General

  • Target

    Clumsy0.zip

  • Size

    6.9MB

  • Sample

    241015-1185eazcla

  • MD5

    7aec3f27d7ec6172ed8ddd5e16b402a9

  • SHA1

    6d3f60f6353a25e033a3d83ec4a2701b556f369e

  • SHA256

    5170cf7842d1beea31099a684797bc0ee656e2e0d700b840ac6349d15d15b90d

  • SHA512

    1d2b9ea38c71960653da599b5fc0cecd585f1e4fd08bca855c68a41ec0a598dae52d257646e54ef9479a6efc3b37d44bc18b15c7407c7b0d5a1439305f27efed

  • SSDEEP

    196608:tqFhHeN/FJMIDJf89gsAGK5SEQReuAKe3bUF:gU/Fqyf89gsfNZAKh

Malware Config

Targets

    • Target

      Clumsy0.4v3/Clumsy0.4v3.exe

    • Size

      6.8MB

    • MD5

      9fd3c49b9da98a810d4f0b392f0ab0d9

    • SHA1

      98a44a3fba9cc28e49dfb9f632bbdc7b28f56a14

    • SHA256

      b3f7f7969e0785bbcd065f3ae393813b3a8b29a4a1f7a16e0c62f9d9d4746d6f

    • SHA512

      2129b5fb23a984eb9a81001c1fc928d893c4c13605f10c156b00101891451f7a4b9f899728412ea9f859ae887701ba7ae8c4979b235c747c2c3e6eb23af1eacd

    • SSDEEP

      196608:pqFhHeN/FJMIDJf89gsAGK5SEQReuAKe3bUb:cU/Fqyf89gsfNZAKP

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      ܅�� zF.pyc

    • Size

      857B

    • MD5

      eecc1fcd96fd2815b7757ec6702096dc

    • SHA1

      cb017ac39a77fb37302d968c5fbc5dd13c57e3b6

    • SHA256

      fe6b9210dc1963a8229c2f83b6b4a8612576c95544b6a3325559b2c25db2daea

    • SHA512

      3621e4777b0bda2d1c6ff7c072c7c8c2264635fccfe09274b5cfb4af72e5f17e2e611848c1b14307e782151b221498b0f1aeeb3de09556bbd63964415fb60797

    Score
    1/10
    • Target

      Clumsy0.4v3/READ ABOUT UPGRADES FOR 0.4.txt

    • Size

      6KB

    • MD5

      2cfa5b3d8ba0c0d8d4e7be670d8e3fa4

    • SHA1

      169656d2233c9ca02569e2a26a5051ac5df5740f

    • SHA256

      6220d2d0fc51a57072cc3e4243fbcb0fc901fe0d1fb17ee31cec8fe564d49d55

    • SHA512

      f51a2a32b0bfab28fbca0b17eb33ee57af95c90bbc45408297d3b16c78ded2a68b822239142f7b5e53a4555443635cf924d0cfa9008afc5a02983e9a06763e56

    • SSDEEP

      48:w/MMMMMMMMMMMMjMMMMjMMMMhMMMMjMMMMhMMMMjMMMMMMMMMMMMjMMMMMMhMMML:w3H/8

    Score
    1/10
    • Target

      Clumsy0.4v3/WinDivert.dll

    • Size

      15KB

    • MD5

      1b1284100327d972e017f565dbecf80e

    • SHA1

      5b4f0c122a80478973eb6f9cb3bbcaf186295aea

    • SHA256

      9444a6e6b66f13f666f9c60d1935824f61c7256e35a8cf0440e29baa7fbe42c7

    • SHA512

      4ccb9e233a3573f6eded0efa8fa54ed929818394cdf2153623d902c749d37751da6f489354aa50968e53d42d5ce339f6368dedb7858a4ff43a1927b4338954a4

    • SSDEEP

      384:EHGiP0PYf9pHuGvATXlQRNq/EbUKxcneWuDlE:E9MQf90GvQXlQvAEcehD

    Score
    1/10
    • Target

      Clumsy0.4v3/WinDivert64.sys

    • Size

      37KB

    • MD5

      3bd5ac2e9d96e680f5dbdd183a58c47d

    • SHA1

      83b08cb5e61c7b37bd710ea01196a26fc8f38610

    • SHA256

      208c092fe77f161c5a313b916d73fa7f6d10dd289bab8bb5dfb3d59aacb27f25

    • SHA512

      6cccd7971f423f72f5dbd01a83a2d27bb2bde63c4d1f5e127d77cfa0df85c289a2c3cd95c110ce38b58b9ea9a49aad18ae50f352ac6b21740d0294f771fbcb78

    • SSDEEP

      768:R5VorUqgJs3/KtdrbYiZdNSRUYjbMUYOUaCdHUZ9fdCrYc:vVorUn9cRUuILLd07fdCU

    Score
    1/10
    • Target

      Clumsy0.4v3/config.txt

    • Size

      494B

    • MD5

      96e1f04ec8c447bc7fa7076556b816b6

    • SHA1

      56393dfb14a5bd5ecd33a1b8c7e5b150b068a7ff

    • SHA256

      68d9f0a48c33b279478c168578e1d5ff9ff5331be68d686a23c22f36de2a4463

    • SHA512

      12e26a747363cb636066ae3a8e391e7d22d2ae6d35064501bdeee01ae65b96d3cb6187578c6537fb4eef8e556524880a48b1556f73c8ff674e69ad33fe0ce5c5

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks