Resubmissions

21-10-2024 03:40

241021-d78e5ayclm 10

21-10-2024 03:35

241021-d5ep2aybjn 8

General

  • Target

    お見積り依頼.zip

  • Size

    541KB

  • Sample

    241021-d78e5ayclm

  • MD5

    2870b97e7b9217f0b0c4a1724edc1cd8

  • SHA1

    351cb56724f4874ed3aa514637a5426fba1d938e

  • SHA256

    dbeb4efc65acdd428964a95c7c41acb5b3c735ebbdf719fc77e2614b6b2da631

  • SHA512

    008307eb841014023992e4ac005990110cc96c1ea7974b7010e2975acadf2c11f44a15776939cf9f7e8ff4027f60ea355c4aeb9c828752b37ba9335d9498c324

  • SSDEEP

    12288:3TtszkhMsClWbNnfiZYPPFis7t27WvGMbBY7r86LSkNf:3RszkhDcWb17FhU7rMbBY7r1Ff

Malware Config

Targets

    • Target

      お見積り依頼.exe

    • Size

      560KB

    • MD5

      6489c2a2edb54bb6564df9cb218edf05

    • SHA1

      cf9ea9f4973f9b438f9dedbec8a714b78611c84b

    • SHA256

      3af41da6cc3321fb4954e35e6f2f13ed7c2cc547f43eb1b9a2cfd4ed9d38c344

    • SHA512

      7ab3e215ff9d8330bac168e5f60fd91e270ebbcd4fab027e2bc749d6fd7966a56a495daf9113e550830ec4ca66543c2de22fef363bdc9fa66ffe356d8976feb6

    • SSDEEP

      12288:yfAgXkhMOoltiJirLMW6diPxsElSiiGiLaD8Lbu:wkh5oDiJgLMWtxIaD8H

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks