a7b0b4e1a30b9ec5667a577b549f7ec8b524b3fc3c2171c116bc545041bc0
-
SSDEEP
98304:bdEtdFBCramaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RSO3wq7MnFyZ:bUF8OeN/FJMIDJf0gsAGK4RJ3V79Z
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-