General

  • Target

    update.exe

  • Size

    11.1MB

  • Sample

    241014-yxc7fsxgrq

  • MD5

    1d35392329ef25a999a70878f624c113

  • SHA1

    e37f93b696df4530c79344336e7395f02ae4ab30

  • SHA256

    65d94a848093db27c5152b5a24363bff340dd4f755d1d4bf77fa889f3628aab2

  • SHA512

    2f03167bfe333ab1eb1c679066c815a03422f7993328c11748866128496a38a0f41573647ea5e2b7a9d490fa64f075feb193a33f387e4c3da63c723d47f5ecf2

  • SSDEEP

    196608:eW9Yi0nCtNUHVEo+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6kal8+iITxS:P9Yi0CtmHVEb2XMCHWUjAjx5WsqWxTV/

Malware Config

Targets

    • Target

      update.exe

    • Size

      11.1MB

    • MD5

      1d35392329ef25a999a70878f624c113

    • SHA1

      e37f93b696df4530c79344336e7395f02ae4ab30

    • SHA256

      65d94a848093db27c5152b5a24363bff340dd4f755d1d4bf77fa889f3628aab2

    • SHA512

      2f03167bfe333ab1eb1c679066c815a03422f7993328c11748866128496a38a0f41573647ea5e2b7a9d490fa64f075feb193a33f387e4c3da63c723d47f5ecf2

    • SSDEEP

      196608:eW9Yi0nCtNUHVEo+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6kal8+iITxS:P9Yi0CtmHVEb2XMCHWUjAjx5WsqWxTV/

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks