General

  • Target

    TEST..exe

  • Size

    22.5MB

  • Sample

    241026-fyht8axqar

  • MD5

    f1e901aa4008fcd9c7463cb3fef8d33a

  • SHA1

    636b550e9bb5379d4a87c6711fff85c8e5939e11

  • SHA256

    b4a5392fe433b3647a8b9e9d8d42475dd1c9c8519798edbab270f0506559d4e3

  • SHA512

    ecd666243103d10e7b6d28d103e6ddc788eaf8ac3c0d5a23fab91bdaf51794fecfb5d4501c259c9c19afa91b5161a3ce1372edb5775a304d9400a5f848a770f9

  • SSDEEP

    393216:yE2LYKd1QLdCTGz7k9IHSiK1piXLGVE4aPv3NMso0FdYNG2L:yI4uf7kDiXHFPvS62L

Malware Config

Targets

    • Target

      TEST..exe

    • Size

      22.5MB

    • MD5

      f1e901aa4008fcd9c7463cb3fef8d33a

    • SHA1

      636b550e9bb5379d4a87c6711fff85c8e5939e11

    • SHA256

      b4a5392fe433b3647a8b9e9d8d42475dd1c9c8519798edbab270f0506559d4e3

    • SHA512

      ecd666243103d10e7b6d28d103e6ddc788eaf8ac3c0d5a23fab91bdaf51794fecfb5d4501c259c9c19afa91b5161a3ce1372edb5775a304d9400a5f848a770f9

    • SSDEEP

      393216:yE2LYKd1QLdCTGz7k9IHSiK1piXLGVE4aPv3NMso0FdYNG2L:yI4uf7kDiXHFPvS62L

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks