General
-
Target
AUTHKEY.exe
-
Size
24.1MB
-
Sample
241026-n9masaskay
-
MD5
10915cf6269d9e936c006c3947efcde3
-
SHA1
52101c768151144faf3460eea47fc3c9a8cf4e17
-
SHA256
f47adecb91fae9d810102b39ff6be179e73fdb4f1aca13e50aa890a78b11de9c
-
SHA512
7b165fbbdeb1e53004f468c54613bc30e6b88f77caf580129831085f9e62e274d594887ef55d5e25a2b1f796a6352437b87f51d6cee826b8c44b7ba24bdd8cc1
-
SSDEEP
393216:/qPnLFXlr2ZzvdV14A+QhZw/UDOETgsvcGAhgndpMY3/66/TKmCP/:SPLFXN6zWA+QXuEa8kw/6x
Malware Config
Targets
-
-
Target
AUTHKEY.exe
-
Size
24.1MB
-
MD5
10915cf6269d9e936c006c3947efcde3
-
SHA1
52101c768151144faf3460eea47fc3c9a8cf4e17
-
SHA256
f47adecb91fae9d810102b39ff6be179e73fdb4f1aca13e50aa890a78b11de9c
-
SHA512
7b165fbbdeb1e53004f468c54613bc30e6b88f77caf580129831085f9e62e274d594887ef55d5e25a2b1f796a6352437b87f51d6cee826b8c44b7ba24bdd8cc1
-
SSDEEP
393216:/qPnLFXlr2ZzvdV14A+QhZw/UDOETgsvcGAhgndpMY3/66/TKmCP/:SPLFXN6zWA+QXuEa8kw/6x
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1