General

  • Target

    8a9949eea6a679073c713570d53b82ca47b22e7f20f434fdac98caebfc33cffe.exe

  • Size

    17.3MB

  • Sample

    241016-fsr6pstfrb

  • MD5

    f95805b0a9ff11e173baefedc0616933

  • SHA1

    a6c2e3be3c90e8d855888057ed20ebc003485d01

  • SHA256

    8a9949eea6a679073c713570d53b82ca47b22e7f20f434fdac98caebfc33cffe

  • SHA512

    9daa4cf41a09c321f1e458697fa7cede81b268b61f650fcf51bea2bf6c5da4ab35deffaa049a11db1ed239b520b51635d3ff3fecde0c3600511575a9cfe2da2f

  • SSDEEP

    393216:wEknCi6pfhZ2YsHFUK2J7XMCHWUjxjx5WsqWxTXS3EzdhR7OBRLRex:wvCiY5Z2YwUlJ7XMb8csqAcbHs

Malware Config

Targets

    • Target

      8a9949eea6a679073c713570d53b82ca47b22e7f20f434fdac98caebfc33cffe.exe

    • Size

      17.3MB

    • MD5

      f95805b0a9ff11e173baefedc0616933

    • SHA1

      a6c2e3be3c90e8d855888057ed20ebc003485d01

    • SHA256

      8a9949eea6a679073c713570d53b82ca47b22e7f20f434fdac98caebfc33cffe

    • SHA512

      9daa4cf41a09c321f1e458697fa7cede81b268b61f650fcf51bea2bf6c5da4ab35deffaa049a11db1ed239b520b51635d3ff3fecde0c3600511575a9cfe2da2f

    • SSDEEP

      393216:wEknCi6pfhZ2YsHFUK2J7XMCHWUjxjx5WsqWxTXS3EzdhR7OBRLRex:wvCiY5Z2YwUlJ7XMb8csqAcbHs

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks