General
-
Target
Spoofer.exe
-
Size
17.9MB
-
Sample
241017-vn4q9syhll
-
MD5
f2ddb91363edf7f9e27811d43425cded
-
SHA1
ec81fa5ca436c180dff1e391ceba9a632b349596
-
SHA256
5e48c44677e5e3a13ef7beab0d69fb34eecd6f3aa62659b959e4befc5b93f79d
-
SHA512
41eaad11fda2f210417fc2cf70463e9dd784aacd7574f05f0cc4bcdd5590431ac59e8dad7517e913faaf3a50e11cb8858bf816e1cedeb9d2544a0972d8f35649
-
SSDEEP
393216:OqPnLFXlr/QMDOETgsvfGPg45vEjryrU9WEEq:DPLFXN/QREMtuCi5
Malware Config
Targets
-
-
Target
Spoofer.exe
-
Size
17.9MB
-
MD5
f2ddb91363edf7f9e27811d43425cded
-
SHA1
ec81fa5ca436c180dff1e391ceba9a632b349596
-
SHA256
5e48c44677e5e3a13ef7beab0d69fb34eecd6f3aa62659b959e4befc5b93f79d
-
SHA512
41eaad11fda2f210417fc2cf70463e9dd784aacd7574f05f0cc4bcdd5590431ac59e8dad7517e913faaf3a50e11cb8858bf816e1cedeb9d2544a0972d8f35649
-
SSDEEP
393216:OqPnLFXlr/QMDOETgsvfGPg45vEjryrU9WEEq:DPLFXN/QREMtuCi5
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1