General
-
Target
meow (1).rar
-
Size
17.7MB
-
Sample
241014-vftw4azbql
-
MD5
7473797760ece39e3dbb2cb4d0a65e98
-
SHA1
4ca60b6dbef1c9c325baa36aa14b6bdb855c9f2d
-
SHA256
0e150f62793e6e0f17368d556a994ea1955db91d80dbc79c0ce22a3e80b52ab8
-
SHA512
2f0550894300dcdd9516528310a09b4c70ab1f21616c66bac21ac4328f130b6830204d6a88c01364338b3361f545b213a781dc343730d2d6ada89c190e606f06
-
SSDEEP
393216:VtoJpW2RaM/Kp4+W6B+j/1nXPkNBRx1csjxEooAA7VmCtHug/lgL2Xce:jxA/Kp1FojapvWoovVTH75
Malware Config
Targets
-
-
Target
meow (1).rar
-
Size
17.7MB
-
MD5
7473797760ece39e3dbb2cb4d0a65e98
-
SHA1
4ca60b6dbef1c9c325baa36aa14b6bdb855c9f2d
-
SHA256
0e150f62793e6e0f17368d556a994ea1955db91d80dbc79c0ce22a3e80b52ab8
-
SHA512
2f0550894300dcdd9516528310a09b4c70ab1f21616c66bac21ac4328f130b6830204d6a88c01364338b3361f545b213a781dc343730d2d6ada89c190e606f06
-
SSDEEP
393216:VtoJpW2RaM/Kp4+W6B+j/1nXPkNBRx1csjxEooAA7VmCtHug/lgL2Xce:jxA/Kp1FojapvWoovVTH75
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
meow/main.exe
-
Size
17.9MB
-
MD5
0f081a402f7d4bfbaf825615518e662d
-
SHA1
c0bd32b3b16f692a3da51a593289e44a2127681b
-
SHA256
d1047917b58b9b0b8b672b7acc4b308be5cda07fe8d14a06a3c5dcdf138fd02e
-
SHA512
41f53e88bdf343cf21aa09d8782268c26540100cd5bb2725ddfd3c8fe97194d9b8bb7c01d586a66775ddbcd0e04d624a427d762c7772062b9cf8df41d124b54d
-
SSDEEP
393216:eqPnLFXlrQQ+DOETgsvfGiglgMkvEr3xAikqmq:TPLFXNQQ/EH6lz6iz
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
8088b742bfde81fa92397ae7d6f43dfc
-
SHA1
0ff23f1343d09f897420293547ba7fdb895d4931
-
SHA256
0cdadc292989f25e5e13780df9f97fd2b385b64e5850c9409aa2cfc5ab4c6587
-
SHA512
8deb7c772998c02e980db279c8c32c729cdd923f11c5de4ecb79aafba6c17d0e8d23f676e64f360773ccba9404b3b787830262b793850d441d8be0197e46b924
-
SSDEEP
192:wGYSOPSJNEFgCD8pBLWdXweuJY37zu72KJhw/ciMdwCz2nw:iSKSY4Wueu2+7x2kiPg2w
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1